| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Exploit.Java.CVE-2012-1723.dg in Firefox-OrdnerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.09.2012, 23:03
| #16 |
 |  Exploit.Java.CVE-2012-1723.dg in Firefox-OrdnerCode:
ATTFilter OTL logfile created on: 10.09.2012 23:54:13 - Run 1 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,97 Gb Total Physical Memory | 6,49 Gb Available Physical Memory | 81,46% Memory free 15,93 Gb Paging File | 14,33 Gb Available in Paging File | 89,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,69 Gb Total Space | 67,75 Gb Free Space | 60,66% Space Free | Partition Type: NTFS Drive E: | 68,36 Gb Total Space | 15,87 Gb Free Space | 23,22% Space Free | Partition Type: NTFS Drive F: | 195,31 Gb Total Space | 32,34 Gb Free Space | 16,56% Space Free | Partition Type: NTFS Drive G: | 108,94 Gb Total Space | 37,31 Gb Free Space | 34,25% Space Free | Partition Type: NTFS Drive H: | 467,64 Gb Total Space | 140,32 Gb Free Space | 30,01% Space Free | Partition Type: NTFS Drive I: | 24,41 Gb Total Space | 9,35 Gb Free Space | 38,30% Space Free | Partition Type: NTFS Drive J: | 439,45 Gb Total Space | 361,27 Gb Free Space | 82,21% Space Free | Partition Type: NTFS Drive K: | 195,31 Gb Total Space | 173,89 Gb Free Space | 89,03% Space Free | Partition Type: NTFS Drive L: | 345,57 Gb Total Space | 320,62 Gb Free Space | 92,78% Space Free | Partition Type: NTFS Drive M: | 390,62 Gb Total Space | 317,57 Gb Free Space | 81,30% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.10 23:51:19 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.08.31 00:08:59 | 003,729,400 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2012.08.23 03:50:22 | 000,403,888 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2012.08.23 03:49:48 | 006,049,096 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.08.21 11:12:23 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\afwServ.exe PRC - [2012.08.18 21:22:02 | 007,027,752 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.24 15:13:58 | 000,943,856 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- f:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.06.27 09:25:04 | 000,681,056 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe PRC - [2012.06.21 05:01:58 | 000,092,632 | ---- | M] (TomTom) -- E:\Tom\TomTom HOME 2\TomTomHOMEService.exe PRC - [2012.05.26 12:04:52 | 000,913,792 | ---- | M] (IObit) -- F:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe PRC - [2012.01.26 16:08:56 | 003,665,752 | ---- | M] () -- E:\Tobit Radio.fx\Server\rfx-server.exe PRC - [2011.06.29 15:04:44 | 001,101,440 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe PRC - [2011.06.29 11:06:26 | 001,218,048 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe PRC - [2011.06.13 10:36:54 | 000,922,240 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe PRC - [2011.06.05 20:05:26 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe PRC - [2011.04.30 01:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.04.30 01:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.12.02 04:15:14 | 000,915,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe PRC - [2010.11.26 21:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe PRC - [2010.10.21 11:52:26 | 000,586,880 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ========== Modules (No Company Name) ========== MOD - [2012.08.23 03:35:38 | 013,873,200 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll MOD - [2012.08.23 03:31:22 | 001,590,656 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Home\icudt38.dll MOD - [2012.07.24 14:48:28 | 000,012,160 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll MOD - [2012.06.14 02:46:08 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8036b60a803443f3c61c48b4959f722d\IAStorUtil.ni.dll MOD - [2012.06.14 00:57:13 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.14 00:57:09 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.10 18:13:36 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\d89ee849317b4d93ea78842dd78f79c0\IAStorCommon.ni.dll MOD - [2012.05.10 02:40:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.10 02:40:14 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.10 02:40:11 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.10 02:40:09 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.10 02:40:08 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.10 02:40:05 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscor***\acfc1391e45fedd2a359778ea57d914c\mscor***.ni.dll MOD - [2011.06.29 15:04:42 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll MOD - [2011.06.29 09:05:03 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscor***.resources\2.0.0.0_de_b77a5c561934e089\mscor***.resources.dll MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.05.29 13:09:50 | 000,035,680 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV - [2012.09.08 01:43:37 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.09.07 21:53:37 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.31 00:08:59 | 003,729,400 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2012.08.25 01:23:51 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.08.23 03:50:44 | 001,127,432 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.08.21 11:12:23 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\afwServ.exe -- (avast! Firewall) SRV - [2012.08.18 21:22:02 | 007,027,752 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- f:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.06.27 09:25:06 | 001,326,176 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2012.06.27 09:25:04 | 000,681,056 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2012.06.21 05:01:58 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- E:\Tom\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2012.06.19 20:20:07 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Disabled | Stopped] -- g:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService) SRV - [2012.05.29 13:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.05.29 13:09:50 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2012.05.26 12:04:52 | 000,913,792 | ---- | M] (IObit) [Auto | Running] -- F:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5) SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.01.26 16:08:56 | 003,665,752 | ---- | M] () [Auto | Running] -- E:\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx) SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2011.06.13 10:36:54 | 000,922,240 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe -- (asComSvc) SRV - [2011.06.05 20:05:26 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc) SRV - [2011.04.30 01:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.12.02 04:15:14 | 000,915,584 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe -- (asHmComSvc) SRV - [2010.10.21 11:52:26 | 000,586,880 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.08.31 00:08:59 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2012.08.31 00:08:58 | 001,340,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman) DRV:64bit: - [2012.08.31 00:08:58 | 001,093,256 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib_mounter.sys -- (tib_mounter) DRV:64bit: - [2012.08.31 00:08:58 | 000,228,488 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr) DRV:64bit: - [2012.08.31 00:08:58 | 000,166,024 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vidsflt.sys -- (vidsflt) DRV:64bit: - [2012.08.31 00:08:57 | 000,340,104 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2012.08.31 00:08:57 | 000,155,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv) DRV:64bit: - [2012.08.21 11:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.08.21 11:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.08.21 11:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.08.21 11:13:12 | 000,266,776 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2) DRV:64bit: - [2012.08.21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.08.21 11:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.08.21 11:13:11 | 000,142,128 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW) DRV:64bit: - [2012.08.21 11:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.08.21 11:13:11 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd) DRV:64bit: - [2012.07.05 23:10:19 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2012.07.05 23:10:19 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.06.27 22:33:54 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis) DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.16 16:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2011.12.08 06:22:36 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2011.12.08 06:22:36 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) DRV:64bit: - [2011.12.08 06:22:36 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2011.12.08 06:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.12.08 06:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2011.12.08 06:22:28 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) DRV:64bit: - [2011.12.08 06:22:28 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2011.12.08 06:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2011.09.09 15:45:30 | 001,660,480 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2011.07.29 13:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv) DRV:64bit: - [2011.07.29 13:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv) DRV:64bit: - [2011.06.10 08:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.06.02 11:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.06.02 11:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.04.26 12:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.05.06 09:01:12 | 000,015,872 | ---- | M] (ROCCAT Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArvoFltr.sys -- (ArvoFltr) DRV - [2012.03.29 16:32:12 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2011.07.29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv) DRV - [2011.07.29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 AD A1 AB 8B 8B CD 01 [binary data] IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: "" FF - prefs.js..extensions.enabledAddons: amznUWL2@amazon.com:1.9 FF - prefs.js..extensions.enabledAddons: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.2 FF - prefs.js..extensions.enabledAddons: keefox@chris.tomlinson:1.0.2 FF - prefs.js..extensions.enabledAddons: mozrepl@hyperstruct.net:1.1 FF - prefs.js..extensions.enabledAddons: passifox@hanhuy.com:1.1.5 FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: stealthyextension@gmail.com:2.3.3 FF - prefs.js..extensions.enabledAddons: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:12.8 FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.0 FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7 FF - prefs.js..extensions.enabledAddons: {b8cbd8e0-e642-11dd-ba2f-0800200c9a66}:2.1 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9 FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68 FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10 FF - prefs.js..extensions.enabledAddons: {D9808C4D-1CF5-4f67-8DB2-12CF78BBA23F}:2.5.8 FF - prefs.js..extensions.enabledAddons: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.9 FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120827 FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.2 FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q=" FF - prefs.js..network.proxy.http: "46.105.158.60" FF - prefs.js..network.proxy.http_port: 3134 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: g:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: E:\Media\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: F:\Program Files (x86)\OpenOffice.org 3\program [2012.06.17 16:50:50 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: f:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.17 02:16:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.23 23:20:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: F:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 21:53:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: F:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.07 21:53:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: F:\Program Files (x86)\Mozilla Thunderbird\components [2012.05.19 12:31:43 | 000,000,000 | ---D | M] [2012.07.05 01:11:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.07.05 01:11:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.09.08 12:33:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions [2012.02.18 00:34:19 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(183) [2012.08.14 10:26:22 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.02.18 00:34:19 | 000,000,000 | ---D | M] (IE View) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}(184) [2012.02.18 00:34:20 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3} [2012.08.30 10:42:20 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.02.18 00:34:21 | 000,000,000 | ---D | M] ("DHL Packstation Bestellhelfer") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\{b8cbd8e0-e642-11dd-ba2f-0800200c9a66} [2012.03.30 20:06:27 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.02.18 00:34:21 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} [2012.02.18 00:34:22 | 000,000,000 | ---D | M] (Download Sort) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\{D9808C4D-1CF5-4f67-8DB2-12CF78BBA23F} [2012.02.18 00:34:10 | 000,000,000 | ---D | M] ("Better Gmail 2") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\bettergmail2@ginatrapani.org [2012.02.18 00:34:10 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\de-DE@dictionaries.addons.mozilla.org [2012.02.18 00:34:10 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\DeviceDetection@logitech.com [2012.09.08 12:33:56 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\firefox@ghostery.com [2012.08.31 21:24:28 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\foxmarks@kei.com [2012.05.18 12:29:57 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\ich@maltegoetz.de [2012.05.10 02:25:26 | 000,000,000 | ---D | M] (KeeFox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\keefox@chris.tomlinson [2012.02.18 00:34:17 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\piclens@cooliris.com [2012.02.18 00:34:18 | 000,000,000 | ---D | M] ("Broadband Speed Test and Diagnostics") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\speedtest@gotomyhelp.com [2012.03.22 01:52:46 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\video.downloader.plugin@ffpimp.com [2012.08.21 17:43:38 | 000,243,317 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\amznUWL2@amazon.com.xpi [2012.06.19 19:36:55 | 000,344,664 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\autopager@mozilla.org.xpi [2012.08.06 23:45:19 | 000,221,273 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\kosa@kallout.com.xpi [2012.01.07 21:22:08 | 000,027,841 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\mozrepl@hyperstruct.net.xpi [2012.05.31 03:57:06 | 000,016,791 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\passifox@hanhuy.com.xpi [2012.02.18 00:58:36 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\personas@christopher.beard.xpi [2012.07.27 11:14:00 | 000,184,864 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\stealthyextension@gmail.com.xpi [2011.11.08 04:26:08 | 000,014,949 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\twitter.address.bar.search@firefox.twitter.xpi [2012.08.27 10:21:39 | 000,084,654 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}.xpi [2011.08.18 02:49:26 | 000,022,819 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}.xpi [2012.08.10 00:49:24 | 000,318,530 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi [2011.07.17 20:49:00 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi [2012.08.23 01:34:04 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012.08.29 21:24:27 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012.07.25 00:44:22 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.08.18 18:00:19 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2011.10.30 14:58:04 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2012.09.02 02:06:10 | 000,699,353 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012.08.11 11:16:09 | 000,045,226 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}.xpi [2011.04.11 23:35:12 | 000,947,664 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\conduitengine.xpi [2011.04.11 23:35:12 | 000,946,324 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\vuze_remote_tb.xpi [2011.11.08 04:26:08 | 000,002,973 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\searchplugins\twitter-.xml [2008.07.25 01:34:28 | 000,001,196 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\searchplugins\winamp-search.xml [2012.08.23 23:20:48 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = f:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = f:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = f:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Winamp Application Detector (Enabled) = f:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll CHR - plugin: Media Go Detector (Enabled) = E:\Media\npmediago.dll CHR - plugin: iTunes Application Detector (Enabled) = F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Picasa (Enabled) = g:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - Extension: avast! WebRep = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis) O4 - HKLM..\Run: [Arvo] f:\Program Files (x86)\ROCCAT\Arvo Keyboard\ArvoHID.EXE (ROCCAT) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000..\Run: [RfxSrvTray] E:\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - F:\icq\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - F:\icq\ICQ7.7\ICQ.exe (ICQ, LLC.