| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Gvu Trojaner mit webcamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.07.2012, 11:07
| #1 |
| |  Gvu Trojaner mit webcam Hallo ich habe mir jetzt schon einige sachen durchgelesen aber bei mir war das etwas anders. Bei mir hat sich auch dieser Bildschirm einfach geöffnet mit GVU usw dann habe ich den laptop sofort aus gemacht und wieder gestatet er ist ganz normal hochgefahren und ich konnte mich auch normal anmelden mein Viren Programm hat dann den file fastor_ot.exe in Qurantäne gestzt wo ich es dann rausgelöscht habe nun kam nur am Anfang des systemstart die fehlermeldung von rundll32 das er den trojaner nicht ausführen kann denn link habe ich aus dem systemstart gelöscht und auch aus dem papierkorb. Der pc funktioniert eigentlich einwandfrei auch der taskmanger lässt sich öffnen. Wie soll ich jetzt vorgehen damit ich mir sicher sein kann dass alles weg ist. Vielen Dannk für die Hilfe im voraus lg chrisooo Habe jetzt einen Quick Scan mit Malwarebytes Antimalware gemacht hat aber nichts gefunden hier der log: Malwarebytes Anti-Malware (Test) 1.62.0.1300 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.07.15.07 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Christian :: CHRISTIAN-PC [Administrator] Schutz: Aktiviert 15.07.2012 12:27:24 mbam-log-2012-07-15 (12-27-24).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 234151 Laufzeit: 4 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Hier noch der vollständige Scan Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.15.07 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Christian :: CHRISTIAN-PC [Administrator] Schutz: Aktiviert 15.07.2012 13:21:37 mbam-log-2012-07-15 (13-21-37).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 447169 Laufzeit: 1 Stunde(n), 23 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Program Files (x86)\EA GAMES\MOHAA\Ereg MOHAAB\go_ez.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) werden jetzt mal einen Scan mit OTL machen Poste dann die Logs hier. Hier die OTL logs:OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.07.2012 15:29:56 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\*******\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 56,16% Memory free 7,73 Gb Paging File | 5,77 Gb Available in Paging File | 74,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 224,87 Gb Total Space | 135,25 Gb Free Space | 60,14% Space Free | Partition Type: NTFS Drive D: | 225,17 Gb Total Space | 81,10 Gb Free Space | 36,02% Space Free | Partition Type: NTFS Drive E: | 6,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: User-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Christian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe (Panda Security, S.L.) PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe (Panda Security, S.L.) PRC - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe (Panda Security, S.L.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe (Panda Security, S.L.) PRC - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\AVENGINE.EXE (Panda Security, S.L.) PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2012\WebProxy.exe (Panda Security, S.L.) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Firewall\PSHOST.EXE (Panda Security International) PRC - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe (Panda Security, S.L.) PRC - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe (Panda Security S.L.) PRC - C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll () MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll () MOD - C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll () MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll () MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll () MOD - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\MiniCrypto.dll () MOD - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\libxml2.dll () ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (TPSrv) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\TPSrvWow.exe (Panda Security, S.L.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (PAVFNSVR) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe (Panda Security, S.L.) SRV - (PskSvcRetail) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe (Panda Security, S.L.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (PAVSRV) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe (Panda Security, S.L.) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (PSHost) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Firewall\PSHOST.EXE (Panda Security International) SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (Panda Software Controller) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe (Panda Security, S.L.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (PSIMSVC) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe (Panda Security S.L.) SRV - (PavPrSrv) -- C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.) ========== Driver Services (SafeList) ========== DRV:64bit: - (Prot6Flt) -- C:\Windows\SysNative\drivers\prot6flt.sys (Panda Security, S.L.) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (APPFLT) -- C:\Windows\SysNative\drivers\APPFLT64.SYS (Panda Security, S.L.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (IDSFLT) -- C:\Windows\SysNative\drivers\idsflt64.sys (Panda Security, S.L.) DRV:64bit: - (NETIMFLT01060044) -- C:\Windows\SysNative\drivers\n64i1644.sys (Panda Security, S.L.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (AmFSM) -- C:\Windows\SysNative\drivers\amm6460.sys (Panda Security, S.L.) DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (ShldFlt) -- C:\Windows\SysNative\drivers\ShldFlt.sys (Panda Security, S.L.) DRV:64bit: - (WNMFLT) -- C:\Windows\SysNative\drivers\wnmflt64.sys (Panda Security, S.L.) DRV:64bit: - (NETFLTDI) -- C:\Windows\SysNative\drivers\NETTDI64.SYS (Panda Security, S.L.) DRV:64bit: - (DSAFLT) -- C:\Windows\SysNative\drivers\dsaflt64.sys (Panda Security, S.L.) DRV:64bit: - (FNETMON) -- C:\Windows\SysNative\drivers\fnetm64.sys (Panda Security, S.L.) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {E86F2EB7-81E0-46C2-8B2F-D32A301EC0E7} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{E86F2EB7-81E0-46C2-8B2F-D32A301EC0E7}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (ICQ Sparberater) - {5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe (Microsoft) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APVXDWIN] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE (Panda Security, S.L.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe (Microsoft) O4 - HKLM..\Run: [SCANINICIO] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Inicio.exe (Panda Security, S.L.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7AC2531-F5BB-45EF-A06B-95915CEFAC7F}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\gopher - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) - c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\avldr: DllName - (avldr64.dll) - C:\Windows\SysNative\avldr64.dll (On-Access Anti-Malware Scanner Sync) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.08.24 07:53:21 | 008,958,304 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2011.09.07 03:00:07 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ] O32 - AutoRun File - [2011.09.07 02:08:12 | 000,032,783 | R--- | M] () - E:\Autorun.ico -- [ UDF ] O32 - AutoRun File - [2011.09.07 03:00:07 | 000,000,132 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{18160f9c-0ddc-11e0-b576-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{18160f9c-0ddc-11e0-b576-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.08.24 07:53:21 | 008,958,304 | R--- | M] (Electronic Arts) O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.08.24 07:53:21 | 008,958,304 | R--- | M] (Electronic Arts) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.15 15:17:09 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2012.07.15 13:34:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2012.07.15 13:32:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2012.07.15 12:23:51 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes [2012.07.15 12:23:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.15 12:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.15 12:23:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.15 12:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.14 20:41:25 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\ElevatedDiagnostics [2012.07.11 17:32:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.11 17:32:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.11 17:32:25 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.11 17:32:20 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.11 17:32:18 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.06.19 16:58:11 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.19 16:58:11 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.19 16:58:11 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.19 16:57:49 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.19 16:57:49 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.19 16:57:49 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.19 16:57:34 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.19 16:57:34 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.15 16:52:45 | 000,030,720 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\prot6flt.sys [6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.15 15:17:19 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2012.07.15 15:09:21 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.15 15:09:21 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.15 15:09:21 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.15 15:09:21 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.15 15:09:21 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.15 15:08:43 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.15 15:08:43 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.15 15:07:32 | 000,359,336 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFCONT.DAT.bck [2012.07.15 15:07:32 | 000,359,336 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFCONT.DAT [2012.07.15 15:06:19 | 000,303,044 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.rls.bck [2012.07.15 15:06:19 | 000,303,044 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.rls [2012.07.15 15:06:19 | 000,001,132 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFLTR.CFG.bck [2012.07.15 15:06:19 | 000,001,132 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFLTR.CFG [2012.07.15 15:06:19 | 000,000,252 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\IdsFlt.cfg.bck [2012.07.15 15:06:19 | 000,000,252 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\IdsFlt.cfg [2012.07.15 15:06:19 | 000,000,128 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetLoc.wlt.bck [2012.07.15 15:06:19 | 000,000,128 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetLoc.wlt [2012.07.15 15:06:19 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetFlt.cfg.bck [2012.07.15 15:06:19 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetFlt.cfg [2012.07.15 15:06:19 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\WnmFlt.cfg.bck [2012.07.15 15:06:19 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\WnmFlt.cfg [2012.07.15 15:06:19 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.cfg.bck [2012.07.15 15:06:19 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.cfg [2012.07.15 15:02:28 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAR.wlt.bck [2012.07.15 15:02:28 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAR.wlt [2012.07.15 15:02:26 | 000,000,136 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAdapt.cfg.bck [2012.07.15 15:02:26 | 000,000,136 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAdapt.cfg [2012.07.15 15:02:04 | 000,030,720 | ---- | M] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\prot6flt.sys [2012.07.15 15:01:47 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.15 15:01:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.15 15:01:25 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys [2012.07.15 13:49:29 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll [2012.07.15 13:49:28 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll [2012.07.15 12:23:36 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.14 19:06:00 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad [2012.07.14 17:17:29 | 000,008,627 | ---- | M] () -- C:\Windows\SysWow64\PAV_FOG.OPC [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.24 22:21:10 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Medal of Honor Allied Assault(tm) Breakthrough.lnk [6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.15 12:23:36 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.14 19:05:36 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad [2012.06.24 22:21:10 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\Medal of Honor Allied Assault(tm) Breakthrough.lnk [2012.05.12 17:50:01 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat [2012.04.24 20:23:30 | 000,000,019 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\urhtps.dat [2012.01.11 19:15:09 | 000,000,714 | ---- | C] () -- C:\Windows\wininit.ini [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.02.15 21:17:09 | 000,007,605 | ---- | C] () -- C:\Users\Christian\AppData\Local\resmon.resmoncfg [2011.01.08 17:57:42 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.01.08 17:57:41 | 002,793,768 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.01.08 17:57:41 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.01.06 21:01:30 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2010.12.22 16:47:11 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe [2010.12.22 16:47:11 | 000,191,688 | ---- | C] () -- C:\Windows\flicker.dll [2010.12.22 16:47:11 | 000,051,712 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe [2010.12.22 16:47:11 | 000,011,976 | ---- | C] () -- C:\Windows\setpwlin.exe [2010.12.22 16:47:11 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini [2010.12.22 16:47:11 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini [2010.10.14 15:06:09 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010.10.14 14:54:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2011.01.12 19:32:55 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\gnupg [2012.07.13 00:16:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ICQ [2012.04.11 23:51:55 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\kock [2011.01.18 21:17:39 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Leadertech [2012.05.13 16:21:25 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Origin [2011.11.07 18:58:00 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Panda Security [2012.04.14 17:24:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\UAs [2012.04.14 17:24:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\xmldm [2012.07.02 17:25:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:798A3728 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2 < End of report > und Extra: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.07.2012 15:29:56 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\********\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,87 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 56,16% Memory free
