|
Plagegeister aller Art und deren Bekämpfung: Bundespolizei Trojaner bei Win 7 64 BitWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.07.2012, 10:37 | #1 |
| Bundespolizei Trojaner bei Win 7 64 Bit Hallo. Habe den Virus leider auch wie viel hier. Er kommt aber immer nur bei bestehender Internetverbindung. sobald ich den Router deaktiviere, kann ich ganz normal auf alles auf den PC zugreifen. Im abgesicherten Modus mit Netzwerktreibern kommt er nicht Betriebssystem: Win 7 Home 64 Bit ist übrigens die Version 1.3 des Trojaners vom Bild her. Vielen Dank für eure Hilfe Malewarebytes Log: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.06.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 XXXXX :: XXXXXX [Administrator] Schutz: Aktiviert 06.07.2012 14:06:43 mbam-log-2012-07-06 (14-06-43).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 418779 Laufzeit: 1 Stunde(n), 5 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 7/6/2012 4:06:34 PM - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\XXXX\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 66.25% Memory free 8.00 Gb Paging File | 6.33 Gb Available in Paging File | 79.17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74.52 Gb Total Space | 39.13 Gb Free Space | 52.51% Space Free | Partition Type: NTFS Drive D: | 208.92 Gb Total Space | 12.56 Gb Free Space | 6.01% Space Free | Partition Type: NTFS Computer Name: XXXX | User Name: XXXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/06 12:45:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\XXXX\Downloads\OTL.exe PRC - [2012/07/05 23:04:24 | 000,056,832 | ---- | M] (Razer) -- C:\Users\XXXX\AppData\Local\Temp\zfguvbsoiblghw.exe PRC - [2012/05/15 20:40:49 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/05/15 20:40:49 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012/05/15 20:40:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/15 10:24:57 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011/06/17 19:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe PRC - [2009/08/17 18:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe PRC - [2009/07/23 02:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe PRC - [2009/06/24 21:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe PRC - [2009/05/19 00:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2009/04/20 20:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe PRC - [2008/09/30 12:48:28 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe ========== Modules (No Company Name) ========== MOD - [2012/06/24 09:49:10 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2012/06/24 09:48:34 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll MOD - [2012/06/24 09:48:15 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll MOD - [2012/06/24 09:48:02 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012/06/24 09:45:18 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/06/24 09:45:08 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2009/07/23 02:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/04/06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2009/08/22 03:07:20 | 000,356,480 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (FastBootAgent) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/07/10 02:32:52 | 000,128,224 | ---- | M] (SRS Labs, Inc.) [Disabled | Stopped] -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe -- (SRS_VolSync_Service) SRV:64bit: - [2007/08/08 09:08:40 | 000,094,208 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2012/07/02 12:52:44 | 000,113,120 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/06/17 11:41:48 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/05/15 20:40:49 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/05/15 20:40:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/04/04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/09/02 06:13:49 | 000,292,136 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe -- (CyberLink PowerDVD 11.0 Service) SRV - [2011/09/02 06:13:47 | 000,075,048 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service) SRV - [2011/08/24 03:13:43 | 000,083,240 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD) SRV - [2011/06/17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService) SRV - [2010/11/21 11:49:24 | 000,247,608 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/09/30 12:48:28 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2008/03/31 11:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/05/21 04:09:00 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) DRV:64bit: - [2012/05/21 04:09:00 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) DRV:64bit: - [2012/05/15 22:14:31 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012/05/15 20:40:49 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012/05/15 20:40:49 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012/05/15 10:24:15 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm) DRV:64bit: - [2012/04/06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2012/04/06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/04/06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/03/27 01:42:14 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.1) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011/06/27 01:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010/12/17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009/07/20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009/07/17 08:00:12 | 000,068,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/17 08:00:12 | 000,029,240 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/09 10:11:32 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009/06/18 21:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby) DRV:64bit: - [2009/06/12 13:41:56 | 000,112,128 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2009/06/10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/05 12:53:42 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009/06/05 12:15:56 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2009/05/23 00:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/05/18 19:27:08 | 000,343,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SRS_PremiumSound_amd64.sys -- (SRS_PremiumSound_Service) DRV:64bit: - [2009/05/13 03:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2009/05/05 16:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2008/04/07 08:00:46 | 000,007,168 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CRFILTER.sys -- (CRFILTER) DRV:64bit: - [2007/07/24 20:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) DRV - [2012/03/27 01:42:14 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2011/09/02 12:08:46 | 000,148,976 | ---- | M] (CyberLink Corp.) [2012/05/15 22:14:58] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) DRV - [2011/08/24 03:13:44 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 6C 09 7B C2 36 CD 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "WiseConvert Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "WiseConvert Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/02 12:52:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/21 23:12:55 | 000,000,000 | ---D | M] [2012/05/15 19:51:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Extensions [2012/07/05 14:14:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\84gf9ft8.default\extensions [2012/05/22 22:02:51 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\84gf9ft8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012/06/29 09:47:39 | 000,000,000 | ---D | M] (WiseConvert Community Toolbar) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\84gf9ft8.default\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} [2012/07/05 14:14:50 | 000,000,000 | ---D | M] (Advanced Cookie Manager) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\84gf9ft8.default\extensions\cookiemgr@jayapal.com [2012/07/04 22:52:11 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\84gf9ft8.default\extensions\plugin@yontoo.com [2012/05/17 17:21:39 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\84gf9ft8.default\extensions\support@lastpass.com [2012/06/30 14:55:48 | 000,000,853 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\searchplugins\11-suche.xml [2012/06/21 09:17:42 | 000,000,925 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\searchplugins\conduit.xml [2012/06/30 14:55:48 | 000,002,209 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\searchplugins\englische-ergebnisse.xml [2012/06/30 14:55:48 | 000,010,506 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\searchplugins\gmx-suche.xml [2012/06/29 20:04:56 | 000,001,056 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\searchplugins\icqplugin.xml [2012/06/30 14:55:48 | 000,002,368 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\searchplugins\lastminute.xml [2012/06/30 14:55:48 | 000,005,489 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\searchplugins\webde-suche.xml [2012/05/20 20:12:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/07/02 12:52:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2012/05/15 19:53:45 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\84GF9FT8.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI [2012/06/30 14:55:37 | 000,578,962 | ---- | M] () (No name found) -- C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\84GF9FT8.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2012/07/02 12:52:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010/01/12 22:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012/06/27 11:49:24 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/06/27 11:49:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/06/27 11:49:24 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/06/27 11:49:24 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/06/27 11:49:24 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/06/27 11:49:24 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dll (TechSmith Corporation) O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [] C:\Users\XXXX\AppData\Local\Temp\zfguvbsoiblghw.exe (Razer) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0901F52D-E71C-4FD5-BB09-90BA4EF4E0CD}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{5bfcf825-a574-11e1-b019-e0cb4e111fc8}\Shell - "" = AutoRun O33 - MountPoints2\{5bfcf825-a574-11e1-b019-e0cb4e111fc8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/06 12:52:53 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Malwarebytes [2012/07/06 12:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/07/06 12:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/07/06 12:52:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/07/06 12:52:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/07/05 19:30:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2012/07/05 19:30:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brotherhood Software [2012/07/04 23:35:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader 2 [2012/07/04 22:52:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\v-Grabber [2012/07/04 22:52:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo [2012/07/04 22:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2012/07/04 22:29:04 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Captcha_Brotherhood [2012/07/03 00:21:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012/06/30 15:54:33 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Nero [2012/06/30 15:23:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2012/06/30 15:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2012/06/30 15:22:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2012/06/30 15:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2012/06/30 15:13:49 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\Windows\SysWow64\TwnLib20.dll [2012/06/30 15:13:48 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\Windows\SysWow64\NeroCheck.exe [2012/06/30 15:13:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead [2012/06/30 15:13:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ahead [2012/06/27 11:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2012/06/24 10:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012/06/24 10:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2012/06/21 21:04:45 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Desktop\Noten [2012/06/21 20:56:42 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Documents\SnagIt Katalog [2012/06/21 20:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith [2012/06/21 20:55:42 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\TechSmith [2012/06/21 20:55:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith [2012/06/21 20:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SnagIt 8 [2012/06/21 20:42:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2012/06/17 11:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2012/06/17 11:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012/06/17 11:41:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan [2012/06/17 11:24:37 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Media Player Classic [2012/06/17 11:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2012/06/17 11:21:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2012/06/16 22:28:56 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Application Data [2012/06/16 22:27:09 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Macromedia [2012/06/13 22:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools [2012/06/13 22:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer [2012/06/13 22:07:01 | 000,000,000 | ---D | C] -- C:\Windows\Msagent [2012/06/13 22:06:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2008/08/12 06:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll ========== Files - Modified Within 30 Days ========== [2012/07/06 16:05:58 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/06 16:05:58 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/06 16:02:49 | 000,000,000 | ---- | M] () -- C:\Users\XXXX\defogger_reenable [2012/07/06 16:02:34 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/07/06 16:02:34 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/07/06 16:02:34 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/07/06 16:02:34 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/07/06 16:02:34 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/07/06 15:57:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/07/06 15:57:22 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys [2012/07/06 15:22:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/07/06 13:31:47 | 000,001,738 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2012/07/06 13:11:10 | 000,001,655 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2012/07/06 12:52:43 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/07/05 19:30:43 | 000,002,328 | ---- | M] () -- C:\Users\XXXX\Desktop\CBH Captcha Solver.lnk [2012/07/05 18:27:23 | 000,000,168 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\default.rss [2012/06/27 11:42:41 | 000,002,096 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012/06/21 20:33:52 | 000,285,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/06/13 22:08:21 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI ========== Files Created - No Company Name ========== [2012/07/06 16:02:49 | 000,000,000 | ---- | C] () -- C:\Users\XXXX\defogger_reenable [2012/07/06 12:52:43 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/07/05 19:30:43 | 000,002,328 | ---- | C] () -- C:\Users\XXXX\Desktop\CBH Captcha Solver.lnk [2012/07/05 18:27:23 | 000,000,168 | ---- | C] () -- C:\Users\XXXX\AppData\Roaming\default.rss [2012/07/04 23:36:27 | 000,002,039 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2012/07/04 23:36:27 | 000,002,039 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2012/07/04 23:36:27 | 000,001,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader 2.lnk [2012/06/17 11:41:53 | 000,002,096 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012/06/17 11:21:22 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012/06/13 22:08:21 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012/06/13 22:07:38 | 000,002,715 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk [2012/06/13 22:07:38 | 000,002,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk [2012/06/13 22:07:38 | 000,002,683 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk [2012/05/15 20:46:53 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini [2012/05/15 20:07:41 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2012/05/15 10:13:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012/04/06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/04/06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012/01/08 00:21:50 | 006,366,094 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-53.dll [2012/01/08 00:21:50 | 001,007,151 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-53.dll [2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/03/02 07:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011/03/02 07:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011/03/02 07:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011/03/02 07:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011/03/02 07:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2009/04/08 19:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll [2008/05/22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg ========== LOP Check ========== [2012/05/15 22:21:45 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DAEMON Tools Lite [2012/05/30 21:44:25 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\ICQ [2012/07/05 13:55:14 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Mp3tag [2012/05/25 15:17:10 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Samsung [2012/05/25 18:48:36 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Temp [2009/07/14 07:08:49 | 000,018,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 7/6/2012 4:06:34 PM - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\XXXX\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 66.25% Memory free 8.00 Gb Paging File | 6.33 Gb Available in Paging File | 79.17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74.52 Gb Total Space | 39.13 Gb Free Space | 52.51% Space Free | Partition Type: NTFS Drive D: | 208.92 Gb Total Space | 12.56 Gb Free Space | 6.01% Space Free | Partition Type: NTFS Computer Name: XXXX | User Name: XXXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AutoUpdateDisableNotify" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02F2B793-C762-4DE1-BA25-7B2C664888A0}" = lport=138 | protocol=17 | dir=in | app=system | "{07EF8F31-2A59-45FC-97C8-29A5343CFB1D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{18A3E7EF-38EB-4356-86E2-0C83DE8FA5AC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{19CEF19F-1DB4-4CA7-A63C-67D0FF361BF1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{1B7596EA-B7C4-49CA-9E9F-403D1085D1A7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{208FDEEE-914D-4BAE-A244-7F2A05E48C82}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{23C67B78-388B-4958-8C53-BF1D732EB475}" = rport=10243 | protocol=6 | dir=out | app=system | "{2ED2908C-4DFC-4E0A-8BDD-F933C21723B7}" = rport=137 | protocol=17 | dir=out | app=system | "{30D3865D-BC94-4EAC-9FC0-E496DBDE10FA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3AFBB47E-31B9-4DFD-997E-2BAA78B5994A}" = rport=138 | protocol=17 | dir=out | app=system | "{42057307-C778-42FB-B8E6-C9B61098DEBC}" = lport=445 | protocol=6 | dir=in | app=system | "{567A15C0-1299-42D8-AAA3-D5E6527971C1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{58B0B87A-BE22-40D5-9470-7BFAB8FCB54D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{68123E04-D368-4148-9211-CEC311B4FD98}" = lport=10243 | protocol=6 | dir=in | app=system | "{7B7ED4B8-B49A-4B69-A86E-570B246CD6EC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{90D175A1-DB31-4D27-9FF6-773350342A70}" = rport=139 | protocol=6 | dir=out | app=system | "{9D71084C-9020-47B6-BD5C-FB3E89FCEDBA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AD320B5B-F33C-4771-8A7A-D57C86A4A921}" = lport=137 | protocol=17 | dir=in | app=system | "{BAC5EEB2-A1D7-4D51-AA32-05CFAFFE9088}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BDCD3FB9-D556-43F2-946A-83E18E04652D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C3B805BA-3A47-4F8B-B50C-666BA5D01595}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CA5F316D-EC91-4A3C-BC6C-67BD4BE0EE0C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D0A7FEE9-F79B-40EA-B740-5190EFF4D33D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D70C9092-7BD9-4A64-B1BF-8EE59C068006}" = rport=445 | protocol=6 | dir=out | app=system | "{E2D1FB10-EFD3-436E-A44E-62CD400D8E1C}" = lport=139 | protocol=6 | dir=in | app=system | "{E97DCA6C-ECE2-4694-AAAF-7C9C8A0B74BD}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0FD58F70-6F82-42A6-983E-C4B88BC7E7D9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\common\mediaserver\clmsserverforpdvd11.exe | "{11275490-D433-49A8-94FF-77E97BD51959}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{1D9F4B56-6420-407F-960A-8BD3BDA2A9CC}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{237ADCE9-E9BC-4586-8AF2-941A8D9BFBEE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2A71B319-4433-4599-8757-955F8F1F395B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{2BC8330D-7A3E-41C3-8C6F-BEC66B14CFEF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{2F593765-8717-4103-ABCB-CFC60039C263}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{3ABE48A1-CE9F-4301-A8F2-BB7201B0DAB3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\powerdvd11.exe | "{4113A1F9-57BA-4CA2-85FD-B2CBB9988BF4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{44AD043A-9238-4D37-BE97-BA3B6ECE168B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\moviemodule.exe | "{4E2FBDA4-E2B3-41CC-83C1-913CF8611FB9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{551440C4-421C-44F7-ABF3-537B1C03D5E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{658C2492-DA79-4B3D-AA8C-5BAA29C42461}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6DB0D47B-A709-4FE4-BD0F-DBAE025D9FA3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe | "{726CDAE4-6F0D-4ADD-B974-6DCD436D2728}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7805EB47-6DB6-440E-8FAB-79EA721B3705}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7F8784E2-15CA-42EA-8345-20F60CE1DEC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{813174B3-BC56-4604-ABFE-492BFEB8323D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{934E1510-D8BC-4E16-987C-7EF0B0ACA32D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\pdvd11serv.exe | "{955DA87E-C8C0-435F-B4F5-93B99970CA8E}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{A697DEE4-4609-4837-977E-2790E20E3ADF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A955CFB4-350E-45EB-84A4-9117D1E78071}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{AF279E52-86DE-43BF-BB5F-4CF9174CF2B5}" = protocol=6 | dir=out | app=system | "{B89ADABB-5765-4EF5-AC95-088EAC5B2229}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C3B2F0A7-03A5-4924-AC78-892371AD1E3A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D36E159F-2510-4984-97E2-10B2B0690794}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{DBFA73EF-0BD7-4195-B509-C29DD85CE9D9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{DF12E20A-C01D-4ABE-BBBD-58C18CBF4407}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{E8CD6107-E436-443E-ABF4-AF4C958680F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EB1407F1-E0A3-44E1-9370-95B8BC909440}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F32E33B2-EA5B-4B72-B899-CD0D76A21872}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "TCP Query User{1EF9AC67-C2AB-4CC9-BF41-183DB87AD6BE}C:\program files (x86)\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | "TCP Query User{8B1648BE-CDEE-4B5C-982F-9D2FD6F55D96}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{C93EDE71-3941-477B-BDC8-9E082204F380}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{EC20AB66-CDC5-4CC4-9A4F-59DBE407C27B}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe | "UDP Query User{4853ECC6-8D95-4742-9632-E77EA2699825}C:\program files (x86)\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | "UDP Query User{4D3EBD1C-A7E2-4B2D-AC60-6A19FB3E5EE2}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe | "UDP Query User{66C4C244-B793-44C5-8F12-F35891E1272B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{858D137D-FF21-4CA0-B535-B43D400270E9}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{389D85F6-D005-095E-3C49-3675754B41F8}" = AMD Drag and Drop Transcoding "{4B6B024F-F6D4-4A7B-8ADA-F9F8370320CC}" = SRS Premium Sound "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5DBC38C9-D776-3050-FD3E-F4B5E99CCDDC}" = AMD Fuel "{63591AAA-97F0-24A8-3EBD-174B5E35D6BF}" = ccc-utility64 "{63FC1F01-1232-B654-0C07-E1CD91B760E0}" = AMD Media Foundation Decoders "{82C9101B-36EC-5821-DD8B-05480074A0B8}" = AMD Catalyst Install Manager "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F4F0546E-E0F2-5D87-A502-B0B2FBFDD7CD}" = AMD Accelerated Video Transcoding "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Elantech" = ETDWare PS/2-x64 7.0.5.5_WHQL "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime "{02D0DF6E-BE8D-66B0-3C3F-ED0F395DF765}" = CCC Help Finnish "{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero BurningROM "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0F0447B4-6DDD-4831-933A-1EDF52091150}" = SnagIt 8 "{1395B38D-5889-19E5-D02E-BD1A02BF373B}" = CCC Help Spanish "{13D5F9B6-D70A-DCCA-A00D-E43839CDFA83}" = CCC Help Chinese Standard "{1410D707-A9C3-2E70-9476-2427EC18134F}" = CCC Help Turkish "{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2010100b-ec0d-4b02-be23-f2ad4a498994}" = Nero 9 "{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed "{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode "{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2 "{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision "{46AFD359-AAE9-2843-B7CE-10FB46C76E99}" = CCC Help German "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver "{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.2 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57D5FAFB-30E8-63EB-D4F7-07298597578F}" = AMD VISION Engine Control Center "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress "{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck "{5CAA69CD-9C1B-5604-B14B-8FAC2BC5E228}" = Catalyst Control Center InstallProxy "{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision "{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help "{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help "{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7322467B-FAD1-5529-C4EF-7EA4BC17C0A2}" = CCC Help Korean "{74E4B282-F25A-53A1-BBA5-7A3EFB90FAF4}" = CCC Help Japanese "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help "{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights "{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey "{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{8AC115AA-27D2-4024-6E7D-D9FCD93D0487}" = CCC Help Portuguese "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{914544F7-4EB6-9F54-6217-D76997EB9E06}" = Catalyst Control Center InstallProxy "{91EDBF6E-2260-646A-4D80-CB0802132736}" = Catalyst Control Center Localization All "{931AED36-CF8A-F34F-8C13-5C19010DF6C6}" = CCC Help French "{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame "{9E75789D-E176-A72B-DE9E-D2AE63FE601B}" = Catalyst Control Center Graphics Previews Common "{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap "{9F711CB6-8E76-63DA-6ABA-C21B7C839CA5}" = CCC Help Russian "{A0E52598-872B-9E9A-181F-1A80C6AA4493}" = CCC Help Italian "{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help "{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{BFA7A60F-D018-AF0D-47E9-A13D0219E86A}" = CCC Help Thai "{C3C35CB3-82B6-F36F-B39A-B2AFAA74F7D2}" = CCC Help Norwegian "{C47C2F4D-4419-D823-C272-325FD9B92415}" = CCC Help Czech "{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax "{C68C6E34-A103-F7BC-8682-C1C4190BAC1F}" = CCC Help Greek "{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed "{CCD438F0-5D72-4945-9E72-6560C7E5E0D0}" = Captcha Brotherhood "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help "{D0251102-442C-6FE0-4FDC-2ACF2AD2A2A5}" = CCC Help English "{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM "{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media "{D2A90CAF-AF34-C526-D4C7-AE4FF4547B66}" = CCC Help Polish "{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime "{DA41F9E9-B878-467F-95E7-27E4D1943533}" = Multimedia Card Reader "{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E19490CD-5380-4F37-B0A7-624D635605DC}" = Catalyst Control Center - Branding "{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit "{E5C76964-F17B-7FCB-958F-1C067A2D217C}" = CCC Help Swedish "{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{E7E76AEC-266C-C1A0-E39B-21AB97402CA1}" = CCC Help Chinese Traditional "{E7F12C4C-9932-A039-4FAC-CAD1672EB633}" = CCC Help Hungarian "{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{EBE9A607-31AB-696D-5220-5098B61AA9B2}" = CCC Help Dutch "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart "{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget "{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11 "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool "{FFAF4DB9-943E-97E5-051C-DC6C4E7094C0}" = CCC Help Danish "0630-0716-3135-7887" = JDownloader 2 "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AnyDVD" = AnyDVD "ASUS_Screensaver" = ASUS_Screensaver "Avira AntiVir Desktop" = Avira Free Antivirus "DAEMON Tools Lite" = DAEMON Tools Lite "DVDFab 8 Qt_is1" = DVDFab 8.1.7.8 (17/04/2012) Qt "ICQToolbar" = ICQ Toolbar "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11 "KLiteCodecPack_is1" = K-Lite Codec Pack 8.8.0 (Full) "LastPass" = LastPass (uninstall only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox 14.0 (x86 de)" = Mozilla Firefox 14.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.50 "USB Mass Storage Filter Driver" = Multimedia Card Reader "VLC media player" = VLC media player 2.0.1 "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Winamp Anwendungserkennung ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 6/25/2012 4:47:24 AM | Computer Name = XXXX | Source = MsiInstaller | ID = 11500 Description = Error - 6/25/2012 4:47:27 AM | Computer Name = XXXX | Source = MsiInstaller | ID = 11500 Description = Error - 6/25/2012 11:09:16 AM | Computer Name = XXXX | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 6/25/2012 2:35:13 PM | Computer Name = XXXX | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe, Version: 11.3.300.257, Zeitstempel: 0x4fc82063 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll, Version: 11.3.300.257, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset: 0x000ccb60 ID des fehlerhaften Prozesses: 0xef4 Startzeit der fehlerhaften Anwendung: 0x01cd530063fc409b Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll Berichtskennung: 7fdb03c3-bef4-11e1-92d2-e0cb4e111fc8 Error - 6/25/2012 2:55:20 PM | Computer Name = XXXX | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe, Version: 11.3.300.257, Zeitstempel: 0x4fc82063 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll, Version: 11.3.300.257, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset: 0x000ccb60 ID des fehlerhaften Prozesses: 0x10e4 Startzeit der fehlerhaften Anwendung: 0x01cd5302960dbd1d Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll Berichtskennung: 4f995e7d-bef7-11e1-92d2-e0cb4e111fc8 Error - 6/25/2012 6:31:22 PM | Computer Name = XXXX | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 6/26/2012 4:14:37 AM | Computer Name = XXXX | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 13.0.0.4534, Zeitstempel: 0x4fc8243c Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset: 0x65ae9903 ID des fehlerhaften Prozesses: 0xf48 Startzeit der fehlerhaften Anwendung: 0x01cd537318f64c93 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Pfad des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll Berichtskennung: f7b72562-bf66-11e1-92d2-e0cb4e111fc8 Error - 6/26/2012 6:30:55 PM | Computer Name = XXXX | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 6/27/2012 2:25:21 PM | Computer Name = XXXX | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe, Version: 11.3.300.257, Zeitstempel: 0x4fc82063 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll, Version: 11.3.300.257, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset: 0x0016b4ac ID des fehlerhaften Prozesses: 0x11c4 Startzeit der fehlerhaften Anwendung: 0x01cd548fc6ac21f5 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll Berichtskennung: 741d4901-c085-11e1-92d2-e0cb4e111fc8 Error - 6/28/2012 3:46:36 AM | Computer Name = XXXX | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. [ System Events ] Error - 7/6/2012 5:46:22 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 7/6/2012 5:46:22 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 7/6/2012 5:46:22 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 7/6/2012 5:46:22 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 7/6/2012 5:46:56 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 7/6/2012 5:46:56 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 7/6/2012 5:46:56 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 7/6/2012 5:46:56 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 7/6/2012 5:46:56 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 7/6/2012 5:46:56 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 < End of report > |
12.07.2012, 18:04 | #2 |
/// Malware-holic | Bundespolizei Trojaner bei Win 7 64 Bit hi
__________________füge im script deinen nutzernamen ein. dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL O4 - HKCU..\Run: [] C:\Users\XXXX\AppData\Local\Temp\zfguvbsoiblghw.exe (Razer) :Files :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus.