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A76E21B-2FA4-4F66-A99C-A15C11ADA6BF}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79531C24-1D82-4258-92F8-339D52C3B9BF}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D39C8E1B-2B2F-4170-B9C0-BD0829FEB5FB}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1DD1B67-326C-4D99-BA94-40F641486EBA}: DhcpNameServer = 192.168.42.129 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.04.28 02:18:06 | 002,791,638 | ---- | M] () - J:\Autopilot Off - Chromatic Fades.mp3 -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) MsConfig:64bit - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - F:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - () MsConfig:64bit - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Trillian.lnk - F:\Program Files (x86)\Trillian\trillian.exe - (Cerulean Studios) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - F:\icq\ICQ7.7\ICQ.exe (ICQ, LLC.) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - F:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: KeePass 2 PreLoad - hkey= - key= - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) MsConfig:64bit - StartUpReg: KeePass Password Safe 2 - hkey= - key= - File not found MsConfig:64bit - StartUpReg: KiesHelper - hkey= - key= - F:\Kies\KiesHelper.exe (Samsung) MsConfig:64bit - StartUpReg: KiesPDLR - hkey= - key= - F:\Kies\External\FirmwareUpdate\KiesPDLR.exe () MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - F:\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - f:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: RGSC - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Sony Ericsson PC Companion - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Sony PC Companion - hkey= - key= - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codec - C:\Windows\SysWOW64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.pspgru - C:\Windows\SysWow64\PSPGRU.acm (Philips Austria GmbH - Speech Processing) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.RTV1 - rtvcvfw32.dll File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.09.10 23:51:19 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.09.05 19:29:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.09.03 23:21:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012.09.03 01:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.09.01 12:41:27 | 000,000,000 | ---D | C] -- E:\***\Geheimakte 3 [2012.09.01 00:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Partition Master 9.1.1 Home Edition [2012.08.31 00:10:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Acronis [2012.08.31 00:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis [2012.08.31 00:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis [2012.08.31 00:08:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis [2012.08.31 00:08:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis [2012.08.30 02:15:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ProtectDisc Driver Installer [2012.08.30 02:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver [2012.08.23 00:50:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android SDK Tools [2012.08.21 00:38:01 | 000,000,000 | ---D | C] -- C:\Users\***\.android [2012.08.21 00:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools [2012.08.21 00:34:34 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\adb [2012.08.20 23:53:45 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\doom [2012.08.20 23:28:36 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\abcd [2012.08.20 23:10:19 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\587 [2012.08.20 23:09:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool [2012.08.17 01:36:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012.08.17 01:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012.08.17 01:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC-WELT-ProblemlöserPaket [2012.08.13 03:22:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live ========== Files - Modified Within 30 Days ========== [2012.09.10 23:51:19 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.09.10 23:32:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.10 23:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.10 21:40:17 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.10 21:40:17 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.10 21:40:02 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.10 21:40:02 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.10 21:40:02 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.10 21:40:02 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.10 21:40:02 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.10 21:33:12 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.10 21:33:08 | 000,001,905 | ---- | M] () -- C:\Users\***\Desktop\SafeZone-Browser.lnk [2012.09.10 21:33:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.10 18:07:25 | 000,512,399 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.09.04 15:35:53 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.09.01 00:10:18 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\EASEUS Partition Master 9.1.1 Home Edition.lnk [2012.08.31 00:08:55 | 000,001,177 | ---- | M] () -- C:\Users\Public\Desktop\True Image 2013.lnk [2012.08.23 23:59:36 | 000,000,811 | ---- | M] () -- C:\Users\***\Desktop\EVEREST Home Edition.lnk [2012.08.23 23:20:49 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.08.21 11:13:13 | 000,969,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012.08.21 11:13:13 | 000,359,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012.08.21 11:13:13 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012.08.21 11:13:12 | 000,266,776 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys [2012.08.21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.08.21 11:13:12 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2012.08.21 11:13:11 | 000,142,128 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys [2012.08.21 11:13:11 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012.08.21 11:13:11 | 000,019,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys [2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.08.21 11:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012.08.18 02:57:14 | 000,002,140 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2012.08.17 01:36:05 | 000,000,754 | ---- | M] () -- C:\Users\***\Desktop\SpeedFan.lnk [2012.08.17 01:36:04 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo [2012.08.17 01:18:26 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\PC-WELT-ProblemlöserPaket.lnk [2012.08.15 21:54:53 | 000,295,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.09.10 18:07:35 | 000,512,399 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.09.01 00:10:18 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\EASEUS Partition Master 9.1.1 Home Edition.lnk [2012.09.01 00:10:17 | 003,316,736 | ---- | C] () -- C:\Windows\SysNative\BootMan.exe [2012.09.01 00:10:17 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe [2012.09.01 00:10:17 | 000,100,232 | ---- | C] () -- C:\Windows\SysNative\setupempdrvx64.exe [2012.09.01 00:10:17 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe [2012.09.01 00:10:17 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll [2012.09.01 00:10:17 | 000,016,776 | ---- | C] () -- C:\Windows\SysNative\epmntdrv.sys [2012.09.01 00:10:17 | 000,016,256 | ---- | C] () -- C:\Windows\SysNative\EuEpmGdi.dll [2012.09.01 00:10:17 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys [2012.09.01 00:10:17 | 000,009,096 | ---- | C] () -- C:\Windows\SysNative\EuGdiDrv.sys [2012.09.01 00:10:17 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys [2012.08.31 00:08:55 | 000,001,177 | ---- | C] () -- C:\Users\Public\Desktop\True Image 2013.lnk [2012.08.23 23:59:36 | 000,000,811 | ---- | C] () -- C:\Users\***\Desktop\EVEREST Home Edition.lnk [2012.08.18 02:57:14 | 000,002,140 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2012.08.17 01:38:37 | 000,002,233 | ---- | C] () -- C:\Users\***\Desktop\Internet Explorer (No Add-ons).lnk [2012.08.17 01:36:05 | 000,000,754 | ---- | C] () -- C:\Users\***\Desktop\SpeedFan.lnk [2012.08.17 01:36:04 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo [2012.08.17 01:18:26 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\PC-WELT-ProblemlöserPaket.lnk [2012.07.11 01:24:24 | 001,012,976 | ---- | C] () -- C:\Windows\PE_File.dll [2012.07.11 01:18:44 | 000,947,440 | ---- | C] () -- C:\Windows\PE_Rom.dll [2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.04.06 14:38:16 | 000,100,712 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2012.02.21 23:18:47 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012.02.21 23:18:46 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2012.02.19 23:54:01 | 002,681,344 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll [2012.02.18 01:07:09 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2012.02.17 19:39:02 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.02.17 19:38:55 | 000,026,929 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.01.31 02:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.01.31 02:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.01.31 02:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.01.31 02:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.01.31 02:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll ========== LOP