7,73 Gb Paging File | 5,77 Gb Available in Paging File | 74,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 224,87 Gb Total Space | 135,25 Gb Free Space | 60,14% Space Free | Partition Type: NTFS
Drive D: | 225,17 Gb Total Space | 81,10 Gb Free Space | 36,02% Space Free | Partition Type: NTFS
Drive E: | 6,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: User | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
.jse [@ = JSEFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
.vbe [@ = VBEFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
.vbs [@ = VBSFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
.wsf [@ = WSFFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
.wsh [@ = WSHFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
.jse [@ = JSEFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
.vbe [@ = VBEFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
.vbs [@ = VBSFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
.wsf [@ = WSFFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
.wsh [@ = WSHFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
jsefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
vbsfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
wsffile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
wshfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
jsefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
vbsfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
wsffile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
wshfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14B13C06-03D3-44D9-834D-EBE577F2D7FA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{23950EF3-C6FD-491B-B34D-A607446793F2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{28CD8638-158B-47F5-9BBB-D60786CAD55A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{418E0614-2546-415F-9ABF-DA63ED867CF7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5639E67D-043A-4DE0-B8EE-0EE444D8E078}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{599DBC14-899A-4302-8FED-75304EF08F7C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5B52D658-E40A-4CBB-989C-110C2E84C950}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5E472CCB-450A-4DB3-876D-6953291E43CE}" = rport=445 | protocol=6 | dir=out | app=system |
"{668B3CE8-621F-4F03-B2D3-DA4C9B6E3CA6}" = rport=139 | protocol=6 | dir=out | app=system |
"{6A885B28-6F11-460F-B3EA-AC9E183A1064}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{79F561AF-9036-42AD-B9A6-2576F3B67D1B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7A71AFC6-2BBE-4E06-8E7D-1098EDA525E8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A0722194-6C87-4508-B7F0-ADFE85243636}" = lport=445 | protocol=6 | dir=in | app=system |
"{A25BA46E-2394-48B6-903D-B1DF42C7ECFA}" = lport=138 | protocol=17 | dir=in | app=system |
"{A59F2B67-78CA-4605-8168-67E4774A908A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AA3DBC46-15EA-47C0-B97F-3397222D8B0E}" = rport=138 | protocol=17 | dir=out | app=system |
"{AA6BA5B2-57A5-4037-83F4-8612EAF93876}" = lport=139 | protocol=6 | dir=in | app=system |
"{B1C41BE1-D753-403E-AD3F-F5F045CE4D78}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BEDFA6D4-D68D-45C3-B270-41CEA5452A22}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D848D894-41B5-4B5A-98F5-4A8788334E30}" = lport=137 | protocol=17 | dir=in | app=system |
"{ED8C2ECC-5F01-47A6-8407-6A738E277331}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F0B464B2-4741-4A5E-9E46-38660757E751}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FD5BBF46-A4D8-4700-9BD7-92F3D2168F7A}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010C0D03-CC62-44DD-8EDC-927585842A1D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{07E52735-28DD-4FAB-A36F-034BA0E72448}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{0B8268B5-0684-4E49-8729-1FD25771641A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0DF21496-B53B-4D9E-98D4-14936F53CFA8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0FF7DB57-9AED-4566-9C96-3EAB13DF41C1}" = protocol=6 | dir=out | app=system |
"{2E7FA9A8-143E-4367-9898-DE2CE43933DA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{2FC4DD60-2860-4727-9183-3A6412528CA5}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{313D4455-F822-4345-8DDE-C4671063822C}" = protocol=6 | dir=in | app=e:\setup.exe |
"{3611F864-CEC6-41CB-A195-420CA096A79E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{3861DEDA-F38D-4F65-ABEC-65C6E1B5A40C}" = protocol=17 | dir=in | app=d:\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{3CBC5568-8760-4CF7-9984-CA827DBF1AB6}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{3F123A8F-D529-4752-9226-424232EF8029}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{402953C2-8A4C-4C96-94EA-99BE823F574E}" = protocol=17 | dir=in | app=c:\program files (x86)\sega\vancouver 2010\vancouver.exe |
"{44818AD3-8EEF-45EA-97A5-4A1DEC983966}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{454CC71A-1E27-4391-9309-2640243FC98A}" = protocol=17 | dir=in | app=c:\program files (x86)\sega\beijing 2008\beijing.exe |
"{47456820-E292-45CA-88AA-59E572FFB673}" = protocol=6 | dir=in | app=c:\program files (x86)\sega\vancouver 2010\vancouver.exe |
"{47A3542B-975F-4E53-BA4D-DA9C32EEE70E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4C025ADC-A3D1-499B-BAAE-AD78E68D060D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4EC1F63C-C641-4B9B-9E8A-088FE5E150C4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{4ED3F5AD-529D-4976-B894-2556A51EBBE0}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\f1 2011\f1_2011.exe |
"{55F3A055-700E-429F-A19B-0890E4139E72}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{57829BC9-CDAF-4DEF-8D33-C6AB71D1B137}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5A26B24E-722A-4C4B-849E-65D0E3B42FAE}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\f1 2011\f1_2011.exe |
"{5A4EBAC7-B19C-47E6-ACA3-D7E7A0A5B90B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5C084B5F-F095-42A5-BAD3-5710C13E9B07}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\f1 2011\f1_2011.exe |
"{5EA97168-492E-406C-8170-6F04B30D3DBF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{607EE90A-EE33-4DAC-B987-4104447FB6DA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{69FB89BE-556D-492E-A337-781E592859B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{731FDB8A-CBFA-49DD-AC36-AF9EA2947A46}" = protocol=6 | dir=in | app=c:\program files (x86)\sega\beijing 2008\beijing.exe |
"{73F56A97-CE5E-44BD-81D7-3CD67480E890}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{76956DDE-7BBD-40F7-AF5F-9035CB2D0BE7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{77A8FE17-67CD-40E8-BA4D-1C08538E53CF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{84749039-0F02-4C9B-B0B6-FDF1937780D8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8DBC06A7-3DA4-402C-9601-D18711C2691B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{91D144BA-1F4D-466F-9C7A-B18E856512E0}" = protocol=6 | dir=in | app=c:\program files (x86)\disney interactive studios\split second\splitsecond.exe |
"{920E050A-9871-4378-82A1-9F17FEFE8E81}" = protocol=6 | dir=in | app=d:\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe |
"{941B1499-8746-41CB-A0EF-7057C8150BD9}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{99CD20E2-CBD9-4C30-9228-32B758B7CE3C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A33D7A55-5778-4DEE-8F89-DE178DB579C2}" = protocol=17 | dir=in | app=c:\program files (x86)\disney interactive studios\split second\splitsecond.exe |
"{A58D47B2-5838-42D3-A777-ED0ED1075107}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A5B0EB2F-BAD0-4343-AD2E-ECF58459CF4E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A781A30B-096A-4845-9C8A-46E7EBC41603}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B414F930-0E3A-4B9B-B5F6-C70326F07A1D}" = protocol=6 | dir=in | app=d:\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{C4E391A7-D049-48D0-85EB-F2B42A98A237}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CADF98B9-03EB-4E7C-8125-D3374762775C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CCFA504E-5478-4E53-9426-25EA8336A8E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D27CC0B4-B8EE-4A43-9423-4A6C643E1026}" = protocol=17 | dir=in | app=d:\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe |
"{DA5A3189-81F6-4B03-879D-4E22E681E3D8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E789E1FC-0D58-4F79-B010-22816E9345C4}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\f1 2011\f1_2011.exe |
"{E83D5B92-A1F1-4A15-A0ED-1AAA7998A8FA}" = protocol=17 | dir=in | app=e:\setup.exe |
"{E94232C5-1893-42CA-8BF1-7D2CE621B928}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{EF54295B-159A-4FF1-A2CD-13A3B07DF053}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{EF93E8C6-31F7-4C04-83B5-5F82D2BE1071}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F048331F-1FE7-4B6D-88B5-35E772275340}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{F764F956-DF20-486C-85C8-401F1DB488C8}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{F91CD423-637D-4D23-A361-F98B9DA85BEA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{41996910-9B77-4705-B3F3-43F2756932BC}C:\program files (x86)\panda security\panda antivirus pro 2012\apvxdwin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\panda security\panda antivirus pro 2012\apvxdwin.exe |
"TCP Query User{4DD916BC-ABF3-4D96-BC7F-A6F631B730B4}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{12B81A30-6776-44A8-9FB2-60125926650A}C:\program files (x86)\panda security\panda antivirus pro 2012\apvxdwin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\panda security\panda antivirus pro 2012\apvxdwin.exe |
"UDP Query User{BAEC7764-01ED-471D-907D-87BFBDBF7D1C}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{28526951-55EF-4901-A0CA-B9AC966D1DD1}" = Split/Second
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3538DD8F-A0CF-4CB9-8B38-0963CAA509EA}" = Panda Antivirus Pro 2012
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24}" = ICQ Sparberater
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}" = Medal of Honor Allied Assault(tm) Breakthrough
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B1D3568D-BC21-4C50-92A5-2396570DF1DE}_is1" = Panda Secure Vault 5
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C58BEC6C-D968-4FE3-8DD6-9FDC4278657B}" = Panda Antivirus Pro 2012
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.9 Game
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E55FB276-73C9-4776-AB53-BC028C0509ED}" = Panda Antivirus Pro 2012
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CrashTime" = Cobra 11 - Crash Time (remove only)
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"GFWL_{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011
"ICQToolbar" = ICQ Toolbar
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.06.2012 13:52:05 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 01.07.2012 17:24:34 | Computer Name = Christian-PC | Source = Windows Backup | ID = 4100
Description =
Error - 03.07.2012 17:14:27 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 03.07.2012 17:14:32 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Codemasters\F1 2011\CustomActionOnFinishInst.exe". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Codemasters\F1 2011\CustomActionOnFinishInst.exe"
in Zeile 1. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 04.07.2012 13:16:22 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 04.07.2012 13:16:24 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Codemasters\F1 2011\CustomActionOnFinishInst.exe". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Codemasters\F1 2011\CustomActionOnFinishInst.exe"
in Zeile 1. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 04.07.2012 13:17:55 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 08.07.2012 06:37:43 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 08.07.2012 06:37:48 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Codemasters\F1 2011\CustomActionOnFinishInst.exe". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Codemasters\F1 2011\CustomActionOnFinishInst.exe"
in Zeile 1. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 08.07.2012 06:39:17 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
[ Media Center Events ]
Error - 27.02.2011 14:35:23 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 19:35:22 - Fehler beim Herstellen der Internetverbindung. 19:35:22
- Serververbindung konnte nicht hergestellt werden..
Error - 27.02.2011 15:35:28 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 20:35:28 - Fehler beim Herstellen der Internetverbindung. 20:35:28
- Serververbindung konnte nicht hergestellt werden..
Error - 27.02.2011 15:35:34 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 20:35:33 - Fehler beim Herstellen der Internetverbindung. 20:35:33
- Serververbindung konnte nicht hergestellt werden..
Error - 27.02.2011 16:35:39 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 21:35:39 - Fehler beim Herstellen der Internetverbindung. 21:35:39
- Serververbindung konnte nicht hergestellt werden..