__________________ |
13.07.2012, 13:51 | #3 |
| Bundespolizei Trojaner bei Win 7 64 Bit so hier der OTL Log:
__________________Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. C:\Users\Sarama\AppData\Local\Temp\zfguvbsoiblghw.exe moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Public User: Sarama ->Flash cache emptied: 10589 bytes Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Sarama ->Temp folder emptied: 2787351295 bytes ->Temporary Internet Files folder emptied: 268615625 bytes ->Java cache emptied: 603 bytes ->FireFox cache emptied: 826553248 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 141485289 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46360731 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 3,882.00 mb OTL by OldTimer - Version 3.2.53.1 log created on 07132012_114351 Files\Folders moved on Reboot... C:\Users\Sarama\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... File C:\Users\Sarama\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! Registry entries deleted on Reboot... Vielen Dank schonmal. Soll ich trotzdem noch was machen? Und was meinst du mit "Benutzernamen in Script einfügen"? Meinst du, da wo die XXXX stehen? LG! |
13.07.2012, 17:05 | #4 | |
/// Malware-holic | Bundespolizei Trojaner bei Win 7 64 Bit ja genau da :-) Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
13.07.2012, 23:24 | #5 |
| Bundespolizei Trojaner bei Win 7 64 Bit Hier der ComboFix Log: [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-07-13.03 - Sarama 13.07.2012 23:34:39.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2315 [GMT 2:00] ausgeführt von:: c:\users\Sarama\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Common Files\ASPG_icon.ico c:\windows\SysWow64\muzapp.exe . c:\windows\SysWow64\Drivers\atapi.sys . . . ist infiziert!! . . ((((((((((((((((((((((( Dateien erstellt von 2012-06-13 bis 2012-07-13 )))))))))))))))))))))))))))))) . . 2012-07-13 21:55 . 2012-07-13 21:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-13 21:31 . 2012-07-13 21:31 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-07-13 21:30 . 2012-07-13 21:30 -------- d-----w- c:\program files (x86)\Oracle 2012-07-13 21:29 . 2012-07-13 21:29 -------- d-----w- c:\program files (x86)\Java 2012-07-13 12:53 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-13 12:39 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-13 12:39 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-07-13 12:39 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-07-13 12:39 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-07-13 12:39 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll 2012-07-13 12:39 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll 2012-07-13 12:37 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{62DFFB58-51CF-423E-B612- 3C0AFE1DEFB2}\mpengine.dll 2012-07-13 09:43 . 2012-07-13 09:43 -------- d-----w- C:\_OTL 2012-07-06 15:13 . 2012-07-06 15:13 -------- d-----w- c:\users\Sarama\AppData\Local\ElevatedDiagnostics 2012-07-06 10:52 . 2012-07-06 10:52 -------- d-----w- c:\users\Sarama\AppData\Roaming\Malwarebytes 2012-07-06 10:52 . 2012-07-06 10:52 -------- d-----w- c:\programdata\Malwarebytes 2012-07-06 10:52 . 2012-07-06 10:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-06 10:52 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-05 17:30 . 2012-07-05 17:30 -------- d-----w- c:\program files (x86)\JDownloader 2012-07-05 17:30 . 2012-07-05 17:30 -------- d-----w- c:\program files (x86)\Brotherhood Software 2012-07-04 21:35 . 2012-07-12 21:47 -------- d-----w- c:\program files (x86)\JDownloader 2 2012-07-04 20:52 . 2012-07-04 20:52 -------- d-----w- c:\program files (x86)\v-Grabber 2012-07-04 20:52 . 2012-07-04 20:52 -------- d-----w- c:\program files (x86)\Yontoo 2012-07-04 20:52 . 2012-07-04 20:52 -------- d-----w- c:\programdata\Tarma Installer 2012-07-04 20:29 . 2012-07-07 10:25 -------- d-----w- c:\users\Sarama\AppData\Local\Captcha_Brotherhood 2012-07-02 22:21 . 2012-07-02 22:21 -------- d-----w- c:\program files (x86)\MSXML 4.0 2012-06-30 13:54 . 2012-06-30 13:59 -------- d-----w- c:\users\Sarama\AppData\Roaming\Nero 2012-06-30 13:23 . 2012-06-30 13:39 -------- d-----w- c:\program files (x86)\Nero 2012-06-30 13:22 . 2012-06-30 13:53 -------- d-----w- c:\program files (x86)\Common Files\Nero 2012-06-30 13:22 . 2012-06-30 13:30 -------- d-----w- c:\programdata\Nero 2012-06-30 13:13 . 2000-06-26 08:45 106496 ----a-w- c:\windows\SysWow64\TwnLib20.dll 2012-06-30 13:13 . 2012-06-30 13:13 -------- d-----w- c:\program files (x86)\Common Files\Ahead 2012-06-30 13:13 . 2001-07-09 08:50 155648 ----a-w- c:\windows\SysWow64\NeroCheck.exe 2012-06-30 13:13 . 2012-06-30 13:47 -------- d-----w- c:\program files (x86)\Ahead 2012-06-25 11:03 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-25 11:03 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-25 11:03 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-25 11:03 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-25 11:03 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-25 11:03 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-25 11:03 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-25 11:03 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-25 11:03 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-24 08:28 . 2012-06-24 08:28 -------- d-----w- c:\program files (x86)\Microsoft 2012-06-21 18:55 . 2012-06-21 18:55 -------- d-----w- c:\programdata\TechSmith 2012-06-21 18:55 . 2012-06-21 18:55 -------- d-----w- c:\users\Sarama\AppData\Local\TechSmith 2012-06-21 18:55 . 2012-06-21 18:55 -------- d-----w- c:\program files (x86)\TechSmith 2012-06-17 09:41 . 2012-06-17 09:41 -------- d-----w- c:\programdata\McAfee Security Scan 2012-06-17 09:41 . 2012-06-17 09:41 -------- d-----w- c:\programdata\McAfee 2012-06-17 09:41 . 2012-06-27 09:42 -------- d-----w- c:\program files (x86)\McAfee Security Scan 2012-06-17 09:24 . 2012-06-17 09:24 -------- d-----w- c:\users\Sarama\AppData\Roaming\Media Player Classic 2012-06-17 09:21 . 2011-03-02 10:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll 2012-06-17 09:21 . 2012-06-17 09:22 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack 2012-06-17 09:13 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-06-17 09:13 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll 2012-06-17 09:13 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2012-06-17 09:13 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-06-17 09:13 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-16 20:27 . 2012-06-16 20:27 -------- d-----w- c:\users\Sarama\AppData\Local\Macromedia . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-05 20:06 . 2012-05-15 19:24 772544 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-07-05 20:06 . 2012-05-15 19:24 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-06-17 09:41 . 2012-05-16 21:38 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-17 09:41 . 2012-05-16 21:38 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-31 10:25 . 2012-05-15 17:27 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-05-29 20:42 . 2011-03-28 16:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-05-21 02:09 . 2012-05-25 13:21 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys 2012-05-21 02:09 . 2012-05-25 13:21 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys 2012-05-19 07:52 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-05-19 07:52 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-05-16 19:31 . 2012-05-16 19:31 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-05-16 19:31 . 2012-05-16 19:31 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-05-16 19:31 . 2012-05-16 19:31 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-05-16 19:31 . 2012-05-16 19:31 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-05-16 19:31 . 2012-05-16 19:31 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-05-16 19:31 . 2012-05-16 19:31 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-05-16 19:31 . 2012-05-16 19:31 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-05-16 19:31 . 2012-05-16 19:31 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-05-16 19:31 . 2012-05-16 19:31 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-05-16 19:31 . 2012-05-16 19:31 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-05-16 19:31 . 2012-05-16 19:31 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-05-16 19:31 . 2012-05-16 19:31 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-05-16 19:31 . 2012-05-16 19:31 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-05-16 19:31 . 2012-05-16 19:31 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-05-16 19:31 . 2012-05-16 19:31 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-05-16 19:31 . 2012-05-16 19:31 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-05-16 19:31 . 2012-05-16 19:31 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-05-16 19:31 . 2012-05-16 19:31 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-05-16 19:31 . 2012-05-16 19:31 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-05-16 19:31 . 2012-05-16 19:31 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-05-16 19:31 . 2012-05-16 19:31 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-05-16 19:31 . 2012-05-16 19:31 448512 ----a-w- c:\windows\system32\html.iec 2012-05-16 19:31 . 2012-05-16 19:31 222208 ----a-w- c:\windows\system32\msls31.dll 2012-05-16 19:31 . 2012-05-16 19:31 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-05-16 19:31 . 2012-05-16 19:31 12288 ----a-w- c:\windows\system32\mshta.exe 2012-05-16 19:31 . 2012-05-16 19:31 114176 ----a-w- c:\windows\system32\admparse.dll 2012-05-16 19:31 . 2012-05-16 19:31 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-05-16 19:31 . 2012-05-16 19:31 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-05-16 19:31 . 2012-05-16 19:31 603648 ----a-w- c:\windows\system32\vbscript.dll 2012-05-16 19:31 . 2012-05-16 19:31 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-16 19:31 . 2012-05-16 19:31 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-05-16 19:31 . 2012-05-16 19:31 160256 ----a-w- c:\windows\system32\wextract.exe 2012-05-15 20:14 . 2012-05-15 20:14 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-05-15 18:40 . 2012-05-15 17:36 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-05-15 18:40 . 2012-05-15 17:36 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-05-15 08:24 . 2012-05-15 08:24 520192 ----a-w- c:\windows\SysWow64\ASUS_Screensaver.scr 2012-05-15 08:24 . 2012-05-15 08:24 3054136 ----a-w- c:\windows\AsScrPro.exe 2012-05-15 08:24 . 2012-05-15 08:24 35384 ----a-w- c:\windows\system32\drivers\AsDsm.sys 2012-05-04 11:06 . 2012-06-13 19:10 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-13 19:10 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-13 19:10 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-04-28 03:55 . 2012-06-13 19:10 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-13 19:10 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-13 19:10 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-13 19:10 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll 2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 2244096] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-15 348624] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\DRIVERS\CRFILTER.sys [2008-04-07 7168] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-21 99384] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-05-21 203320] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-17 257224] R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984] R4 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-08-24 83240] R4 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer \CLMSMonitorService.exe [2011-09-02 75048] R4 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-09-02 292136] R4 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608] R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-13 113120] R4 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [2009-07-10 128224] S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-15 283200] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/05/15 22:14];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-09-02 10:08 148976] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-15 86224] S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888] S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904] S2 FastBootAgent;FastBootAgent;c:\windows\system32\FBAgent.exe [2009-08-22 356480] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-08-24 75248] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-06-12 112128] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040] S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\srs_PremiumSound_amd64.sys [2009-05-18 343592] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-06-05 34872] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-09 1222144] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . Inhalt des "geplante Tasks" Ordners . 