|
Log-Analyse und Auswertung: Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblocktWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.06.2012, 15:18 | #1 |
| Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt Hallo Ihr Lieben, Das hier ist mein erster Forum Post also entschuldige ich mich hier schonmal für alle Rechtschreibfehler und andere Fehler. Ich nutze Windows 7 Ultimate 64 bit Service pack 1 Ich habe große Probleme mit meinem Computer. vor ein paar tagen habe ich dummerweise eine exe datei heruntergeladen und ausgeführt... Darin muss sich einiges versteckt haben. Nach dem doppelklick verschwand die datei und bei jedem Start von windows sah man kurz die eingabeaufforderung mit der Überschrift : amd accelerated video transcoding device initialisation habe das dann über den catalyst deinstalliert hat aber nichts gebracht. Ich kann mit sicherheit sagen das ich einen Redirector habe und bestimmt noch mehr... Benutze Opera und von google aus redirected der mich immer wenn der pc hochfährt ist Microsoft Security Essentials nicht geöffnet... wenn ich im task manager bei prozesse rundll 32 hostprotzess beende lässt sich Microsoft Security Essentials starten ansonsten schliesst es sich sofort wieder. Zusätzlich kann ich in mein Lieblings Onlinerollenspiel Eden Eternal nicht mehr connecten. Vor ein Paar monaten hatte ich schonmal einen redirector den ich aber erfolgreich mit TDSS Killer gekillt habe. Ich habe Malwarebytes anti malware mehrmals durchlaufen lassen das findet nichts mehr. Nur SUPERAntiSpyware findet nach jedem neustart erneut Adware Tracking cookie. Ich habe auch verschiedene Online Scans durchlaufen lassen Ich habe schonmal ein paar logfiles vorbereitet ich hoffe ich poste die hier richtig. Jetzt kommts Malwarebytes anti Malware Quarantäne: hxxp://www10.pic-upload.de/21.06.12/wjpsm322i9ap.png OTL Log:OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.06.2012 22:01:59 - Run 1 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Fab\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 25,12% Memory free 11,90 Gb Paging File | 8,60 Gb Available in Paging File | 72,23% Paging File free Paging file location(s): c:\pagefile.sys 8096 8099 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,79 Gb Total Space | 27,99 Gb Free Space | 12,03% Space Free | Partition Type: NTFS Computer Name: FAB | User Name: Fab | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Fab\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) PRC - C:\Program Files (x86)\GUILD WARS\Gw.exe (ArenaNet) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\GIGABYTE\G.O.M\GCSVR.EXE () ========== Modules (No Company Name) ========== MOD - C:\Users\Fab\AppData\Local\Temp\GwA6494.tmp () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (COM Service) -- C:\Program Files (x86)\GIGABYTE\G.O.M\GCSVR.EXE () ========== Driver Services (SafeList) ========== DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation) DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (usj) -- C:\AeriaGames\EdenEternal\avital\ussjcs64.sys () DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys () DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (AODDriver4.0) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (sj) -- C:\AeriaGames\EdenEternal\sjcs64.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (Tosrfhid) -- C:\Windows\SysWOW64\drivers\tosrfhid.sys (TOSHIBA Corporation.) DRV - (tosrfbd) -- C:\Windows\SysWOW64\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfusb) -- C:\Windows\SysWOW64\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (tosrfbnp) -- C:\Windows\SysWOW64\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (tosporte) -- C:\Windows\SysWOW64\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (TosRfSnd) -- C:\Windows\SysWOW64\drivers\tosrfsnd.sys (TOSHIBA Corporation) DRV - (Tosrfcom) -- C:\Windows\SysWOW64\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (tosrfnds) -- C:\Windows\SysWOW64\drivers\tosrfnds.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.klassikradio.de/liveplayer.php IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1B 58 E5 F8 49 05 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.9.9.development.4 FF - prefs.js..extensions.enabledItems: langpack-de@firefox.mozilla.org:3.6.1064 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Fab\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Fab\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.12 17:26:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.13 12:44:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.27 14:11:11 | 000,000,000 | ---D | M] [2011.03.29 23:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fab\AppData\Roaming\mozilla\Extensions [2012.02.13 12:43:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fab\AppData\Roaming\mozilla\Firefox\Profiles\jiwpuw59.default\extensions [2012.04.27 14:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.04.27 14:11:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [2012.04.12 17:26:38 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.02.08 22:31:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.08 19:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.08 19:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.08 19:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.08 19:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.08 19:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.08 19:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fab\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Fab\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Fab\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Fab\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Turn Off the Lights = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.81_0\ CHR - Extension: FB Photo Zoom = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1109.26.1_0\ CHR - Extension: AdBlock = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.31_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ Hosts file not found O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Fab\AppData\Local\Akamai\netsession_win.exe" File not found O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97E17A54-41E4-4FF1-B193-3EABAC8DBA41}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.19 22:00:58 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Fab\Desktop\OTL.exe [2012.06.19 14:53:29 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Fab\Desktop\aswMBR.exe [2012.06.19 02:12:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.19 02:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.19 01:58:51 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.06.18 23:05:55 | 001,342,120 | ---- | C] (TocaEdit) -- C:\Users\Fab\Desktop\x360ce.exe [2012.06.18 23:05:55 | 000,171,176 | ---- | C] (hxxp://x360ce.googlecode.com) -- C:\Users\Fab\Desktop\xinput1_3.dll [2012.06.14 17:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Silkroad [2012.06.14 17:45:30 | 000,955,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.06.14 17:45:30 | 000,268,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.06.14 17:45:09 | 000,189,360 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.06.14 17:45:09 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.06.14 17:43:29 | 021,869,488 | ---- | C] (Oracle Corporation) -- C:\Users\Fab\Desktop\jre-7u5-windows-x64.exe [2012.06.14 01:27:52 | 000,000,000 | ---D | C] -- C:\Users\Fab\Desktop\ibot1.1.41 [2012.06.13 02:47:11 | 000,000,000 | ---D | C] -- C:\Users\Fab\Desktop\Agbot.Package [2012.05.22 00:14:58 | 000,000,000 | ---D | C] -- C:\Users\Fab\AppData\Local\Aeria Games [2012.05.22 00:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games [2012.05.22 00:10:04 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin [2012.05.22 00:03:13 | 000,000,000 | ---D | C] -- C:\Users\Fab\AppData\Roaming\Aeria Games & Entertainment [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.19 22:06:12 | 000,026,786 | ---- | M] () -- C:\Windows\SysWow64\jcsball.dat [2012.06.19 22:06:12 | 000,005,598 | ---- | M] () -- C:\Windows\SysWow64\jcsb.new [2012.06.19 22:06:12 | 000,004,382 | ---- | M] () -- C:\Windows\SysWow64\jerror.dat [2012.06.19 22:01:02 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Fab\Desktop\OTL.exe [2012.06.19 21:40:26 | 000,000,512 | ---- | M] () -- C:\Users\Fab\Desktop\MBR.dat [2012.06.19 14:53:42 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Fab\Desktop\aswMBR.exe [2012.06.19 14:41:22 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.19 14:41:22 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.19 14:39:51 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\fkykjgjgph.job [2012.06.19 14:36:50 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys [2012.06.19 14:36:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.19 14:36:01 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2012.06.19 06:19:47 | 002,109,032 | ---- | M] () -- C:\Users\Fab\Desktop\tdsskiller.zip [2012.06.19 02:12:50 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.19 00:48:48 | 000,114,688 | RHS- | M] () -- C:\Windows\SysWow64\fdBthk.dll [2012.06.18 23:06:36 | 000,002,900 | ---- | M] () -- C:\Users\Fab\Desktop\x360ce.ini [2012.06.18 22:42:30 | 000,171,176 | ---- | M] (hxxp://x360ce.googlecode.com) -- C:\Users\Fab\Desktop\xinput1_3.dll [2012.06.18 22:36:20 | 000,090,733 | ---- | M] () -- C:\Users\Fab\Desktop\xinput_r444_x64.zip [2012.06.18 22:04:17 | 000,850,383 | ---- | M] () -- C:\Users\Fab\Desktop\x360ce.App-2.0.2.158.zip [2012.06.18 05:38:00 | 000,000,221 | ---- | M] () -- C:\Users\Fab\Desktop\Spiral Knights.url [2012.06.18 01:29:13 | 000,000,219 | ---- | M] () -- C:\Users\Fab\Desktop\Team Fortress 2.url [2012.06.18 00:11:22 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.06.18 00:11:22 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.06.14 17:59:07 | 000,001,889 | ---- | M] () -- C:\Users\Fab\Desktop\Silkroad.lnk [2012.06.14 17:44:44 | 000,268,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.06.14 17:44:44 | 000,189,360 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.06.14 17:44:44 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.06.14 17:44:43 | 000,955,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.06.14 17:44:43 | 000,839,096 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.06.14 17:43:38 | 021,869,488 | ---- | M] (Oracle Corporation) -- C:\Users\Fab\Desktop\jre-7u5-windows-x64.exe [2012.06.14 17:32:20 | 001,624,602 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.14 17:32:20 | 000,709,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.14 17:32:20 | 000,662,752 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.14 17:32:20 | 000,153,626 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.14 17:32:20 | 000,125,842 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.14 17:32:06 | 001,624,602 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.14 01:27:30 | 007,214,239 | ---- | M] () -- C:\Users\Fab\Desktop\iBot - Public Released v1.1.41.rar [2012.06.13 03:00:37 | 000,000,612 | ---- | M] () -- C:\Users\Fab\Desktop\agbot - Verknüpfung.lnk [2012.06.13 03:00:28 | 000,000,661 | ---- | M] () -- C:\Users\Fab\Desktop\nuConnector1.5 - Verknüpfung.lnk [2012.06.13 02:49:57 | 000,001,156 | ---- | M] () -- C:\Users\Fab\Desktop\Silkroad - Verknüpfung (2).lnk [2012.06.13 01:24:17 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.06.13 01:24:17 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.06.13 01:15:24 | 1308,044,538 | ---- | M] () -- C:\Users\Fab\Desktop\SilkroadOnline_GlobalOfficial_v1_365_LEGEND_8.exe [2012.05.30 16:57:32 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys [2012.05.29 10:47:30 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\etdrv.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.19 21:40:26 | 000,000,512 | ---- | C] () -- C:\Users\Fab\Desktop\MBR.dat [2012.06.19 14:36:53 | 000,026,786 | ---- | C] () -- C:\Windows\SysWow64\jcsball.dat [2012.06.19 14:36:53 | 000,005,598 | ---- | C] () -- C:\Windows\SysWow64\jcsb.new [2012.06.19 14:36:53 | 000,004,382 | ---- | C] () -- C:\Windows\SysWow64\jerror.dat [2012.06.19 06:19:42 | 002,109,032 | ---- | C] () -- C:\Users\Fab\Desktop\tdsskiller.zip [2012.06.19 02:12:50 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.19 00:48:49 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\fkykjgjgph.job [2012.06.19 00:48:48 | 000,114,688 | RHS- | C] () -- C:\Windows\SysWow64\fdBthk.dll [2012.06.18 23:15:35 | 000,000,032 | R--- | C] () -- C:\Windows\hash.dat [2012.06.18 23:05:55 | 000,002,900 | ---- | C] () -- C:\Users\Fab\Desktop\x360ce.ini [2012.06.18 22:36:19 | 000,090,733 | ---- | C] () -- C:\Users\Fab\Desktop\xinput_r444_x64.zip [2012.06.18 22:04:14 | 000,850,383 | ---- | C] () -- C:\Users\Fab\Desktop\x360ce.App-2.0.2.158.zip [2012.06.18 05:38:00 | 000,000,221 | ---- | C] () -- C:\Users\Fab\Desktop\Spiral Knights.url [2012.06.18 01:29:13 | 000,000,219 | ---- | C] () -- C:\Users\Fab\Desktop\Team Fortress 2.url [2012.06.14 17:59:07 | 000,001,889 | ---- | C] () -- C:\Users\Fab\Desktop\Silkroad.lnk [2012.06.14 01:27:28 | 007,214,239 | ---- | C] () -- C:\Users\Fab\Desktop\iBot - Public Released v1.1.41.rar [2012.06.13 03:00:37 | 000,000,612 | ---- | C] () -- C:\Users\Fab\Desktop\agbot - Verknüpfung.lnk [2012.06.13 03:00:28 | 000,000,661 | ---- | C] () -- C:\Users\Fab\Desktop\nuConnector1.5 - Verknüpfung.lnk [2012.06.13 02:49:57 | 000,001,156 | ---- | C] () -- C:\Users\Fab\Desktop\Silkroad - Verknüpfung (2).lnk [2012.06.12 21:12:42 | 1308,044,538 | ---- | C] () -- C:\Users\Fab\Desktop\SilkroadOnline_GlobalOfficial_v1_365_LEGEND_8.exe [2012.05.01 22:34:45 | 000,007,669 | ---- | C] () -- C:\Users\Fab\AppData\Local\Resmon.ResmonCfg [2012.04.30 13:42:26 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.04.30 13:42:15 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.04.30 11:29:19 | 000,000,342 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\Drives Meter_Settings.ini [2012.04.30 11:10:13 | 000,000,352 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\Network Meter_Settings.ini [2012.04.30 11:08:34 | 000,000,422 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\All CPU Meter_Settings.ini [2012.04.11 00:32:01 | 000,000,091 | ---- | C] () -- C:\Users\Fab\AppData\Local\fusioncache.dat [2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.02.26 23:35:14 | 000,000,406 | ---- | C] () -- C:\Windows\SysWow64\AutoClick.ini [2012.02.13 12:43:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2012.01.28 19:26:51 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI [2011.11.11 20:37:06 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.11.11 20:34:55 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2011.10.24 18:12:17 | 000,040,023 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\UserTile.png [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.07.13 18:48:43 | 000,003,584 | ---- | C] () -- C:\Users\Fab\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.11 23:04:37 | 000,101,096 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011.06.08 17:14:43 | 000,000,136 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\1.gif [2011.06.08 17:14:39 | 000,000,012 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\ct_start [2011.05.14 20:02:25 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2011.04.02 13:34:40 | 000,000,051 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\.dolphinx64wd [2011.03.29 22:37:47 | 001,624,602 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.29 22:17:35 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2011.03.29 22:15:29 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\usetup.exe [2011.03.29 22:14:27 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\CTray.exe [2011.03.29 22:14:27 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\FlashDLL.dll [2011.03.29 22:14:27 | 000,166,720 | ---- | C] () -- C:\Windows\SysWow64\DrvInfo.dll [2011.03.29 22:14:27 | 000,154,432 | ---- | C] () -- C:\Windows\SysWow64\HwInfo.dll [2011.03.29 22:14:27 | 000,146,240 | ---- | C] () -- C:\Windows\SysWow64\DTInfo.dll [2011.03.29 22:14:27 | 000,133,952 | ---- | C] () -- C:\Windows\SysWow64\HWM.dll [2011.03.29 22:14:27 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\SInfo.dll [2011.03.29 22:14:27 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\Rcontrolagent.dll [2011.03.29 22:14:27 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\CmosDLL.dll [2011.03.29 22:14:27 | 000,117,256 | ---- | C] () -- C:\Windows\SysWow64\ycc.dll [2011.03.29 22:14:27 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\MarkFunDrv.dll [2011.03.29 22:14:27 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\Flash.dll [2011.03.29 22:14:27 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\GMail.dll [2011.03.29 22:14:27 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\RecvMsgDLL.dll [2011.03.29 22:14:27 | 000,101,184 | ---- | C] () -- C:\Windows\SysWow64\COM_ycc.dll [2011.03.29 22:14:27 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\w83781d.dll [2011.03.29 22:14:27 | 000,060,224 | ---- | C] () -- C:\Windows\SysWow64\HUADRV.DLL [2011.03.29 22:14:27 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\FLASHFUN.DLL [2011.03.29 22:14:27 | 000,047,936 | ---- | C] () -- C:\Windows\SysWow64\IOInfo.dll [2011.03.29 22:14:27 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\GSCM2.dll [2011.03.29 22:14:27 | 000,043,840 | ---- | C] () -- C:\Windows\SysWow64\SysConfig.dll [2011.03.29 22:14:27 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\DeviceID.dll [2011.03.29 22:14:27 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\GSCM.dll [2011.03.29 22:14:27 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\HWAgent.dll [2011.03.29 22:14:27 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\GCSVR.exe [2011.03.29 22:14:27 | 000,004,303 | ---- | C] () -- C:\Windows\SysWow64\Mem.dat [2011.03.29 22:14:27 | 000,000,660 | ---- | C] () -- C:\Windows\SysWow64\Cmos.dat [2011.03.29 22:00:28 | 000,203,328 | ---- | C] () -- C:\Windows\GSetup.exe [2011.03.29 22:00:28 | 000,000,027 | ---- | C] () -- C:\Windows\GSetup.ini [2011.03.29 16:38:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2011.12.06 21:50:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\AeellIBtt [2012.05.22 00:03:13 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Aeria Games & Entertainment [2012.02.13 12:28:17 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\bsnes [2012.02.29 03:56:57 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 [2011.12.06 21:50:08 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\cUCCeekIBrzONx0 [2012.05.14 03:53:28 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\D21E0 [2011.04.09 17:38:44 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DAEMON