Error - 27.02.2011 16:35:45 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 21:35:44 - Fehler beim Herstellen der Internetverbindung. 21:35:44
- Serververbindung konnte nicht hergestellt werden..
Error - 28.02.2011 15:48:23 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 20:48:23 - Fehler beim Herstellen der Internetverbindung. 20:48:23
- Serververbindung konnte nicht hergestellt werden..
Error - 28.02.2011 15:48:39 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 20:48:28 - Fehler beim Herstellen der Internetverbindung. 20:48:28
- Serververbindung konnte nicht hergestellt werden..
Error - 08.03.2011 14:44:54 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 19:44:53 - Fehler beim Herstellen der Internetverbindung. 19:44:53
- Serververbindung konnte nicht hergestellt werden..
Error - 08.03.2011 14:45:01 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 19:44:59 - Fehler beim Herstellen der Internetverbindung. 19:44:59
- Serververbindung konnte nicht hergestellt werden..
Error - 08.03.2011 15:47:14 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 20:47:13 - Fehler beim Herstellen der Internetverbindung. 20:47:13
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 14.07.2012 14:31:03 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Panda TPSrv" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
Error - 14.07.2012 14:34:42 | Computer Name = Christian-PC | Source = bowser | ID = 8003
Description =
Error - 14.07.2012 19:46:34 | Computer Name = Christian-PC | Source = bowser | ID = 8003
Description =
Error - 15.07.2012 06:26:01 | Computer Name = Christian-PC | Source = bowser | ID = 8003
Description =
Error - 15.07.2012 06:29:41 | Computer Name = Christian-PC | Source = bowser | ID = 8003
Description =
Error - 15.07.2012 06:33:20 | Computer Name = Christian-PC | Source = bowser | ID = 8003
Description =
Error - 15.07.2012 06:55:29 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Panda TPSrv" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
Error - 15.07.2012 07:01:24 | Computer Name = Christian-PC | Source = bowser | ID = 8003
Description =
Error - 15.07.2012 07:31:34 | Computer Name = Christian-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80246007 fehlgeschlagen: Windows 7 Service Pack 1 für x64-basierte Systeme
(KB976932)
Error - 15.07.2012 09:02:22 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Panda TPSrv" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
< End of report >
wie soll ich nun weiter vorgehen ? lg |
|
15.07.2012, 15:39
| #2 | |
| /// Malware-holic   | Gvu Trojaner mit webcamCombofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
15.07.2012, 20:02
| #3 |
| | Gvu Trojaner mit webcam So habe das gemacht hatte aber ein paar problemchen trotz das mein virus programm deaktiviert wa hat es angesprungen mit berrohender Zugriff auf usw und dann hat er hijacking versuche vom inet explorer gemeldet hatte dies dann teilweise abgelehnt und zugelassen ka was ich da hätte machen sollen naja und dann hat er ja den log erstellt gehabt und danach konnte ich nicht mehr auf inet explorer und mein virus programm zugreifen jetzt habe ich einen neustart gemacht und alles geht wieder. was wa dalos oder war das normal die fehlermeldung die sie gesagt hatten kam nicht. Hoffe sie können mir helfen.
__________________Hier der log Combofix Logfile: Code:
ATTFilter ComboFix 12-07-14.01 - Christian 15.07.2012 20:03:10.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3959.2592 [GMT 2:00]
ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe
AV: Panda Antivirus Pro 2012 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
FW: Panda Personal Firewall 2012 *Enabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
SP: Panda Antivirus Pro 2012 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\FullRemove.exe
c:\windows\SysWow64\tmp26A3.tmp
c:\windows\SysWow64\tmp26A4.tmp
c:\windows\SysWow64\tmp66E0.tmp
c:\windows\SysWow64\tmp6710.tmp
c:\windows\SysWow64\tmpB6D0.tmp
c:\windows\SysWow64\tmpB6D1.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-15 bis 2012-07-15 ))))))))))))))))))))))))))))))
.
.
2012-07-15 18:10 . 2012-07-15 18:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-15 18:10 . 2012-07-15 18:10 -------- d-----w- c:\users\Anke\AppData\Local\temp
2012-07-15 17:29 . 2010-09-09 14:23 78920 ----a-w- c:\windows\system32\drivers\idsflt64.sys
2012-07-15 17:29 . 2009-09-25 12:54 74760 ----a-w- c:\windows\system32\drivers\wnmflt64.sys
2012-07-15 17:29 . 2009-09-25 12:54 82952 ----a-w- c:\windows\system32\drivers\dsaflt64.sys
2012-07-15 17:28 . 2011-01-31 14:41 129096 ----a-w- c:\windows\system32\drivers\APPFLT64.SYS
2012-07-15 17:28 . 2009-09-25 12:54 170504 ----a-w- c:\windows\system32\drivers\NETTDI64.SYS
2012-07-15 17:28 . 2009-09-25 12:54 31752 ----a-w- c:\windows\system32\drivers\fnetm64.sys
2012-07-15 17:15 . 2012-07-15 17:15 -------- d-----w- c:\users\Christian\AppData\Local\Panda Security
2012-07-15 17:13 . 2007-03-15 17:38 46640 ----a-w- c:\windows\system32\pavcpl64.cpl
2012-07-15 17:13 . 2003-10-22 16:23 446464 ----a-w- c:\windows\SysWow64\HHActiveX.dll
2012-07-15 17:13 . 2010-06-21 15:02 202048 ----a-w- c:\windows\SysWow64\TpUtilWow.dll
2012-07-15 17:13 . 2010-06-21 15:01 87872 ----a-w- c:\windows\SysWow64\PavLspHookWow.dll
2012-07-15 17:13 . 2010-06-21 15:01 66880 ----a-w- c:\windows\SysWow64\PavIpcWow.dll
2012-07-15 17:13 . 2009-08-10 11:46 25344 ----a-w- c:\windows\SysWow64\sysHelper32.dll
2012-07-15 17:12 . 2010-06-21 15:02 323392 ----a-w- c:\windows\system32\TpUtil64.dll
2012-07-15 17:12 . 2010-06-21 15:01 839488 ----a-w- c:\windows\system32\PavSHook64.dll
2012-07-15 17:12 . 2010-06-21 15:01 546624 ----a-w- c:\windows\SysWow64\PavSHookWow.dll
2012-07-15 17:12 . 2010-06-21 15:01 114496 ----a-w- c:\windows\system32\PavLspHook64.dll
2012-07-15 17:12 . 2010-06-21 15:01 90944 ----a-w- c:\windows\system32\PavIpc64.dll
2012-07-15 17:12 . 2009-08-10 11:46 25344 ----a-w- c:\windows\system32\sysHelper64.dll
2012-07-15 17:12 . 2010-09-01 09:09 216648 ----a-w- c:\windows\system32\drivers\n64i1644.sys
2012-07-15 17:12 . 2012-07-15 17:12 -------- d-----w- c:\windows\SysWow64\PAV
2012-07-15 17:12 . 2010-05-21 11:50 65608 ----a-w- c:\windows\system32\drivers\amm6460.sys
2012-07-15 17:12 . 2010-03-24 10:56 64768 ----a-w- c:\windows\system32\avldr64.dll
2012-07-15 17:12 . 2012-07-15 17:14 -------- d-----w- c:\program files (x86)\Panda Security
2012-07-15 17:12 . 2012-07-15 17:12 -------- d-----w- c:\users\Christian\AppData\Roaming\Panda Security
2012-07-15 17:11 . 2012-07-15 17:11 -------- d-----w- c:\program files (x86)\Common Files\Panda Security
2012-07-15 17:11 . 2009-10-27 10:07 48136 ----a-w- c:\windows\system32\drivers\ShldFlt.sys
2012-07-15 11:34 . 2012-07-15 11:34 -------- d-----w- c:\windows\system32\SPReview
2012-07-15 11:32 . 2012-07-15 11:32 -------- d-----w- c:\windows\system32\EventProviders
2012-07-15 10:23 . 2012-07-15 10:23 -------- d-----w- c:\users\Christian\AppData\Roaming\Malwarebytes
2012-07-15 10:23 . 2012-07-15 10:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-15 10:23 . 2012-07-15 10:23 -------- d-----w- c:\programdata\Malwarebytes
2012-07-15 10:23 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-14 18:41 . 2012-07-14 18:42 -------- d-----w- c:\users\Christian\AppData\Local\ElevatedDiagnostics
2012-07-14 09:44 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4ADF614D-DC0B-4EBE-89C1-E39B7910A750}\mpengine.dll
2012-07-11 23:04 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-19 14:58 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 14:58 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 14:58 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 14:58 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 14:57 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 14:57 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 14:57 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 14:57 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 14:57 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-15 11:49 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-07-15 11:49 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-05-15 04:01 . 2012-06-13 15:06 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:03 . 2012-06-13 15:06 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-04 11:06 . 2012-06-13 15:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 15:05 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 15:05 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 15:05 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-29 18:02 . 2012-04-29 18:02 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-3\markup.dll
2012-04-29 18:02 . 2011-01-08 23:00 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-04-29 18:01 . 2011-01-12 17:09 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-04-28 03:55 . 2012-06-13 15:05 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 15:05 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 15:05 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 15:05 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 15:05 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 15:05 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 15:05 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 15:05 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 15:05 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 15:05 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-20 03:45 . 2012-06-13 15:06 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-20 03:16 . 2012-06-13 15:06 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24}]
2011-06-30 12:27 50240 ----a-w- c:\program files (x86)\icq\Internet Explorer\icq.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-04-05 17356424]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-08-01 124480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\OOTag.exe" [2010-02-23 13856]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"APVXDWIN"="c:\program files (x86)\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE" [2011-04-13 1000768]
"SCANINICIO"="c:\program files (x86)\Panda Security\Panda Antivirus Pro 2012\Inicio.exe" [2011-02-02 70464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-10 1255736]
S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot64.sys [2010-06-22 30792]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S1 ShldFlt;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShldFlt.sys [2009-10-27 48136]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm6460.sys [2010-05-21 65608]
S2 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT64.SYS [2011-01-31 129096]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT64.SYS [2009-09-25 82952]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetm64.SYS [2009-09-25 31752]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
S2 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT64.SYS [2010-09-09 78920]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETTDI64.SYS [2009-09-25 12:54 170504]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 PskSvcRetail;Panda PSK service;c:\program files (x86)\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe [2010-08-16 28992]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S2 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT64.SYS [2009-09-25 74760]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\DRIVERS\n64i1644.sys [2010-09-01 216648]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [x]
S3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\ootag.exe" [2010-02-23 13856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
.
.
------- Dateityp-Verknüpfung -------
.
JSEFile=c:\progra~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-FUSSBALL MANAGER 12 - c:\program files (x86)\EA SPORTS\FUSSBALL MANAGER 12\eauninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9e,b2,67,3d,24,77,10,49,a4,50,e1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9e,b2,67,3d,24,77,10,49,a4,50,e1,\
.