2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 09:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 619392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://start.icq.com/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Sarama\AppData\Roaming\Mozilla\Firefox\Profiles\84gf9ft8.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - WiseConvert Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q= FF - user.js: extentions.y2layers.installId - 6cdfe064-5e3b-4a6a-a60f-56ace05554d3 FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube FF - user.js: extensions.autoDisableScopes - 14 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-07-14 00:06:17 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-07-13 22:06 . Vor Suchlauf: 9 Verzeichnis(se), 45.446.541.312 Bytes frei Nach Suchlauf: 14 Verzeichnis(se), 44.821.016.576 Bytes frei . - - End Of File - - 27F6020677E2982042FA3C992648CB7A |
15.07.2012, 20:27 | #6 |
/// Malware-holic | Bundespolizei Trojaner bei Win 7 64 Bit hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ --> Bundespolizei Trojaner bei Win 7 64 Bit |
15.07.2012, 21:52 | #7 |
| Bundespolizei Trojaner bei Win 7 64 Bit hier der TDSS Killer Log: Code:
ATTFilter 22:42:52.0234 2104 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35 22:42:52.0520 2104 ============================================================ 22:42:52.0520 2104 Current date / time: 2012/07/15 22:42:52.0520 22:42:52.0520 2104 SystemInfo: 22:42:52.0520 2104 22:42:52.0520 2104 OS Version: 6.1.7601 ServicePack: 1.0 22:42:52.0520 2104 Product type: Workstation 22:42:52.0520 2104 ComputerName: SARAMA 22:42:52.0521 2104 UserName: Sarama 22:42:52.0521 2104 Windows directory: C:\Windows 22:42:52.0521 2104 System windows directory: C:\Windows 22:42:52.0521 2104 Running under WOW64 22:42:52.0521 2104 Processor architecture: Intel x64 22:42:52.0521 2104 Number of processors: 2 22:42:52.0521 2104 Page size: 0x1000 22:42:52.0521 2104 Boot type: Normal boot 22:42:52.0521 2104 ============================================================ 22:42:54.0199 2104 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 22:42:54.0205 2104 ============================================================ 22:42:54.0205 2104 \Device\Harddisk0\DR0: 22:42:54.0205 2104 MBR partitions: 22:42:54.0205 2104 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1D4B178, BlocksNum 0x950A600 22:42:54.0222 2104 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xB2557B7, BlocksNum 0x1A1D7F0A 22:42:54.0222 2104 ============================================================ 22:42:54.0275 2104 C: <-> \Device\Harddisk0\DR0\Partition0 22:42:54.0295 2104 D: <-> \Device\Harddisk0\DR0\Partition1 22:42:54.0295 2104 ============================================================ 22:42:54.0295 2104 Initialize success 22:42:54.0296 2104 ============================================================ 22:43:53.0697 5212 ============================================================ 22:43:53.0697 5212 Scan started 22:43:53.0697 5212 Mode: Manual; SigCheck; TDLFS; 22:43:53.0697 5212 ============================================================ 22:43:56.0481 5212 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 22:43:56.0637 5212 1394ohci - ok 22:43:56.0668 5212 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 22:43:56.0699 5212 ACPI - ok 22:43:56.0715 5212 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 22:43:56.0793 5212 AcpiPmi - ok 22:43:56.0949 5212 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 22:43:56.0964 5212 AdobeARMservice - ok 22:43:57.0245 5212 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 22:43:57.0261 5212 AdobeFlashPlayerUpdateSvc - ok 22:43:57.0323 5212 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 22:43:57.0370 5212 adp94xx - ok 22:43:57.0385 5212 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 22:43:57.0417 5212 adpahci - ok 22:43:57.0432 5212 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 22:43:57.0463 5212 adpu320 - ok 22:43:57.0619 5212 ADSMService (c0bf554d2277f7a4c735d475ade2e3b2) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe 22:43:57.0651 5212 ADSMService ( UnsignedFile.Multi.Generic ) - warning 22:43:57.0651 5212 ADSMService - detected UnsignedFile.Multi.Generic (1) 22:43:57.0682 5212 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 22:43:57.0807 5212 AeLookupSvc - ok 22:43:57.0869 5212 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 22:43:57.0931 5212 AFD - ok 22:43:57.0978 5212 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 22:43:57.0994 5212 agp440 - ok 22:43:58.0025 5212 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 22:43:58.0072 5212 ALG - ok 22:43:58.0103 5212 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 22:43:58.0119 5212 aliide - ok 22:43:58.0150 5212 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe 22:43:58.0259 5212 AMD External Events Utility - ok 22:43:58.0321 5212 AMD FUEL Service - ok 22:43:58.0368 5212 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 22:43:58.0384 5212 amdide - ok 22:43:58.0415 5212 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys 22:43:58.0462 5212 amdiox64 - ok 22:43:58.0493 5212 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 22:43:58.0540 5212 AmdK8 - ok 22:43:59.0008 5212 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys 22:43:59.0335 5212 amdkmdag - ok 22:43:59.0710 5212 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys 22:43:59.0772 5212 amdkmdap - ok 22:43:59.0819 5212 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 22:43:59.0850 5212 AmdPPM - ok 22:43:59.0881 5212 amdsata (8818a2ab90189b7ff60a24c0847f9a6b) C:\Windows\system32\DRIVERS\amdsata.sys 22:43:59.0897 5212 amdsata - ok 22:43:59.0928 5212 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 22:43:59.0944 5212 amdsbs - ok 22:43:59.0975 5212 amdxata (3c430969f097dee18d13010d678069cd) C:\Windows\system32\DRIVERS\amdxata.sys 22:43:59.0991 5212 amdxata - ok 22:44:00.0225 5212 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 22:44:00.0240 5212 AntiVirSchedulerService - ok 22:44:00.0287 5212 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 22:44:00.0303 5212 AntiVirService - ok 22:44:00.0349 5212 AnyDVD (30682a098e12e2c85fa65518e1618195) C:\Windows\system32\Drivers\AnyDVD.sys 22:44:00.0365 5212 AnyDVD - ok 22:44:00.0443 5212 AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys 22:44:00.0459 5212 AODDriver4.1 - ok 22:44:00.0490 5212 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 22:44:00.0646 5212 AppID - ok 22:44:00.0677 5212 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 22:44:00.0739 5212 AppIDSvc - ok 22:44:00.0786 5212 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 22:44:00.0833 5212 Appinfo - ok 22:44:01.0114 5212 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 22:44:01.0129 5212 arc - ok 22:44:01.0145 5212 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 22:44:01.0161 5212 arcsas - ok 22:44:01.0254 5212 AsDsm (88fbc8bebfd38566235eaa5e4dbc4e05) C:\Windows\system32\drivers\AsDsm.sys 22:44:01.0270 5212 AsDsm - ok 22:44:01.0348 5212 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe 22:44:01.0363 5212 ASLDRService - ok 22:44:01.0410 5212 ASMMAP64 (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys 22:44:01.0426 5212 ASMMAP64 - ok 22:44:01.0441 5212 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 22:44:01.0504 5212 AsyncMac - ok 22:44:01.0551 5212 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 22:44:01.0566 5212 atapi - ok 22:44:01.0707 5212 athr (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys 22:44:01.0847 5212 athr - ok 22:44:02.0627 5212 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys 22:44:02.0783 5212 atikmdag - ok 22:44:03.0157 5212 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys 22:44:03.0173 5212 AtiPcie - ok 22:44:03.0267 5212 ATKGFNEXSrv (7c157574a181b19b9dcf5f339e25337e) C:\Program Files\ATKGFNEX\GFNEXSrv.exe 22:44:03.0313 5212 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning 22:44:03.0313 5212 ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1) 22:44:03.0376 5212 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 22:44:03.0454 5212 AudioEndpointBuilder - ok 22:44:03.0469 5212 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 22:44:03.0516 5212 AudioSrv - ok 22:44:03.0594 5212 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys 22:44:03.0610 5212 avgntflt - ok 22:44:03.0641 5212 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys 22:44:03.0657 5212 avipbb - ok 22:44:03.0672 5212 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys 22:44:03.0688 5212 avkmgr - ok 22:44:03.0750 5212 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 22:44:03.0797 5212 AxInstSV - ok 22:44:03.0844 5212 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 22:44:03.0891 5212 b06bdrv - ok 22:44:03.0937 5212 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 22:44:03.0969 5212 b57nd60a - ok 22:44:04.0000 5212 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 22:44:04.0031 5212 BDESVC - ok 22:44:04.0062 5212 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 22:44:04.0125 5212 Beep - ok 22:44:04.0203 5212 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 22:44:04.0281 5212 BFE - ok 22:44:04.0343 5212 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll 22:44:04.0468 5212 BITS - ok 22:44:04.0577 5212 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 22:44:04.0608 5212 blbdrive - ok 22:44:04.0639 5212 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 22:44:04.0671 5212 bowser - ok 22:44:04.0702 5212 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 22:44:04.0780 5212 BrFiltLo - ok 22:44:04.0780 5212 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 22:44:04.0811 5212 BrFiltUp - ok 22:44:04.0858 5212 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 22:44:04.0936 5212 BridgeMP - ok 22:44:04.0983 5212 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 22:44:05.0045 5212 Browser - ok 22:44:05.0092 5212 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 22:44:05.0139 5212 Brserid - ok 22:44:05.0170 5212 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 22:44:05.0201 5212 BrSerWdm - ok 22:44:05.0201 5212 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 22:44:05.0232 5212 BrUsbMdm - ok 22:44:05.0248 5212 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 22:44:05.0263 5212 BrUsbSer - ok 22:44:05.0295 5212 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 22:44:05.0310 5212 BTHMODEM - ok 22:44:05.0357 5212 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 22:44:05.0419 5212 bthserv - ok 22:44:05.0435 5212 catchme - ok 22:44:05.0482 5212 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 22:44:05.0560 5212 cdfs - ok 22:44:05.0607 5212 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 22:44:05.0669 5212 cdrom - ok 22:44:05.0716 5212 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 22:44:05.0763 5212 CertPropSvc - ok 22:44:05.0809 5212 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 22:44:05.0841 5212 