Check ========== [2012.08.01 00:14:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IObit [2012.08.31 00:10:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acronis [2012.02.18 23:19:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2012.03.27 01:54:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft [2012.03.01 02:37:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2012.02.21 23:17:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro [2012.04.26 02:24:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.05.17 17:18:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular [2012.07.22 02:08:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2012.04.17 02:44:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn [2012.07.19 18:20:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IObit [2012.09.10 23:53:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass [2012.09.09 00:08:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag [2012.08.28 00:54:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer [2012.07.11 00:23:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nuance [2012.02.23 00:01:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2012.06.23 12:01:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2012.03.13 22:33:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin [2012.02.17 20:20:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Panda Security [2012.03.16 00:06:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2012.03.14 02:53:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony [2012.04.30 16:52:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp [2012.02.23 00:23:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2012.02.18 03:49:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tobit [2012.07.05 01:11:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom [2012.04.09 00:41:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Trillian [2012.06.03 22:48:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2012.09.01 11:06:07 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.08.31 00:10:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acronis [2012.02.19 23:54:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe [2012.02.18 23:19:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2012.03.27 01:54:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft [2012.05.30 22:35:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer [2012.03.01 02:37:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2012.02.21 23:17:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro [2012.06.17 00:37:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss [2012.04.26 02:24:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.05.17 17:18:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular [2012.07.10 23:30:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FLEXnet [2012.07.22 02:08:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2012.02.17 19:09:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities [2012.04.17 02:44:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn [2012.02.17 20:03:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield [2012.02.17 20:11:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Intel Corporation [2012.07.19 18:20:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IObit [2012.09.10 23:53:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass [2012.02.17 20:31:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia [2012.04.18 01:55:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes [2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs [2012.08.03 17:44:45 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft [2012.02.18 00:26:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla [2012.09.09 00:08:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag [2012.08.28 00:54:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer [2012.07.11 00:23:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nuance [2012.03.13 23:58:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NVIDIA [2012.02.23 00:01:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2012.06.23 12:01:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2012.03.13 22:33:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin [2012.02.17 20:20:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Panda Security [2012.08.04 12:25:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Real [2012.03.16 00:06:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2012.03.14 02:53:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony [2012.04.30 16:52:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp [2012.02.23 00:23:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2012.02.18 03:49:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tobit [2012.07.05 01:11:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom [2012.04.09 00:41:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Trillian [2012.06.03 22:48:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2012.09.03 18:57:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc [2012.09.10 10:35:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Winamp < %APPDATA%\*.exe /s > [2011.03.22 04:00:16 | 000,188,152 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fg4op894.default\FlashGot.exe [2012.04.12 21:52:00 | 000,010,704 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fg4op894.default\extensions\keefox@chris.tomlinson\deps\CheckForAdminRights.exe [2012.04.12 21:51:50 | 000,008,656 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fg4op894.default\extensions\keefox@chris.tomlinson\deps\KeeFoxElevate.exe [2012.04.12 21:51:36 | 000,008,144 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fg4op894.default\extensions\keefox@chris.tomlinson\deps\KeePassRPCCopier.exe [2012.02.06 14:07:28 | 000,425,984 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fg4op894.default\extensions\piclens@cooliris.com\***s\LaunchCooliris.exe [2012.02.06 14:07:28 | 000,545,792 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fg4op894.default\extensions\piclens@cooliris.com\***s\PicLensHelper.exe [2012.03.16 00:06:57 | 000,106,408 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller.exe [2012.03.16 00:06:57 | 000,101,288 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate.exe [2012.03.16 00:06:57 | 000,021,416 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR.exe [2012.04.30 14:46:48 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x64.exe [2012.03.07 01:36:32 | 000,943,504 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe [2012.03.07 01:36:34 | 000,278,928 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe [2012.02.01 01:17:02 | 000,308,224 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe [2012.03.07 01:36:32 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe [2012.01.31 02:16:12 | 000,290,816 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe [2012.01.31 02:16:12 | 000,693,248 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe [2012.03.07 01:36:38 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe [2012.03.16 00:06:57 | 000,106,408 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe [2012.03.16 00:06:57 | 000,101,288 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe [2012.03.07 01:36:40 | 000,131,984 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe [2012.03.16 00:06:57 | 000,021,416 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe [2012.03.07 01:36:42 | 003,570,312 | ---- | M] (Freeware) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe [2012.01.31 02:15:38 | 024,123,656 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe [2012.03.07 01:36:44 | 000,371,088 | ---- | M] (ml) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe [2012.04.04 07:05:32 | 000,371,088 | ---- | M] (ml) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2011.04.26 12:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\drivers\iaStor.sys [2011.04.26 12:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_16d1c1de1eca8452\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0FF263E8 < End of report > |
|
11.09.2012, 15:31
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Exploit.Java.CVE-2012-1723.dg in Firefox-Ordner Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
FF - user.js - File not found
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "foxsearch"
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.28 02:18:06 | 002,791,638 | ---- | M] () - J:\Autopilot Off - Chromatic Fades.mp3 -- [ NTFS ]
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0FF263E8
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
11.09.2012, 17:15
| #18 |
| | Exploit.Java.CVE-2012-1723.dg in Firefox-OrdnerCode:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: "foxsearch" removed from browser.search.defaultenginename
Prefs.js: "" removed from browser.search.defaultthis.engineName
Prefs.js: "" removed from browser.search.defaulturl
Prefs.js: "foxsearch" removed from browser.search.order.1
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
J:\Autopilot Off - Chromatic Fades.mp3 moved successfully.