[HKEY_USERS\S-1-5-21-2475846246-2324027737-1937470568-1000\Software\SecuROM\License information*]
"datasecu"=hex:00,b0,e8,33,0a,3a,0f,bf,30,88,6b,ec,19,2f,35,34,77,7d,b8,95,52,
0a,93,ff,e4,f4,22,25,6e,c8,b9,d4,ca,28,aa,8e,93,22,6a,cf,dd,f3,b6,c8,da,4e,\
"rkeysecu"=hex:df,0f,7a,fa,24,d5,a9,26,b6,1e,08,97,f8,d7,a2,bc
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Panda Security\Panda Antivirus Pro 2012\TPSrvWow.exe
c:\program files (x86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2012\WebProxy.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe
c:\program files (x86)\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe
c:\program files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
c:\program files (x86)\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe
c:\program files (x86)\Panda Security\Panda Antivirus Pro 2012\AVENGINE.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Panda Security\Panda Antivirus Pro 2012\Firewall\PSHOST.EXE
c:\program files (x86)\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-15 20:22:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-15 18:22
.
Vor Suchlauf: 10 Verzeichnis(se), 143.677.935.616 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 145.788.956.672 Bytes frei
.
- - End Of File - - 501F640D86495582E2F590B996639243
|
|
17.07.2012, 22:16
| #4 |
| /// Malware-holic | Gvu Trojaner mit webcam gehts auch in ganzen sätzen, was wurde wo gefunden bzw was für aktionen ausgeführt, gucke im bericht des programms
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.07.2012, 11:43
| #5 |
| | Gvu Trojaner mit webcam Danke erstmal Also ich habe mein Virus programm und deren Firewall deaktiviert und habe Combofx laufen lassen und wären dessen kamen Fehlermeldungen von meinem Virusprogramm wie z.b Gefählicher Zugriff auf ihr System und Später Hijackingversuche mit Internet Explorer wo drinnen stand ob Einstellungen geändert werden sollen. Leider kann ich kein Bericht senden von meinem Virus Programm weil als ich nicht mehr darauf zugreifen könnte nachdem Combofix fertig war habe ich es neu installiert und dann denn Computer neu gestartet und dann ging alles wieder auch der Zugriff aufs Internet. Können Sie den mit dem Combofix Log trotzdem was anfangen trotz der Probleme? lg chrisooo |
|
19.07.2012, 18:53
| #6 |
| /// Malware-holic | Gvu Trojaner mit webcam hi es stand doch da, dass es probleme geben kann, die nach neustart behoben sind :-) ok schaun wir mal weiter: download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ --> Gvu Trojaner mit webcam |
|
20.07.2012, 14:25
| #7 |
| | Gvu Trojaner mit webcam Ok hab das so gemacht hat aber nix gefunden hier der log: 15:13:10.0948 1364 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11 15:13:12.0024 1364 ============================================================ 15:13:12.0024 1364 Current date / time: 2012/07/20 15:13:12.0024 15:13:12.0024 1364 SystemInfo: 15:13:12.0024 1364 15:13:12.0024 1364 OS Version: 6.1.7601 ServicePack: 1.0 15:13:12.0024 1364 Product type: Workstation 15:13:12.0024 1364 ComputerName: User-PC 15:13:12.0024 1364 UserName: User 15:13:12.0024 1364 Windows directory: C:\Windows 15:13:12.0024 1364 System windows directory: C:\Windows 15:13:12.0024 1364 Running under WOW64 15:13:12.0024 1364 Processor architecture: Intel x64 15:13:12.0024 1364 Number of processors: 4 15:13:12.0024 1364 Page size: 0x1000 15:13:12.0024 1364 Boot type: Normal boot 15:13:12.0024 1364 ============================================================ 15:13:12.0898 1364 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:13:12.0898 1364 ============================================================ 15:13:12.0898 1364 \Device\Harddisk0\DR0: 15:13:12.0898 1364 MBR partitions: 15:13:12.0898 1364 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F40800, BlocksNum 0x32000 15:13:12.0898 1364 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F72800, BlocksNum 0x1C1BE800 15:13:12.0898 1364 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E131000, BlocksNum 0x1C254800 15:13:12.0898 1364 ============================================================ 15:13:12.0929 1364 C: <-> \Device\Harddisk0\DR0\Partition1 15:13:12.0960 1364 D: <-> \Device\Harddisk0\DR0\Partition2 15:13:12.0960 1364 ============================================================ 15:13:12.0960 1364 Initialize success 15:13:12.0960 1364 ============================================================ 15:14:46.0732 6872 ============================================================ 15:14:46.0732 6872 Scan started 15:14:46.0732 6872 Mode: Manual; SigCheck; TDLFS; 15:14:46.0732 6872 ============================================================ 15:14:47.0824 6872 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 15:14:47.0949 6872 1394ohci - ok 15:14:47.0995 6872 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 15:14:48.0027 6872 ACPI - ok 15:14:48.0042 6872 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 15:14:48.0120 6872 AcpiPmi - ok 15:14:48.0229 6872 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 15:14:48.0245 6872 AdobeFlashPlayerUpdateSvc - ok 15:14:48.0307 6872 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 15:14:48.0339 6872 adp94xx - ok 15:14:48.0370 6872 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 15:14:48.0401 6872 adpahci - ok 15:14:48.0417 6872 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 15:14:48.0448 6872 adpu320 - ok 15:14:48.0463 6872 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 15:14:48.0588 6872 AeLookupSvc - ok 15:14:48.0651 6872 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 15:14:49.0041 6872 AFD - ok 15:14:49.0087 6872 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 15:14:49.0103 6872 agp440 - ok 15:14:49.0134 6872 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 15:14:49.0181 6872 ALG - ok 15:14:49.0212 6872 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 15:14:49.0228 6872 aliide - ok 15:14:49.0243 6872 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 15:14:49.0259 6872 amdide - ok 15:14:49.0290 6872 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 15:14:49.0337 6872 AmdK8 - ok 15:14:49.0353 6872 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 15:14:49.0415 6872 AmdPPM - ok 15:14:49.0462 6872 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 15:14:49.0477 6872 amdsata - ok 15:14:49.0509 6872 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 15:14:49.0961 6872 amdsbs - ok 15:14:49.0992 6872 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 15:14:50.0008 6872 amdxata - ok 15:14:50.0070 6872 AmFSM (71336e77f98a65efaaeb950902611d3f) C:\Windows\system32\DRIVERS\amm6460.sys 15:14:50.0101 6872 AmFSM - ok 15:14:50.0148 6872 APPFLT (b1a935537be5c168c223946572e2edd1) C:\Windows\system32\Drivers\APPFLT64.SYS 15:14:50.0164 6872 APPFLT - ok 15:14:50.0211 6872 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 15:14:50.0289 6872 AppID - ok 15:14:50.0304 6872 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 15:14:50.0382 6872 AppIDSvc - ok 15:14:50.0413 6872 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 15:14:50.0476 6872 Appinfo - ok 15:14:50.0523 6872 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 15:14:50.0538 6872 arc - ok 15:14:50.0554 6872 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 15:14:50.0569 6872 arcsas - ok 15:14:50.0585 6872 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 15:14:50.0647 6872 AsyncMac - ok 15:14:50.0694 6872 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 15:14:50.0710 6872 atapi - ok 15:14:50.0835 6872 athr (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys 15:14:50.0913 6872 athr - ok 15:14:51.0193 6872 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\drivers\atikmdag.sys 15:14:51.0490 6872 atikmdag - ok 15:14:51.0615 6872 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 15:14:51.0693 6872 AudioEndpointBuilder - ok 15:14:51.0708 6872 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 15:14:51.0755 6872 AudioSrv - ok 15:14:51.0802 6872 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 15:14:51.0864 6872 AxInstSV - ok 15:14:51.0927 6872 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 15:14:52.0254 6872 b06bdrv - ok 15:14:52.0301 6872 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 15:14:52.0332 6872 b57nd60a - ok 15:14:52.0379 6872 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 15:14:52.0410 6872 BDESVC - ok 15:14:52.0426 6872 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 15:14:52.0488 6872 Beep - ok 15:14:52.0566 6872 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 15:14:52.0629 6872 BFE - ok 15:14:52.0738 6872 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll 15:14:52.0785 6872 BITS - ok 15:14:52.0847 6872 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 15:14:52.0878 6872 blbdrive - ok 15:14:52.0909 6872 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 15:14:52.0956 6872 bowser - ok 15:14:52.0987 6872 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 15:14:53.0019 6872 BrFiltLo - ok 15:14:53.0034 6872 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 15:14:53.0065 6872 BrFiltUp - ok 15:14:53.0112 6872 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 15:14:53.0159 6872 BridgeMP - ok 15:14:53.0206 6872 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 15:14:53.0253 6872 Browser - ok 15:14:53.0268 6872 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 15:14:53.0331 6872 Brserid - ok 15:14:53.0362 6872 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 15:14:53.0409 6872 BrSerWdm - ok 15:14:53.0424 6872 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 15:14:53.0471 6872 BrUsbMdm - ok 15:14:53.0471 6872 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 15:14:53.0502 6872 BrUsbSer - ok 15:14:53.0518 6872 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 15:14:53.0549 6872 BTHMODEM - ok 15:14:53.0580 6872 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 15:14:53.0643 6872 bthserv - ok 15:14:53.0674 6872 catchme - ok 15:14:53.0705 6872 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 15:14:53.0767 6872 cdfs - ok 15:14:53.0814 6872 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 15:14:53.0845 6872 cdrom - ok 15:14:53.0892 6872 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 15:14:53.0955 6872 CertPropSvc - ok 15:14:53.0986 6872 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 15:14:54.0033 6872 circlass - ok 15:14:54.0079 6872 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 15:14:54.0111 6872 CLFS - ok 15:14:54.0157 6872 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:14:54.0173 6872 clr_optimization_v2.0.50727_32 - ok 15:14:54.0189 6872 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 15:14:54.0204 6872 clr_optimization_v2.0.50727_64 - ok 15:14:54.0267 6872 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:14:55.0125 6872 clr_optimization_v4.0.30319_32 - ok 15:14:55.0156 6872 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 15:14:55.0171 6872 clr_optimization_v4.0.30319_64 - ok 15:14:55.0203 6872 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 15:14:55.0249 6872 CmBatt - ok 15:14:55.0281 6872 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 15:14:55.0296 6872 cmdide - ok 15:14:55.0343 6872 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys 15:14:55.0374 6872 CNG - ok 15:14:55.0421 6872 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 15:14:55.0437 6872 Compbatt - ok 15:14:55.0483 6872 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 15:14:55.0515 6872 CompositeBus - ok 15:14:55.0530 6872 COMSysApp - ok 15:14:55.0546 6872 