circlass - ok 22:44:05.0887 5212 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 22:44:05.0919 5212 CLFS - ok 22:44:06.0199 5212 CLHNServiceForPowerDVD (db26c2ba2ac0ab6be1cfa59f61ce22da) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe 22:44:06.0231 5212 CLHNServiceForPowerDVD - ok 22:44:06.0387 5212 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:44:06.0449 5212 clr_optimization_v2.0.50727_32 - ok 22:44:06.0543 5212 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 22:44:06.0621 5212 clr_optimization_v2.0.50727_64 - ok 22:44:06.0823 5212 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 22:44:07.0057 5212 clr_optimization_v4.0.30319_32 - ok 22:44:07.0213 5212 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 22:44:07.0369 5212 clr_optimization_v4.0.30319_64 - ok 22:44:07.0385 5212 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 22:44:07.0416 5212 CmBatt - ok 22:44:07.0447 5212 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 22:44:07.0463 5212 cmdide - ok 22:44:07.0510 5212 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys 22:44:07.0588 5212 CNG - ok 22:44:07.0619 5212 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 22:44:07.0635 5212 Compbatt - ok 22:44:07.0666 5212 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 22:44:07.0697 5212 CompositeBus - ok 22:44:07.0713 5212 COMSysApp - ok 22:44:07.0728 5212 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 22:44:07.0744 5212 crcdisk - ok 22:44:07.0791 5212 CRFILTER (64beed6775c22b0362fa9ded3f8124a1) C:\Windows\system32\DRIVERS\CRFILTER.sys 22:44:07.0822 5212 CRFILTER - ok 22:44:07.0869 5212 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 22:44:07.0900 5212 CryptSvc - ok 22:44:08.0118 5212 CyberLink PowerDVD 11.0 Monitor Service (e27d60e5a51eedf9a57f5b69a9a6457d) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe 22:44:08.0134 5212 CyberLink PowerDVD 11.0 Monitor Service - ok 22:44:08.0181 5212 CyberLink PowerDVD 11.0 Service (857943a77b06ac056771a3b12cd318dd) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe 22:44:08.0196 5212 CyberLink PowerDVD 11.0 Service - ok 22:44:08.0259 5212 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 22:44:08.0337 5212 DcomLaunch - ok 22:44:08.0399 5212 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 22:44:08.0477 5212 defragsvc - ok 22:44:08.0571 5212 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 22:44:08.0633 5212 DfsC - ok 22:44:08.0680 5212 dg_ssudbus (6060106ce00f32f63f1a73160e46e9d2) C:\Windows\system32\DRIVERS\ssudbus.sys 22:44:08.0711 5212 dg_ssudbus - ok 22:44:08.0758 5212 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 22:44:08.0836 5212 Dhcp - ok 22:44:08.0883 5212 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 22:44:08.0945 5212 discache - ok 22:44:08.0976 5212 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 22:44:08.0992 5212 Disk - ok 22:44:09.0039 5212 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 22:44:09.0070 5212 Dnscache - ok 22:44:09.0132 5212 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 22:44:09.0195 5212 dot3svc - ok 22:44:09.0226 5212 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 22:44:09.0304 5212 DPS - ok 22:44:09.0335 5212 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 22:44:09.0366 5212 drmkaud - ok 22:44:09.0413 5212 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 22:44:09.0444 5212 dtsoftbus01 - ok 22:44:09.0507 5212 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 22:44:09.0569 5212 DXGKrnl - ok 22:44:09.0631 5212 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 22:44:09.0694 5212 EapHost - ok 22:44:09.0850 5212 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 22:44:09.0975 5212 ebdrv - ok 22:44:10.0224 5212 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 22:44:10.0271 5212 EFS - ok 22:44:10.0411 5212 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 22:44:10.0489 5212 ehRecvr - ok 22:44:10.0521 5212 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 22:44:10.0552 5212 ehSched - ok 22:44:10.0677 5212 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys 22:44:10.0692 5212 ElbyCDIO - ok 22:44:10.0755 5212 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 22:44:10.0786 5212 elxstor - ok 22:44:10.0817 5212 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 22:44:10.0848 5212 ErrDev - ok 22:44:10.0879 5212 ETD (5cd1005b9bc241c3ab8501d5fbf09fd4) C:\Windows\system32\DRIVERS\ETD.sys 22:44:10.0942 5212 ETD - ok 22:44:10.0989 5212 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 22:44:11.0051 5212 EventSystem - ok 22:44:11.0098 5212 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 22:44:11.0160 5212 exfat - ok 22:44:11.0223 5212 FastBootAgent (b9352b6c6cc8274bdea3e59dc2e59be4) C:\Windows\system32\FBAgent.exe 22:44:11.0254 5212 FastBootAgent - ok 22:44:11.0269 5212 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 22:44:11.0332 5212 fastfat - ok 22:44:11.0394 5212 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 22:44:11.0457 5212 Fax - ok 22:44:11.0472 5212 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 22:44:11.0519 5212 fdc - ok 22:44:11.0550 5212 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 22:44:11.0597 5212 fdPHost - ok 22:44:11.0613 5212 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 22:44:11.0675 5212 FDResPub - ok 22:44:11.0706 5212 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 22:44:11.0722 5212 FileInfo - ok 22:44:11.0737 5212 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 22:44:11.0800 5212 Filetrace - ok 22:44:11.0800 5212 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 22:44:11.0831 5212 flpydisk - ok 22:44:11.0862 5212 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 22:44:11.0893 5212 FltMgr - ok 22:44:11.0956 5212 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 22:44:12.0018 5212 FontCache - ok 22:44:12.0112 5212 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 22:44:12.0127 5212 FontCache3.0.0.0 - ok 22:44:12.0237 5212 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 22:44:12.0252 5212 FsDepends - ok 22:44:12.0283 5212 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 22:44:12.0299 5212 Fs_Rec - ok 22:44:12.0346 5212 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 22:44:12.0377 5212 fvevol - ok 22:44:12.0393 5212 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 22:44:12.0408 5212 gagp30kx - ok 22:44:12.0471 5212 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 22:44:12.0549 5212 gpsvc - ok 22:44:12.0580 5212 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 22:44:12.0595 5212 hcw85cir - ok 22:44:12.0642 5212 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 22:44:12.0705 5212 HdAudAddService - ok 22:44:12.0720 5212 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 22:44:12.0751 5212 HDAudBus - ok 22:44:12.0783 5212 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 22:44:12.0814 5212 HidBatt - ok 22:44:12.0829 5212 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 22:44:12.0861 5212 HidBth - ok 22:44:12.0892 5212 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 22:44:12.0923 5212 HidIr - ok 22:44:12.0939 5212 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 22:44:13.0001 5212 hidserv - ok 22:44:13.0048 5212 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 22:44:13.0063 5212 HidUsb - ok 22:44:13.0095 5212 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 22:44:13.0157 5212 hkmsvc - ok 22:44:13.0188 5212 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 22:44:13.0219 5212 HomeGroupListener - ok 22:44:13.0266 5212 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 22:44:13.0297 5212 HomeGroupProvider - ok 22:44:13.0344 5212 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 22:44:13.0360 5212 HpSAMD - ok 22:44:13.0422 5212 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 22:44:13.0500 5212 HTTP - ok 22:44:13.0531 5212 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 22:44:13.0547 5212 hwpolicy - ok 22:44:13.0578 5212 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 22:44:13.0609 5212 i8042prt - ok 22:44:13.0656 5212 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 22:44:13.0687 5212 iaStorV - ok 22:44:13.0843 5212 ICQ Service (7a95a3ad931b97fec5067e40636ce37f) C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe 22:44:13.0859 5212 ICQ Service - ok 22:44:14.0062 5212 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 22:44:14.0124 5212 idsvc - ok 22:44:14.0389 5212 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 22:44:14.0405 5212 iirsp - ok 22:44:14.0467 5212 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 22:44:14.0545 5212 IKEEXT - ok 22:44:14.0577 5212 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 22:44:14.0592 5212 intelide - ok 22:44:14.0623 5212 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 22:44:14.0639 5212 intelppm - ok 22:44:14.0686 5212 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 22:44:14.0764 5212 IPBusEnum - ok 22:44:14.0795 5212 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:44:14.0857 5212 IpFilterDriver - ok 22:44:14.0904 5212 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 22:44:14.0967 5212 iphlpsvc - ok 22:44:15.0013 5212 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 22:44:15.0045 5212 IPMIDRV - ok 22:44:15.0091 5212 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 22:44:15.0138 5212 IPNAT - ok 22:44:15.0154 5212 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 22:44:15.0232 5212 IRENUM - ok 22:44:15.0247 5212 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 22:44:15.0263 5212 isapnp - ok 22:44:15.0294 5212 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 22:44:15.0325 5212 iScsiPrt - ok 22:44:15.0341 5212 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 22:44:15.0357 5212 kbdclass - ok 22:44:15.0388 5212 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 22:44:15.0419 5212 kbdhid - ok 22:44:15.0466 5212 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys 22:44:15.0481 5212 kbfiltr - ok 22:44:15.0528 5212 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 22:44:15.0544 5212 KeyIso - ok 22:44:15.0575 5212 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys 22:44:15.0591 5212 KSecDD - ok 22:44:15.0622 5212 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys 22:44:15.0653 5212 KSecPkg - ok 22:44:15.0669 5212 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 22:44:15.0731 5212 ksthunk - ok 22:44:15.0778 5212 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 22:44:15.0856 5212 KtmRm - ok 22:44:15.0887 5212 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 22:44:15.0981 5212 LanmanServer - ok 22:44:16.0027 5212 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 22:44:16.0074 5212 LanmanWorkstation - ok 22:44:16.0121 5212 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 22:44:16.0168 5212 lltdio - ok 22:44:16.0215 5212 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 22:44:16.0277 5212 lltdsvc - ok 22:44:16.0293 5212 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 22:44:16.0355 5212 lmhosts - ok 22:44:16.0386 5212 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 22:44:16.0402 5212 LSI_FC - ok 22:44:16.0417 5212 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 22:44:16.0433 5212 LSI_SAS - ok 22:44:16.0464 5212 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 22:44:16.0495 5212 LSI_SAS2 - ok 22:44:16.0511 5212 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 22:44:16.0527 5212 LSI_SCSI - ok 22:44:16.0542 5212 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 22:44:16.0605 5212 luafv - ok 22:44:16.0620 5212 lullaby (085435ae1a124361304044029b5cc644) C:\Windows\system32\DRIVERS\lullaby.sys 22:44:16.0636 5212 lullaby - ok 22:44:16.0683 5212 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 22:44:16.0714 5212 MBAMProtector - ok 22:44:16.0807 5212 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 22:44:16.0870 5212 MBAMService - ok 22:44:17.0041 5212 McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe 22:44:17.0073 5212 McComponentHostService - ok 22:44:17.0119 5212 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 22:44:17.0135 5212 Mcx2Svc - ok 22:44:17.0166 5212 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 22:44:17.0182 5212 megasas - ok 22:44:17.0197 5212 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 22:44:17.0229 5212 MegaSR - ok 22:44:17.0260 5212 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 22:44:17.0322 5212 MMCSS - ok 22:44:17.0338 5212 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 22:44:17.0385 5212 Modem - ok 22:44:17.0416 5212 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 22:44:17.0431 5212 monitor - ok 22:44:17.0463 5212 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 22:44:17.0478 5212 mouclass - ok 22:44:17.0509 5212 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 22:44:17.0541 5212 mouhid - ok 22:44:17.0587 5212 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 22:44:17.0603 5212 mountmgr - ok 22:44:17.0681 5212 MozillaMaintenance (864c02d08f2f641491fe5b4c004f8980) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 22:44:17.0697 5212 MozillaMaintenance - ok 22:44:17.0728 5212 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 22:44:17.0743 5212 mpio - ok 22:44:17.0775 5212 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 22:44:17.0821 5212 mpsdrv - ok 22:44:17.0884 5212 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 22:44:17.0962 5212 MpsSvc - ok 22:44:17.0993 5212 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 22:44:18.0024 5212 MRxDAV - ok 22:44:18.0055 5212 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 22:44:18.0118 5212 mrxsmb - ok 22:44:18.0149 5212 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:44:18.0180 5212 mrxsmb10 - ok 22:44:18.0211 5212 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:44:18.0258 5212 mrxsmb20 - ok 22:44:18.0305 5212 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 22:44:18.0321 5212 msahci - ok 22:44:18.0352 5212 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 22:44:18.0367 5212 msdsm - ok 22:44:18.0399 5212 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 22:44:18.0430 5212 MSDTC - ok 22:44:18.0461 5212 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 22:44:18.0523 5212 Msfs - ok 22:44:18.0523 5212 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 22:44:18.0586 5212 mshidkmdf - ok 22:44:18.0601 5212 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 22:44:18.0617 5212 msisadrv - ok 22:44:18.0648 5212 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 22:44:18.0711 5212 MSiSCSI - ok 22:44:18.0711 5212 msiserver - ok 22:44:18.0757 5212 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 22:44:18.0820 5212 MSKSSRV - ok 22:44:18.0820 5212 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 22:44:18.0882 5212 MSPCLOCK - ok 22:44:18.0882 5212 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 22:44:18.0929 5212 MSPQM - ok 22:44:18.0976 5212 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 22:44:19.0007 5212 MsRPC - ok 22:44:19.0054 5212 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 22:44:19.0069 5212 mssmbios - ok 22:44:19.0116 5212 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 22:44:19.0163 5212 MSTEE - ok 22:44:19.0194 5212 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 22:44:19.0210 5212 MTConfig - ok 22:44:19.0241 5212 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys 22:44:19.0257 5212 MTsensor - ok 22:44:19.0272 5212 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 22:44:19.0319 5212 Mup - ok 22:44:19.0366 5212 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 22:44:19.0444 5212 napagent - ok 22:44:19.0491 5212 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 22:44:19.0537 5212 NativeWifiP - ok 22:44:19.0615 5212 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 22:44:19.0662 5212 NDIS - ok 22:44:19.0693 5212 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 22:44:19.0756 5212 NdisCap - ok 22:44:19.0771 5212 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 22:44:19.0834 5212 NdisTapi - ok 22:44:19.0912 5212 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 22:44:19.0959 5212 Ndisuio - ok 22:44:20.0005 5212 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 22:44:20.0068 5212 NdisWan - ok 22:44:20.0099 5212 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 22:44:20.0146 5212 NDProxy - ok 22:44:20.0349 5212 Nero BackItUp Scheduler 4.0 (c7f5c284b6f46fcaf6910ea4e644700b) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe 22:44:20.0395 5212 Nero BackItUp Scheduler 4.0 - ok 22:44:20.0442 5212 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 22:44:20.0505 5212 NetBIOS - ok 22:44:20.0551 5212 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 22:44:20.0598 5212 NetBT - ok 22:44:20.0661 5212 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 22:44:20.0676 5212 Netlogon - ok 22:44:20.0723 5212 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 22:44:20.0801 5212 Netman - ok 22:44:20.0863 5212 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 22:44:20.0926 5212 netprofm - ok 22:44:21.0019 5212 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:44:21.0035 5212 NetTcpPortSharing - ok 22:44:21.0051 5212 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 22:44:21.0066 5212 nfrd960 - ok 22:44:21.0129 5212 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 22:44:21.0207 5212 NlaSvc - ok 22:44:21.0207 5212 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 22:44:21.0253 5212 Npfs - ok 22:44:21.0285 5212 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 22:44:21.0347 5212 nsi - ok 22:44:21.0363 5212 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 22:44:21.0425 5212 nsiproxy - ok 22:44:21.0519 5212 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 22:44:21.0597 5212 Ntfs - ok 22:44:21.0815 5212 ntk_PowerDVD (7420b2e1f65642129b6e23bd42f752aa) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys 22:44:21.0831 5212 ntk_PowerDVD - ok 22:44:22.0158 5212 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 22:44:22.0221 5212 Null - ok 22:44:22.0252 5212 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 22:44:22.0267 5212 nvraid - ok 22:44:22.0299 5212 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 22:44:22.0314 5212 nvstor - ok 22:44:22.0361 5212 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 22:44:22.0377 5212 nv_agp - ok 22:44:22.0392 5212 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 22:44:22.0423 5212 ohci1394 - ok 22:44:22.0470 5212 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 22:44:22.0517 5212 p2pimsvc - ok 22:44:22.0564 5212 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 22:44:22.0595 5212 p2psvc - ok 22:44:22.0626 5212 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 22:44:22.0657 5212 Parport - ok 22:44:22.0689 5212 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 22:44:22.0704 5212 partmgr - ok 22:44:22.0735 5212 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 22:44:22.0767 5212 PcaSvc - ok 22:44:22.0813 5212 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 22:44:22.0829 5212 pci - ok 22:44:22.0845 5212 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 22:44:22.0860 5212 pciide - ok 22:44:22.0891 5212 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 22:44:22.0923 5212 pcmcia - ok 22:44:22.0923 5212 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 22:44:22.0938 5212 pcw - ok 22:44:23.0001 5212 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 22:44:23.0094 5212 PEAUTH - ok 22:44:23.0297 5212 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 22:44:23.0328 5212 PerfHost - ok 22:44:23.0406 5212 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 22:44:23.0515 5212 pla - ok 22:44:23.0562 5212 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 22:44:23.0609 5212 PlugPlay - ok 22:44:23.0640 5212 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 22:44:23.0687 5212 PNRPAutoReg - ok 22:44:23.0718 5212 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 22:44:23.0749 5212 PNRPsvc - ok 22:44:23.0796 5212 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 22:44:23.0859 5212 PolicyAgent - ok 22:44:23.0890 5212 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 22:44:23.0937 5212 Power - ok 22:44:24.0061 5212 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 22:44:24.0124 5212 PptpMiniport - ok 22:44:24.0155 5212 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 22:44:24.0186 5212 Processor - ok 22:44:24.0233 5212 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 22:44:24.0264 5212 ProfSvc - ok 22:44:24.0295 5212 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 22:44:24.0311 5212 ProtectedStorage - ok 22:44:24.0373 5212 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 22:44:24.0420 5212 Psched - ok 22:44:24.0498 5212 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 22:44:24.0576 5212 ql2300 - ok 22:44:24.0904 5212 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 22:44:24.0935 5212 ql40xx - ok 22:44:24.0966 5212 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 22:44:24.0997 5212 QWAVE - ok 22:44:25.0013 5212 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 22:44:25.0044 5212 QWAVEdrv - ok 22:44:25.0044 5212 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 22:44:25.0107 5212 RasAcd - ok 22:44:25.0153 5212 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 22:44:25.0216 5212 RasAgileVpn - ok 22:44:25.0247 5212 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 22:44:25.0309 5212 RasAuto - ok 22:44:25.0341 5212 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 22:44:25.0403 5212 Rasl2tp - ok 22:44:25.0434 5212 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 22:44:25.0497 5212 RasMan - ok 22:44:25.0528 5212 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 22:44:25.0590 5212 RasPppoe - ok 22:44:25.0621 5212 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 22:44:25.0699 5212 RasSstp - ok 22:44:25.0731 5212 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 22:44:25.0809 5212 rdbss - ok 22:44:25.0824 5212 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 22:44:25.0855 5212 rdpbus - ok 22:44:25.0871 5212 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 22:44:25.0918 5212 RDPCDD - ok 22:44:25.0933 5212 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 22:44:25.0980 5212 RDPENCDD - ok 22:44:25.0996 5212 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 22:44:26.0043 5212 RDPREFMP - ok 22:44:26.0074 5212 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 22:44:26.0121 5212 RDPWD - ok 22:44:26.0167 5212 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 22:44:26.0199 5212 rdyboost - ok 22:44:26.0230 5212 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 22:44:26.0292 5212 RemoteAccess - ok 22:44:26.0323 5212 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 22:44:26.0386 5212 RemoteRegistry - ok 22:44:26.0417 5212 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 22:44:26.0479 5212 RpcEptMapper - ok 22:44:26.0495 5212 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 22:44:26.0526 5212 RpcLocator - ok 22:44:26.0573 5212 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 22:44:26.0635 5212 RpcSs - ok 22:44:26.0667 5212 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 22:44:26.0729 5212 rspndr - ok 22:44:26.0760 5212 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys 22:44:26.0807 5212 RTL8167 - ok 22:44:26.0838 5212 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 22:44:26.0854 5212 SamSs - ok 22:44:26.0901 5212 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 22:44:26.0916 5212 sbp2port - ok 22:44:26.0947 5212 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 22:44:27.0010 5212 SCardSvr - ok 22:44:27.0041 5212 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 22:44:27.0088 5212 scfilter - ok 22:44:27.0166 5212 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 22:44:27.0244 5212 Schedule - ok 22:44:27.0291 5212 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 22:44:27.0322 5212 SCPolicySvc - ok 