Tools Lite [2011.12.30 03:22:19 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DiskAid [2011.11.22 19:27:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DVDVideoSoft [2011.11.22 19:26:52 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DVDVideoSoftIEHelpers [2011.12.18 20:43:18 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\edxLabs [2012.02.27 18:38:25 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\GetRightToGo [2011.12.07 19:36:43 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\HaaaQH66sW7fE9 [2012.05.10 02:15:02 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\ICQ [2011.12.06 21:50:13 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\KYYCCekkIVzON [2012.04.08 22:54:23 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Need for Speed World [2011.08.16 19:44:01 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\OpenOffice.org [2011.06.30 20:22:09 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Opera [2011.12.06 21:50:15 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\oYCCwwkUVrlOtx0 [2011.03.29 22:50:09 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\QIP [2011.12.07 18:36:12 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\rKfL9hTXjCkBzNA [2012.04.30 15:06:43 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\RotMG.Production [2011.12.06 22:03:17 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TeamViewer [2012.01.28 17:07:18 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TS3Client [2011.12.14 18:29:08 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TweakNow RegCleaner 2011 [2011.12.06 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\uNcuDoFpGQ6KR9X [2012.05.19 17:33:47 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\uTorrent [2011.12.07 18:36:11 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\VASb3maJd [2011.12.06 21:50:24 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\vIzyvFmaJdfhj [2012.06.19 14:39:51 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\fkykjgjgph.job [2012.05.28 14:49:49 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras Log:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.06.2012 22:01:59 - Run 1 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Fab\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 25,12% Memory free 11,90 Gb Paging File | 8,60 Gb Available in Paging File | 72,23% Paging File free Paging file location(s): c:\pagefile.sys 8096 8099 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,79 Gb Total Space | 27,99 Gb Free Space | 12,03% Space Free | Partition Type: NTFS Computer Name: FAB | User Name: Fab | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08EF41B0-CAB2-470A-BE02-58C62994F8B5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{0C03FC63-0AE1-4FAE-8B81-B033A73F7447}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{11F7058B-800D-4970-BFFA-D9F2751EE613}" = lport=139 | protocol=6 | dir=in | app=system | "{178588F0-1F8A-42B4-B530-56DCB7D4DB6E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{1A6427FB-ADAB-4E9C-A376-6BEC986C5471}" = lport=137 | protocol=17 | dir=in | app=system | "{266A12B9-1295-4127-97FD-5E9F018B181A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{26DE9AA3-E51D-4051-B540-B90F870ED3D2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{581D7069-049E-4F1D-8D60-2A60EBA251A5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6585C237-A68E-41E1-803D-F08C0B0C7BAC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{690B3DB0-23FC-4355-A09C-828065EFD61A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{741F91D2-7ABC-41C5-8EEB-D62C2DDE513A}" = rport=139 | protocol=6 | dir=out | app=system | "{98D1F993-70B2-4699-B120-0DC1E49B31C2}" = lport=3389 | protocol=6 | dir=in | app=system | "{A23EC258-F84B-4401-885C-97668D10EE82}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A5C51AC0-E014-44BB-87A6-D51D1404C544}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AD6027F0-DB44-4EA6-8898-418E6B8D1DCA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{ADBC0A2E-2EE9-43BF-A4D0-52D9AC8EAFB5}" = rport=138 | protocol=17 | dir=out | app=system | "{ADCC6908-15FF-450B-83D5-B32C1E7EB813}" = rport=10243 | protocol=6 | dir=out | app=system | "{C959795E-BC98-40DD-81D0-719775323F43}" = rport=445 | protocol=6 | dir=out | app=system | "{C9A11643-2764-4CFF-9701-AC4540B04984}" = lport=10243 | protocol=6 | dir=in | app=system | "{CD9042B4-AC28-4145-8957-A0DDF32D9AE1}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | "{CD9D8EE6-65EA-4564-8D0A-FBE30B8535CA}" = lport=49182 | protocol=6 | dir=in | name=akamai netsession interface | "{D623C146-4ECE-400C-9C21-113D52E4E56B}" = lport=445 | protocol=6 | dir=in | app=system | "{D8922840-E9CF-4867-B6E2-53B52091C955}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E14974BC-2AE1-4AE2-9DC7-8B5B26E37EB7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{E4E4443E-65A3-4C4C-83FD-1B551A8F324F}" = rport=137 | protocol=17 | dir=out | app=system | "{E6D05149-14A8-4164-BF50-27753EC84CFE}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{EC0D9165-2E7D-4A06-9A34-EEA1249BC416}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{ECE92AFE-B286-47AA-B5FC-382536AECA50}" = lport=2869 | protocol=6 | dir=in | app=system | "{EED8BC73-0341-42F9-9DFC-D34DAFF9B84D}" = lport=49171 | protocol=6 | dir=in | name=akamai netsession interface | "{F03203A7-463C-477A-BCD9-4B207C8AA7E4}" = lport=138 | protocol=17 | dir=in | app=system | "{F0C8BA13-109F-4CEC-AD5F-0B94ED493C3B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00FC383E-E754-43D0-8325-9257E063AF59}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{09F746B0-87D8-4B32-A609-7DD7179DB6A3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{11FBC199-A243-40C7-843B-D2C1399DBFA1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{125091D0-AA6A-4CE7-9368-E8A70077A5CC}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe | "{1379ED50-F62F-431B-BB64-B00F9582B5C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe | "{13A8BD29-D37A-4334-B23B-144BA174AC96}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{14D815F2-FE8C-4947-BEFA-D237674DDD60}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{176BCD48-06F9-4EBF-A556-A4F6743683FB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{17ACC1BA-DBA5-42EB-8FB4-8501F680B2C1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{1DECC78F-4579-4B6A-B4CA-4A4102B1F4EE}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{1F51B874-C061-43DA-ADDD-6FC81646A7F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1F8A2EDB-AD4C-48E9-8FD6-95C9C5F912BC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | "{22EE52EF-C2AA-4871-A14A-3EDD6822FF0F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe | "{2DEC0B17-E82E-4C3A-9393-55F50D587EE5}" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe | "{2EA01679-A5BB-43C6-A9A9-3FC5E00BF97F}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | "{38306820-5691-4862-9C06-11BA08ED269D}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{385BB579-8E89-4188-8B8F-488E3B0B42D8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{40F25EA6-B2D1-4244-A1B2-FDA9C51F524C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{416DFF77-5D8F-4EB0-B117-7254F21F1768}" = protocol=6 | dir=out | app=system | "{4377EDCB-EFD6-4F68-AF14-79DEB1B093E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4764E023-B81C-4ED3-8A74-25FE49CA366B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{49682710-7B59-4970-B69A-0AD196DA637B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{4C227F96-4237-4069-BA5C-61824F85D807}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4C566F24-1F77-4F7E-9B2A-A09A6E1BBDD6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{4C7A56C3-B0B0-466E-911A-06EF46342BCA}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe | "{4D37F240-74AF-4B2F-9FEC-8E306C7A655E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe | "{4F61D0E1-7C66-4E00-A4AE-FD8245997048}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | "{563DE42C-FA31-4CAA-83E6-8440CD98FFD2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{5C3986C7-A275-49DE-9BD8-3A9CC5A6B7B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe | "{5F3DFFA2-1F95-471B-BB95-16212902DDFF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{64CE7BC5-53A8-4C35-A7D3-118C58CD5286}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{68D012D4-EC77-4722-B628-F96C7CEFA910}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | "{6B774879-3A14-44F2-A16B-88B9A340E1E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6CB74588-476F-40E4-936D-53B2AB371457}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{6E1202A1-8315-4788-9BB6-035C206EE951}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | "{75198A66-70C1-4128-BA36-5E9E007D668C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{75D02F41-5F26-4D97-9C55-40A83B1566CF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{7ADB45AD-022B-474B-8129-12D5522E5EA9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | "{7D52E935-95CE-4A8D-98B6-7BF9F493AEEA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\fabiggen\counter-strike\hl.exe | "{7F8B91C0-CA76-46E4-A1EE-2FED8CB2BE17}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7FC2A7B1-7646-4F6D-BE1B-0742B3B64DDC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\fabiggen\counter-strike\hl.exe | "{7FEED177-8664-4D08-BFC3-AFC571021C9E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | "{84CF5879-B40B-47FB-96B5-F78462163A7B}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{873D9CDE-CCC0-4D36-BD12-FAD47F6B533E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{88142BA3-7B75-4CBB-8B8D-0EB93E1585E7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{8E9C6E54-0DC7-4AA5-828C-A0071C05934A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{90A79170-E002-4EE6-95A5-F1BB8FC2BBE4}" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge4d\elsword_de\data\x2.exe | "{94434C26-1448-4B8A-8044-B593957808A2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | "{953D439F-765F-494E-A2B5-FBBD285B82CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | "{9AC8D63F-49FD-4B8B-881B-AD71479312E1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{9F2CBEA9-F6E0-4004-955F-247903196534}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A5DBD9DE-F67B-4EC9-A570-8B614D30F988}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{A9CC0F2A-5545-48D3-A1DA-6BFDC2DF7A1A}" = protocol=17 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe | "{AF62CEBA-2114-4959-B847-B3A225AD8EC3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe | "{AF92B122-BC71-4CB2-A1EC-48C2486A3D27}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{AFC9D55A-F513-46B4-A00C-F7D1CBB7BB51}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{B0AEAE3F-0F78-4BF4-94DD-15296BCA2A9C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | "{B4E06326-5D8D-4D3D-B8FA-8DFA1CC4B64B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B9FD189F-C4AB-4E31-919B-E3CB9AA5EF8A}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | "{BA1E0A5D-9A38-4F27-8734-58CBB7223921}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{C79F3D64-D5ED-415E-8CAC-35A7C5057251}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{CB5F2B29-43AA-4FE2-8146-50EA06ED5F7E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | "{CC86ECB0-DC4B-4350-967F-8A1B69B445BA}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{CD732F82-EA33-42BA-958D-CC3BA86559DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D1B75B1C-DB22-4A24-912A-D352BA54D669}" = protocol=6 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe | "{D7862D59-C2BF-42E1-89EC-4B2B7920DA37}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{D8228A9D-5651-4515-A4E1-18D585B6C5AE}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{D8909193-565D-418F-B443-4E6E530D72DE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{E1713D19-A052-4DDF-B509-01D90FC85B39}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E190C9C8-AA75-4B8C-8E19-54FF669CA775}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{E4B72983-D2B5-4561-B9CF-76366D5998F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E5CF9753-F3E6-4B36-A167-A9E352B953FC}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{E7D8D36F-F577-4413-B8D7-C09F30187A68}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{EA78ED9E-7028-4749-9F8F-154475A4A8E4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | "{ED96ADED-92DF-4C35-8BA2-93041AC7E730}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | "{EDF229CB-26F4-402B-A241-11AC4BD39994}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{F733AF3C-2149-42A2-BEF4-A536999C66AC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{F9BEC370-8756-4966-B98B-1B6DD8863FE6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe | "{FC80EB70-127E-4964-868B-550095424FB4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "TCP Query User{02EC41FD-6434-4D47-9251-3574A2D8AC10}C:\users\fab\desktop\ibot neuesaktu\ibot.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\ibot neuesaktu\ibot.exe | "TCP Query User{180F4CDE-D0E6-4FE6-A744-12A97C0DDB82}C:\program files (x86)\gigabyte\et6\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\et6\gbtupd.exe | "TCP Query User{186D5C6B-08CA-40F4-B3C6-DFB6355886F9}C:\users\fab\appdata\local\temp\7zo9261.tmp\remotevolumecontrol.exe" = protocol=6 | dir=in | app=c:\users\fab\appdata\local\temp\7zo9261.tmp\remotevolumecontrol.exe | "TCP Query User{19FA06A6-7EA0-4BF5-9A94-033E8A10BDFC}C:\program files (x86)\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip infium\infium.exe | "TCP Query User{254F1699-BDD7-4122-BBEF-2E6EB28CCE15}C:\users\fab\desktop\remotevolumecontrol.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\remotevolumecontrol.exe | "TCP Query User{265C4279-8513-4F61-83C4-2D428E3F9694}C:\users\fab\desktop\agbot.package\nuconnector1.5.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\agbot.package\nuconnector1.5.exe | "TCP Query User{29F09BA2-03FE-41E3-B8F0-C8E5117966DD}C:\users\fab\desktop\sro_full_client_downloader_bmt_v8.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\sro_full_client_downloader_bmt_v8.exe | "TCP Query User{360102C7-ADFE-41FA-AC1B-592B28EB6965}C:\users\fab\desktop\ibot 13\ibot.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\ibot 13\ibot.exe | "TCP Query User{397E11B9-713D-4FB8-9AA7-E30CE9DAE587}C:\users\fab\desktop\sro_l7_full_client_downloader.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\sro_l7_full_client_downloader.exe | "TCP Query User{4261E750-B22B-432C-A586-E1DD4BC6D4B3}C:\users\fab\desktop\ibot1.16\ibot.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\ibot1.16\ibot.exe | "TCP Query User{4AC25604-EE34-48F9-92C5-8DB18A8FFBF6}C:\users\fab\appdata\local\temp\7zoe09b.tmp\nuconnector9.18.15779.exe" = protocol=6 | dir=in | app=c:\users\fab\appdata\local\temp\7zoe09b.tmp\nuconnector9.18.15779.exe | "TCP Query User{5364CCD5-942C-45E0-AFD4-E3527413D92C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{58E1807B-2D0E-4F5F-BDEC-1638E39588F2}C:\windows\syswow64\recvmessage.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\recvmessage.exe | "TCP Query User{7016029C-CA4B-4717-8F5B-46E773F00E82}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe | "TCP Query User{833DA657-F368-49D9-8ACD-37526A312ECB}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | "TCP Query User{8CBE8C06-B119-4392-9CFD-40C5007947CF}C:\users\fab\desktop\ibot1.1.41\ibot.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\ibot1.1.41\ibot.exe | "TCP Query User{8D6C454B-1E36-4549-98F6-E8B0F3E2CCAC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{9496B09A-C614-4EAD-B854-63BB23D97453}C:\program files (x86)\remote mouse\server\server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe | "TCP Query User{96A9022F-8DF6-447F-9A67-ECD4AA6335BE}C:\program files (x86)\kobi snir\crazypc server\crazypcserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kobi snir\crazypc server\crazypcserver.exe | "TCP Query User{9DFB931E-1C7B-44A3-B705-2422B384F580}C:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe | "TCP Query User{AB7EDAB9-9C0E-4CE0-975C-9B2D62CCFB84}C:\users\fab\downloads\neuer\4vendeta diablo 3 beta - 8815\diablo iii.exe" = protocol=6 | dir=in | app=c:\users\fab\downloads\neuer\4vendeta diablo 3 beta - 8815\diablo iii.exe | "TCP Query User{AE493C6E-835F-4B33-9A3C-E3C790017511}C:\users\fab\desktop\agbot.package\nuconnector1.3.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\agbot.package\nuconnector1.3.exe | "TCP Query User{C8CACC9F-3DC6-49C2-8217-C25523EFA949}C:\programdata\battle.net\agent\agent.515\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | "TCP Query User{CACB0CAC-74D0-4A9B-AF1F-90DA9DAF6442}C:\users\fab\desktop\ibot\ibot.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\ibot\ibot.exe | "TCP Query User{DEDC8EFA-2309-4AB3-AD62-F4AE9213FD98}C:\users\fab\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\fab\appdata\local\akamai\netsession_win.exe | "TCP Query User{E69B075C-2517-4878-9F27-CB3130FE9630}C:\windows\syswow64\recvmessage.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\recvmessage.exe | "TCP Query User{E6FC5A01-738C-43AD-84AC-AA40793B61AD}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe | "TCP Query User{E92686C1-2B94-45F5-BF14-72CBC81B8D02}C:\users\fab\desktop\nesuetrdolphin 2012\dolphin.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\nesuetrdolphin 2012\dolphin.exe | "TCP Query User{EC969529-1FDB-4411-BC54-950829EBE66C}C:\users\fab\downloads\sro_l8_full_client_downloader.exe" = protocol=6 | dir=in | app=c:\users\fab\downloads\sro_l8_full_client_downloader.exe | "TCP Query User{EE5360FB-5A16-4363-962D-401FCC0B7CF8}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "TCP Query User{F4DE1879-0BBD-47F4-83BC-1053DBF142A3}C:\users\fab\desktop\ibot1.19neustemomen\ibot.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\ibot1.19neustemomen\ibot.exe | "TCP Query User{FA17EBC4-A2DA-418F-9F75-0C1C1AFD6DE8}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | "TCP Query User{FB711252-9C33-454C-AA34-1E60703E5CC3}C:\users\fab\desktop\gunblade-dlm.exe" = protocol=6 | dir=in | app=c:\users\fab\desktop\gunblade-dlm.exe | "UDP Query User{003BEF24-FF28-431B-BF90-3AF2C4EE2E4B}C:\users\fab\desktop\agbot.package\nuconnector1.5.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\agbot.package\nuconnector1.5.exe | "UDP Query User{14058421-C4C2-4043-B4D5-A3051E3A381B}C:\program files (x86)\gigabyte\et6\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\et6\gbtupd.exe | "UDP Query User{1C607A23-4F2D-471B-A6CD-BFA3063F205F}C:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe | "UDP Query User{2A9A22E5-9A37-492E-9504-4A66E3817AFB}C:\program files (x86)\remote mouse\server\server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe | "UDP Query User{304F0CBE-33AA-4FBD-8905-945767F6A003}C:\users\fab\desktop\ibot neuesaktu\ibot.