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 15:14:55.0561 6872 crcdisk - ok 15:14:55.0608 6872 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 15:14:55.0655 6872 CryptSvc - ok 15:14:55.0717 6872 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 15:14:55.0780 6872 DcomLaunch - ok 15:14:55.0811 6872 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 15:14:55.0873 6872 defragsvc - ok 15:14:55.0920 6872 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 15:14:55.0983 6872 DfsC - ok 15:14:56.0029 6872 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 15:14:56.0076 6872 Dhcp - ok 15:14:56.0092 6872 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 15:14:56.0139 6872 discache - ok 15:14:56.0170 6872 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 15:14:56.0185 6872 Disk - ok 15:14:56.0201 6872 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 15:14:56.0248 6872 Dnscache - ok 15:14:56.0279 6872 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 15:14:56.0326 6872 dot3svc - ok 15:14:56.0357 6872 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 15:14:56.0404 6872 DPS - ok 15:14:56.0435 6872 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 15:14:56.0466 6872 drmkaud - ok 15:14:56.0513 6872 DSAFLT (64648b677d5005749f2fe412254512b7) C:\Windows\system32\Drivers\DSAFLT64.SYS 15:14:56.0529 6872 DSAFLT - ok 15:14:56.0591 6872 DsiWMIService (9cf46fdf163e06b83d03ff929ef2296c) C:\Program Files (x86)\Launch Manager\dsiwmis.exe 15:14:56.0622 6872 DsiWMIService - ok 15:14:56.0700 6872 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 15:14:56.0731 6872 DXGKrnl - ok 15:14:56.0763 6872 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 15:14:56.0809 6872 EapHost - ok 15:14:56.0950 6872 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 15:14:57.0028 6872 ebdrv - ok 15:14:57.0121 6872 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 15:14:57.0137 6872 EFS - ok 15:14:57.0215 6872 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 15:14:57.0262 6872 ehRecvr - ok 15:14:57.0277 6872 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 15:14:57.0309 6872 ehSched - ok 15:14:57.0387 6872 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 15:14:57.0402 6872 elxstor - ok 15:14:57.0511 6872 ePowerSvc (3ea2c4f68a782839d97b3c83595575b6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe 15:14:57.0823 6872 ePowerSvc - ok 15:14:57.0917 6872 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 15:14:57.0948 6872 ErrDev - ok 15:14:57.0995 6872 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 15:14:58.0042 6872 EventSystem - ok 15:14:58.0073 6872 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 15:14:58.0120 6872 exfat - ok 15:14:58.0135 6872 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 15:14:58.0198 6872 fastfat - ok 15:14:58.0276 6872 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 15:14:58.0338 6872 Fax - ok 15:14:58.0369 6872 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 15:14:58.0416 6872 fdc - ok 15:14:58.0432 6872 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 15:14:58.0479 6872 fdPHost - ok 15:14:58.0494 6872 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 15:14:58.0557 6872 FDResPub - ok 15:14:58.0572 6872 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 15:14:58.0588 6872 FileInfo - ok 15:14:58.0588 6872 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 15:14:58.0650 6872 Filetrace - ok 15:14:58.0744 6872 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 15:14:58.0775 6872 FLEXnet Licensing Service - ok 15:14:58.0791 6872 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 15:14:58.0837 6872 flpydisk - ok 15:14:58.0884 6872 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 15:14:58.0915 6872 FltMgr - ok 15:14:58.0947 6872 FNETMON (50c6c310a98108a94e985fd46b4e150c) C:\Windows\system32\Drivers\fnetm64.SYS 15:14:58.0962 6872 FNETMON - ok 15:14:59.0025 6872 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 15:14:59.0071 6872 FontCache - ok 15:14:59.0134 6872 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 15:14:59.0149 6872 FontCache3.0.0.0 - ok 15:14:59.0165 6872 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 15:14:59.0196 6872 FsDepends - ok 15:14:59.0227 6872 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 15:14:59.0243 6872 Fs_Rec - ok 15:14:59.0290 6872 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 15:14:59.0321 6872 fvevol - ok 15:14:59.0337 6872 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 15:14:59.0352 6872 gagp30kx - ok 15:14:59.0415 6872 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 15:14:59.0477 6872 gpsvc - ok 15:14:59.0508 6872 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe 15:14:59.0524 6872 GREGService - ok 15:14:59.0555 6872 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 15:14:59.0602 6872 hcw85cir - ok 15:14:59.0664 6872 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 15:14:59.0695 6872 HdAudAddService - ok 15:14:59.0711 6872 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 15:14:59.0758 6872 HDAudBus - ok 15:14:59.0789 6872 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 15:14:59.0805 6872 HECIx64 - ok 15:14:59.0836 6872 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 15:14:59.0851 6872 HidBatt - ok 15:14:59.0867 6872 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 15:14:59.0898 6872 HidBth - ok 15:14:59.0914 6872 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 15:14:59.0945 6872 HidIr - ok 15:14:59.0976 6872 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 15:15:00.0039 6872 hidserv - ok 15:15:00.0101 6872 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 15:15:00.0132 6872 HidUsb - ok 15:15:00.0163 6872 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 15:15:00.0226 6872 hkmsvc - ok 15:15:00.0273 6872 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 15:15:00.0335 6872 HomeGroupListener - ok 15:15:00.0382 6872 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 15:15:00.0413 6872 HomeGroupProvider - ok 15:15:00.0444 6872 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 15:15:00.0460 6872 HpSAMD - ok 15:15:00.0522 6872 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 15:15:00.0865 6872 HTTP - ok 15:15:00.0897 6872 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 15:15:00.0912 6872 hwpolicy - ok 15:15:00.0975 6872 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 15:15:00.0990 6872 i8042prt - ok 15:15:01.0021 6872 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys 15:15:01.0037 6872 iaStor - ok 15:15:01.0162 6872 IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 15:15:01.0177 6872 IAStorDataMgrSvc - ok 15:15:01.0224 6872 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 15:15:01.0521 6872 iaStorV - ok 15:15:01.0583 6872 ICQ Service (7a95a3ad931b97fec5067e40636ce37f) C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe 15:15:01.0614 6872 ICQ Service - ok 15:15:01.0661 6872 IDSFLT (e3fc339dac4ddf4a12188313dc4da94f) C:\Windows\system32\Drivers\IDSFLT64.SYS 15:15:01.0911 6872 IDSFLT - ok 15:15:02.0004 6872 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 15:15:02.0035 6872 idsvc - ok 15:15:02.0051 6872 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 15:15:02.0332 6872 iirsp - ok 15:15:02.0410 6872 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 15:15:02.0472 6872 IKEEXT - ok 15:15:02.0503 6872 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys 15:15:02.0535 6872 Impcd - ok 15:15:02.0659 6872 IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys 15:15:02.0737 6872 IntcAzAudAddService - ok 15:15:02.0862 6872 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 15:15:02.0878 6872 intelide - ok 15:15:02.0909 6872 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 15:15:02.0925 6872 intelppm - ok 15:15:02.0956 6872 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 15:15:03.0003 6872 IPBusEnum - ok 15:15:03.0034 6872 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:15:03.0408 6872 IpFilterDriver - ok 15:15:03.0471 6872 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 15:15:03.0533 6872 iphlpsvc - ok 15:15:03.0564 6872 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 15:15:03.0611 6872 IPMIDRV - ok 15:15:03.0642 6872 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 15:15:03.0970 6872 IPNAT - ok 15:15:04.0001 6872 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 15:15:04.0079 6872 IRENUM - ok 15:15:04.0110 6872 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 15:15:04.0126 6872 isapnp - ok 15:15:04.0141 6872 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 15:15:04.0173 6872 iScsiPrt - ok 15:15:04.0235 6872 k57nd60a (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys 15:15:04.0251 6872 k57nd60a - ok 15:15:04.0266 6872 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 15:15:04.0282 6872 kbdclass - ok 15:15:04.0329 6872 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 15:15:04.0344 6872 kbdhid - ok 15:15:04.0375 6872 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 15:15:04.0391 6872 KeyIso - ok 15:15:04.0422 6872 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys 15:15:04.0438 6872 KSecDD - ok 15:15:04.0469 6872 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys 15:15:04.0485 6872 KSecPkg - ok 15:15:04.0516 6872 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 15:15:04.0563 6872 ksthunk - ok 15:15:04.0594 6872 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 15:15:04.0656 6872 KtmRm - ok 15:15:04.0719 6872 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 15:15:04.0765 6872 LanmanServer - ok 15:15:04.0797 6872 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 15:15:04.0859 6872 LanmanWorkstation - ok 15:15:04.0890 6872 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 15:15:04.0937 6872 lltdio - ok 15:15:04.0953 6872 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 15:15:05.0015 6872 lltdsvc - ok 15:15:05.0031 6872 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 15:15:05.0077 6872 lmhosts - ok 15:15:05.0171 6872 LMS (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 15:15:05.0187 6872 LMS - ok 15:15:05.0233 6872 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 15:15:05.0249 6872 LSI_FC - ok 15:15:05.0265 6872 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 15:15:05.0280 6872 LSI_SAS - ok 15:15:05.0280 6872 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 15:15:05.0311 6872 LSI_SAS2 - ok 15:15:05.0327 6872 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 15:15:05.0343 6872 LSI_SCSI - ok 15:15:05.0374 6872 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 15:15:05.0436 6872 luafv - ok 15:15:05.0499 6872 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys 15:15:05.0514 6872 MBAMProtector - ok 15:15:05.0577 6872 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 15:15:05.0608 6872 MBAMService - ok 15:15:05.0639 6872 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 15:15:05.0670 6872 Mcx2Svc - ok 15:15:05.0686 6872 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 15:15:05.0701 6872 megasas - ok 15:15:05.0733 6872 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 15:15:05.0998 6872 MegaSR - ok 15:15:06.0045 6872 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 15:15:06.0107 6872 MMCSS - ok 15:15:06.0138 6872 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 15:15:06.0185 6872 Modem - ok 15:15:06.0216 6872 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 15:15:06.0247 6872 monitor - ok 15:15:06.0294 6872 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 15:15:06.0325 6872 mouclass - ok 15:15:06.0341 6872 