22:44:27.0369 5212 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 22:44:27.0400 5212 SDRSVC - ok 22:44:27.0509 5212 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 22:44:27.0571 5212 secdrv - ok 22:44:27.0603 5212 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 22:44:27.0665 5212 seclogon - ok 22:44:27.0696 5212 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 22:44:27.0759 5212 SENS - ok 22:44:27.0774 5212 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 22:44:27.0805 5212 SensrSvc - ok 22:44:27.0821 5212 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 22:44:27.0837 5212 Serenum - ok 22:44:27.0899 5212 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 22:44:27.0946 5212 Serial - ok 22:44:27.0977 5212 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 22:44:28.0008 5212 sermouse - ok 22:44:28.0055 5212 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 22:44:28.0102 5212 SessionEnv - ok 22:44:28.0117 5212 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 22:44:28.0149 5212 sffdisk - ok 22:44:28.0164 5212 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 22:44:28.0180 5212 sffp_mmc - ok 22:44:28.0195 5212 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 22:44:28.0227 5212 sffp_sd - ok 22:44:28.0258 5212 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 22:44:28.0289 5212 sfloppy - ok 22:44:28.0351 5212 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 22:44:28.0429 5212 SharedAccess - ok 22:44:28.0476 5212 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 22:44:28.0539 5212 ShellHWDetection - ok 22:44:28.0585 5212 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys 22:44:28.0601 5212 SiSGbeLH - ok 22:44:28.0601 5212 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 22:44:28.0617 5212 SiSRaid2 - ok 22:44:28.0632 5212 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 22:44:28.0679 5212 SiSRaid4 - ok 22:44:28.0695 5212 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 22:44:28.0741 5212 Smb - ok 22:44:28.0788 5212 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 22:44:28.0819 5212 SNMPTRAP - ok 22:44:28.0944 5212 SNP2UVC (1d8474722cdffbb8fca5fa12c50a05a2) C:\Windows\system32\DRIVERS\snp2uvc.sys 22:44:29.0007 5212 SNP2UVC - ok 22:44:29.0350 5212 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 22:44:29.0365 5212 spldr - ok 22:44:29.0428 5212 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 22:44:29.0490 5212 Spooler - ok 22:44:29.0662 5212 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 22:44:29.0818 5212 sppsvc - ok 22:44:30.0114 5212 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 22:44:30.0161 5212 sppuinotify - ok 22:44:30.0301 5212 SRS_PremiumSound_Service (ac51533c7eeb05aa02b294a60e946238) C:\Windows\system32\drivers\srs_PremiumSound_amd64.sys 22:44:30.0333 5212 SRS_PremiumSound_Service - ok 22:44:30.0411 5212 SRS_VolSync_Service (4f4b88e2fb91aeef0251f627bd7ae322) C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe 22:44:30.0442 5212 SRS_VolSync_Service - ok 22:44:30.0489 5212 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 22:44:30.0567 5212 srv - ok 22:44:30.0598 5212 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 22:44:30.0629 5212 srv2 - ok 22:44:30.0645 5212 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 22:44:30.0676 5212 srvnet - ok 22:44:30.0738 5212 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 22:44:30.0801 5212 SSDPSRV - ok 22:44:30.0816 5212 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 22:44:30.0863 5212 SstpSvc - ok 22:44:30.0910 5212 ssudmdm (855335bf5792e56164f98c012e3d92dd) C:\Windows\system32\DRIVERS\ssudmdm.sys 22:44:30.0925 5212 ssudmdm - ok 22:44:30.0941 5212 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 22:44:30.0957 5212 stexstor - ok 22:44:31.0019 5212 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 22:44:31.0081 5212 stisvc - ok 22:44:31.0128 5212 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 22:44:31.0144 5212 swenum - ok 22:44:31.0191 5212 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 22:44:31.0269 5212 swprv - ok 22:44:31.0362 5212 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 22:44:31.0456 5212 SysMain - ok 22:44:31.0705 5212 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 22:44:31.0752 5212 TabletInputService - ok 22:44:31.0783 5212 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 22:44:31.0846 5212 TapiSrv - ok 22:44:31.0877 5212 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 22:44:31.0939 5212 TBS - ok 22:44:32.0111 5212 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 22:44:32.0205 5212 Tcpip - ok 22:44:32.0626 5212 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 22:44:32.0673 5212 TCPIP6 - ok 22:44:33.0016 5212 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 22:44:33.0063 5212 tcpipreg - ok 22:44:33.0094 5212 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 22:44:33.0125 5212 TDPIPE - ok 22:44:33.0156 5212 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 22:44:33.0172 5212 TDTCP - ok 22:44:33.0203 5212 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 22:44:33.0250 5212 tdx - ok 22:44:33.0297 5212 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 22:44:33.0312 5212 TermDD - ok 22:44:33.0343 5212 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 22:44:33.0421 5212 TermService - ok 22:44:33.0453 5212 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 22:44:33.0484 5212 Themes - ok 22:44:33.0531 5212 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 22:44:33.0562 5212 THREADORDER - ok 22:44:33.0593 5212 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 22:44:33.0655 5212 TrkWks - ok 22:44:33.0718 5212 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 22:44:33.0796 5212 TrustedInstaller - ok 22:44:33.0827 5212 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 22:44:33.0874 5212 tssecsrv - ok 22:44:33.0905 5212 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 22:44:33.0936 5212 TsUsbFlt - ok 22:44:33.0999 5212 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 22:44:34.0045 5212 tunnel - ok 22:44:34.0077 5212 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 22:44:34.0092 5212 uagp35 - ok 22:44:34.0139 5212 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 22:44:34.0217 5212 udfs - ok 22:44:34.0248 5212 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 22:44:34.0279 5212 UI0Detect - ok 22:44:34.0326 5212 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 22:44:34.0342 5212 uliagpkx - ok 22:44:34.0357 5212 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 22:44:34.0389 5212 umbus - ok 22:44:34.0420 5212 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 22:44:34.0451 5212 UmPass - ok 22:44:34.0498 5212 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 22:44:34.0591 5212 upnphost - ok 22:44:34.0607 5212 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 22:44:34.0638 5212 usbccgp - ok 22:44:34.0685 5212 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 22:44:34.0716 5212 usbcir - ok 22:44:34.0747 5212 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 22:44:34.0779 5212 usbehci - ok 22:44:34.0810 5212 usbfilter (d524f3716d85b744762ff5eaaef8f3a2) C:\Windows\system32\DRIVERS\usbfilter.sys 22:44:34.0810 5212 usbfilter - ok 22:44:34.0857 5212 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 22:44:34.0903 5212 usbhub - ok 22:44:34.0919 5212 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 22:44:34.0966 5212 usbohci - ok 22:44:34.0997 5212 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 22:44:35.0028 5212 usbprint - ok 22:44:35.0059 5212 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 22:44:35.0091 5212 usbscan - ok 22:44:35.0122 5212 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:44:35.0153 5212 USBSTOR - ok 22:44:35.0184 5212 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 22:44:35.0200 5212 usbuhci - ok 22:44:35.0247 5212 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 22:44:35.0278 5212 usbvideo - ok 22:44:35.0340 5212 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 22:44:35.0403 5212 UxSms - ok 22:44:35.0434 5212 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 22:44:35.0449 5212 VaultSvc - ok 22:44:35.0496 5212 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 22:44:35.0512 5212 vdrvroot - ok 22:44:35.0574 5212 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 22:44:35.0637 5212 vds - ok 22:44:35.0683 5212 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 22:44:35.0699 5212 vga - ok 22:44:35.0715 5212 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 22:44:35.0777 5212 VgaSave - ok 22:44:35.0808 5212 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 22:44:35.0824 5212 vhdmp - ok 22:44:35.0949 5212 VIAHdAudAddService (fe595d1a1b781190bb483444b62cc607) C:\Windows\system32\drivers\viahduaa.sys 22:44:36.0042 5212 VIAHdAudAddService - ok 22:44:36.0073 5212 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 22:44:36.0089 5212 viaide - ok 22:44:36.0105 5212 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 22:44:36.0120 5212 volmgr - ok 22:44:36.0167 5212 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 22:44:36.0198 5212 volmgrx - ok 22:44:36.0214 5212 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 22:44:36.0245 5212 volsnap - ok 22:44:36.0292 5212 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 22:44:36.0307 5212 vsmraid - ok 22:44:36.0401 5212 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 22:44:36.0510 5212 VSS - ok 22:44:36.0853 5212 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 22:44:36.0885 5212 vwifibus - ok 22:44:36.0900 5212 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 22:44:36.0916 5212 vwififlt - ok 22:44:36.0978 5212 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 22:44:37.0041 5212 W32Time - ok 22:44:37.0056 5212 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 22:44:37.0087 5212 WacomPen - ok 22:44:37.0119 5212 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 22:44:37.0165 5212 WANARP - ok 22:44:37.0165 5212 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 22:44:37.0212 5212 Wanarpv6 - ok 22:44:37.0618 5212 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 22:44:37.0696 5212 wbengine - ok 22:44:37.0946 5212 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 22:44:37.0992 5212 WbioSrvc - ok 22:44:38.0024 5212 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 22:44:38.0070 5212 wcncsvc - ok 22:44:38.0102 5212 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 22:44:38.0133 5212 WcsPlugInService - ok 22:44:38.0258 5212 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 22:44:38.0273 5212 Wd - ok 22:44:38.0320 5212 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 22:44:38.0367 5212 Wdf01000 - ok 22:44:38.0367 5212 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 22:44:38.0414 5212 WdiServiceHost - ok 22:44:38.0414 5212 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 22:44:38.0445 5212 WdiSystemHost - ok 22:44:38.0492 5212 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 22:44:38.0538 5212 WebClient - ok 22:44:38.0585 5212 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 22:44:38.0648 5212 Wecsvc - ok 22:44:38.0679 5212 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 22:44:38.0741 5212 wercplsupport - ok 22:44:38.0757 5212 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 22:44:38.0819 5212 WerSvc - ok 22:44:38.0928 5212 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 22:44:38.0975 5212 WfpLwf - ok 22:44:38.0975 5212 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 22:44:38.0991 5212 WIMMount - ok 22:44:39.0069 5212 WinDefend - ok 22:44:39.0069 5212 WinHttpAutoProxySvc - ok 22:44:39.0225 5212 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 22:44:39.0287 5212 Winmgmt - ok 22:44:39.0381 5212 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 22:44:39.0506 5212 WinRM - ok 22:44:39.0864 5212 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 22:44:39.0896 5212 WinUsb - ok 22:44:39.0958 5212 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 