ADS C:\ProgramData\TEMP:0FF263E8 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: ***
->Temp folder emptied: 56913181 bytes
->Temporary Internet Files folder emptied: 5071437 bytes
->Java cache emptied: 212868 bytes
->FireFox cache emptied: 67147354 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 506 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3648 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 123,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.61.3 log created on 09112012_180241
Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
11.09.2012, 22:15
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Exploit.Java.CVE-2012-1723.dg in Firefox-Ordner Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
11.09.2012, 22:35
| #20 |
| | Exploit.Java.CVE-2012-1723.dg in Firefox-OrdnerCode:
ATTFilter 23:31:22.0225 1028 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
23:31:22.0885 1028 ============================================================
23:31:22.0885 1028 Current date / time: 2012/09/11 23:31:22.0885
23:31:22.0885 1028 SystemInfo:
23:31:22.0885 1028
23:31:22.0885 1028 OS Version: 6.1.7601 ServicePack: 1.0
23:31:22.0885 1028 Product type: Workstation
23:31:22.0885 1028 ComputerName: ***-PC
23:31:22.0885 1028 UserName: ***
23:31:22.0885 1028 Windows directory: C:\Windows
23:31:22.0885 1028 System windows directory: C:\Windows
23:31:22.0885 1028 Running under WOW64
23:31:22.0885 1028 Processor architecture: Intel x64
23:31:22.0885 1028 Number of processors: 4
23:31:22.0885 1028 Page size: 0x1000
23:31:22.0885 1028 Boot type: Normal boot
23:31:22.0885 1028 ============================================================
23:31:29.0316 1028 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:31:29.0322 1028 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:31:29.0338 1028 Drive \Device\Harddisk2\DR2 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:31:29.0343 1028 Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:31:29.0362 1028 ============================================================
23:31:29.0362 1028 \Device\Harddisk0\DR0:
23:31:29.0362 1028 MBR partitions:
23:31:29.0362 1028 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:31:29.0362 1028 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
23:31:29.0362 1028 \Device\Harddisk1\DR1:
23:31:29.0362 1028 MBR partitions:
23:31:29.0362 1028 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x30D40000
23:31:29.0362 1028 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x30D40800, BlocksNum 0x186A0000
23:31:29.0362 1028 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x493E0800, BlocksNum 0x2B325000
23:31:29.0362 1028 \Device\Harddisk2\DR2:
23:31:29.0363 1028 MBR partitions:
23:31:29.0363 1028 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x88B8000
23:31:29.0363 1028 \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x88B8800, BlocksNum 0x186A0000
23:31:29.0363 1028 \Device\Harddisk2\DR2\Partition3: MBR, Type 0x7, StartLBA 0x20F58800, BlocksNum 0xD9E0000
23:31:29.0363 1028 \Device\Harddisk3\DR3:
23:31:29.0363 1028 MBR partitions:
23:31:29.0363 1028 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A749978
23:31:29.0363 1028 \Device\Harddisk3\DR3\Partition2: MBR, Type 0x7, StartLBA 0x3A74A000, BlocksNum 0x30D3800
23:31:29.0363 1028 \Device\Harddisk3\DR3\Partition3: MBR, Type 0x7, StartLBA 0x3D81E000, BlocksNum 0x36EE8000
23:31:29.0363 1028 ============================================================
23:31:29.0364 1028 C: <-> \Device\Harddisk0\DR0\Partition2
23:31:29.0383 1028 E: <-> \Device\Harddisk2\DR2\Partition1
23:31:29.0413 1028 F: <-> \Device\Harddisk2\DR2\Partition2
23:31:29.0429 1028 G: <-> \Device\Harddisk2\DR2\Partition3
23:31:29.0445 1028 H: <-> \Device\Harddisk3\DR3\Partition1
23:31:29.0502 1028 I: <-> \Device\Harddisk3\DR3\Partition2
23:31:29.0719 1028 J: <-> \Device\Harddisk3\DR3\Partition3
23:31:29.0741 1028 M: <-> \Device\Harddisk1\DR1\Partition1
23:31:29.0773 1028 K: <-> \Device\Harddisk1\DR1\Partition2
23:31:29.0809 1028 L: <-> \Device\Harddisk1\DR1\Partition3
23:31:29.0809 1028 ============================================================
23:31:29.0809 1028 Initialize success
23:31:29.0809 1028 ============================================================
23:32:26.0756 6780 ============================================================
23:32:26.0756 6780 Scan started
23:32:26.0756 6780 Mode: Manual; SigCheck; TDLFS;
23:32:26.0756 6780 ============================================================
23:32:27.0270 6780 ================ Scan system memory ========================
23:32:27.0270 6780 System memory - ok
23:32:27.0270 6780 ================ Scan services =============================
23:32:27.0299 6780 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:32:27.0335 6780 1394ohci - ok
23:32:27.0340 6780 [ A3769020F7E8A70FD3E824C050F33306 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
23:32:27.0353 6780 acedrv11 - ok
23:32:27.0359 6780 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:32:27.0369 6780 ACPI - ok
23:32:27.0372 6780 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:32:27.0382 6780 AcpiPmi - ok
23:32:27.0393 6780 [ 5C612044C7C9786D49C6BEC1BED33232 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
23:32:27.0411 6780 AcrSch2Svc - ok
23:32:27.0414 6780 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:32:27.0420 6780 AdobeARMservice - ok
23:32:27.0442 6780 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:32:27.0449 6780 AdobeFlashPlayerUpdateSvc - ok
23:32:27.0456 6780 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:32:27.0468 6780 adp94xx - ok
23:32:27.0473 6780 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:32:27.0485 6780 adpahci - ok
23:32:27.0489 6780 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:32:27.0499 6780 adpu320 - ok
23:32:27.0698 6780 [ 96D6CDD0B32846E8CFBE592F4F32E608 ] AdvancedSystemCareService5 F:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
23:32:27.0710 6780 AdvancedSystemCareService5 - ok
23:32:27.0714 6780 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:32:27.0738 6780 AeLookupSvc - ok
23:32:27.0743 6780 [ ABCF9C80EAACE03021BB7F450EB8993F ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
23:32:27.0752 6780 afcdp - ok
23:32:27.0780 6780 [ 1AEA25F70F12ABB494A4E35E1D717414 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
23:32:27.0826 6780 afcdpsrv - ok
23:32:27.0832 6780 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
23:32:27.0845 6780 AFD - ok
23:32:27.0847 6780 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:32:27.0854 6780 agp440 - ok
23:32:27.0857 6780 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:32:27.0866 6780 ALG - ok
23:32:27.0869 6780 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
23:32:27.0875 6780 aliide - ok
23:32:27.0877 6780 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
23:32:27.0883 6780 amdide - ok
23:32:27.0886 6780 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:32:27.0894 6780 AmdK8 - ok
23:32:27.0896 6780 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:32:27.0905 6780 AmdPPM - ok
23:32:27.0908 6780 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:32:27.0916 6780 amdsata - ok
23:32:27.0920 6780 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:32:27.0928 6780 amdsbs - ok
23:32:27.0931 6780 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:32:27.0937 6780 amdxata - ok
23:32:27.0939 6780 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
23:32:27.0949 6780 androidusb - ok
23:32:27.0951 6780 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
23:32:27.0973 6780 AppID - ok
23:32:27.0975 6780 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:32:27.0998 6780 AppIDSvc - ok
23:32:28.0000 6780 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
23:32:28.0022 6780 Appinfo - ok
23:32:28.0025 6780 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
23:32:28.0032 6780 arc - ok
23:32:28.0035 6780 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:32:28.0042 6780 arcsas - ok