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 15:15:06.0372 6872 mouhid - ok 15:15:06.0419 6872 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 15:15:06.0435 6872 mountmgr - ok 15:15:06.0466 6872 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 15:15:06.0481 6872 mpio - ok 15:15:06.0497 6872 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 15:15:06.0544 6872 mpsdrv - ok 15:15:06.0606 6872 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 15:15:06.0684 6872 MpsSvc - ok 15:15:06.0731 6872 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 15:15:06.0762 6872 MRxDAV - ok 15:15:06.0778 6872 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 15:15:06.0840 6872 mrxsmb - ok 15:15:06.0887 6872 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:15:06.0918 6872 mrxsmb10 - ok 15:15:06.0949 6872 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:15:06.0981 6872 mrxsmb20 - ok 15:15:07.0027 6872 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 15:15:07.0043 6872 msahci - ok 15:15:07.0074 6872 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 15:15:07.0090 6872 msdsm - ok 15:15:07.0121 6872 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 15:15:07.0152 6872 MSDTC - ok 15:15:07.0199 6872 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 15:15:07.0230 6872 Msfs - ok 15:15:07.0246 6872 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 15:15:07.0293 6872 mshidkmdf - ok 15:15:07.0324 6872 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 15:15:07.0339 6872 msisadrv - ok 15:15:07.0386 6872 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 15:15:07.0449 6872 MSiSCSI - ok 15:15:07.0464 6872 msiserver - ok 15:15:07.0495 6872 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 15:15:07.0542 6872 MSKSSRV - ok 15:15:07.0558 6872 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 15:15:07.0620 6872 MSPCLOCK - ok 15:15:07.0636 6872 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 15:15:07.0698 6872 MSPQM - ok 15:15:07.0745 6872 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 15:15:07.0776 6872 MsRPC - ok 15:15:07.0807 6872 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 15:15:07.0807 6872 mssmbios - ok 15:15:07.0839 6872 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 15:15:07.0885 6872 MSTEE - ok 15:15:07.0885 6872 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 15:15:07.0917 6872 MTConfig - ok 15:15:07.0948 6872 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 15:15:07.0963 6872 Mup - ok 15:15:07.0979 6872 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys 15:15:07.0995 6872 mwlPSDFilter - ok 15:15:08.0010 6872 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys 15:15:08.0026 6872 mwlPSDNServ - ok 15:15:08.0041 6872 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys 15:15:08.0057 6872 mwlPSDVDisk - ok 15:15:08.0119 6872 MWLService (3e5e20817259f7328c8f3be5421f35b9) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe 15:15:08.0151 6872 MWLService - ok 15:15:08.0197 6872 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 15:15:08.0244 6872 napagent - ok 15:15:08.0291 6872 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 15:15:08.0322 6872 NativeWifiP - ok 15:15:08.0400 6872 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 15:15:08.0431 6872 NDIS - ok 15:15:08.0463 6872 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 15:15:08.0509 6872 NdisCap - ok 15:15:08.0541 6872 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 15:15:08.0587 6872 NdisTapi - ok 15:15:08.0619 6872 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 15:15:08.0681 6872 Ndisuio - ok 15:15:08.0712 6872 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 15:15:08.0775 6872 NdisWan - ok 15:15:08.0806 6872 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 15:15:08.0853 6872 NDProxy - ok 15:15:08.0899 6872 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 15:15:08.0962 6872 NetBIOS - ok 15:15:09.0009 6872 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 15:15:09.0071 6872 NetBT - ok 15:15:09.0102 6872 NETFLTDI (ba99a34a9b5eb737ce54bc0a7c596609) C:\Windows\system32\Drivers\NETTDI64.SYS 15:15:09.0367 6872 NETFLTDI - ok 15:15:09.0414 6872 NETIMFLT01060044 (fd0bfed656d9b26c22e439cc0ef5c771) C:\Windows\system32\DRIVERS\n64i1644.sys 15:15:09.0430 6872 NETIMFLT01060044 - ok 15:15:09.0461 6872 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 15:15:09.0477 6872 Netlogon - ok 15:15:09.0523 6872 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 15:15:09.0570 6872 Netman - ok 15:15:09.0601 6872 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 15:15:09.0664 6872 netprofm - ok 15:15:09.0726 6872 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:15:09.0742 6872 NetTcpPortSharing - ok 15:15:09.0945 6872 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys 15:15:10.0506 6872 netw5v64 - ok 15:15:10.0647 6872 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 15:15:10.0662 6872 nfrd960 - ok 15:15:10.0725 6872 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 15:15:10.0771 6872 NlaSvc - ok 15:15:10.0771 6872 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 15:15:10.0818 6872 Npfs - ok 15:15:10.0834 6872 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 15:15:10.0896 6872 nsi - ok 15:15:10.0912 6872 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 15:15:10.0959 6872 nsiproxy - ok 15:15:11.0037 6872 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 15:15:11.0364 6872 Ntfs - ok 15:15:11.0427 6872 NTI IScheduleSvc (9a308fcdcca98a15b6f62d36a272160e) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe 15:15:11.0692 6872 NTI IScheduleSvc - ok 15:15:11.0801 6872 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys 15:15:11.0817 6872 NTIDrvr - ok 15:15:11.0832 6872 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 15:15:11.0863 6872 Null - ok 15:15:11.0926 6872 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys 15:15:11.0941 6872 NVHDA - ok 15:15:12.0441 6872 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys 15:15:13.0330 6872 nvlddmkm - ok 15:15:13.0455 6872 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 15:15:13.0470 6872 nvraid - ok 15:15:13.0486 6872 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 15:15:13.0517 6872 nvstor - ok 15:15:13.0595 6872 nvsvc (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe 15:15:13.0626 6872 nvsvc - ok 15:15:13.0642 6872 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 15:15:13.0673 6872 nv_agp - ok 15:15:13.0689 6872 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 15:15:13.0735 6872 ohci1394 - ok 15:15:13.0767 6872 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 15:15:13.0813 6872 p2pimsvc - ok 15:15:13.0829 6872 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 15:15:13.0845 6872 p2psvc - ok 15:15:13.0954 6872 Panda Software Controller (78b7642b0c51f24f0835c0226540d58b) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe 15:15:13.0969 6872 Panda Software Controller - ok 15:15:14.0001 6872 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 15:15:14.0016 6872 Parport - ok 15:15:14.0063 6872 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 15:15:14.0079 6872 partmgr - ok 15:15:14.0141 6872 pavboot (337a81b3ff34f9851d245d42a725fc22) C:\Windows\system32\Drivers\pavboot64.sys 15:15:14.0157 6872 pavboot - ok 15:15:14.0188 6872 PAVFNSVR (ae848c1613c8738bb83adab4f0845e84) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe 15:15:14.0203 6872 PAVFNSVR - ok 15:15:14.0281 6872 PavPrSrv (2ae3f6b23448443bbef5de207159213b) C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe 15:15:14.0297 6872 PavPrSrv - ok 15:15:14.0344 6872 PAVSRV (97005413310966001fb6f4a5c503149c) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe 15:15:14.0609 6872 PAVSRV - ok 15:15:14.0625 6872 PavTPK.sys - ok 15:15:14.0656 6872 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 15:15:14.0687 6872 PcaSvc - ok 15:15:14.0734 6872 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 15:15:14.0750 6872 pci - ok 15:15:14.0765 6872 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 15:15:14.0781 6872 pciide - ok 15:15:14.0812 6872 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 15:15:14.0843 6872 pcmcia - ok 15:15:14.0859 6872 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 15:15:14.0874 6872 pcw - ok 15:15:14.0906 6872 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 15:15:14.0968 6872 PEAUTH - ok 15:15:15.0030 6872 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 15:15:15.0062 6872 PerfHost - ok 15:15:15.0140 6872 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 15:15:15.0233 6872 pla - ok 15:15:15.0311 6872 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 15:15:15.0342 6872 PlugPlay - ok 15:15:15.0374 6872 PnkBstrA - ok 15:15:15.0405 6872 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 15:15:15.0436 6872 PNRPAutoReg - ok 15:15:15.0467 6872 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 15:15:15.0483 6872 PNRPsvc - ok 15:15:15.0530 6872 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 15:15:15.0592 6872 PolicyAgent - ok 15:15:15.0623 6872 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 15:15:15.0670 6872 Power - ok 15:15:15.0748 6872 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 15:15:15.0795 6872 PptpMiniport - ok 15:15:15.0826 6872 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 15:15:15.0857 6872 Processor - ok 15:15:15.0904 6872 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 15:15:15.0920 6872 ProfSvc - ok 15:15:15.0935 6872 Prot6Flt - ok 15:15:15.0966 6872 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 15:15:15.0982 6872 ProtectedStorage - ok 15:15:16.0029 6872 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 15:15:16.0091 6872 Psched - ok 15:15:16.0247 6872 PSHost (532053e8e3bb8fa7166ab4e7685fddcc) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Firewall\PSHOST.EXE 15:15:16.0263 6872 PSHost - ok 15:15:16.0325 6872 PSIMSVC (196c450f2779d0b462c444da4906ea7f) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe 15:15:16.0590 6872 PSIMSVC - ok 15:15:16.0637 6872 PskSvcRetail (341457b79b3fc31a80c346c767045879) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe 15:15:16.0653 6872 PskSvcRetail - ok 15:15:16.0731 6872 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 15:15:17.0121 6872 ql2300 - ok 15:15:17.0230 6872 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 15:15:17.0511 6872 ql40xx - ok 15:15:17.0542 6872 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 15:15:17.0589 6872 QWAVE - ok 15:15:17.0604 6872 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 15:15:17.0651 6872 QWAVEdrv - ok 15:15:17.0667 6872 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 15:15:17.0729 6872 RasAcd - ok 15:15:17.0760 6872 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 15:15:17.0807 6872 RasAgileVpn - ok 15:15:17.0838 6872 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 15:15:17.0885 6872 RasAuto - ok 15:15:17.0916 6872 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 15:15:17.0979 6872 Rasl2tp - ok 15:15:18.0010 6872 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 15:15:18.0072 6872 RasMan - ok 15:15:18.0104 6872 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 15:15:18.0182 6872 RasPppoe - ok 15:15:18.0197 6872 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 15:15:18.0244 6872 RasSstp - ok 15:15:18.0306 6872 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 15:15:18.0353 6872 rdbss - ok 15:15:18.0369 6872 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 15:15:18.0400 6872 rdpbus - ok 15:15:18.0416 6872 