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\ibot neuesaktu\ibot.exe | "UDP Query User{46FC53D3-94F7-44BC-A6FB-CF2DF93B2687}C:\users\fab\desktop\ibot1.19neustemomen\ibot.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\ibot1.19neustemomen\ibot.exe | "UDP Query User{47EBB217-68F8-4A6E-ADB4-F104569E08EF}C:\programdata\battle.net\agent\agent.515\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | "UDP Query User{4C57B7D2-E759-46FC-A269-8366FA072B54}C:\users\fab\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\fab\appdata\local\akamai\netsession_win.exe | "UDP Query User{583D3BC1-DED6-4724-B647-01D4237DA918}C:\users\fab\desktop\sro_l7_full_client_downloader.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\sro_l7_full_client_downloader.exe | "UDP Query User{5A5D7C04-C593-425F-A1CA-B7B7A8E77900}C:\program files (x86)\kobi snir\crazypc server\crazypcserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kobi snir\crazypc server\crazypcserver.exe | "UDP Query User{5AD7CE38-FDB9-491F-94A4-8115B9C1FA54}C:\users\fab\desktop\ibot1.1.41\ibot.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\ibot1.1.41\ibot.exe | "UDP Query User{6D130F13-9607-4588-81A8-EE963CA79A52}C:\users\fab\desktop\nesuetrdolphin 2012\dolphin.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\nesuetrdolphin 2012\dolphin.exe | "UDP Query User{73CA9FC0-97BF-4DE2-B87C-CF951C63A6B2}C:\program files (x86)\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip infium\infium.exe | "UDP Query User{75E6717A-00FC-4E60-A894-E659AB4DD2F5}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | "UDP Query User{7DEFCA12-A216-44B1-964C-688C60D81A0E}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe | "UDP Query User{8F01742C-B5E9-4F1F-ABEA-A9AAF657A749}C:\users\fab\desktop\agbot.package\nuconnector1.3.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\agbot.package\nuconnector1.3.exe | "UDP Query User{90BBCE7C-65DB-4D67-8015-504CF4660BAD}C:\windows\syswow64\recvmessage.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\recvmessage.exe | "UDP Query User{99B5D779-0EB7-41F3-9622-F0D73971349A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{9E97F6CC-26DA-4AD2-886B-E2F87F1516BD}C:\users\fab\desktop\remotevolumecontrol.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\remotevolumecontrol.exe | "UDP Query User{A6F5E34F-B467-4740-985B-43525ADB877E}C:\users\fab\downloads\neuer\4vendeta diablo 3 beta - 8815\diablo iii.exe" = protocol=17 | dir=in | app=c:\users\fab\downloads\neuer\4vendeta diablo 3 beta - 8815\diablo iii.exe | "UDP Query User{A973F2B1-824F-4871-BA58-A50267AEBEE6}C:\windows\syswow64\recvmessage.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\recvmessage.exe | "UDP Query User{AF1FF237-AA74-4520-BBD7-50B5E097D43E}C:\users\fab\desktop\ibot 13\ibot.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\ibot 13\ibot.exe | "UDP Query User{C63538EF-A25B-4C5B-9401-B2327455306B}C:\users\fab\desktop\ibot\ibot.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\ibot\ibot.exe | "UDP Query User{C95F16B5-125A-4EE5-BBEF-3E6663590AC9}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | "UDP Query User{D60028DB-70B4-43B5-BFC9-929BCEF5003E}C:\users\fab\desktop\sro_full_client_downloader_bmt_v8.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\sro_full_client_downloader_bmt_v8.exe | "UDP Query User{D6E22DED-1CE4-4FFB-94ED-CA4FD9810C77}C:\users\fab\downloads\sro_l8_full_client_downloader.exe" = protocol=17 | dir=in | app=c:\users\fab\downloads\sro_l8_full_client_downloader.exe | "UDP Query User{E0C6DE29-8E54-4221-80F2-F1FE4BA7A969}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{E90F21D2-7515-45C4-B370-131E72C6A784}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe | "UDP Query User{EA06166C-0A6B-4FED-9BD1-12549902A997}C:\users\fab\desktop\ibot1.16\ibot.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\ibot1.16\ibot.exe | "UDP Query User{F51E0B3D-303E-46C9-AC75-D002C5A06D98}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "UDP Query User{F6E293D4-D798-404D-9331-17F2D59A5037}C:\users\fab\appdata\local\temp\7zoe09b.tmp\nuconnector9.18.15779.exe" = protocol=17 | dir=in | app=c:\users\fab\appdata\local\temp\7zoe09b.tmp\nuconnector9.18.15779.exe | "UDP Query User{FCF14D18-C50A-4D07-9970-BDCF60C14EF2}C:\users\fab\appdata\local\temp\7zo9261.tmp\remotevolumecontrol.exe" = protocol=17 | dir=in | app=c:\users\fab\appdata\local\temp\7zo9261.tmp\remotevolumecontrol.exe | "UDP Query User{FEBBA1AD-5FE6-4FA2-AE19-7D5BA80EF5AA}C:\users\fab\desktop\gunblade-dlm.exe" = protocol=17 | dir=in | app=c:\users\fab\desktop\gunblade-dlm.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit) "{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit) "{2BF35D84-6377-4F70-9F39-97CF67E67FFF}" = Microsoft IntelliPoint 8.0 "{2D58E228-ACD8-0B8A-E1FF-D3F7020DA30F}" = AMD Media Foundation Decoders "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 7.00 "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{936D0DCE-9C2A-7D4C-0E96-7D5B40206DD1}" = AMD Fuel "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{A71060CF-81D0-EC17-2252-78CA0E96CCCF}" = AMD Drag and Drop Transcoding "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{CB500A52-1B84-CA65-BB07-D092FCE39E42}" = ccc-utility64 "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FCAB9F73-BF5D-4E3D-92E7-B0F35C568F20}" = Microsoft Security Client DE-DE Language Pack "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "TeamSpeak 3 Client" = TeamSpeak 3 Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05B2AAA8-F30A-163D-76E4-9E618DBDAFB1}" = Catalyst Control Center InstallProxy "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{116204F9-CEE4-F29F-0CF1-7ACF6EC32E29}" = CCC Help Hungarian "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32 "{2D0B367F-6BB2-73E2-2D9A-19EFF005A655}" = CCC Help Russian "{3528E965-4F0A-C0C7-B99C-920B7FE594E6}" = CCC Help Greek "{3671991B-E558-8A57-BBBF-D9C56B6F6AE4}" = CCC Help English "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = AMD VISION Engine Control Center "{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01 "{41B8D9C5-4DBB-D539-7FFA-8D83CB91A53B}" = CCC Help Portuguese "{41D168A3-E94D-8F9B-4B7B-41B1AEBE75D2}" = CCC Help French "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0120.1 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.1027.1 "{5DE096E8-BCBB-33B1-832C-E602DA635B36}" = CCC Help Finnish "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{689556B2-BA08-6F09-EAFE-EA361F1742E4}" = CCC Help Chinese Standard "{6AEDB189-219A-6326-493E-AECC88AA99AA}" = CCC Help Japanese "{6D9C043E-0EB7-6F70-D981-1787F65C4D71}" = CCC Help Danish "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74E9DD22-03B1-DE37-C677-4796ACECE6A7}" = CCC Help German "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7915B2E6-DBFA-5BFA-3FD3-726E704CFC94}" = CCC Help Turkish "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{817B97FF-3CB7-8F10-1832-0890DCDD0526}" = CCC Help Czech "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D003D65-EF1F-03DD-EE3F-AB7753C3A9F0}" = CCC Help Chinese Traditional "{9D5A41F8-E603-4403-5E9D-694A9DE49145}" = CCC Help Dutch "{A9947AC7-4FBD-301C-811D-4CA821D8CA03}" = CCC Help Thai "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC568900-82E7-99FF-6C46-E899F9950D17}" = CCC Help Italian "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.04 "{B405F81D-3AB8-A7FA-BDDA-BF226815DE28}" = CCC Help Spanish "{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3 "{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All "{C9EAEE6B-741F-421D-B9CE-9FA300DA92AD}_is1" = Super Mario Bros. X version 1.3 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CE96B998-6333-5ADD-F184-6069F7A99F01}" = CCC Help Swedish "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DE18A8A8-7AE2-867F-3911-FA8F1C021B51}" = CCC Help Korean "{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common "{E4431953-0C3A-75AF-CCC3-2DF9C0827932}" = CCC Help Norwegian "{E76FCE6B-9999-4250-8C75-B2DA4AD41268}" = Face_Wizard B08.0908.01 "{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F308B531-AB20-4A79-8F5E-83071FE5BE60}" = Q-Share Ver.1.2 "{F34EE6D2-9356-4294-B3B3-AE04428C8C43}_is1" = Remote Mouse version 1.09 "{F485E43D-18B1-4B40-AF4B-EDA78E91DA80}" = Dolby Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA4BF139-4D09-462E-B4AF-E89C640224C0}" = Quake Live Internet Explorer Plugin "{FB3D338C-2717-9B6E-D7A3-4407AC192B26}" = CCC Help Polish "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "AC3Filter_is1" = AC3Filter 1.63b "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "DAEMON Tools Lite" = DAEMON Tools Lite "DiskAid_is1" = DiskAid 5.08 "DivX Setup" = DivX-Setup "DriverCD" = DriverCD "Eden Eternal" = Eden Eternal "FastStone Image Viewer" = FastStone Image Viewer 4.6 "Free YouTube Download_is1" = Free YouTube Download version 3.0.17.1117 "G.O.M" = G.O.M "Guild Wars" = GUILD WARS "InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0120.1 "InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.1027.1 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de) "Opera 12.00.1467" = Opera 12.00 "paw·ned²" = paw·ned² v1.3 "PunkBusterSvc" = PunkBuster Services "Silkroad" = Silkroad "Steam App 10" = Counter-Strike "Steam App 113400" = APB Reloaded "Steam App 200210" = Realm of the Mad God "Steam App 440" = Team Fortress 2 "Steam App 630" = Alien Swarm "Steam App 99900" = Spiral Knights "TeamSpeak 3 Client" = TeamSpeak 3 Client "TeamViewer 7" = TeamViewer 7 "TweakNow RegCleaner 2011_is1" = TweakNow RegCleaner 2011 "uTorrent" = µTorrent "VLC media player" = VLC media player 1.0.1 "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "QIP Infium" = QIP Infium 3.0.9042 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 06.06.2012 06:18:29 | Computer Name = FAB | Source = EvntAgnt | ID = 3005 Description = Fehler beim Setzen der Position an das Ende der Protokolldatei -- Suche nach Protokollende ist fehlgeschlagen. Als Handle wurde 24248456 angegeben. Der Rückgabecode von ReadEventLog ist 8. Error - 06.06.2012 06:18:29 | Computer Name = FAB | Source = EvntAgnt | ID = 3005 Description = Fehler beim Setzen der Position an das Ende der Protokolldatei -- Suche nach Protokollende ist fehlgeschlagen. Als Handle wurde 24248472 angegeben. Der Rückgabecode von ReadEventLog ist 8. Error - 06.06.2012 06:18:29 | Computer Name = FAB | Source = EvntAgnt | ID = 3005 Description = Fehler beim Setzen der Position an das Ende der Protokolldatei -- Suche nach Protokollende ist fehlgeschlagen. Als Handle wurde 24248344 angegeben. Der Rückgabecode von ReadEventLog ist 8. Error - 15.06.2012 13:31:58 | Computer Name = FAB | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: app.n3app, Version: 0.0.0.0, Zeitstempel: 0x4fd8b9f9 Name des fehlerhaften Moduls: app.n3app, Version: 0.0.0.0, Zeitstempel: 0x4fd8b9f9 Ausnahmecode: 0x40000015 Fehleroffset: 0x005dff0a ID des fehlerhaften Prozesses: 0x11f4 Startzeit der fehlerhaften Anwendung: 0x01cd4b1b62acf8e7 Pfad der fehlerhaften Anwendung: C:\Users\Fab\AppData\Local\Temp\DSOClient\app.n3app Pfad des fehlerhaften Moduls: C:\Users\Fab\AppData\Local\Temp\DSOClient\app.n3app Berichtskennung: 01b8d1a8-b710-11e1-9120-00241d2232b9 Error - 17.06.2012 21:45:59 | Computer Name = FAB | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel: 0x4fd10b64 Name des fehlerhaften Moduls: client.dll, Version: 0.0.0.0, Zeitstempel: 0x4fd10cda Ausnahmecode: 0xc0000005 Fehleroffset: 0x00425cd2 ID des fehlerhaften Prozesses: 0x13bc Startzeit der fehlerhaften Anwendung: 0x01cd4cee65b87207 Pfad der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe Pfad des fehlerhaften Moduls: c:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\tf\bin\client.dll Berichtskennung: 5a1a16ed-b8e7-11e1-a634-00241d2232b9 Error - 18.06.2012 14:47:42 | Computer Name = FAB | Source = Application Hang | ID = 1002 Description = Programm UNKNOWN, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: dd8 Startzeit: 01cd4d7fb4c985b9 Endzeit: 920 Anwendungspfad: UNKNOWN Berichts-ID: 0fa1d30a-b976-11e1-a634-00241d2232b9 Error - 18.06.2012 15:11:53 | Computer Name = FAB | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel: 0x4fd10b64 Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4fd10baa Ausnahmecode: 0xc0000005 Fehleroffset: 0x6a2de3c9 ID des fehlerhaften Prozesses: 0x1710 Startzeit der fehlerhaften Anwendung: 0x01cd4d82000e2711 Pfad der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe Pfad des fehlerhaften Moduls: filesystem_steam.dll Berichtskennung: 76078f3c-b979-11e1-a634-00241d2232b9 Error - 18.06.2012 16:05:58 | Computer Name = FAB | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel: 0x4fd10b64 Name des fehlerhaften Moduls: client.dll, Version: 0.0.0.0, Zeitstempel: 0x4fd10cda Ausnahmecode: 0xc0000005 Fehleroffset: 0x00425cd2 ID des fehlerhaften Prozesses: 0x11cc Startzeit der fehlerhaften Anwendung: 0x01cd4d868cd2cff2 Pfad der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe Pfad des fehlerhaften Moduls: c:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\tf\bin\client.dll Berichtskennung: 044e84d4-b981-11e1-a634-00241d2232b9 Error - 18.06.2012 16:58:50 | Computer Name = FAB | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel: 0x4fd10b64 Name des fehlerhaften Moduls: QuickTime.qts, Version: 7.71.80.42, Zeitstempel: 0x4ea5d656 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001ae14 ID des fehlerhaften Prozesses: 0xe7c Startzeit der fehlerhaften Anwendung: 0x01cd4d9523bd6df7 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Steam\steamapps\fabiggen\team fortress 2\hl2.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.qts Berichtskennung: 676c3506-b988-11e1-8e46-00241d2232b9 Error - 18.06.2012 18:29:23 | Computer Name = FAB | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel: 0x4fd10b64 Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4fd10baa Ausnahmecode: 0xc0000005 Fehleroffset: 0x67e3e3c9 ID des fehlerhaften Prozesses: 0x130c Startzeit der fehlerhaften Anwendung: 0x01cd4da0da41c80e Pfad der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\fabiggen\team fortress 2\hl2.exe Pfad des fehlerhaften Moduls: filesystem_steam.dll Berichtskennung: 0d38cf2c-b995-11e1-8e46-00241d2232b9 [ System Events ] Error - 19.06.2012 08:35:23 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Fehler beim Lesen der Datei für lokale Hosts. Error - 19.06.2012 08:36:17 | Computer Name = FAB | Source = SNMP | ID = 16713180 Description = Beim Zugreifen auf den Registrierungsschlüssel SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration ist ein Fehler aufgetreten. Error - 19.06.2012 08:36:17 | Computer Name = FAB | Source = Microsoft-Windows-TaskScheduler | ID = 413 Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147549183. Error - 19.06.2012 08:36:17 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Fehler beim Lesen der Datei für lokale Hosts. Error - 19.06.2012 08:36:22 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Fehler beim Lesen der Datei für lokale Hosts. Error - 19.06.2012 08:36:39 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Fehler beim Lesen der Datei für lokale Hosts. Error - 19.06.2012 08:37:06 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Fehler beim Lesen der Datei für lokale Hosts. Error - 19.06.2012 08:37:06 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Fehler beim Lesen der Datei für lokale Hosts. Error - 19.06.2012 09:12:02 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Fehler beim Lesen der Datei für lokale Hosts. Error - 19.06.2012 09:12:23 | Computer Name = FAB | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Fehler beim Lesen der Datei für lokale Hosts. < End of report > Hijackthis LOG: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:43:39, on 19.06.2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe C:\Program Files (x86)\Opera\opera.exe C:\Users\Fab\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.klassikradio.de/liveplayer.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Fab\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: Internet Explorer.lnk = C:\Program Files (x86)\Internet Explorer\iexplore.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COM Service - Unknown owner - C:\Program Files (x86)\GIGABYTE\G.O.M\GCSVR.EXE O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9380 bytes Super Anti Spyware Logs: SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 06/21/2012 at 12:56 PM Application Version : 5.1.1002 Core Rules Database Version : 8761 Trace Rules Database Version: 6573 Scan type : Complete Scan Total Scan Time : 00:10:25 Operating System Information Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601) UAC Off - Administrator Memory items scanned : 839 Memory threats detected : 0 Registry items scanned : 66166 Registry threats detected : 0 File items scanned : 9540 File threats detected : 13 Adware.Tracking Cookie C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\X0KWUPYL.txt [ /adtech.de ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\R5B0WU9L.txt [ /ads.creative-serving.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\J0Q9W314.txt [ /doubleclick.net ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\IAFDSU0E.txt [ /nextag.de ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\DGTR8UQJ.txt [ /overture.com ] C:\USERS\FAB\Cookies\X0KWUPYL.txt [ Cookie:fab@adtech.de/ ] C:\USERS\FAB\Cookies\J0Q9W314.txt [ Cookie:fab@doubleclick.net/ ] C:\USERS\FAB\Cookies\IAFDSU0E.txt [ Cookie:fab@nextag.de/ ] C:\USERS\FAB\Cookies\DGTR8UQJ.txt [ Cookie:fab@overture.com/ ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\BPZ7AME3.txt [ /find.safeseeking.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\HAA0QI0W.txt [ /click.get-answers-fast.com ] C:\USERS\FAB\Cookies\BPZ7AME3.txt [ Cookie:fab@find.safeseeking.com/ ] C:\USERS\FAB\Cookies\HAA0QI0W.txt [ Cookie:fab@click.get-answers-fast.com/ads-clicktrack/click/ ] NR 2 SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 06/21/2012 at 03:42 AM Application Version : 5.1.1002 Core Rules Database Version : 8761 Trace Rules Database Version: 6573 Scan type : Complete Scan Total Scan Time : 01:11:16 Operating System Information Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601) UAC Off - Administrator Memory items scanned : 887 Memory threats detected : 0 Registry items scanned : 66312 Registry threats detected : 0 File items scanned : 97496 File threats detected : 17 Adware.Tracking Cookie C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\BENLAHXH.txt [ /unitymedia.de ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\OSUXMJNC.txt [ /tracking.quisma.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\KPKOF9KE.txt [ /ad.yieldmanager.