23:32:28.0045 6780 [ 6053C47F327C78F7176D2797BBFA8348 ] ArvoFltr C:\Windows\system32\drivers\ArvoFltr.sys
23:32:28.0052 6780 ArvoFltr - ok
23:32:28.0060 6780 [ 6E3F4538B33BC19259E99BE1826286A3 ] asComSvc C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
23:32:28.0075 6780 asComSvc - ok
23:32:28.0083 6780 [ A63173897EA1A73A75D0E65036DE5B15 ] asHmComSvc C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
23:32:28.0098 6780 asHmComSvc - ok
23:32:28.0101 6780 [ FEF9DD9EA587F8886ADE43C1BEFBDAFE ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
23:32:28.0106 6780 AsIO - ok
23:32:28.0109 6780 [ 0AA7A996792FB0287B33A57A8093AE44 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
23:32:28.0118 6780 asmthub3 - ok
23:32:28.0123 6780 [ 125DC3ABF5BFCCFE82AD17D078E0B9EC ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
23:32:28.0135 6780 asmtxhci - ok
23:32:28.0142 6780 [ 5C31DFB196CB3A488A041881634D86D2 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
23:32:28.0153 6780 AsSysCtrlService - ok
23:32:28.0156 6780 [ 1392B92179B07B672720763D9B1028A5 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
23:32:28.0161 6780 AsUpIO - ok
23:32:28.0163 6780 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
23:32:28.0169 6780 aswFsBlk - ok
23:32:28.0173 6780 [ 7B922B13ACFF9E4FBA24A6EACC417B78 ] aswFW C:\Windows\system32\drivers\aswFW.sys
23:32:28.0180 6780 aswFW - ok
23:32:28.0182 6780 [ F146F83E8F7AC22BD011D5942E4C155C ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
23:32:28.0188 6780 aswKbd - ok
23:32:28.0191 6780 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
23:32:28.0197 6780 aswMonFlt - ok
23:32:28.0199 6780 [ 518B8D447A1975AB46DA093A2E743256 ] aswNdis C:\Windows\system32\DRIVERS\aswNdis.sys
23:32:28.0205 6780 aswNdis - ok
23:32:28.0209 6780 [ 5693F48725D83510C5C2A60DB4137D85 ] aswNdis2 C:\Windows\system32\drivers\aswNdis2.sys
23:32:28.0217 6780 aswNdis2 - ok
23:32:28.0220 6780 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
23:32:28.0226 6780 aswRdr - ok
23:32:28.0236 6780 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
23:32:28.0253 6780 aswSnx - ok
23:32:28.0258 6780 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
23:32:28.0268 6780 aswSP - ok
23:32:28.0270 6780 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
23:32:28.0277 6780 aswTdi - ok
23:32:28.0279 6780 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:32:28.0301 6780 AsyncMac - ok
23:32:28.0303 6780 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
23:32:28.0309 6780 atapi - ok
23:32:28.0318 6780 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:32:28.0346 6780 AudioEndpointBuilder - ok
23:32:28.0354 6780 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:32:28.0378 6780 AudioSrv - ok
23:32:28.0383 6780 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
23:32:28.0389 6780 avast! Antivirus - ok
23:32:28.0392 6780 [ DD4C61CB3CDBC8B0A7D2107C6944DC71 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
23:32:28.0399 6780 avast! Firewall - ok
23:32:28.0403 6780 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:32:28.0415 6780 AxInstSV - ok
23:32:28.0422 6780 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
23:32:28.0435 6780 b06bdrv - ok
23:32:28.0440 6780 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:32:28.0451 6780 b57nd60a - ok
23:32:28.0455 6780 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:32:28.0463 6780 BDESVC - ok
23:32:28.0465 6780 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:32:28.0487 6780 Beep - ok
23:32:28.0496 6780 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
23:32:28.0524 6780 BFE - ok
23:32:28.0534 6780 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
23:32:28.0566 6780 BITS - ok
23:32:28.0568 6780 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:32:28.0576 6780 blbdrive - ok
23:32:28.0579 6780 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:32:28.0587 6780 bowser - ok
23:32:28.0589 6780 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:32:28.0599 6780 BrFiltLo - ok
23:32:28.0601 6780 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:32:28.0609 6780 BrFiltUp - ok
23:32:28.0612 6780 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
23:32:28.0620 6780 Browser - ok
23:32:28.0625 6780 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:32:28.0635 6780 Brserid - ok
23:32:28.0638 6780 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:32:28.0648 6780 BrSerWdm - ok
23:32:28.0650 6780 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:32:28.0659 6780 BrUsbMdm - ok
23:32:28.0661 6780 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:32:28.0668 6780 BrUsbSer - ok
23:32:28.0671 6780 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:32:28.0681 6780 BTHMODEM - ok
23:32:28.0684 6780 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:32:28.0706 6780 bthserv - ok
23:32:28.0709 6780 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:32:28.0730 6780 cdfs - ok
23:32:28.0734 6780 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:32:28.0743 6780 cdrom - ok
23:32:28.0746 6780 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
23:32:28.0768 6780 CertPropSvc - ok
23:32:28.0770 6780 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:32:28.0780 6780 circlass - ok
23:32:28.0785 6780 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:32:28.0796 6780 CLFS - ok
23:32:28.0800 6780 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:32:28.0806 6780 clr_optimization_v2.0.50727_32 - ok
23:32:28.0811 6780 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:32:28.0817 6780 clr_optimization_v2.0.50727_64 - ok
23:32:28.0822 6780 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:32:28.0831 6780 clr_optimization_v4.0.30319_32 - ok
23:32:28.0836 6780 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:32:28.0843 6780 clr_optimization_v4.0.30319_64 - ok
23:32:28.0845 6780 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:32:28.0853 6780 CmBatt - ok
23:32:28.0855 6780 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:32:28.0861 6780 cmdide - ok
23:32:28.0867 6780 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
23:32:28.0884 6780 CNG - ok
23:32:28.0886 6780 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:32:28.0893 6780 Compbatt - ok
23:32:28.0895 6780 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:32:28.0905 6780 CompositeBus - ok
23:32:28.0906 6780 COMSysApp - ok
23:32:28.0909 6780 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:32:28.0916 6780 crcdisk - ok
23:32:28.0920 6780 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:32:28.0929 6780 CryptSvc - ok
23:32:28.0937 6780 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:32:28.0969 6780 DcomLaunch - ok
23:32:28.0975 6780 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:32:28.0999 6780 defragsvc - ok
23:32:29.0003 6780 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:32:29.0031 6780 DfsC - ok
23:32:29.0037 6780 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
23:32:29.0062 6780 Dhcp - ok
23:32:29.0064 6780 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:32:29.0086 6780 discache - ok
23:32:29.0088 6780 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:32:29.0095 6780 Disk - ok
23:32:29.0099 6780 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:32:29.0109 6780 Dnscache - ok
23:32:29.0113 6780 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:32:29.0137 6780 dot3svc - ok
23:32:29.0140 6780 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
23:32:29.0163 6780 DPS - ok
23:32:29.0168 6780 [ 75B1CDF212C3F081AD4C93597649C8E9 ] DragonSvc C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
23:32:29.0175 6780 DragonSvc - ok
23:32:29.0178 6780 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:32:29.0187 6780 drmkaud - ok
23:32:29.0199 6780 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:32:29.0218 6780 DXGKrnl - ok
23:32:29.0221 6780 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:32:29.0244 6780 EapHost - ok
23:32:29.0278 6780 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
23:32:29.0318 6780 ebdrv - ok