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 15:15:18.0462 6872 RDPCDD - ok 15:15:18.0494 6872 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 15:15:18.0540 6872 RDPENCDD - ok 15:15:18.0556 6872 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 15:15:18.0603 6872 RDPREFMP - ok 15:15:18.0634 6872 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 15:15:18.0665 6872 RDPWD - ok 15:15:18.0712 6872 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 15:15:18.0728 6872 rdyboost - ok 15:15:18.0759 6872 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 15:15:18.0806 6872 RemoteAccess - ok 15:15:18.0837 6872 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 15:15:18.0899 6872 RemoteRegistry - ok 15:15:18.0915 6872 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 15:15:18.0977 6872 RpcEptMapper - ok 15:15:19.0008 6872 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 15:15:19.0024 6872 RpcLocator - ok 15:15:19.0071 6872 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 15:15:19.0133 6872 RpcSs - ok 15:15:19.0149 6872 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 15:15:19.0227 6872 rspndr - ok 15:15:19.0274 6872 RSUSBSTOR (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\system32\Drivers\RtsUStor.sys 15:15:19.0289 6872 RSUSBSTOR - ok 15:15:19.0336 6872 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 15:15:19.0352 6872 SamSs - ok 15:15:19.0383 6872 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 15:15:19.0398 6872 sbp2port - ok 15:15:19.0430 6872 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 15:15:19.0492 6872 SCardSvr - ok 15:15:19.0539 6872 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 15:15:19.0586 6872 scfilter - ok 15:15:19.0679 6872 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 15:15:19.0742 6872 Schedule - ok 15:15:19.0773 6872 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 15:15:19.0820 6872 SCPolicySvc - ok 15:15:19.0866 6872 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys 15:15:19.0898 6872 sdbus - ok 15:15:19.0944 6872 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 15:15:19.0960 6872 SDRSVC - ok 15:15:19.0976 6872 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 15:15:20.0038 6872 secdrv - ok 15:15:20.0085 6872 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 15:15:20.0147 6872 seclogon - ok 15:15:20.0178 6872 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 15:15:20.0225 6872 SENS - ok 15:15:20.0256 6872 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 15:15:20.0303 6872 SensrSvc - ok 15:15:20.0319 6872 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 15:15:20.0334 6872 Serenum - ok 15:15:20.0350 6872 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 15:15:20.0412 6872 Serial - ok 15:15:20.0444 6872 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 15:15:20.0475 6872 sermouse - ok 15:15:20.0522 6872 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 15:15:20.0568 6872 SessionEnv - ok 15:15:20.0600 6872 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 15:15:20.0646 6872 sffdisk - ok 15:15:20.0646 6872 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 15:15:20.0678 6872 sffp_mmc - ok 15:15:20.0693 6872 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 15:15:20.0724 6872 sffp_sd - ok 15:15:20.0740 6872 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 15:15:20.0787 6872 sfloppy - ok 15:15:20.0818 6872 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 15:15:20.0896 6872 SharedAccess - ok 15:15:20.0927 6872 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 15:15:20.0974 6872 ShellHWDetection - ok 15:15:21.0021 6872 ShldFlt (03639a3b26aa808bae79d89fdb4b151c) C:\Windows\system32\DRIVERS\ShldFlt.sys 15:15:21.0021 6872 ShldFlt - ok 15:15:21.0052 6872 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 15:15:21.0068 6872 SiSRaid2 - ok 15:15:21.0083 6872 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 15:15:21.0099 6872 SiSRaid4 - ok 15:15:21.0161 6872 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files (x86)\Skype\Updater\Updater.exe 15:15:24.0905 6872 SkypeUpdate - ok 15:15:24.0952 6872 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 15:15:24.0999 6872 Smb - ok 15:15:25.0030 6872 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 15:15:25.0061 6872 SNMPTRAP - ok 15:15:25.0092 6872 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 15:15:25.0108 6872 spldr - ok 15:15:25.0155 6872 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 15:15:25.0202 6872 Spooler - ok 15:15:25.0373 6872 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 15:15:25.0451 6872 sppsvc - ok 15:15:25.0529 6872 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 15:15:25.0576 6872 sppuinotify - ok 15:15:25.0638 6872 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 15:15:25.0966 6872 srv - ok 15:15:25.0997 6872 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 15:15:26.0044 6872 srv2 - ok 15:15:26.0060 6872 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 15:15:26.0091 6872 srvnet - ok 15:15:26.0122 6872 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 15:15:26.0184 6872 SSDPSRV - ok 15:15:26.0184 6872 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 15:15:26.0231 6872 SstpSvc - ok 15:15:26.0247 6872 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 15:15:26.0262 6872 stexstor - ok 15:15:26.0325 6872 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 15:15:26.0372 6872 stisvc - ok 15:15:26.0403 6872 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 15:15:26.0418 6872 swenum - ok 15:15:26.0450 6872 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 15:15:26.0512 6872 swprv - ok 15:15:26.0574 6872 SynTP (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys 15:15:26.0590 6872 SynTP - ok 15:15:26.0684 6872 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 15:15:26.0730 6872 SysMain - ok 15:15:26.0824 6872 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 15:15:26.0855 6872 TabletInputService - ok 15:15:26.0886 6872 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 15:15:26.0949 6872 TapiSrv - ok 15:15:26.0964 6872 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 15:15:27.0011 6872 TBS - ok 15:15:27.0136 6872 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 15:15:27.0464 6872 Tcpip - ok 15:15:27.0666 6872 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 15:15:27.0698 6872 TCPIP6 - ok 15:15:27.0807 6872 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 15:15:27.0869 6872 tcpipreg - ok 15:15:27.0916 6872 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 15:15:27.0947 6872 TDPIPE - ok 15:15:27.0978 6872 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 15:15:27.0994 6872 TDTCP - ok 15:15:28.0056 6872 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 15:15:28.0103 6872 tdx - ok 15:15:28.0134 6872 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 15:15:28.0150 6872 TermDD - ok 15:15:28.0197 6872 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 15:15:28.0275 6872 TermService - ok 15:15:28.0306 6872 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 15:15:28.0337 6872 Themes - ok 15:15:28.0368 6872 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 15:15:28.0415 6872 THREADORDER - ok 15:15:28.0509 6872 TPSrv (b88c4d29cee2bf7465fa4bf426a24e4e) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\TPSrvWow.exe 15:15:28.0524 6872 TPSrv - ok 15:15:28.0556 6872 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 15:15:28.0634 6872 TrkWks - ok 15:15:28.0680 6872 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 15:15:28.0727 6872 TrustedInstaller - ok 15:15:28.0790 6872 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 15:15:28.0868 6872 tssecsrv - ok 15:15:28.0914 6872 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 15:15:28.0961 6872 TsUsbFlt - ok 15:15:29.0008 6872 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 15:15:29.0304 6872 tunnel - ok 15:15:29.0336 6872 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys 15:15:29.0351 6872 TurboB - ok 15:15:29.0398 6872 TurboBoost (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe 15:15:29.0414 6872 TurboBoost - ok 15:15:29.0445 6872 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 15:15:29.0460 6872 uagp35 - ok 15:15:29.0460 6872 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys 15:15:29.0476 6872 UBHelper - ok 15:15:29.0507 6872 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 15:15:29.0570 6872 udfs - ok 15:15:29.0616 6872 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 15:15:29.0632 6872 UI0Detect - ok 15:15:29.0663 6872 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 15:15:29.0679 6872 uliagpkx - ok 15:15:29.0710 6872 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 15:15:29.0741 6872 umbus - ok 15:15:29.0772 6872 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 15:15:29.0804 6872 UmPass - ok 15:15:29.0960 6872 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 15:15:30.0474 6872 UNS - ok 15:15:30.0552 6872 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe 15:15:30.0864 6872 Updater Service - ok 15:15:30.0958 6872 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 15:15:31.0020 6872 upnphost - ok 15:15:31.0083 6872 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 15:15:31.0130 6872 usbccgp - ok 15:15:31.0192 6872 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 15:15:31.0223 6872 usbcir - ok 15:15:31.0239 6872 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 15:15:31.0254 6872 usbehci - ok 15:15:31.0286 6872 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 15:15:31.0317 6872 usbhub - ok 15:15:31.0332 6872 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 15:15:31.0348 6872 usbohci - ok 15:15:31.0379 6872 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 15:15:31.0395 6872 usbprint - ok 15:15:31.0442 6872 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS 15:15:31.0488 6872 USBSTOR - ok 15:15:31.0504 6872 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 15:15:31.0535 6872 usbuhci - ok 15:15:31.0551 6872 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 15:15:31.0598 6872 usbvideo - ok 15:15:31.0629 6872 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 15:15:31.0691 6872 UxSms - ok 15:15:31.0722 6872 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 15:15:31.0738 6872 VaultSvc - ok 15:15:31.0769 6872 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 15:15:31.0785 6872 vdrvroot - ok 15:15:31.0847 6872 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 15:15:31.0910 6872 vds - ok 15:15:31.0925 6872 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 15:15:31.0956 6872 vga - ok 15:15:31.0956 6872 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 15:15:32.0019 6872 VgaSave - ok 15:15:32.0050 6872 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 15:15:32.0081 6872 vhdmp - ok 15:15:32.0097 6872 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 15:15:32.0112 6872 viaide - ok 15:15:32.0128 6872 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 15:15:32.0144 6872 volmgr - ok 15:15:32.0190 6872 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 15:15:32.0222 6872 volmgrx - ok 15:15:32.0237 6872 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 15:15:32.0253 6872 volsnap - ok 15:15:32.0284 6872 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 15:15:32.0315 6872 vsmraid - ok 15:15:32.0393 6872 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 15:15:32.0471 6872 VSS - ok 15:15:32.0580 6872 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 15:15:32.0612 6872 vwifibus - ok 15:15:32.0627 6872 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 