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\2X2JB7N1.txt [ /adtech.de ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\9VOJXJAA.txt [ /adfarm1.adition.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\1PD7DNRT.txt [ /doubleclick.net ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\XPMCY3CS.txt [ /xml.trafficno.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\6FMFEULI.txt [ /overture.com ] C:\USERS\FAB\Cookies\BENLAHXH.txt [ Cookie:fab@unitymedia.de/ ] C:\USERS\FAB\Cookies\OSUXMJNC.txt [ Cookie:fab@tracking.quisma.com/ ] C:\USERS\FAB\Cookies\2X2JB7N1.txt [ Cookie:fab@adtech.de/ ] C:\USERS\FAB\Cookies\1PD7DNRT.txt [ Cookie:fab@doubleclick.net/ ] C:\USERS\FAB\Cookies\6FMFEULI.txt [ Cookie:fab@overture.com/ ] PUP.MyWebSearch C:\USERS\FAB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01U5W93L\api[2].htm [ cache:mywebsearch.com ] C:\USERS\FAB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01U5W93L\api[3].htm [ cache:mywebsearch.com ] C:\USERS\FAB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3E27O6YM\api[2].htm [ cache:mywebsearch.com ] C:\USERS\FAB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6UK21F7\api[1].htm [ cache:mywebsearch.com ] Nr 3 SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 06/20/2012 at 04:40 PM Application Version : 5.1.1002 Core Rules Database Version : 8761 Trace Rules Database Version: 6573 Scan type : Custom Scan Total Scan Time : 00:13:20 Operating System Information Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601) UAC Off - Administrator Memory items scanned : 895 Memory threats detected : 0 Registry items scanned : 66282 Registry threats detected : 0 File items scanned : 7427 File threats detected : 42 Adware.Tracking Cookie C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\6PC2B5SS.txt [ /traffictrack.de ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\TYMTHD69.txt [ /ads.bleepingcomputer.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\DD560O3Z.txt [ /mm.chitika.net ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\H5GC1A3D.txt [ /mediaplex.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\4ICSKNBG.txt [ /at.atwola.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\4JDY54JE.txt [ /ru4.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\EBPQXRYF.txt [ /kaspersky.122.2o7.net ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\HMT1VKCJ.txt [ /kontera.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\V75N6P28.txt [ /atdmt.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\LRRS5APJ.txt [ /ad.yieldmanager.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\5ML59VHB.txt [ /lucidmedia.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\RVZWAWZB.txt [ /c.atdmt.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\IUEHJVQ4.txt [ /www.traffictrack.de ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\WQUJ46J7.txt [ /247realmedia.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\3WXSENB5.txt [ /doubleclick.net ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\1OH8RXFV.txt [ /apmebf.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\R1PHNFTF.txt [ /advertising.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\Y5PAYXJH.txt [ /tracking.3gnet.de ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\LVRKYT79.txt [ /serving-sys.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\EPB71HKS.txt [ /adbrite.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\SUXFQZIS.txt [ /www.googleadservices.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\A77HX2ZV.txt [ /invitemedia.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\5EG5BUIH.txt [ /ad.360yield.com ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\5R6XKKH3.txt [ /media6degrees.com ] C:\USERS\FAB\Cookies\6PC2B5SS.txt [ Cookie:fab@traffictrack.de/ ] C:\USERS\FAB\Cookies\H5GC1A3D.txt [ Cookie:fab@mediaplex.com/ ] C:\USERS\FAB\Cookies\4ICSKNBG.txt [ Cookie:fab@at.atwola.com/ ] C:\USERS\FAB\Cookies\4JDY54JE.txt [ Cookie:fab@ru4.com/ ] C:\USERS\FAB\Cookies\EBPQXRYF.txt [ Cookie:fab@kaspersky.122.2o7.net/ ] C:\USERS\FAB\Cookies\HMT1VKCJ.txt [ Cookie:fab@kontera.com/ ] C:\USERS\FAB\Cookies\V75N6P28.txt [ Cookie:fab@atdmt.com/ ] C:\USERS\FAB\Cookies\5ML59VHB.txt [ Cookie:fab@lucidmedia.com/ ] C:\USERS\FAB\Cookies\RVZWAWZB.txt [ Cookie:fab@c.atdmt.com/ ] C:\USERS\FAB\Cookies\IUEHJVQ4.txt [ Cookie:fab@www.traffictrack.de/ ] C:\USERS\FAB\Cookies\WQUJ46J7.txt [ Cookie:fab@247realmedia.com/ ] C:\USERS\FAB\Cookies\3WXSENB5.txt [ Cookie:fab@doubleclick.net/ ] C:\USERS\FAB\Cookies\1OH8RXFV.txt [ Cookie:fab@apmebf.com/ ] C:\USERS\FAB\Cookies\R1PHNFTF.txt [ Cookie:fab@advertising.com/ ] C:\USERS\FAB\Cookies\Y5PAYXJH.txt [ Cookie:fab@tracking.3gnet.de/ ] C:\USERS\FAB\Cookies\LVRKYT79.txt [ Cookie:fab@serving-sys.com/ ] C:\USERS\FAB\Cookies\EPB71HKS.txt [ Cookie:fab@adbrite.com/ ] C:\USERS\FAB\Cookies\A77HX2ZV.txt [ Cookie:fab@invitemedia.com/ ] NR 4 SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 06/20/2012 at 02:48 AM Application Version : 5.1.1002 Core Rules Database Version : 8761 Trace Rules Database Version: 6573 Scan type : Complete Scan Total Scan Time : 01:22:02 Operating System Information Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601) UAC Off - Administrator Memory items scanned : 842 Memory threats detected : 0 Registry items scanned : 66217 Registry threats detected : 0 File items scanned : 95542 File threats detected : 3 Adware.Tracking Cookie C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\QGWPO1R8.txt [ /adtech.de ] C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Cookies\3UTKQ21H.txt [ /adfarm1.adition.com ] C:\USERS\FAB\Cookies\QGWPO1R8.txt [ Cookie:fab@adtech.de/ ] Es tut mir wirklich leid euch mit soviel zu belästigen. Ich glaube ich habe alles falsch gemacht was man überhaupt falschmachen kann... Ich habe nämlich TDSS Killer benutzt und die roten sachen gelöscht war das sehr schlimm? XD ^^ Es wäre nett wenn mir jemand helfen könnte . Geändert von cosinus (24.06.2012 um 18:32 Uhr) Grund: Bild zu Link |
24.06.2012, 18:31 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblocktZitat:
Die Logs von Malwarebytes bitte in Textform posten! So ein riesiges Bild von Malwarebytes ist sinnfrei, die anderen Logs hast du doch auch normal gepostet! Ich mach aus dem riesigen Bild mal nur einen normalen Link.
__________________ |
25.06.2012, 16:23 | #3 |
| Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt Ja die datei war eine exe datei die einen x box 360 controller emulieren sollte habe nur einen speedlink die datei hiess x360ce is aber irrelevant da sie nicht das gewünschte programm war sondern sich nach dem doppelklick in luft auflöste ...
__________________ich habe die datei bei google gesucht dann in google auf einen link geklickt und schon kam der download Ja die Malware logs zeigen alle 0 funde an ... komisch |
25.06.2012, 19:32 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt Du solltest alle Logs von Malwarebytes in Textform posten
__________________ Logfiles bitte immer in CODE-Tags posten |
27.06.2012, 13:21 | #5 |
| Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt Ok Sorry hier sind alle von alt nach neu geordnet und ich sehe grade das im task manager ganz of opera_plugin_wrapper.exe*32 geöffnet ist das war voher nicht der prozess ist mehr als 30 mal geöffnet MBAM LOGS: nr 1 Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Datenbank Version: 6822 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 10.06.2011 04:07:42 mbam-log-2011-06-10 (04-07-42).txt Art des Suchlaufs: Vollständiger Suchlauf (B:\|C:\|) Durchsuchte Objekte: 299117 Laufzeit: 1 Stunde(n), 13 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: c:\Windows\SysWOW64\CML.exe (Backdoor.Agent) -> 852 -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray2 (Backdoor.Agent) -> Value: tray2 -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Windows\SysWOW64\CML.exe (Backdoor.Agent) -> Quarantined and deleted successfully. c:\Windows\System32\CML.exe (Backdoor.Agent) -> Quarantined and deleted successfully. c:\Users\Fab\Desktop\agbot.package\agBot.exe (Trojan.Scar) -> Quarantined and deleted successfully. c:\Users\Fab\Desktop\agbot.package\nuconnector9.26.exe (Trojan.Scar) -> Quarantined and deleted successfully. nr 2 Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8209 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 07.12.2011 18:38:39 mbam-log-2011-12-07 (18-38-39).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 20851 Laufzeit: 18 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Fab\AppData\Local\Temp\0.4891385984227795.exe (Exploit.Drop.2) -> Quarantined and deleted successfully. c:\Users\Fab\AppData\Local\Temp\0.6793807639939748.exe (Exploit.Drop.2) -> Quarantined and deleted successfully. c:\Users\Fab\AppData\Local\Temp\0.840330846978053.exe (Exploit.Drop.2) -> Quarantined and deleted successfully. c:\Users\Fab\AppData\Local\Temp\dwme.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. nr 3 Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8209 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 07.12.2011 21:00:30 mbam-log-2011-12-07 (21-00-30).txt Art des Suchlaufs: Vollständiger Suchlauf (B:\|C:\|) Durchsuchte Objekte: 337375 Laufzeit: 1 Stunde(n), 59 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XbbbF4m5QJ6dE8R8234A (Trojan.FakeAlert.CLGen) -> Value: XbbbF4m5QJ6dE8R8234A -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) nr 4 Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8329 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 07.12.2011 21:23:50 mbam-log-2011-12-07 (21-23-50).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 20637 Laufzeit: 15 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Users\Fab\AppData\Roaming\microsoft\Windows\start menu\Programs\cloud av 2012 (Rogue.CloudAV2012) -> Quarantined and deleted successfully. Infizierte Dateien: c:\Users\Fab\AppData\Roaming\ahst.lni (Malware.Trace) -> Quarantined and deleted successfully. c:\Users\Fab\AppData\Roaming\microsoft\Windows\start menu\Programs\cloud av 2012\cloud av 2012.lnk (Rogue.CloudAV2012) -> Quarantined and deleted successfully. nr 5 Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.20.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Fab :: FAB [Administrator] Schutz: Aktiviert 20.01.2012 17:50:53 mbam-log-2012-01-20 (17-50-53).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 345500 Laufzeit: 1 Stunde(n), 27 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|tray3 (Trojan.Agent) -> Daten: C:\Windows\system32\RecvMessage.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Windows\System32\RecvMessage.exe (Trojan.Agent) -> Löschen bei Neustart. (Ende) nr 6 Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.27.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Fab :: FAB [Administrator] Schutz: Aktiviert 27.02.2012 22:05:23 mbam-log-2012-02-27 (22-05-23).txt Art des Suchlaufs: Benutzerdefinierter Suchlauf Aktivierte Suchlaufeinstellungen: Dateisystem | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | P2P Durchsuchte Objekte: 1 Laufzeit: 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Fab\Downloads\kool_savas__kool_savas__aura__2011_itunes__deluxe_edition___bonus.exe (PUP.BundleInstaller.MG) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) nr 7 Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.19.01 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Fab :: FAB [Administrator] 19.06.2012 02:13:19 mbam-log-2012-06-19 (02-13-19).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 433060 Laufzeit: 1 Stunde(n), 25 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\TDSSKiller_Quarantine\19.06.2012_01.56.59\tdlfs0000\tsk0006.dta (Rootkit.TDSS) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) nr 8 is alles clean Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.20.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Fab :: FAB [Administrator] 22.06.2012 08:47:07 mbam-log-2012-06-22 (08-47-07).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 426910 Laufzeit: 3 Stunde(n), 4 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Geändert von danke (27.06.2012 um 13:27 Uhr) |
28.06.2012, 09:21 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt Führ bitte auch ESET aus, danach sehen wir weiter. Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden. ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Code:
ATTFilter "%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt" Code:
ATTFilter "%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
__________________ --> Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt |
28.06.2012, 21:56 | #7 |
| Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt oh da is wohl was durch java gekommen ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=53251 # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=54bc3c8726ca0140bfc455ac965c2838 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-28 05:03:37 # local_time=2012-06-28 07:03:37 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=5893 16776574 100 94 38945570 92522711 0 0 # compatibility_mode=8192 67108863 100 0 753176 753176 0 0 # scanned=227176 # found=3 # cleaned=0 # scan_time=10157 C:\Users\Fab\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\63353b17-556bb6e2 multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\Fab\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\510abf60-34023288 Java/TrojanDownloader.Agent.NDR trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Fab\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\fd299c9-7fe2b229 multiple threats (unable to clean) 00000000000000000000000000000000 I |
29.06.2012, 12:07 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
29.06.2012, 14:01 | #9 |
| Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.06.2012 14:34:53 - Run 2 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Fab\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 58,98% Memory free 11,90 Gb Paging File | 9,95 Gb Available in Paging File | 83,62% Paging File free Paging file location(s): c:\pagefile.sys 8096 8099 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,79 Gb Total Space | 21,73 Gb Free Space | 9,33% Space Free | Partition Type: NTFS Computer Name: FAB | User Name: Fab | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Fab\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe (Opera Software) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.271\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.271\McCHSvc.exe (McAfee, Inc.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com) SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (usj) -- C:\AeriaGames\EdenEternal\avital\ussjcs64.sys () DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys () DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (AODDriver4.0) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (sj) -- C:\AeriaGames\EdenEternal\sjcs64.sys () DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.klassikradio.de/liveplayer.php IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1B 58 E5 F8 49 05 CD 01 [binary data] IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.9.9.development.4 FF - prefs.js..extensions.enabledItems: langpack-de@firefox.mozilla.org:3.6.1064 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Fab\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Fab\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.12 17:26:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.13 12:44:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.27 14:11:11 | 000,000,000 | ---D | M] [2011.03.29 23:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fab\AppData\Roaming\mozilla\Extensions [2012.02.13 12:43:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fab\AppData\Roaming\mozilla\Firefox\Profiles\jiwpuw59.default\extensions [2012.06.26 16:23:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.04.27 14:11:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [2012.06.26 16:23:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.04.12 17:26:38 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.02.08 22:31:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.08 19:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.08 19:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.08 19:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.08 19:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.08 19:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.08 19:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fab\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Fab\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Fab\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Fab\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Turn Off the Lights = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.81_0\ CHR - Extension: FB Photo Zoom = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1109.26.1_0\ CHR - Extension: AdBlock = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.31_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Fab\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ Hosts file not found O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found O4 - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2128012257-4040431425-2058212726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97E17A54-41E4-4FF1-B193-3EABAC8DBA41}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Fab\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig:64bit - StartUpReg: iCloudServices - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) MsConfig:64bit - State: "bootini" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: 39480465.sys - Driver SafeBootMin:64bit: 95626647.sys - Driver SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com) SafeBootMin: 39480465.sys - Driver SafeBootMin: 95626647.sys - Driver SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: 39480465.sys - Driver SafeBootNet:64bit: 95626647.sys - Driver SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com) SafeBootNet: 39480465.sys - Driver SafeBootNet: 95626647.sys - Driver SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.ac3filter - ac3filter64.acm () Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm () Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.29 14:20:17 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Fab\Desktop\OTL.exe [2012.06.28 06:01:44 | 000,000,000 | ---D | C] -- C:\Users\Fab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drakensang Online [2012.06.28 06:01:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Drakensang Online [2012.06.21 12:57:16 | 002,128,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Fab\Desktop\TDSSKiller.exe [2012.06.21 00:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2012.06.21 00:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012.06.20 04:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2012.06.20 04:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2012.06.20 04:12:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan [2012.06.20 04:12:45 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012.06.20 03:19:37 | 000,000,000 | ---D | C] -- C:\Users\Fab\AppData\Roaming\f-secure [2012.06.20 03:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure [2012.06.20 03:05:50 | 000,000,000 | ---D | C] -- C:\Users\Fab\AppData\Roaming\QuickScan [2012.06.20 03:05:03 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys [2012.06.20 03:04:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security [2012.06.20 02:29:57 | 000,000,000 | ---D | C] -- C:\Users\Fab\Desktop\osam [2012.06.20 01:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.06.20 01:39:33 | 003,862,112 | ---- | C] (Piriform Ltd) -- C:\Users\Fab\Desktop\ccsetup319.exe [2012.06.19 23:12:07 | 000,000,000 | ---D | C] -- C:\Users\Fab\AppData\Roaming\SUPERAntiSpyware.com [2012.06.19 23:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.06.19 23:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.06.19 23:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.06.19 23:11:12 | 017,937,032 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Fab\Desktop\SUPERAntiSpyware.exe [2012.06.19 23:01:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.06.19 22:43:12 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Fab\Desktop\HijackThis.exe [2012.06.19 14:53:29 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Fab\Desktop\aswMBR.exe [2012.06.19 02:12:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.19 02:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.19 01:58:51 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.06.18 23:05:55 | 001,342,120 | ---- | C] (TocaEdit) -- C:\Users\Fab\Desktop\x360ce.exe [2012.06.14 17:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Silkroad [2012.06.14 01:27:52 | 000,000,000 | ---D | C] -- C:\Users\Fab\Desktop\ibot1.1.41 [2012.06.13 02:47:11 | 000,000,000 | ---D | C] -- C:\Users\Fab\Desktop\Agbot.Package [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.29 14:41:31 | 000,027,268 | ---- | M] () -- C:\Windows\SysWow64\jcsball.dat [2012.06.29 14:41:31 | 000,006,355 | ---- | M] () -- C:\Windows\SysWow64\jcsb.new [2012.06.29 14:41:31 | 000,005,224 | ---- | M] () -- C:\Windows\SysWow64\jerror.dat [2012.06.29 14:35:36 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.29 14:35:36 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.29 14:30:31 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\fkykjgjgph.job [2012.06.29 14:30:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.29 14:30:20 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2012.06.29 14:20:17 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Fab\Desktop\OTL.exe [2012.06.28 06:01:44 | 000,001,972 | ---- | M] () -- C:\Users\Fab\Desktop\Drakensang Online.lnk [2012.06.22 08:31:36 | 001,648,860 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.22 08:31:36 | 000,709,428 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.22 08:31:36 | 000,663,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.22 08:31:36 | 000,153,920 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.22 08:31:36 | 000,126,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.22 08:30:28 | 000,094,909 | ---- | M] () -- C:\Users\Fab\Desktop\Zeugnis Fabian Dietrich.pdf [2012.06.22 08:28:42 | 000,000,005 | ---- | M] () -- C:\Users\Fab\AppData\Roaming\mbam.context.scan [2012.06.21 15:57:30 | 000,834,855 | ---- | M] () -- C:\Users\Fab\Desktop\Clipboarder.2012.06.21.png [2012.06.21 12:57:42 | 002,109,806 | ---- | M] () -- C:\Users\Fab\Desktop\tdsskiller.zip [2012.06.21 00:45:53 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.06.21 00:45:43 | 001,669,766 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.21 00:30:46 | 000,294,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.20 21:11:20 | 002,128,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Fab\Desktop\TDSSKiller.exe [2012.06.20 10:44:20 | 005,745,269 | ---- | M] () -- C:\Users\Fab\AppData\Local\census.cache [2012.06.20 10:38:42 | 000,102,417 | ---- | M] () -- C:\Users\Fab\AppData\Local\ars.cache [2012.06.20 05:09:53 | 001,294,411 | ---- | M] () -- C:\Windows\umcat_01.db [2012.06.20 04:13:02 | 000,002,154 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012.06.20 04:13:02 | 000,002,154 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.06.20 03:10:18 | 000,000,036 | ---- | M] () -- C:\Users\Fab\AppData\Local\housecall.guid.cache [2012.06.20 02:29:01 | 004,272,474 | ---- | M] () -- C:\Users\Fab\Desktop\osam_autorun_manager_5_0_portable.rar [2012.06.20 01:56:29 | 000,112,660 | ---- | M] () -- C:\Users\Fab\Documents\cc_20120620_015600.reg [2012.06.20 01:41:22 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.06.20 01:39:34 | 003,862,112 | ---- | M] (Piriform Ltd) -- C:\Users\Fab\Desktop\ccsetup319.exe [2012.06.19 23:11:40 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.06.19 23:11:22 | 017,937,032 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Fab\Desktop\SUPERAntiSpyware.exe [2012.06.19 22:43:15 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Fab\Desktop\HijackThis.exe [2012.06.19 21:40:26 | 000,000,512 | ---- | M] () -- C:\Users\Fab\Desktop\MBR.dat [2012.06.19 14:53:42 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Fab\Desktop\aswMBR.exe [2012.06.19 02:12:50 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.19 00:48:48 | 000,114,688 | RHS- | M] () -- C:\Windows\SysWow64\fdBthk.dll [2012.06.18 23:06:36 | 000,002,900 | ---- | M] () -- C:\Users\Fab\Desktop\x360ce.ini [2012.06.18 22:36:20 | 000,090,733 | ---- | M] () -- C:\Users\Fab\Desktop\xinput_r444_x64.zip [2012.06.18 05:38:00 | 000,000,221 | ---- | M] () -- C:\Users\Fab\Desktop\Spiral Knights.url [2012.06.18 01:29:13 | 000,000,219 | ---- | M] () -- C:\Users\Fab\Desktop\Team Fortress 2.url [2012.06.18 00:11:22 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.06.18 00:11:22 | 000,281,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.06.14 17:59:07 | 000,001,889 | ---- | M] () -- C:\Users\Fab\Desktop\Silkroad.lnk [2012.06.13 03:00:28 | 000,000,661 | ---- | M] () -- C:\Users\Fab\Desktop\nuConnector1.5 - Verknüpfung.lnk [2012.06.13 02:49:57 | 000,001,156 | ---- | M] () -- C:\Users\Fab\Desktop\Silkroad - Verknüpfung (2).lnk [2012.06.13 01:15:24 | 1308,044,538 | ---- | M] () -- C:\Users\Fab\Desktop\SilkroadOnline_GlobalOfficial_v1_365_LEGEND_8.exe [2012.05.30 16:57:32 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.29 14:31:24 | 000,027,266 | ---- | C] () -- C:\Windows\SysWow64\jcsball.dat [2012.06.29 14:31:24 | 000,006,355 | ---- | C] () -- C:\Windows\SysWow64\jcsb.new [2012.06.29 14:31:24 | 000,005,224 | ---- | C] () -- C:\Windows\SysWow64\jerror.dat [2012.06.26 16:10:41 | 000,001,972 | ---- | C] () -- C:\Users\Fab\Desktop\Drakensang Online.lnk [2012.06.22 08:30:28 | 000,094,909 | ---- | C] () -- C:\Users\Fab\Desktop\Zeugnis Fabian Dietrich.pdf [2012.06.22 08:28:42 | 000,000,005 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\mbam.context.scan [2012.06.21 15:57:45 | 000,834,855 | ---- | C] () -- C:\Users\Fab\Desktop\Clipboarder.2012.06.21.png [2012.06.21 00:45:47 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012.06.20 10:44:20 | 005,745,269 | ---- | C] () -- C:\Users\Fab\AppData\Local\census.cache [2012.06.20 10:38:42 | 000,102,417 | ---- | C] () -- C:\Users\Fab\AppData\Local\ars.cache [2012.06.20 05:09:13 | 001,294,411 | ---- | C] () -- C:\Windows\umcat_01.db [2012.06.20 04:13:02 | 000,002,154 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012.06.20 04:12:57 | 000,002,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.06.20 03:10:18 | 000,000,036 | ---- | C] () -- C:\Users\Fab\AppData\Local\housecall.guid.cache [2012.06.20 02:29:01 | 004,272,474 | ---- | C] () -- C:\Users\Fab\Desktop\osam_autorun_manager_5_0_portable.rar [2012.06.20 01:56:20 | 000,112,660 | ---- | C] () -- C:\Users\Fab\Documents\cc_20120620_015600.reg [2012.06.20 01:41:22 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.06.19 23:11:40 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.06.19 21:40:26 | 000,000,512 | ---- | C] () -- C:\Users\Fab\Desktop\MBR.dat [2012.06.19 06:19:42 | 002,109,806 | ---- | C] () -- C:\Users\Fab\Desktop\tdsskiller.zip [2012.06.19 02:12:50 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.19 00:48:49 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\fkykjgjgph.job [2012.06.19 00:48:48 | 000,114,688 | RHS- | C] () -- C:\Windows\SysWow64\fdBthk.dll [2012.06.18 23:15:35 | 000,000,032 | R--- | C] () -- C:\Windows\hash.dat [2012.06.18 23:05:55 | 000,002,900 | ---- | C] () -- C:\Users\Fab\Desktop\x360ce.ini [2012.06.18 22:36:19 | 000,090,733 | ---- | C] () -- C:\Users\Fab\Desktop\xinput_r444_x64.zip [2012.06.18 05:38:00 | 000,000,221 | ---- | C] () -- C:\Users\Fab\Desktop\Spiral Knights.url [2012.06.18 01:29:13 | 000,000,219 | ---- | C] () -- C:\Users\Fab\Desktop\Team Fortress 2.url [2012.06.14 17:59:07 | 000,001,889 | ---- | C] () -- C:\Users\Fab\Desktop\Silkroad.lnk [2012.06.13 03:00:28 | 000,000,661 | ---- | C] () -- C:\Users\Fab\Desktop\nuConnector1.5 - Verknüpfung.lnk [2012.06.13 02:49:57 | 000,001,156 | ---- | C] () -- C:\Users\Fab\Desktop\Silkroad - Verknüpfung (2).lnk [2012.06.12 21:12:42 | 1308,044,538 | ---- | C] () -- C:\Users\Fab\Desktop\SilkroadOnline_GlobalOfficial_v1_365_LEGEND_8.exe [2012.05.01 22:34:45 | 000,007,669 | ---- | C] () -- C:\Users\Fab\AppData\Local\Resmon.ResmonCfg [2012.04.30 13:42:26 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.04.30 13:42:15 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.04.30 11:29:19 | 000,000,342 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\Drives Meter_Settings.ini [2012.04.30 11:10:13 | 000,000,352 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\Network Meter_Settings.ini [2012.04.30 11:08:34 | 000,000,422 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\All CPU Meter_Settings.ini [2012.04.11 00:32:01 | 000,000,091 | ---- | C] () -- C:\Users\Fab\AppData\Local\fusioncache.dat [2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.03.07 09:20:12 | 000,078,083 | ---- | C] () -- C:\Users\Fab\gw profi makro g 13.xml [2012.02.26 23:35:14 | 000,000,406 | ---- | C] () -- C:\Windows\SysWow64\AutoClick.ini [2012.02.13 12:43:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2012.01.28 19:26:51 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI [2011.11.11 20:37:06 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.11.11 20:34:55 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2011.10.24 18:12:17 | 000,040,023 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\UserTile.png [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.07.13 18:48:43 | 000,003,584 | ---- | C] () -- C:\Users\Fab\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.11 23:04:37 | 000,101,096 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011.06.27 22:17:18 | 000,015,119 | ---- | C] () -- C:\Users\Fab\steiger hdm.jpg [2011.06.08 17:14:43 | 000,000,136 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\1.gif [2011.06.08 17:14:39 | 000,000,012 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\ct_start [2011.05.14 20:02:25 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2011.04.02 13:34:40 | 000,000,051 | ---- | C] () -- C:\Users\Fab\AppData\Roaming\.dolphinx64wd [2011.03.29 22:37:47 | 001,669,766 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.29 22:17:35 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2011.03.29 22:15:29 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\usetup.exe [2011.03.29 22:14:27 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\CTray.exe [2011.03.29 22:14:27 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\FlashDLL.dll [2011.03.29 22:14:27 | 000,166,720 | ---- | C] () -- C:\Windows\SysWow64\DrvInfo.dll [2011.03.29 22:14:27 | 000,154,432 | ---- | C] () -- C:\Windows\SysWow64\HwInfo.dll [2011.03.29 22:14:27 | 000,146,240 | ---- | C] () -- C:\Windows\SysWow64\DTInfo.dll [2011.03.29 22:14:27 | 000,133,952 | ---- | C] () -- C:\Windows\SysWow64\HWM.dll [2011.03.29 22:14:27 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\SInfo.dll [2011.03.29 22:14:27 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\Rcontrolagent.dll [2011.03.29 22:14:27 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\CmosDLL.dll [2011.03.29 22:14:27 | 000,117,256 | ---- | C] () -- C:\Windows\SysWow64\ycc.dll [2011.03.29 22:14:27 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\MarkFunDrv.dll [2011.03.29 22:14:27 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\Flash.dll [2011.03.29 22:14:27 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\GMail.dll [2011.03.29 22:14:27 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\RecvMsgDLL.dll [2011.03.29 22:14:27 | 000,101,184 | ---- | C] () -- C:\Windows\SysWow64\COM_ycc.dll [2011.03.29 22:14:27 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\w83781d.dll [2011.03.29 22:14:27 | 000,060,224 | ---- | C] () -- C:\Windows\SysWow64\HUADRV.DLL [2011.03.29 22:14:27 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\FLASHFUN.DLL [2011.03.29 22:14:27 | 000,047,936 | ---- | C] () -- C:\Windows\SysWow64\IOInfo.dll [2011.03.29 22:14:27 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\GSCM2.dll [2011.03.29 22:14:27 | 000,043,840 | ---- | C] () -- C:\Windows\SysWow64\SysConfig.dll [2011.03.29 22:14:27 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\DeviceID.dll [2011.03.29 22:14:27 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\GSCM.dll [2011.03.29 22:14:27 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\HWAgent.dll [2011.03.29 22:14:27 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\GCSVR.exe [2011.03.29 22:14:27 | 000,004,303 | ---- | C] () -- C:\Windows\SysWow64\Mem.dat [2011.03.29 22:14:27 | 000,000,660 | ---- | C] () -- C:\Windows\SysWow64\Cmos.dat [2011.03.29 22:00:28 | 000,203,328 | ---- | C] () -- C:\Windows\GSetup.exe [2011.03.29 22:00:28 | 000,000,027 | ---- | C] () -- C:\Windows\GSetup.ini [2011.03.29 16:38:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2011.12.06 21:50:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\AeellIBtt [2012.05.22 00:03:13 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Aeria Games & Entertainment [2012.02.13 12:28:17 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\bsnes [2012.02.29 03:56:57 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 [2011.12.06 21:50:08 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\cUCCeekIBrzONx0 [2012.05.14 03:53:28 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\D21E0 [2012.06.20 01:50:48 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DAEMON Tools Lite [2011.12.30 03:22:19 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DiskAid [2011.11.22 19:27:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DVDVideoSoft [2011.11.22 19:26:52 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DVDVideoSoftIEHelpers [2011.12.18 20:43:18 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\edxLabs [2012.06.20 03:19:37 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\f-secure [2012.02.27 18:38:25 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\GetRightToGo [2011.12.07 19:36:43 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\HaaaQH66sW7fE9 [2012.05.10 02:15:02 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\ICQ [2011.12.06 21:50:13 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\KYYCCekkIVzON [2012.04.08 22:54:23 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Need for Speed World [2011.08.16 19:44:01 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\OpenOffice.org [2011.06.30 20:22:09 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Opera [2011.12.06 21:50:15 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\oYCCwwkUVrlOtx0 [2011.03.29 22:50:09 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\QIP [2012.06.20 03:05:54 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\QuickScan [2011.12.07 18:36:12 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\rKfL9hTXjCkBzNA [2012.04.30 15:06:43 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\RotMG.Production [2011.12.06 22:03:17 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TeamViewer [2012.06.20 01:50:47 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TS3Client [2011.12.14 18:29:08 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TweakNow RegCleaner 2011 [2011.12.06 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\uNcuDoFpGQ6KR9X [2012.06.20 01:50:48 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\uTorrent [2011.12.07 18:36:11 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\VASb3maJd [2011.12.06 21:50:24 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\vIzyvFmaJdfhj [2012.06.29 14:30:31 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\fkykjgjgph.job [2012.05.28 14:49:49 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.02.29 03:56:01 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Adobe [2011.12.06 21:50:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\AeellIBtt [2012.05.22 00:03:13 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Aeria Games & Entertainment [2012.04.29 13:22:26 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Apple Computer [2011.03.29 22:20:24 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\ATI [2012.02.13 12:28:17 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\bsnes [2012.02.29 03:56:57 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 [2011.12.06 21:50:08 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\cUCCeekIBrzONx0 [2012.05.14 03:53:28 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\D21E0 [2012.06.20 01:50:48 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DAEMON Tools Lite [2011.12.30 03:22:19 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DiskAid [2011.04.14 20:27:24 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DivX [2011.11.22 19:27:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DVDVideoSoft [2011.11.22 19:26:52 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\DVDVideoSoftIEHelpers [2011.12.18 20:43:18 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\edxLabs [2012.06.20 03:19:37 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\f-secure [2011.10.19 17:37:29 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\FastStone [2012.02.27 18:38:25 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\GetRightToGo [2011.12.07 19:36:43 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\HaaaQH66sW7fE9 [2012.05.10 02:15:02 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\ICQ [2011.03.29 21:31:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Identities [2011.12.06 21:50:13 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\KYYCCekkIVzON [2011.03.29 22:29:14 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Macromedia [2011.06.09 23:52:05 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Malwarebytes [2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Media Center Programs [2012.04.27 12:41:46 | 000,000,000 | --SD | M] -- C:\Users\Fab\AppData\Roaming\Microsoft [2012.04.12 01:49:35 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Mozilla [2012.04.08 22:54:23 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Need for Speed World [2011.08.16 19:44:01 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\OpenOffice.org [2011.06.30 20:22:09 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Opera [2011.12.06 21:50:15 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\oYCCwwkUVrlOtx0 [2011.03.29 22:50:09 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\QIP [2012.06.20 03:05:54 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\QuickScan [2011.12.07 18:36:12 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\rKfL9hTXjCkBzNA [2012.04.30 15:06:43 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\RotMG.Production [2012.06.19 23:12:07 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\SUPERAntiSpyware.com [2011.06.24 20:45:51 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\teamspeak2 [2011.12.06 22:03:17 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TeamViewer [2012.06.20 01:50:47 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TS3Client [2011.12.14 18:29:08 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\TweakNow RegCleaner 2011 [2011.12.06 21:50:21 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\uNcuDoFpGQ6KR9X [2012.06.20 01:50:48 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\uTorrent [2011.12.07 18:36:11 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\VASb3maJd [2012.06.20 01:50:48 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\Ventrilo [2011.12.06 21:50:24 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\vIzyvFmaJdfhj [2011.12.29 02:39:23 | 000,000,000 | ---D | M] -- C:\Users\Fab\AppData\Roaming\vlc < %APPDATA%\*.exe /s > [2012.02.29 03:55:51 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Fab\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2012.02.29 03:55:46 | 015,160,720 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Fab\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe [2011.09.02 20:25:21 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Fab\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe [2011.09.02 20:25:21 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Fab\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe [2011.09.02 20:25:21 | 000,008,854 | R--- | M] () -- C:\Users\Fab\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: AHCIX86.SYS > [2008.05.27 07:55:48 | 000,174,600 | ---- | M] (AMD Technologies Inc.) MD5=15DA079FF09BE5FA6602041EE286DE80 -- C:\Users\Fab\Desktop\Usb stick alles\driver\Chipset\7-Ser\XP\SBDrv\RAID7xx\x86\ahcix86.sys [2008.05.27 07:55:48 | 000,174,600 | ---- | M] (AMD Technologies Inc.) MD5=15DA079FF09BE5FA6602041EE286DE80 -- C:\Users\Fab\ZZZZZZ\Chipset\7-Ser\XP\SBDrv\RAID7xx\x86\ahcix86.sys [2007.08.08 03:54:32 | 000,123,392 | ---- | M] (Promise Technology, Inc.) MD5=DDD2E4A9AA3A57C510962B862663A3B6 -- C:\Users\Fab\Desktop\Usb stick alles\driver\Chipset\RD790\XP2K\SBDrv\RAID\x86\ahcix86.sys [2007.08.08 03:54:32 | 000,123,392 | ---- | M] (Promise Technology, Inc.) MD5=DDD2E4A9AA3A57C510962B862663A3B6 -- C:\Users\Fab\ZZZZZZ\Chipset\RD790\XP2K\SBDrv\RAID\x86\ahcix86.sys < MD5 for: AHCIX86S.SYS > [2007.08.08 03:55:08 | 000,122,880 | ---- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\Users\Fab\Desktop\Usb stick alles\driver\Chipset\RD790\Vista\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys [2007.08.08 03:55:08 | 000,122,880 | ---- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\Users\Fab\ZZZZZZ\Chipset\RD790\Vista\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys [2008.05.27 07:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Users\Fab\Desktop\Usb stick alles\driver\BootDrv\SB750V\LH\ahcix86s.sys [2008.05.27 07:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Users\Fab\Desktop\Usb stick alles\driver\Chipset\7-Ser\Vista\RAID\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys [2008.05.27 07:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Users\Fab\ZZZZZZ\BootDrv\SB750V\LH\ahcix86s.sys [2008.05.27 07:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Users\Fab\ZZZZZZ\Chipset\7-Ser\Vista\RAID\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2012.06.19 00:48:48 | 000,114,688 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\system32\fdBthk.dll [2010.11.20 14:21:37 | 011,410,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wmp.dll < > < End of report > [/code] |
29.06.2012, 14:37 | #10 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblocktZitat:
Bitte nicht wild und v.a. nicht ohne Absprache alles einfach an Tools ausprobieren, du machst es dadurch nur noch schlimmer!
__________________ Logfiles bitte immer in CODE-Tags posten |
29.06.2012, 15:32 | #11 |
| Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt wie finde ich die logs ? und ich werde seit neustem von google bei suche wieder zu google weitergeleitet |
29.06.2012, 23:36 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt Siehste, sowas ist kontraproduktiv. Du spielst mit Tools ohne Anleitung rum ohne zu wissen was du da machst oder die Logs gespeichert sind. Deswegen seh ich das überhaupt nicht gerne wenn solche Spezialtools schon ausgeführt wurden, weil ich eine dafür eine ganz bestimmte defenierte Instruktion zu habe! Das wurde natürlich nicht von mir vorher erwähnt, nur poste ich das als Warnung und Hinweise jetzt für dich und evtl. Mitleser. Ok wollen wir mal weiter machen, die Logs vom TDSS-Killer sind direkt auf C: Bitte alles posten
__________________ Logfiles bitte immer in CODE-Tags posten |
30.06.2012, 04:54 | #13 |
| Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt Hallo, Ich Entschuldige mich wegen dem rumgedocktore aber nachdem ich hier angemeldet war habe ich nichtmehr rumgedocktort. Ich habe die logs als anhang beigefügt da es sonst viel zu viele zeichen sind Sorry. |
01.07.2012, 15:19 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt Sehr unübersichtlich, zudem hast du da leider ziemlich ohne echten Sinn und Verstand da drauflosgefixt Bitte ein neues Log (im normalen Windows-Modus) mit dem TDSS-Killer machen und posten, lade das Tool bitte neu runter damit du wirklich eine aktuelle Version verwendest Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
01.07.2012, 18:38 | #15 |
| Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblocktCode:
ATTFilter 19:35:33.0408 2972 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22 19:35:33.0447 2972 ============================================================ 19:35:33.0447 2972 Current date / time: 2012/07/01 19:35:33.0447 19:35:33.0447 2972 SystemInfo: 19:35:33.0447 2972 19:35:33.0447 2972 OS Version: 6.1.7601 ServicePack: 1.0 19:35:33.0447 2972 Product type: Workstation 19:35:33.0447 2972 ComputerName: FAB 19:35:33.0447 2972 UserName: Fab 19:35:33.0447 2972 Windows directory: C:\Windows 19:35:33.0447 2972 System windows directory: C:\Windows 19:35:33.0447 2972 Running under WOW64 19:35:33.0447 2972 Processor architecture: Intel x64 19:35:33.0447 2972 Number of processors: 2 19:35:33.0447 2972 Page size: 0x1000 19:35:33.0447 2972 Boot type: Normal boot 19:35:33.0447 2972 ============================================================ 19:35:34.0345 2972 Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040 19:35:34.0353 2972 Drive \Device\Harddisk1\DR1 - Size: 0x3C3D12000 (15.06 Gb), SectorSize: 0x200, Cylinders: 0x7AD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 19:35:34.0361 2972 Drive \Device\Harddisk2\DR2 - Size: 0x3E800000 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x7F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 19:35:34.0370 2972 ============================================================ 19:35:34.0370 2972 \Device\Harddisk0\DR0: 19:35:34.0378 2972 MBR partitions: 19:35:34.0378 2972 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 19:35:34.0378 2972 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192000 19:35:34.0378 2972 \Device\Harddisk1\DR1: 19:35:34.0379 2972 MBR partitions: 19:35:34.0379 2972 \Device\Harddisk2\DR2: 19:35:34.0380 2972 MBR partitions: 19:35:34.0380 2972 ============================================================ 19:35:34.0412 2972 C: <-> \Device\Harddisk0\DR0\Partition1 19:35:34.0420 2972 B: <-> \Device\Harddisk0\DR0\Partition0 19:35:34.0420 2972 ============================================================ 19:35:34.0420 2972 Initialize success 19:35:34.0420 2972 ============================================================ 19:35:49.0271 1588 ============================================================ 19:35:49.0271 1588 Scan started 19:35:49.0271 1588 Mode: Manual; SigCheck; TDLFS; 19:35:49.0271 1588 ============================================================ 19:35:49.0579 1588 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE 19:35:49.0707 1588 !SASCORE - ok 19:35:50.0129 1588 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 19:35:50.0177 1588 1394ohci - ok 19:35:50.0229 1588 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 19:35:50.0250 1588 ACPI - ok 19:35:50.0270 1588 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 19:35:50.0326 1588 AcpiPmi - ok 19:35:50.0445 1588 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 19:35:50.0461 1588 AdobeARMservice - ok 19:35:50.0512 1588 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 19:35:50.0540 1588 adp94xx - ok 19:35:50.0580 1588 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 19:35:50.0602 1588 adpahci - ok 19:35:50.0619 1588 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 19:35:50.0634 1588 adpu320 - ok 19:35:50.0675 1588 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 19:35:50.0772 1588 AeLookupSvc - ok 19:35:50.0840 1588 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 19:35:50.0906 1588 AFD - ok 19:35:50.0966 1588 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 19:35:50.0978 1588 agp440 - ok 19:35:51.0001 1588 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 19:35:51.0060 1588 ALG - ok 19:35:51.0084 1588 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 19:35:51.0095 1588 aliide - ok 19:35:51.0149 1588 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe 19:35:51.0288 1588 AMD External Events Utility - ok 19:35:51.0383 1588 AMD FUEL Service - ok 19:35:51.0432 1588 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 19:35:51.0443 1588 amdide - ok 19:35:51.0472 1588 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys 19:35:51.0924 1588 amdiox64 - ok 19:35:52.0192 1588 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 19:35:52.0210 1588 AmdK8 - ok 19:35:52.0584 1588 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys 19:35:52.0877 1588 amdkmdag - ok 19:35:53.0007 1588 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys 19:35:53.0039 1588 amdkmdap - ok 19:35:53.0055 1588 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 19:35:53.0070 1588 AmdPPM - ok 19:35:53.0129 1588 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 19:35:53.0156 1588 amdsata - ok 19:35:53.0185 1588 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 19:35:53.0210 1588 amdsbs - ok 19:35:53.0251 1588 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 19:35:53.0261 1588 amdxata - ok 19:35:53.0373 1588 AODDriver4.0 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys 19:35:53.0388 1588 AODDriver4.0 - ok 19:35:53.0447 1588 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 19:35:53.0713 1588 AppID - ok 19:35:53.0731 1588 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 19:35:53.0767 1588 AppIDSvc - ok 19:35:53.0827 1588 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 19:35:53.0861 1588 Appinfo - ok 19:35:53.0976 1588 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 19:35:53.0993 1588 Apple Mobile Device - ok 19:35:54.0030 1588 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll 19:35:54.0090 1588 AppMgmt - ok 19:35:54.0125 1588 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 19:35:54.0142 1588 arc - ok 19:35:54.0159 1588 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 19:35:54.0176 1588 arcsas - ok 19:35:54.0313 1588 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 19:35:54.0351 1588 aspnet_state - ok 19:35:54.0376 1588 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 19:35:54.0410 1588 AsyncMac - ok 19:35:54.0454 1588 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 19:35:54.0464 1588 atapi - ok 19:35:55.0075 1588 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys 19:35:55.0200 1588 atikmdag - ok 19:35:55.0336 1588 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 19:35:55.0385 1588 AudioEndpointBuilder - ok 19:35:55.0391 1588 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 19:35:55.0426 1588 AudioSrv - ok 19:35:55.0483 1588 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 19:35:55.0570 1588 AxInstSV - ok 19:35:55.0644 1588 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 19:35:55.0690 1588 b06bdrv - ok 19:35:55.0726 1588 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 19:35:55.0750 1588 b57nd60a - ok 19:35:55.0807 1588 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 19:35:55.0837 1588 BDESVC - ok 19:35:55.0880 1588 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 19:35:55.0926 1588 Beep - ok 19:35:56.0010 1588 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 19:35:56.0054 1588 BFE - ok 19:35:56.0123 1588 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 19:35:56.0218 1588 BITS - ok 19:35:56.0267 1588 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 19:35:56.0305 1588 blbdrive - ok 19:35:56.0415 1588 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 19:35:56.0438 1588 Bonjour Service - ok 19:35:56.0495 1588 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 19:35:56.0531 1588 bowser - ok 19:35:56.0551 1588 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 19:35:56.0568 1588 BrFiltLo - ok 19:35:56.0592 1588 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 19:35:56.0605 1588 BrFiltUp - ok 19:35:56.0655 1588 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 19:35:56.0723 1588 Browser - ok 19:35:56.0771 1588 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 19:35:56.0806 1588 Brserid - ok 19:35:56.0818 1588 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 19:35:56.0863 1588 BrSerWdm - ok 19:35:56.0886 1588 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 19:35:56.0901 1588 BrUsbMdm - ok 19:35:56.0914 1588 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 19:35:56.0946 1588 BrUsbSer - ok 19:35:57.0009 1588 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 19:35:57.0071 1588 BthEnum - ok 19:35:57.0088 1588 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 19:35:57.0118 1588 BTHMODEM - ok 19:35:57.0157 1588 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 19:35:57.0194 1588 BthPan - ok 19:35:57.0236 1588 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys 19:35:57.0282 1588 BTHPORT - ok 19:35:57.0316 1588 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 19:35:57.0368 1588 bthserv - ok 19:35:57.0388 1588 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys 19:35:57.0419 1588 BTHUSB - ok 19:35:57.0456 1588 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 19:35:57.0496 1588 cdfs - ok 19:35:57.0550 1588 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 19:35:57.0577 1588 cdrom - ok 19:35:57.0630 1588 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 19:35:57.0687 1588 CertPropSvc - ok 19:35:57.0726 1588 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 19:35:57.0750 1588 circlass - ok 19:35:57.0776 1588 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 19:35:57.0798 1588 CLFS - ok 19:35:57.0859 1588 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:35:57.0869 1588 clr_optimization_v2.0.50727_32 - ok 19:35:57.0912 1588 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 19:35:57.0932 1588 clr_optimization_v2.0.50727_64 - ok 19:35:58.0026 1588 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 19:35:58.0080 1588 clr_optimization_v4.0.30319_32 - ok 19:35:58.0148 1588 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 19:35:58.0178 1588 clr_optimization_v4.0.30319_64 - ok 19:35:58.0202 1588 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 19:35:58.0219 1588 CmBatt - ok 19:35:58.0256 1588 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 19:35:58.0268 1588 cmdide - ok 19:35:58.0322 1588 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 19:35:58.0356 1588 CNG - ok 19:35:58.0384 1588 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 19:35:58.0396 1588 Compbatt - ok 19:35:58.0441 1588 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 19:35:58.0460 1588 CompositeBus - ok 19:35:58.0474 1588 COMSysApp - ok 19:35:58.0497 1588 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 19:35:58.0508 1588 crcdisk - ok 19:35:58.0568 1588 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 19:35:58.0609 1588 CryptSvc - ok 19:35:58.0665 1588 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 19:35:58.0741 1588 CSC - ok 19:35:58.0775 1588 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll 19:35:58.0806 1588 CscService - ok 19:35:58.0865 1588 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 19:35:58.0913 1588 DcomLaunch - ok 19:35:58.0939 1588 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 19:35:58.0981 1588 defragsvc - ok 19:35:59.0041 1588 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 19:35:59.0078 1588 DfsC - ok 19:35:59.0137 1588 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 19:35:59.0179 1588 Dhcp - ok 19:35:59.0200 1588 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 19:35:59.0239 1588 discache - ok 19:35:59.0272 1588 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 19:35:59.0283 1588 Disk - ok 19:35:59.0323 1588 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 19:35:59.0355 1588 Dnscache - ok 19:35:59.0404 1588 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 19:35:59.0448 1588 dot3svc - ok 19:35:59.0495 1588 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 19:35:59.0549 1588 DPS - ok 19:35:59.0583 1588 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 19:35:59.0618 1588 drmkaud - ok 19:35:59.0670 1588 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 19:35:59.0690 1588 dtsoftbus01 - ok 19:35:59.0760 1588 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 