23:32:29.0321 6780 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
23:32:29.0330 6780 EFS - ok
23:32:29.0338 6780 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:32:29.0352 6780 ehRecvr - ok
23:32:29.0355 6780 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:32:29.0364 6780 ehSched - ok
23:32:29.0371 6780 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:32:29.0384 6780 elxstor - ok
23:32:29.0387 6780 [ 9EAFB3B3B60B8AD958985152A9309ACA ] epmntdrv C:\Windows\system32\epmntdrv.sys
23:32:29.0392 6780 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
23:32:29.0392 6780 epmntdrv - detected UnsignedFile.Multi.Generic (1)
23:32:29.0395 6780 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:32:29.0402 6780 ErrDev - ok
23:32:29.0406 6780 [ FB949ED2C93C878A189039F3D7730942 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys
23:32:29.0411 6780 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
23:32:29.0411 6780 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
23:32:29.0418 6780 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:32:29.0443 6780 EventSystem - ok
23:32:29.0446 6780 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:32:29.0470 6780 exfat - ok
23:32:29.0474 6780 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:32:29.0497 6780 fastfat - ok
23:32:29.0504 6780 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
23:32:29.0518 6780 Fax - ok
23:32:29.0521 6780 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:32:29.0529 6780 fdc - ok
23:32:29.0531 6780 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:32:29.0553 6780 fdPHost - ok
23:32:29.0556 6780 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:32:29.0579 6780 FDResPub - ok
23:32:29.0581 6780 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:32:29.0588 6780 FileInfo - ok
23:32:29.0590 6780 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:32:29.0613 6780 Filetrace - ok
23:32:29.0615 6780 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:32:29.0623 6780 flpydisk - ok
23:32:29.0628 6780 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:32:29.0637 6780 FltMgr - ok
23:32:29.0641 6780 [ F0CC1A9106F9FB0F704F6ED95622B43E ] fltsrv C:\Windows\system32\DRIVERS\fltsrv.sys
23:32:29.0648 6780 fltsrv - ok
23:32:29.0661 6780 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
23:32:29.0681 6780 FontCache - ok
23:32:29.0684 6780 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:32:29.0689 6780 FontCache3.0.0.0 - ok
23:32:29.0692 6780 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:32:29.0699 6780 FsDepends - ok
23:32:29.0701 6780 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:32:29.0707 6780 Fs_Rec - ok
23:32:29.0711 6780 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:32:29.0722 6780 fvevol - ok
23:32:29.0724 6780 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:32:29.0731 6780 gagp30kx - ok
23:32:29.0734 6780 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:32:29.0739 6780 GEARAspiWDM - ok
23:32:29.0742 6780 [ 16C2A6BCDDA8952C2035DEC861492A19 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
23:32:29.0747 6780 ggflt - ok
23:32:29.0749 6780 [ 6B503DF845EABF3457E49FBBDA26C10E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
23:32:29.0755 6780 ggsemc - ok
23:32:29.0765 6780 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
23:32:29.0795 6780 gpsvc - ok
23:32:29.0799 6780 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:32:29.0805 6780 gupdate - ok
23:32:29.0807 6780 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:32:29.0812 6780 gupdatem - ok
23:32:29.0816 6780 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:32:29.0822 6780 gusvc - ok
23:32:29.0825 6780 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:32:29.0832 6780 hcw85cir - ok
23:32:29.0838 6780 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:32:29.0849 6780 HdAudAddService - ok
23:32:29.0853 6780 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
23:32:29.0863 6780 HDAudBus - ok
23:32:29.0865 6780 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:32:29.0873 6780 HidBatt - ok
23:32:29.0876 6780 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:32:29.0886 6780 HidBth - ok
23:32:29.0889 6780 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:32:29.0898 6780 HidIr - ok
23:32:29.0900 6780 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
23:32:29.0923 6780 hidserv - ok
23:32:29.0925 6780 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
23:32:29.0933 6780 HidUsb - ok
23:32:30.0088 6780 [ 189B10A8C06A8E3BFA570F45EF450C13 ] HiPatchService g:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
23:32:30.0093 6780 HiPatchService ( UnsignedFile.Multi.Generic ) - warning
23:32:30.0093 6780 HiPatchService - detected UnsignedFile.Multi.Generic (1)
23:32:30.0096 6780 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:32:30.0122 6780 hkmsvc - ok
23:32:30.0126 6780 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:32:30.0137 6780 HomeGroupListener - ok
23:32:30.0141 6780 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:32:30.0153 6780 HomeGroupProvider - ok
23:32:30.0155 6780 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:32:30.0163 6780 HpSAMD - ok
23:32:30.0171 6780 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:32:30.0199 6780 HTTP - ok
23:32:30.0202 6780 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:32:30.0208 6780 hwpolicy - ok
23:32:30.0211 6780 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:32:30.0220 6780 i8042prt - ok
23:32:30.0227 6780 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
23:32:30.0237 6780 iaStor - ok
23:32:30.0240 6780 [ E79A8E33BD136D14BAE1FA20EB2EF124 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:32:30.0245 6780 IAStorDataMgrSvc - ok
23:32:30.0252 6780 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:32:30.0264 6780 iaStorV - ok
23:32:30.0273 6780 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:32:30.0288 6780 idsvc - ok
23:32:30.0291 6780 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:32:30.0298 6780 iirsp - ok
23:32:30.0309 6780 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
23:32:30.0340 6780 IKEEXT - ok
23:32:30.0386 6780 [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:32:30.0444 6780 IntcAzAudAddService - ok
23:32:30.0447 6780 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
23:32:30.0453 6780 intelide - ok
23:32:30.0456 6780 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:32:30.0463 6780 intelppm - ok
23:32:30.0466 6780 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:32:30.0489 6780 IPBusEnum - ok
23:32:30.0492 6780 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:32:30.0514 6780 IpFilterDriver - ok
23:32:30.0521 6780 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:32:30.0548 6780 iphlpsvc - ok
23:32:30.0551 6780 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:32:30.0560 6780 IPMIDRV - ok
23:32:30.0563 6780 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:32:30.0586 6780 IPNAT - ok
23:32:30.0595 6780 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:32:30.0610 6780 iPod Service - ok
23:32:30.0612 6780 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:32:30.0623 6780 IRENUM - ok
23:32:30.0625 6780 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:32:30.0632 6780 isapnp - ok
23:32:30.0636 6780 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:32:30.0645 6780 iScsiPrt - ok
23:32:30.0647 6780 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:32:30.0654 6780 kbdclass - ok
23:32:30.0656 6780 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:32:30.0664 6780 kbdhid - ok
23:32:30.0666 6780 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
23:32:30.0674 6780 KeyIso - ok
23:32:30.0676 6780 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:32:30.0684 6780 KSecDD - ok
23:32:30.0687 6780 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:32:30.0694 6780 KSecPkg - ok
23:32:30.0697 6780 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:32:30.0719 6780 ksthunk - ok