15:15:32.0658 6872 vwififlt - ok 15:15:32.0674 6872 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 15:15:32.0721 6872 W32Time - ok 15:15:32.0736 6872 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 15:15:32.0752 6872 WacomPen - ok 15:15:32.0814 6872 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 15:15:32.0861 6872 WANARP - ok 15:15:32.0861 6872 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 15:15:32.0908 6872 Wanarpv6 - ok 15:15:33.0002 6872 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 15:15:33.0064 6872 WatAdminSvc - ok 15:15:33.0158 6872 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 15:15:33.0220 6872 wbengine - ok 15:15:33.0314 6872 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 15:15:33.0345 6872 WbioSrvc - ok 15:15:33.0376 6872 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 15:15:33.0407 6872 wcncsvc - ok 15:15:33.0423 6872 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 15:15:33.0470 6872 WcsPlugInService - ok 15:15:33.0516 6872 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 15:15:33.0532 6872 Wd - ok 15:15:33.0579 6872 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 15:15:33.0610 6872 Wdf01000 - ok 15:15:33.0626 6872 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 15:15:33.0704 6872 WdiServiceHost - ok 15:15:33.0719 6872 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 15:15:33.0735 6872 WdiSystemHost - ok 15:15:33.0782 6872 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 15:15:33.0828 6872 WebClient - ok 15:15:33.0860 6872 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 15:15:33.0922 6872 Wecsvc - ok 15:15:33.0953 6872 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 15:15:34.0000 6872 wercplsupport - ok 15:15:34.0016 6872 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 15:15:34.0078 6872 WerSvc - ok 15:15:34.0140 6872 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 15:15:34.0187 6872 WfpLwf - ok 15:15:34.0203 6872 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 15:15:34.0218 6872 WIMMount - ok 15:15:34.0250 6872 WinDefend - ok 15:15:34.0265 6872 WinHttpAutoProxySvc - ok 15:15:34.0328 6872 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 15:15:34.0374 6872 Winmgmt - ok 15:15:34.0499 6872 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 15:15:34.0593 6872 WinRM - ok 15:15:34.0733 6872 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 15:15:34.0780 6872 Wlansvc - ok 15:15:34.0936 6872 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 15:15:34.0983 6872 wlidsvc - ok 15:15:35.0123 6872 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 15:15:35.0139 6872 WmiAcpi - ok 15:15:35.0201 6872 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 15:15:35.0217 6872 wmiApSrv - ok 15:15:35.0264 6872 WMPNetworkSvc - ok 15:15:35.0279 6872 WNMFLT (c1b61612fccc6e750ad0a6e19c77ee85) C:\Windows\system32\Drivers\WNMFLT64.SYS 15:15:35.0295 6872 WNMFLT - ok 15:15:35.0310 6872 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 15:15:35.0342 6872 WPCSvc - ok 15:15:35.0373 6872 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 15:15:35.0404 6872 WPDBusEnum - ok 15:15:35.0435 6872 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 15:15:35.0482 6872 ws2ifsl - ok 15:15:35.0498 6872 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 15:15:35.0529 6872 wscsvc - ok 15:15:35.0544 6872 WSearch - ok 15:15:35.0669 6872 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 15:15:35.0732 6872 wuauserv - ok 15:15:35.0841 6872 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 15:15:35.0872 6872 WudfPf - ok 15:15:35.0919 6872 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 15:15:35.0981 6872 WUDFRd - ok 15:15:36.0012 6872 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 15:15:36.0059 6872 wudfsvc - ok 15:15:36.0090 6872 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 15:15:36.0122 6872 WwanSvc - ok 15:15:36.0184 6872 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys 15:15:36.0231 6872 xnacc - ok 15:15:36.0278 6872 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys 15:15:36.0293 6872 xusb21 - ok 15:15:36.0324 6872 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 15:15:36.0543 6872 \Device\Harddisk0\DR0 - ok 15:15:36.0543 6872 Boot (0x1200) (5d555203780dcde1ac94048688b1b82d) \Device\Harddisk0\DR0\Partition0 15:15:36.0543 6872 \Device\Harddisk0\DR0\Partition0 - ok 15:15:36.0590 6872 Boot (0x1200) (c2e1b76a56cf81fdc2b55c8c35616a4c) \Device\Harddisk0\DR0\Partition1 15:15:36.0590 6872 \Device\Harddisk0\DR0\Partition1 - ok 15:15:36.0605 6872 Boot (0x1200) (dd068a3408e510c8a1db6a1a8b61b063) \Device\Harddisk0\DR0\Partition2 15:15:36.0605 6872 \Device\Harddisk0\DR0\Partition2 - ok 15:15:36.0605 6872 ============================================================ 15:15:36.0605 6872 Scan finished 15:15:36.0605 6872 ============================================================ 15:15:36.0621 3108 Detected object count: 0 15:15:36.0621 3108 Actual detected object count: 0 |
|
25.07.2012, 20:31
| #8 |
| /// Malware-holic | Gvu Trojaner mit webcam hi ok lade den CCleaner standard: CCleaner Download - CCleaner 3.20.1750 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
31.07.2012, 10:52
| #9 |
| | Gvu Trojaner mit webcam Acer Backup Manager NewTech Infosystems 14.10.2010 27,5MB 2.0.0.68 notwendig Acer Crystal Eye Webcam Suyin Optronics Corp 22.12.2010 5.3.30.1 notwendig Acer ePower Management Acer Incorporated 22.12.2010 5.00.3005 notwendig Acer eRecovery Management Acer Incorporated 14.10.2010 4.05.3013 notwendig Acer GameZone Console Oberon Media, Inc. 14.10.2010 31,0MB 6.1.0.9 notwendig Acer Registration Acer Incorporated 22.12.2010 1.03.3003 notwendig Acer ScreenSaver Acer Incorporated 22.12.2010 1.1.0707.2010 notwendig Acer Updater Acer Incorporated 14.10.2010 1.02.3001 notwendig Acrobat.com Adobe Systems Incorporated 14.10.2010 1,60MB 1.6.65 notwendig Adobe AIR Adobe Systems Inc. 14.10.2010 1.5.0.7220 notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 31.07.2012 6,00MB 11.3.300.268 notwendig Adobe Reader 9.1 MUI Adobe Systems Incorporated 14.10.2010 650MB 9.1.0 notwendig Broadcom Gigabit NetLink Controller Broadcom Corporation 22.12.2010 448KB 14.0.2.3 notwendig CCleaner Piriform 24.07.2012 3.21 CyberLink PowerDVD 9 CyberLink Corp. 22.12.2010 114MB 9.0.3216.50 notwendig Die Sims 2 06.07.2011 unnötig eBay Worldwide OEM 22.12.2010 100KB 2.1.0901 unnötig eSobi v2 esobi Inc. 14.10.2010 20,4MB 2.0.4.000274 notwendig F1 2011 Codemasters 02.10.2011 1.0.0000.129 notwendig Farm Frenzy 2 Oberon Media 22.12.2010 unnötig FIFA 09 Electronic Arts 10.03.2011 5,50GB 1.0.1.1 notwendig FIFA 12 Electronic Arts 13.05.2012 1.0.0.0 notwendig FUSSBALL MANAGER 12 Electronic Arts 26.11.2011 6,56GB 1.0.0.0 notwendig Galapago Oberon Media 22.12.2010 unnötig Heroes of Hellas Oberon Media 22.12.2010 unnötig ICQ7.5 ICQ 05.08.2011 7.5 notwendig Identity Card Acer Incorporated 22.12.2010 1.00.3003 Intel(R) Management Engine Components Intel Corporation 23.12.2010 6.0.0.1179 notwendig Intel(R) Rapid Storage Technology Intel Corporation 22.12.2010 9.6.2.1001 notwendig Intel(R) Turbo Boost Technology Driver Intel Corporation 23.12.2010 01.02.00.1002 notwendig Java(TM) 6 Update 33 Oracle 20.07.2012 95,6MB 6.0.330 notwendig Launch Manager Acer Inc. 22.12.2010 4.0.14 notwendig Malwarebytes Anti-Malware Version 1.62.0.1300 Malwarebytes Corporation 15.07.2012 18,7MB 1.62.0.1300 Medal of Honor Allied Assault 14.01.2012 notwendig Merriam Websters Spell Jam Oberon Media 22.12.2010 unbekannt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 09.01.2011 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 09.01.2011 2,93MB 4.0.30319 Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 23.09.2011 31,3MB 3.5.88.0 Microsoft Games for Windows Marketplace Microsoft Corporation 23.09.2011 6,03MB 3.5.50.0 Microsoft Office 2010 Microsoft Corporation 22.12.2010 6,31MB 14.0.4763.1000 Microsoft Silverlight Microsoft Corporation 10.05.2012 100MB 4.1.10329.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 22.12.2010 1,72MB 3.1.0000 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 24.01.2012 252KB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 24.09.2011 300KB 8.0.56336 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 17.08.2011 1,41MB 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 14.10.2010 596KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 24.09.2011 600KB 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 14.05.2012 13,8MB 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 14.05.2012 15,0MB 10.0.40219 Microsoft Programme alle notwendig MyWinLocker Suite Egis Technology Inc. 14.10.2010 2,20MB 3.1.212.0 unbekannt NTI Media Maker 9 NTI Corporation 22.12.2010 1,60GB 9.0.2.8939 unbekannt NVIDIA Grafiktreiber 295.73 NVIDIA Corporation 07.03.2012 295.73 notwendig NVIDIA HD-Audiotreiber 1.3.12.0 NVIDIA Corporation 07.03.2012 1.3.12.0 notwendig NVIDIA PhysX-Systemsoftware 9.12.0209 NVIDIA Corporation 07.03.2012 9.12.0209 notwendig OpenAL 23.09.2011 unbekannt Origin Electronic Arts, Inc. 13.05.2012 8.5.2.23 notwendig Panda Antivirus Pro 2012 Panda Security 15.07.2012 11.00.00 notwendig Panda Secure Vault 5 AceBIT GmbH 15.07.2012 1,86MB notwendig Poker Pop Oberon Media 22.12.2010 unnötig PunkBuster Services Even Balance, Inc. 08.01.2011 0.986 notwendig Rapture3D 2.4.9 Game Blue Ripple Sound 02.10.2011 unbekannt Realtek High Definition Audio Driver Realtek Semiconductor Corp. 22.12.2010 6.0.1.6141 notwendig Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 22.12.2010 6.1.7600.30122 notwendig Rome - Total War - Gold Edition The Creative Assembly 28.01.2012 1.6 unnötig SimCity 4 Deluxe 12.05.2012 unnötig Skype™ 5.9 Skype Technologies S.A. 05.05.2012 19,3MB 5.9.114 notwendig Spin & Win Oberon Media 22.12.2010 unnötig Synaptics Pointing Device Driver Synaptics Incorporated 22.12.2010 14.0.19.0 notwendig Welcome Center Acer Incorporated 22.12.2010 1.02.3004 notwendig Windows Live Essentials Microsoft Corporation 22.12.2010 14.0.8117.0416 notwendig Windows Live ID Sign-in Assistant Microsoft Corporation 23.09.2011 10,0MB 6.500.3165.0 notwendig Windows Live Sync Microsoft Corporation 22.12.2010 2,79MB 14.0.8117.416 notwendig Windows Live-Uploadtool Microsoft Corporation 22.12.2010 224KB 14.0.8014.1029 notwendig Überwachungstool für die Intel® Turbo-Boost-Technik Intel 22.12.2010 1,13MB 1.0.186.6 notwendig |
|
01.08.2012, 20:43
| #10 |
| /// Malware-holic | Gvu Trojaner mit webcam deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Die Sims eBay Farm Galapago Heroes Merriam Poker Rome SimCity Spin öffne CCleaner analysieren starten. öffne otl, bereinigen, pc startet neu testen wie er läuft
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.08.2012, 17:23
| #12 |
| | Gvu Trojaner mit webcam Hallo ich wollte noch mal fragen wie ich nun weiter mache? Hat bisher noch keiner auf meine Frage geantwortet. Danke im Voraus |
|
21.08.2012, 17:19
| #13 |
| /// Malware-holic | Gvu Trojaner mit webcam ja auf analysieren, und starten bitte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.08.2012, 17:46
| #14 |
| | Gvu Trojaner mit webcam ok habe die analysierten daten nun gecleant. |
|
| Themen zu Gvu Trojaner mit webcam |
| alternate, anmelden, bildschirm, dll, einfach, fehlermeldung, file, funktioniert, heuristiks/extra, heuristiks/shuriken, install.exe, konnte, laptop, launch, link, locker, melde, melden, mywinlocker, plug-in, pmmupdate.exe, programm, richtlinie, rundll, rundll32, sache, sachen, searchscopes, sofort, systems, systemstart, trojaner, usb 2.0, viren, vorgehen, webcam |
Linear-Darstellung