19:35:59.0796 1588 DXGKrnl - ok 19:35:59.0894 1588 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys 19:35:59.0919 1588 E1G60 - ok 19:36:00.0056 1588 EagleX64 - ok 19:36:00.0078 1588 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 19:36:00.0117 1588 EapHost - ok 19:36:00.0271 1588 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 19:36:00.0371 1588 ebdrv - ok 19:36:00.0514 1588 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 19:36:00.0576 1588 EFS - ok 19:36:00.0666 1588 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 19:36:00.0730 1588 ehRecvr - ok 19:36:00.0762 1588 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 19:36:00.0781 1588 ehSched - ok 19:36:00.0869 1588 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 19:36:00.0895 1588 elxstor - ok 19:36:00.0934 1588 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 19:36:00.0947 1588 ErrDev - ok 19:36:01.0036 1588 etdrv (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys 19:36:01.0056 1588 etdrv - ok 19:36:01.0091 1588 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 19:36:01.0151 1588 EventSystem - ok 19:36:01.0195 1588 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 19:36:01.0232 1588 exfat - ok 19:36:01.0251 1588 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 19:36:01.0293 1588 fastfat - ok 19:36:01.0370 1588 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 19:36:01.0433 1588 Fax - ok 19:36:01.0444 1588 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 19:36:01.0459 1588 fdc - ok 19:36:01.0490 1588 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 19:36:01.0526 1588 fdPHost - ok 19:36:01.0538 1588 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 19:36:01.0572 1588 FDResPub - ok 19:36:01.0598 1588 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 19:36:01.0611 1588 FileInfo - ok 19:36:01.0625 1588 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 19:36:01.0657 1588 Filetrace - ok 19:36:01.0666 1588 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 19:36:01.0677 1588 flpydisk - ok 19:36:01.0731 1588 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 19:36:01.0755 1588 FltMgr - ok 19:36:01.0809 1588 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 19:36:01.0852 1588 FontCache - ok 19:36:01.0943 1588 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 19:36:01.0957 1588 FontCache3.0.0.0 - ok 19:36:02.0001 1588 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 19:36:02.0012 1588 FsDepends - ok 19:36:02.0037 1588 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 19:36:02.0047 1588 Fs_Rec - ok 19:36:02.0098 1588 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 19:36:02.0123 1588 fvevol - ok 19:36:02.0148 1588 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 19:36:02.0158 1588 gagp30kx - ok 19:36:02.0210 1588 gdrv (f51fb25e1328fa14f446a8b24ac52709) C:\Windows\gdrv.sys 19:36:02.0229 1588 gdrv - ok 19:36:02.0268 1588 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 19:36:02.0278 1588 GEARAspiWDM - ok 19:36:02.0342 1588 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 19:36:02.0395 1588 gpsvc - ok 19:36:02.0448 1588 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys 19:36:02.0469 1588 GVTDrv64 - ok 19:36:02.0490 1588 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 19:36:02.0520 1588 hcw85cir - ok 19:36:02.0579 1588 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 19:36:02.0603 1588 HdAudAddService - ok 19:36:02.0642 1588 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 19:36:02.0662 1588 HDAudBus - ok 19:36:02.0681 1588 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 19:36:02.0695 1588 HidBatt - ok 19:36:02.0747 1588 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 19:36:02.0769 1588 HidBth - ok 19:36:02.0785 1588 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 19:36:02.0800 1588 HidIr - ok 19:36:02.0823 1588 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 19:36:02.0857 1588 hidserv - ok 19:36:02.0909 1588 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 19:36:02.0921 1588 HidUsb - ok 19:36:02.0964 1588 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 19:36:03.0000 1588 hkmsvc - ok 19:36:03.0045 1588 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 19:36:03.0082 1588 HomeGroupListener - ok 19:36:03.0131 1588 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 19:36:03.0154 1588 HomeGroupProvider - ok 19:36:03.0203 1588 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 19:36:03.0213 1588 HpSAMD - ok 19:36:03.0294 1588 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 19:36:03.0344 1588 HTTP - ok 19:36:03.0381 1588 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 19:36:03.0392 1588 hwpolicy - ok 19:36:03.0436 1588 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 19:36:03.0452 1588 i8042prt - ok 19:36:03.0512 1588 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 19:36:03.0535 1588 iaStorV - ok 19:36:03.0622 1588 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 19:36:03.0631 1588 IDriverT ( UnsignedFile.Multi.Generic ) - warning 19:36:03.0631 1588 IDriverT - detected UnsignedFile.Multi.Generic (1) 19:36:03.0741 1588 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 19:36:03.0780 1588 idsvc - ok 19:36:03.0862 1588 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 19:36:03.0872 1588 iirsp - ok 19:36:03.0936 1588 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 19:36:03.0990 1588 IKEEXT - ok 19:36:04.0066 1588 IntcAzAudAddService (6bcd9505f0ab48edda1ee250987b0eb4) C:\Windows\system32\drivers\RTKVHD64.sys 19:36:04.0120 1588 IntcAzAudAddService - ok 19:36:04.0235 1588 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 19:36:04.0245 1588 intelide - ok 19:36:04.0273 1588 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 19:36:04.0301 1588 intelppm - ok 19:36:04.0331 1588 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 19:36:04.0384 1588 IPBusEnum - ok 19:36:04.0418 1588 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:36:04.0472 1588 IpFilterDriver - ok 19:36:04.0517 1588 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 19:36:04.0563 1588 iphlpsvc - ok 19:36:04.0603 1588 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 19:36:04.0635 1588 IPMIDRV - ok 19:36:04.0672 1588 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 19:36:04.0707 1588 IPNAT - ok 19:36:04.0783 1588 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe 19:36:04.0815 1588 iPod Service - ok 19:36:04.0847 1588 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 19:36:04.0883 1588 IRENUM - ok 19:36:04.0915 1588 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 19:36:04.0925 1588 isapnp - ok 19:36:04.0972 1588 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 19:36:05.0001 1588 iScsiPrt - ok 19:36:05.0165 1588 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 19:36:05.0178 1588 kbdclass - ok 19:36:05.0189 1588 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 19:36:05.0225 1588 kbdhid - ok 19:36:05.0263 1588 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 19:36:05.0273 1588 KeyIso - ok 19:36:05.0290 1588 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 19:36:05.0308 1588 KSecDD - ok 19:36:05.0323 1588 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 19:36:05.0338 1588 KSecPkg - ok 19:36:05.0368 1588 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 19:36:05.0404 1588 ksthunk - ok 19:36:05.0439 1588 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 19:36:05.0500 1588 KtmRm - ok 19:36:05.0566 1588 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 19:36:05.0607 1588 LanmanServer - ok 19:36:05.0651 1588 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 19:36:05.0689 1588 LanmanWorkstation - ok 19:36:05.0752 1588 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys 19:36:05.0762 1588 LGBusEnum - ok 19:36:05.0785 1588 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys 19:36:05.0796 1588 LGVirHid - ok 19:36:05.0826 1588 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 19:36:05.0859 1588 lltdio - ok 19:36:05.0895 1588 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 19:36:05.0940 1588 lltdsvc - ok 19:36:05.0958 1588 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 19:36:05.0989 1588 lmhosts - ok 19:36:06.0021 1588 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 19:36:06.0036 1588 LSI_FC - ok 19:36:06.0054 1588 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 19:36:06.0069 1588 LSI_SAS - ok 19:36:06.0083 1588 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 19:36:06.0095 1588 LSI_SAS2 - ok 19:36:06.0111 1588 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 19:36:06.0127 1588 LSI_SCSI - ok 19:36:06.0150 1588 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 19:36:06.0188 1588 luafv - ok 19:36:06.0294 1588 McComponentHostService (485405de203e88b3fe4294a2ea48d7ee) C:\Program Files (x86)\McAfee Security Scan\3.0.271\McCHSvc.exe 19:36:06.0317 1588 McComponentHostService - ok 19:36:06.0359 1588 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 19:36:06.0395 1588 Mcx2Svc - ok 19:36:06.0428 1588 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 19:36:06.0438 1588 megasas - ok 19:36:06.0467 1588 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 19:36:06.0488 1588 MegaSR - ok 19:36:06.0539 1588 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 19:36:06.0588 1588 MMCSS - ok 19:36:06.0610 1588 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 19:36:06.0660 1588 Modem - ok 19:36:06.0687 1588 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 19:36:06.0701 1588 monitor - ok 19:36:06.0757 1588 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 19:36:06.0768 1588 mouclass - ok 19:36:06.0786 1588 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 19:36:06.0800 1588 mouhid - ok 19:36:06.0842 1588 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 19:36:06.0858 1588 mountmgr - ok 19:36:06.0912 1588 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys 19:36:06.0929 1588 MpFilter - ok 19:36:06.0973 1588 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 19:36:06.0987 1588 mpio - ok 19:36:07.0017 1588 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 19:36:07.0046 1588 mpsdrv - ok 19:36:07.0111 1588 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 19:36:07.0162 1588 MpsSvc - ok 19:36:07.0200 1588 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 19:36:07.0242 1588 MRxDAV - ok 19:36:07.0280 1588 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 19:36:07.0307 1588 mrxsmb - ok 19:36:07.0363 1588 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:36:07.0384 1588 mrxsmb10 - ok 19:36:07.0398 1588 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:36:07.0416 1588 mrxsmb20 - ok 19:36:07.0458 1588 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 19:36:07.0469 1588 msahci - ok 19:36:07.0510 1588 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 19:36:07.0527 1588 msdsm - ok 19:36:07.0549 1588 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 19:36:07.0590 1588 MSDTC - ok 19:36:07.0630 1588 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 19:36:07.0659 1588 Msfs - ok 19:36:07.0669 1588 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 19:36:07.0701 1588 mshidkmdf - ok 19:36:07.0734 1588 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 19:36:07.0744 1588 msisadrv - ok 19:36:07.0778 1588 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 19:36:07.0815 1588 MSiSCSI - ok 19:36:07.0819 1588 msiserver - ok 19:36:07.0855 1588 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 19:36:07.0887 1588 MSKSSRV - ok 19:36:07.0986 1588 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe 19:36:07.0998 1588 MsMpSvc - ok 19:36:08.0026 1588 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 19:36:08.0078 1588 MSPCLOCK - ok 19:36:08.0104 1588 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 19:36:08.0135 1588 MSPQM - ok 19:36:08.0186 1588 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 19:36:08.0212 1588 MsRPC - ok 19:36:08.0254 1588 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 19:36:08.0263 1588 mssmbios - ok 19:36:08.0286 1588 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 19:36:08.0335 1588 MSTEE - ok 19:36:08.0361 1588 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 19:36:08.0375 1588 MTConfig - ok 19:36:08.0399 1588 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 19:36:08.0409 1588 Mup - ok 19:36:08.0476 1588 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 19:36:08.0522 1588 napagent - ok 19:36:08.0570 1588 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 19:36:08.0596 1588 NativeWifiP - ok 19:36:08.0660 1588 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 19:36:08.0699 1588 NDIS - ok 19:36:08.0728 1588 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 19:36:08.0760 1588 NdisCap - ok 19:36:08.0819 1588 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 19:36:08.0850 1588 NdisTapi - ok 19:36:08.0912 1588 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 19:36:08.0945 1588 Ndisuio - ok 19:36:08.0996 1588 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 19:36:09.0040 1588 NdisWan - ok 19:36:09.0082 1588 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 19:36:09.0113 1588 NDProxy - ok 19:36:09.0135 1588 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 19:36:09.0166 1588 NetBIOS - ok 19:36:09.0212 1588 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 19:36:09.0255 1588 NetBT - ok 19:36:09.0295 1588 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 19:36:09.0305 1588 Netlogon - ok 19:36:09.0346 1588 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 19:36:09.0389 1588 Netman - ok 19:36:09.0517 1588 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:36:09.0531 1588 NetMsmqActivator - ok 19:36:09.0536 1588 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:36:09.0545 1588 NetPipeActivator - ok 19:36:09.0582 1588 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 19:36:09.0630 1588 netprofm - ok 19:36:09.0635 1588 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:36:09.0643 1588 NetTcpActivator - ok 19:36:09.0647 1588 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:36:09.0656 1588 NetTcpPortSharing - ok 19:36:09.0701 1588 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 19:36:09.0711 1588 nfrd960 - ok 19:36:09.0744 1588 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 19:36:09.0759 1588 NisDrv - ok 19:36:09.0864 1588 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe 19:36:09.0888 1588 NisSrv - ok 19:36:09.0987 1588 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 19:36:10.0034 1588 NlaSvc - ok 19:36:10.0064 1588 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 19:36:10.0093 1588 Npfs - ok 19:36:10.0112 1588 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 19:36:10.0145 1588 nsi - ok 19:36:10.0155 1588 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 19:36:10.0187 1588 nsiproxy - ok 19:36:10.0276 1588 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 19:36:10.0339 1588 Ntfs - ok 19:36:10.0446 1588 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 19:36:10.0478 1588 Null - ok 19:36:10.0549 1588 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 19:36:10.0564 1588 nvraid - ok 19:36:10.0593 1588 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 19:36:10.0607 1588 nvstor - ok 19:36:10.0669 1588 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 19:36:10.0684 1588 nv_agp - ok 19:36:10.0696 1588 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 19:36:10.0741 1588 ohci1394 - ok 19:36:10.0795 1588 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 19:36:10.0828 1588 p2pimsvc - ok 19:36:10.0852 1588 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 19:36:10.0881 1588 p2psvc - ok 19:36:10.0902 1588 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 19:36:10.0918 1588 Parport - ok 19:36:10.0956 1588 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 19:36:10.0967 1588 partmgr - ok 19:36:10.0997 1588 pavboot (8a0f8a9580d9f2fc512a35d5709088a9) C:\Windows\system32\drivers\pavboot64.sys 19:36:11.0010 1588 pavboot - ok 19:36:11.0036 1588 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 19:36:11.0085 1588 PcaSvc - ok 19:36:11.0123 1588 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 19:36:11.0137 1588 pci - ok 19:36:11.0150 1588 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 19:36:11.0160 1588 pciide - ok 19:36:11.0185 1588 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 19:36:11.0208 1588 pcmcia - ok 19:36:11.0224 1588 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 19:36:11.0236 1588 pcw - ok 19:36:11.0266 1588 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 19:36:11.0316 1588 PEAUTH - ok 19:36:11.0382 1588 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll 19:36:11.0463 1588 PeerDistSvc - ok 19:36:11.0530 1588 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 19:36:11.0545 1588 PerfHost - ok 19:36:11.0669 1588 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 19:36:11.0733 1588 pla - ok 19:36:11.0800 1588 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 19:36:11.0830 1588 PlugPlay - ok 19:36:11.0872 1588 PnkBstrA - ok 19:36:11.0894 1588 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 19:36:11.0905 1588 PNRPAutoReg - ok 19:36:11.0925 1588 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 19:36:11.0938 1588 PNRPsvc - ok 19:36:11.0988 1588 Point64 (b23f79e41e30ed500586151a9ef27d8f) C:\Windows\system32\DRIVERS\point64.sys 19:36:11.0997 1588 Point64 - ok 19:36:12.0048 1588 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 19:36:12.0097 1588 PolicyAgent - ok 19:36:12.0128 1588 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 19:36:12.0174 1588 Power - ok 19:36:12.0228 1588 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 19:36:12.0287 1588 PptpMiniport - ok 19:36:12.0315 1588 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 19:36:12.0350 1588 Processor - ok 19:36:12.0409 1588 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 19:36:12.0484 1588 ProfSvc - ok 19:36:12.0527 1588 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 19:36:12.0537 1588 ProtectedStorage - ok 19:36:12.0590 1588 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 19:36:12.0627 1588 Psched - ok 19:36:12.0704 1588 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 19:36:12.0757 1588 ql2300 - ok 19:36:12.0847 1588 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 19:36:12.0863 1588 ql40xx - ok 19:36:12.0893 1588 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 19:36:12.0940 1588 QWAVE - ok 19:36:12.0963 1588 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 19:36:13.0026 1588 QWAVEdrv - ok 19:36:13.0048 1588 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 19:36:13.0077 