22:44:40.0020 5212 Wlansvc - ok 22:44:40.0192 5212 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 22:44:40.0286 5212 wlidsvc - ok 22:44:40.0676 5212 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 22:44:40.0691 5212 WmiAcpi - ok 22:44:40.0847 5212 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 22:44:40.0894 5212 wmiApSrv - ok 22:44:40.0972 5212 WMPNetworkSvc - ok 22:44:41.0003 5212 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 22:44:41.0034 5212 WPCSvc - ok 22:44:41.0066 5212 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 22:44:41.0097 5212 WPDBusEnum - ok 22:44:41.0128 5212 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 22:44:41.0175 5212 ws2ifsl - ok 22:44:41.0206 5212 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 22:44:41.0253 5212 wscsvc - ok 22:44:41.0253 5212 WSearch - ok 22:44:41.0378 5212 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 22:44:41.0487 5212 wuauserv - ok 22:44:41.0814 5212 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 22:44:41.0861 5212 WudfPf - ok 22:44:41.0892 5212 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 22:44:41.0939 5212 WUDFRd - ok 22:44:41.0970 5212 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 22:44:42.0017 5212 wudfsvc - ok 22:44:42.0064 5212 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 22:44:42.0111 5212 WwanSvc - ok 22:44:42.0345 5212 {329F96B6-DF1E-4328-BFDA-39EA953C1312} (1870a74ee2901ca09ffbfe79a5ee0e94) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl 22:44:42.0376 5212 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok 22:44:42.0407 5212 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 22:44:43.0484 5212 \Device\Harddisk0\DR0 - ok 22:44:43.0484 5212 Boot (0x1200) (367c7cbdd2441f252043f95881c6b7b7) \Device\Harddisk0\DR0\Partition0 22:44:43.0484 5212 \Device\Harddisk0\DR0\Partition0 - ok 22:44:43.0499 5212 Boot (0x1200) (4f2d9a4a4b41def6978a973084681218) \Device\Harddisk0\DR0\Partition1 22:44:43.0499 5212 \Device\Harddisk0\DR0\Partition1 - ok 22:44:43.0499 5212 ============================================================ 22:44:43.0499 5212 Scan finished 22:44:43.0499 5212 ============================================================ 22:44:43.0515 5780 Detected object count: 2 22:44:43.0515 5780 Actual detected object count: 2 22:44:58.0678 5780 ADSMService ( UnsignedFile.Multi.Generic ) - skipped by user 22:44:58.0678 5780 ADSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:44:58.0678 5780 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user 22:44:58.0678 5780 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:46:48.0589 5340 Deinitialize success |
17.07.2012, 21:56 | #8 |
/// Malware-holic | Bundespolizei Trojaner bei Win 7 64 Bit hi lade den CCleaner standard: CCleaner Download - CCleaner 3.20.1750 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
17.07.2012, 22:37 | #9 |
| Bundespolizei Trojaner bei Win 7 64 Bit hier die Liste. Hoffe, die passt so Code:
ATTFilter Acrobat.com Adobe Systems Incorporated notwendig Adobe AIR Adobe Systems Inc. unbekannt Adobe Flash Player 11 Plugin Adobe Systems Incorporated notwendig Adobe Reader X (10.1.3) - Deutsch Adobe Systems Incorporated notwendig AMD Catalyst Install Manager Advanced Micro Devices, Inc. notwendig AMD USB Filter Driver Advanced Micro Devices, Inc. notwendig ASUS CopyProtect unbekannt ASUS Data Security Manager notwendig ASUS FancyStart ASUSTeK Computer Inc. unbekannt ASUS LifeFrame3 ASUS notwendig ASUS Live Update notwendig ASUS MultiFrame ASUS notwendig ASUS Power4Gear Hybrid notwendig ASUS SmartLogon ASUS notwendig ASUS Splendid Video Enhancement Technology notwendig ASUS_Screensaver unnötig Atheros Client Installation Program unbekannt ATK Generic Function Service unbekannt ATK Hotkey ASUS unbekannt ATK Media ASUS unbekannt ATKOSD2 ASUS unbekannt Avira Free Antivirus Avira notwendig Captcha Brotherhood notwendig CCleaner Piriform notwendig ControlDeck ASUS unbekannt CyberLink PowerDVD 11 CyberLink Corp. notwendig DVDFab 8.1.7.8 (17/04/2012) Qt Fengtao Software Inc. notwendig ETDWare PS/2-x64 7.0.5.5_WHQL unbekannt Fast Boot ASUS unbekannt FreeRIP v3.2 MGShareware notwendig ICQ Toolbar ICQ unnötig ICQ7.5 ICQ notwendig Java(TM) 7 Update 5 notwendig JavaFX 2.1.1 Oracle Corporation unbekannt JDownloader 2 AppWork GmbH notwendig K-Lite Codec Pack 8.8.0 (Full) notwendig LastPass (uninstall only) LastPass notwendig Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation notwendig McAfee Security Scan Plus McAfee, Inc. unnötig Microsoft .NET Framework 4 Client Profile Microsoft Corporation unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation unbekannt Microsoft Office Live Add-in 1.5 Microsoft Corporation unbekannt Microsoft Office XP Professional mit FrontPage Microsoft Corporation notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation unbekannt Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation unbekannt Mozilla Firefox 14.0 (x86 de) Mozilla notwendig Mozilla Maintenance Service Mozilla unbekannt Mp3tag v2.50 Florian Heidenreich notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation unbekannt Multimedia Card Reader notwendig Nero 9 Nero AG notwendig Realtek 8136 8168 8169 Ethernet Driver Realtek notwendig Samsung Kies Samsung Electronics Co., Ltd. notwendig SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. notwendig SnagIt 8 TechSmith Corporation unnötig SRS Premium Sound SRS Labs, Inc. notwendig USB 2.0 1.3M UVC WebCam notwendig VIA Platform Device Manager VIA Technologies, Inc. notwendig VLC media player 2.0.1 VideoLAN notwendig Winamp Nullsoft, Inc notwendig Winamp Anwendungserkennung Nullsoft, Inc notwendig Windows Live Essentials Microsoft Corporation unbekannt WinFlash ASUS unbekannt WinRAR notwendig Wireless Console 3 ASUS notwendig Yontoo 1.10.02 Yontoo LLC unbekannt |
19.07.2012, 20:34 | #10 |
/// Malware-holic | Bundespolizei Trojaner bei Win 7 64 Bit deinstaliere: Adobe Flash Player alle http://get.adobe.com/de/flashplayer/ neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: ICQ Toolbar McAfee SnagIt Windows Live Yontoo öffne CCleaner analysieren starten. öffne otl, cleanup, pc startet neu, testen wie das system läuft
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
21.07.2012, 12:17 | #11 |
| Bundespolizei Trojaner bei Win 7 64 Bit Alles gemacht. Bis jetzt läuft PC gut. Vielen Dank schonmal für alles. Echt tolled Forum Werde mich auch mit einer kleinen Spende erkenntlich zeigen Soll bzw. kann ich noch was machen? LG! Randy |
25.07.2012, 18:01 | #12 |
/// Malware-holic | Bundespolizei Trojaner bei Win 7 64 Bit danke fürs spenden. pc absichern: als antimalware programm würde ich emsisoft empfehlen. diese haben für mich den besten schutz kostet aber etwas. http://www.trojaner-board.de/103809-...i-malware.html testversion: Meine Antivirus-Empfehlung: Emsisoft Anti-Malware insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren. vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen. kostenlos, aber eben nicht ganz so gut wäre avast zu empfehlen. http://www.trojaner-board.de/110895-...antivirus.html sag mir welches du nutzt, dann gebe ich konfigurationshinweise. bitte dein bisheriges av deinstalieren die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch! http://www.trojaner-board.de/96344-a...-rechners.html Starte bitte mit der Passage, Windows Vista und Windows 7 Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist. aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen. als browser rate ich dir zu chrome: Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe anleitung lesen bitte falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung Sandboxie Die devinition einer Sandbox ist hier nachzulesen: Sandbox Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen. Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen. Download Link: Sandboxie Download - Sandboxie 3.72 anleitung: http://www.trojaner-board.de/71542-a...sandboxie.html ausführliche anleitung als pdf, auch abarbeiten: Sandbox Einstellungen | bitte folgende zusatz konfiguration machen: sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen. dort klicke auf sandbox einstellungen. beschrenkungen, bei programm start und internet zugriff schreibe: chrome.exe dann gehe auf anwendungen, webbrowser, chrome. dort aktiviere alles außer gesammten profil ordner freigeben. Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen. Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate. Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten. Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten. Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar. Weiter mit: Maßnahmen für ALLE Windows-Versionen alles komplett durcharbeiten anmerkung zu file hippo. in den settings zusätzlich auswählen: hide beta updates. Run updateChecker when Windows starts Backup Programm: in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an: http://www.trojaner-board.de/82962-w...en-backup.html Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar. Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist. Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern bitte auch lesen, wie mache ich programme für alle sichtbar: Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox. wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst. wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
26.07.2012, 22:07 | #13 |
| Bundespolizei Trojaner bei Win 7 64 Bit Hab einiges schon gemacht. Danke nochmal Hab Emisoft Programm und nutze Firefox. LG! Randy |
27.07.2012, 21:31 | #14 |
/// Malware-holic | Bundespolizei Trojaner bei Win 7 64 Bit schon mal chrome angesehen? sicherer und schneller. emsi konfig: emsisoft öffnen, einstellungen klicken. geplanter scan. wähle starten um, ich persönlich hab monatlich, kannst aber auch wöchendlich einstellen. uhrzeit, und bei monatlich ebenfalls datum wählen. unsichtbar, falls du das scan fenster nicht sehen möchtest. und verpasste scans nachholen. auto update: intervall, täglich, stündlich von 00.00 bis 23.59 heißt jede stunde updates. einstellung: update am antimalware network teilnemen. die andern beiden haken, beta updates und zusätzliche sprachen, nicht setzen. rest bleibt. klicke jetzt auf wächter: dort auf wächter. verhaltensanalyse aktivieren, alles selektieren. jetzt auf alarme: aktiviere dort comunety basierte alarm reduktion. unter anderem dafür gibt es das antimalware network. die comunety basierte alarm reduktion betrifft die verhaltensanalyse. emsisoft gibt, bei einigen programmen, meldungen raus, weil das verhalten des programmes dies notwendig macht. da manche user sich damit nicht auskennen, was keine schande ist, :-) wird hier geprüft, wie viele nutzer haben programm x erlaubt oder blockiert. hier haben wir im moment 90 % eingestellt, also wenn 90 % sagen, das programm ist io, wird ne erlauben regel angelegt, wenn sie sagen, programm x ist bösartig, automatisch blockiert. wenn du dir das allein zutraust, musst du den haken nicht setzen. wenn zb nur 70 % aller user sagen programm x ist gut oder bösartig, wird dir dies in einer grafik angezeigt jetzt auf datei wächter. standard atkion für erkannte objekte, alarmieren. surf schutz: hier alles auf blockieren mit info. wenn es eine seite gibt, die versehens blockiert wird, kanns du die direkt über das popup erlauben was es bei der blockierung gibt, oder über host regeln. wenn dir diese info popups nicht gefallen musst du alles auf unsichtbar blockieren stellen, aber drann denken, zu prüfen wenn du ne seite hast, die nicht geladen wird, ob emsi sie geblockt hatt. das wäre es, hoffe es war verständlich.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Bundespolizei Trojaner bei Win 7 64 Bit |
antivir, autorun, avira, bho, desktop, device driver, error, fehler, firefox, flash player, gfnexsrv.exe, helper, heuristiks/extra, heuristiks/shuriken, home, install.exe, langs, logfile, mozilla, mp3, msiinstaller, netzwerk, plug-in, realtek, registry, richtlinie, scan, searchscopes, security, software, svchost.exe, tarma, trojaner, usb, usb 2.0, vdeck.exe, virus, win 7 64 bit, yontoo |