1588 RasAcd - ok 19:36:13.0107 1588 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 19:36:13.0137 1588 RasAgileVpn - ok 19:36:13.0157 1588 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 19:36:13.0212 1588 RasAuto - ok 19:36:13.0255 1588 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 19:36:13.0309 1588 Rasl2tp - ok 19:36:13.0340 1588 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 19:36:13.0384 1588 RasMan - ok 19:36:13.0414 1588 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 19:36:13.0452 1588 RasPppoe - ok 19:36:13.0468 1588 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 19:36:13.0504 1588 RasSstp - ok 19:36:13.0555 1588 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 19:36:13.0599 1588 rdbss - ok 19:36:13.0612 1588 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 19:36:13.0629 1588 rdpbus - ok 19:36:13.0639 1588 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 19:36:13.0692 1588 RDPCDD - ok 19:36:13.0732 1588 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 19:36:13.0766 1588 RDPDR - ok 19:36:13.0797 1588 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 19:36:13.0831 1588 RDPENCDD - ok 19:36:13.0839 1588 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 19:36:13.0869 1588 RDPREFMP - ok 19:36:13.0921 1588 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys 19:36:13.0947 1588 RdpVideoMiniport - ok 19:36:13.0971 1588 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 19:36:13.0996 1588 RDPWD - ok 19:36:14.0051 1588 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 19:36:14.0066 1588 rdyboost - ok 19:36:14.0097 1588 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 19:36:14.0135 1588 RemoteAccess - ok 19:36:14.0159 1588 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 19:36:14.0194 1588 RemoteRegistry - ok 19:36:14.0226 1588 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 19:36:14.0255 1588 RFCOMM - ok 19:36:14.0281 1588 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 19:36:14.0319 1588 RpcEptMapper - ok 19:36:14.0341 1588 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 19:36:14.0356 1588 RpcLocator - ok 19:36:14.0408 1588 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 19:36:14.0444 1588 RpcSs - ok 19:36:14.0467 1588 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 19:36:14.0498 1588 rspndr - ok 19:36:14.0537 1588 RTHDMIAzAudService (730c8393dfc90386d5a1ecb24dd6c614) C:\Windows\system32\drivers\RtHDMIVX.sys 19:36:14.0558 1588 RTHDMIAzAudService - ok 19:36:14.0602 1588 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys 19:36:14.0658 1588 RTL8167 - ok 19:36:14.0700 1588 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys 19:36:14.0727 1588 s3cap - ok 19:36:14.0767 1588 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 19:36:14.0778 1588 SamSs - ok 19:36:14.0983 1588 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 19:36:15.0034 1588 SASDIFSV - ok 19:36:15.0091 1588 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 19:36:15.0099 1588 SASKUTIL - ok 19:36:15.0150 1588 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 19:36:15.0165 1588 sbp2port - ok 19:36:15.0195 1588 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 19:36:15.0241 1588 SCardSvr - ok 19:36:15.0276 1588 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 19:36:15.0309 1588 scfilter - ok 19:36:15.0382 1588 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 19:36:15.0442 1588 Schedule - ok 19:36:15.0490 1588 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 19:36:15.0518 1588 SCPolicySvc - ok 19:36:15.0561 1588 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 19:36:15.0584 1588 SDRSVC - ok 19:36:15.0638 1588 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 19:36:15.0669 1588 secdrv - ok 19:36:15.0708 1588 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 19:36:15.0740 1588 seclogon - ok 19:36:15.0762 1588 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 19:36:15.0800 1588 SENS - ok 19:36:15.0809 1588 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 19:36:15.0830 1588 SensrSvc - ok 19:36:15.0850 1588 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 19:36:15.0862 1588 Serenum - ok 19:36:15.0886 1588 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 19:36:15.0905 1588 Serial - ok 19:36:15.0967 1588 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 19:36:15.0980 1588 sermouse - ok 19:36:16.0030 1588 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 19:36:16.0065 1588 SessionEnv - ok 19:36:16.0107 1588 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 19:36:16.0123 1588 sffdisk - ok 19:36:16.0134 1588 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 19:36:16.0165 1588 sffp_mmc - ok 19:36:16.0190 1588 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 19:36:16.0225 1588 sffp_sd - ok 19:36:16.0255 1588 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 19:36:16.0266 1588 sfloppy - ok 19:36:16.0298 1588 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 19:36:16.0342 1588 SharedAccess - ok 19:36:16.0392 1588 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 19:36:16.0457 1588 ShellHWDetection - ok 19:36:16.0491 1588 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 19:36:16.0502 1588 SiSRaid2 - ok 19:36:16.0514 1588 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 19:36:16.0525 1588 SiSRaid4 - ok 19:36:16.0633 1588 sj (4523268768f70049ea95ffdf8354b4fa) C:\AeriaGames\EdenEternal\sjcs64.sys 19:36:16.0642 1588 sj - ok 19:36:16.0669 1588 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 19:36:16.0709 1588 Smb - ok 19:36:16.0760 1588 SNMP (ca62ae004e98374bf7f082cd765eea02) C:\Windows\System32\snmp.exe 19:36:16.0787 1588 SNMP - ok 19:36:16.0811 1588 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 19:36:16.0827 1588 SNMPTRAP - ok 19:36:16.0835 1588 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 19:36:16.0845 1588 spldr - ok 19:36:16.0905 1588 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 19:36:16.0949 1588 Spooler - ok 19:36:17.0088 1588 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 19:36:17.0212 1588 sppsvc - ok 19:36:17.0294 1588 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 19:36:17.0331 1588 sppuinotify - ok 19:36:17.0404 1588 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 19:36:17.0459 1588 srv - ok 19:36:17.0521 1588 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 19:36:17.0572 1588 srv2 - ok 19:36:17.0609 1588 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 19:36:17.0641 1588 srvnet - ok 19:36:17.0686 1588 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 19:36:17.0732 1588 SSDPSRV - ok 19:36:17.0741 1588 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 19:36:17.0773 1588 SstpSvc - ok 19:36:17.0854 1588 Steam Client Service - ok 19:36:17.0885 1588 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 19:36:17.0895 1588 stexstor - ok 19:36:17.0957 1588 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 19:36:17.0991 1588 stisvc - ok 19:36:18.0028 1588 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys 19:36:18.0039 1588 storflt - ok 19:36:18.0059 1588 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys 19:36:18.0070 1588 storvsc - ok 19:36:18.0110 1588 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 19:36:18.0122 1588 swenum - ok 19:36:18.0159 1588 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 19:36:18.0210 1588 swprv - ok 19:36:18.0220 1588 Synth3dVsc - ok 19:36:18.0314 1588 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 19:36:18.0377 1588 SysMain - ok 19:36:18.0478 1588 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 19:36:18.0501 1588 TabletInputService - ok 19:36:18.0520 1588 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 19:36:18.0562 1588 TapiSrv - ok 19:36:18.0587 1588 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 19:36:18.0623 1588 TBS - ok 19:36:18.0734 1588 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 19:36:18.0805 1588 Tcpip - ok 19:36:18.0985 1588 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 19:36:19.0016 1588 TCPIP6 - ok 19:36:19.0092 1588 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 19:36:19.0123 1588 tcpipreg - ok 19:36:19.0150 1588 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 19:36:19.0165 1588 TDPIPE - ok 19:36:19.0208 1588 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 19:36:19.0220 1588 TDTCP - ok 19:36:19.0278 1588 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 19:36:19.0312 1588 tdx - ok 19:36:19.0473 1588 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe 19:36:19.0554 1588 TeamViewer7 - ok 19:36:19.0675 1588 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys 19:36:19.0684 1588 teamviewervpn - ok 19:36:19.0729 1588 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 19:36:19.0741 1588 TermDD - ok 19:36:19.0797 1588 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 19:36:19.0860 1588 TermService - ok 19:36:19.0892 1588 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 19:36:19.0913 1588 Themes - ok 19:36:20.0051 1588 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 19:36:20.0084 1588 THREADORDER - ok 19:36:20.0112 1588 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 19:36:20.0150 1588 TrkWks - ok 19:36:20.0226 1588 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 19:36:20.0290 1588 TrustedInstaller - ok 19:36:20.0326 1588 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 19:36:20.0357 1588 tssecsrv - ok 19:36:20.0414 1588 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 19:36:20.0478 1588 TsUsbFlt - ok 19:36:20.0481 1588 tsusbhub - ok 19:36:20.0536 1588 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 19:36:20.0594 1588 tunnel - ok 19:36:20.0625 1588 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 19:36:20.0635 1588 uagp35 - ok 19:36:20.0689 1588 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 19:36:20.0764 1588 udfs - ok 19:36:20.0810 1588 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 19:36:20.0828 1588 UI0Detect - ok 19:36:20.0885 1588 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 19:36:20.0896 1588 uliagpkx - ok 19:36:20.0929 1588 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 19:36:20.0943 1588 umbus - ok 19:36:20.0975 1588 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 19:36:20.0987 1588 UmPass - ok 19:36:21.0032 1588 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll 19:36:21.0080 1588 UmRdpService - ok 19:36:21.0123 1588 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 19:36:21.0201 1588 upnphost - ok 19:36:21.0269 1588 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 19:36:21.0282 1588 USBAAPL64 - ok 19:36:21.0328 1588 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 19:36:21.0348 1588 usbccgp - ok 19:36:21.0400 1588 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 19:36:21.0418 1588 usbcir - ok 19:36:21.0442 1588 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 19:36:21.0471 1588 usbehci - ok 19:36:21.0518 1588 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 19:36:21.0541 1588 usbhub - ok 19:36:21.0554 1588 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 19:36:21.0567 1588 usbohci - ok 19:36:21.0593 1588 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 19:36:21.0626 1588 usbprint - ok 19:36:21.0663 1588 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS 19:36:21.0685 1588 USBSTOR - ok 19:36:21.0695 1588 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 19:36:21.0709 1588 usbuhci - ok 19:36:21.0826 1588 usj (659ba43f61fc37609288a5340a8d37d4) C:\AeriaGames\EdenEternal\avital\ussjcs64.sys 19:36:21.0838 1588 usj - ok 19:36:21.0863 1588 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 19:36:21.0897 1588 UxSms - ok 19:36:21.0940 1588 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 19:36:21.0950 1588 VaultSvc - ok 19:36:22.0001 1588 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 19:36:22.0011 1588 vdrvroot - ok 19:36:22.0073 1588 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 19:36:22.0139 1588 vds - ok 19:36:22.0179 1588 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 19:36:22.0192 1588 vga - ok 19:36:22.0209 1588 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 19:36:22.0240 1588 VgaSave - ok 19:36:22.0243 1588 VGPU - ok 19:36:22.0290 1588 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 19:36:22.0313 1588 vhdmp - ok 19:36:22.0350 1588 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 19:36:22.0360 1588 viaide - ok 19:36:22.0378 1588 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys 19:36:22.0401 1588 vmbus - ok 19:36:22.0420 1588 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 19:36:22.0452 1588 VMBusHID - ok 19:36:22.0482 1588 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 19:36:22.0493 1588 volmgr - ok 19:36:22.0547 1588 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 19:36:22.0568 1588 volmgrx - ok 19:36:22.0617 1588 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 19:36:22.0640 1588 volsnap - ok 19:36:22.0673 1588 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 19:36:22.0688 1588 vsmraid - ok 19:36:22.0773 1588 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 19:36:22.0854 1588 VSS - ok 19:36:22.0941 1588 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 19:36:22.0971 1588 vwifibus - ok 19:36:23.0017 1588 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 19:36:23.0056 1588 W32Time - ok 19:36:23.0074 1588 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 19:36:23.0085 1588 WacomPen - ok 19:36:23.0131 1588 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 19:36:23.0166 1588 WANARP - ok 19:36:23.0176 1588 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 19:36:23.0203 1588 Wanarpv6 - ok 19:36:23.0292 1588 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 19:36:23.0349 1588 wbengine - ok 19:36:23.0442 1588 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 19:36:23.0469 1588 WbioSrvc - ok 19:36:23.0522 1588 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 19:36:23.0558 1588 wcncsvc - ok 19:36:23.0573 1588 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 19:36:23.0597 1588 WcsPlugInService - ok 19:36:23.0620 1588 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 19:36:23.0630 1588 Wd - ok 19:36:23.0665 1588 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 19:36:23.0694 1588 Wdf01000 - ok 19:36:23.0705 1588 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 19:36:23.0806 1588 WdiServiceHost - ok 19:36:23.0809 1588 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 19:36:23.0826 1588 WdiSystemHost - ok 19:36:23.0872 1588 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 19:36:23.0916 1588 WebClient - ok 19:36:23.0958 1588 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 19:36:24.0018 1588 Wecsvc - ok 19:36:24.0045 1588 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 19:36:24.0080 1588 wercplsupport - ok 19:36:24.0108 1588 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 19:36:24.0161 1588 WerSvc - ok 19:36:24.0218 1588 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 19:36:24.0247 1588 WfpLwf - ok 19:36:24.0263 1588 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 19:36:24.0273 1588 WIMMount - ok 19:36:24.0300 1588 WinDefend - ok 19:36:24.0313 1588 WinHttpAutoProxySvc - ok 19:36:24.0353 1588 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 19:36:24.0398 1588 Winmgmt - ok 19:36:24.0495 1588 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 19:36:24.0577 1588 WinRM - ok 19:36:24.0694 1588 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 19:36:24.0860 1588 WinUsb - ok 19:36:25.0072 1588 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 19:36:25.0117 1588 Wlansvc - ok 19:36:25.0277 1588 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 19:36:25.0350 1588 wlidsvc - ok 19:36:25.0471 1588 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 19:36:25.0484 1588 WmiAcpi - ok 19:36:25.0532 1588 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 19:36:25.0558 1588 wmiApSrv - ok 19:36:25.0603 1588 WMPNetworkSvc - ok 19:36:25.0629 1588 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 19:36:25.0645 1588 WPCSvc - ok 19:36:25.0693 1588 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 19:36:25.0710 1588 WPDBusEnum - ok 19:36:25.0734 1588 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 19:36:25.0766 1588 ws2ifsl - ok 19:36:25.0770 1588 WSearch - ok 19:36:25.0861 1588 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 19:36:25.0976 1588 wuauserv - ok 19:36:26.0100 1588 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 19:36:26.0136 1588 WudfPf - ok 19:36:26.0171 1588 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 19:36:26.0214 1588 WUDFRd - ok 19:36:26.0254 1588 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 19:36:26.0284 1588 wudfsvc - ok 19:36:26.0305 1588 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 19:36:26.0337 1588 WwanSvc - ok 19:36:26.0391 1588 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 19:36:26.0527 1588 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 19:36:26.0527 1588 \Device\Harddisk0\DR0 - detected TDSS File System (1) 19:36:26.0532 1588 MBR (0x1B8) (245e3dcf979ac3adbf815ab0a12c59cb) \Device\Harddisk1\DR1 19:37:29.0731 1588 \Device\Harddisk1\DR1 - ok 19:37:29.0740 1588 MBR (0x1B8) (42b02a2a0140f4274d69783b59fead9f) \Device\Harddisk2\DR2 19:37:36.0587 1588 \Device\Harddisk2\DR2 - ok 19:37:36.0623 1588 Boot (0x1200) (f56491357f6ba883ce1f0c6a9a7e8391) \Device\Harddisk0\DR0\Partition0 19:37:36.0624 1588 \Device\Harddisk0\DR0\Partition0 - ok 19:37:36.0632 1588 Boot (0x1200) (ffaf2f3c9df2cba1da79bde988e03cc1) \Device\Harddisk0\DR0\Partition1 19:37:36.0633 1588 \Device\Harddisk0\DR0\Partition1 - ok 19:37:36.0633 1588 ============================================================ 19:37:36.0633 1588 Scan finished 19:37:36.0633 1588 ============================================================ 19:37:36.0648 4264 Detected object count: 2 19:37:36.0648 4264 Actual detected object count: 2 19:37:40.0996 4264 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 19:37:40.0996 4264 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:37:40.0998 4264 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 19:37:40.0998 4264 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip |
Themen zu Redirector Adware Tracking Cookie krieg ich nicht gelöscht microsoft SE von rundll 32 geblockt |
7-zip, acrobat update, adblock, adware, akamai, battle.net, bho, bonjour, browser, downloader, error, exe, fb photo zoom, firefox, flash player, format, helper, iexplore.exe, install.exe, langs, launch, object, plug-in, prozesse, realtek, registry, rundll, schlimm?, schreibfehler, searchscopes, security, server, software, start von windows, starten, svchost.exe, teamspeak, windows, wrapper |