23:32:30.0723 6780 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:32:30.0749 6780 KtmRm - ok
23:32:30.0753 6780 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:32:30.0778 6780 LanmanServer - ok
23:32:30.0781 6780 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:32:30.0806 6780 LanmanWorkstation - ok
23:32:30.0809 6780 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:32:30.0831 6780 lltdio - ok
23:32:30.0835 6780 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:32:30.0860 6780 lltdsvc - ok
23:32:30.0862 6780 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:32:30.0885 6780 lmhosts - ok
23:32:30.0889 6780 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:32:30.0896 6780 LSI_FC - ok
23:32:30.0899 6780 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:32:30.0906 6780 LSI_SAS - ok
23:32:30.0908 6780 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:32:30.0915 6780 LSI_SAS2 - ok
23:32:30.0918 6780 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:32:30.0925 6780 LSI_SCSI - ok
23:32:30.0928 6780 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:32:30.0950 6780 luafv - ok
23:32:30.0953 6780 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
23:32:30.0960 6780 MBAMProtector - ok
23:32:31.0042 6780 [ 43683E970F008C93C9429EF428147A54 ] MBAMService f:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:32:31.0053 6780 MBAMService - ok
23:32:31.0057 6780 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:32:31.0067 6780 Mcx2Svc - ok
23:32:31.0069 6780 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:32:31.0076 6780 megasas - ok
23:32:31.0080 6780 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:32:31.0090 6780 MegaSR - ok
23:32:31.0092 6780 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:32:31.0116 6780 MMCSS - ok
23:32:31.0119 6780 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:32:31.0142 6780 Modem - ok
23:32:31.0144 6780 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:32:31.0153 6780 monitor - ok
23:32:31.0156 6780 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:32:31.0163 6780 mouclass - ok
23:32:31.0166 6780 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:32:31.0174 6780 mouhid - ok
23:32:31.0177 6780 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:32:31.0184 6780 mountmgr - ok
23:32:31.0188 6780 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:32:31.0194 6780 MozillaMaintenance - ok
23:32:31.0198 6780 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
23:32:31.0206 6780 mpio - ok
23:32:31.0209 6780 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:32:31.0232 6780 mpsdrv - ok
23:32:31.0242 6780 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:32:31.0273 6780 MpsSvc - ok
23:32:31.0276 6780 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:32:31.0288 6780 MRxDAV - ok
23:32:31.0292 6780 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:32:31.0301 6780 mrxsmb - ok
23:32:31.0306 6780 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:32:31.0317 6780 mrxsmb10 - ok
23:32:31.0320 6780 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:32:31.0328 6780 mrxsmb20 - ok
23:32:31.0330 6780 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
23:32:31.0337 6780 msahci - ok
23:32:31.0342 6780 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:32:31.0351 6780 msdsm - ok
23:32:31.0354 6780 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:32:31.0364 6780 MSDTC - ok
23:32:31.0368 6780 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:32:31.0389 6780 Msfs - ok
23:32:31.0391 6780 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:32:31.0413 6780 mshidkmdf - ok
23:32:31.0415 6780 MSICDSetup - ok
23:32:31.0417 6780 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:32:31.0423 6780 msisadrv - ok
23:32:31.0426 6780 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:32:31.0450 6780 MSiSCSI - ok
23:32:31.0452 6780 msiserver - ok
23:32:31.0455 6780 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:32:31.0476 6780 MSKSSRV - ok
23:32:31.0478 6780 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:32:31.0499 6780 MSPCLOCK - ok
23:32:31.0502 6780 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:32:31.0524 6780 MSPQM - ok
23:32:31.0529 6780 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:32:31.0540 6780 MsRPC - ok
23:32:31.0543 6780 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:32:31.0550 6780 mssmbios - ok
23:32:31.0552 6780 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:32:31.0574 6780 MSTEE - ok
23:32:31.0576 6780 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:32:31.0583 6780 MTConfig - ok
23:32:31.0586 6780 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:32:31.0593 6780 Mup - ok
23:32:31.0599 6780 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
23:32:31.0627 6780 napagent - ok
23:32:31.0633 6780 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:32:31.0648 6780 NativeWifiP - ok
23:32:31.0660 6780 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
23:32:31.0678 6780 NDIS - ok
23:32:31.0680 6780 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:32:31.0702 6780 NdisCap - ok
23:32:31.0704 6780 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:32:31.0726 6780 NdisTapi - ok
23:32:31.0729 6780 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:32:31.0751 6780 Ndisuio - ok
23:32:31.0755 6780 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:32:31.0778 6780 NdisWan - ok
23:32:31.0780 6780 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:32:31.0801 6780 NDProxy - ok
23:32:31.0803 6780 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:32:31.0826 6780 NetBIOS - ok
23:32:31.0830 6780 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:32:31.0853 6780 NetBT - ok
23:32:31.0855 6780 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
23:32:31.0863 6780 Netlogon - ok
23:32:31.0868 6780 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:32:31.0894 6780 Netman - ok
23:32:31.0900 6780 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:32:31.0927 6780 netprofm - ok
23:32:31.0944 6780 [ 8EA8424621A537A57DA63473B5D4CEE2 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
23:32:31.0967 6780 netr28ux - ok
23:32:31.0970 6780 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:32:31.0976 6780 NetTcpPortSharing - ok
23:32:31.0979 6780 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:32:31.0986 6780 nfrd960 - ok
23:32:31.0991 6780 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:32:32.0016 6780 NlaSvc - ok
23:32:32.0020 6780 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:32:32.0041 6780 Npfs - ok
23:32:32.0043 6780 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:32:32.0066 6780 nsi - ok
23:32:32.0068 6780 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:32:32.0089 6780 nsiproxy - ok
23:32:32.0108 6780 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:32:32.0134 6780 Ntfs - ok
23:32:32.0137 6780 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:32:32.0158 6780 Null - ok
23:32:32.0162 6780 [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
23:32:32.0170 6780 NVHDA - ok
23:32:32.0324 6780 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:32:32.0520 6780 nvlddmkm - ok
23:32:32.0527 6780 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:32:32.0535 6780 nvraid - ok
23:32:32.0539 6780 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:32:32.0547 6780 nvstor - ok
23:32:32.0558 6780 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] NVSvc C:\Windows\system32\nvvsvc.exe
23:32:32.0577 6780 NVSvc - ok
23:32:32.0588 6780 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:32:32.0608 6780 nvUpdatusService - ok
23:32:32.0611 6780 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:32:32.0618 6780 nv_agp - ok
23:32:32.0621 6780 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:32:32.0630 6780 ohci1394 - ok
23:32:32.0635 6780 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:32:32.0648 6780 p2pimsvc - ok
23:32:32.0654 6780 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:32:32.0667 6780 p2psvc - ok
23:32:32.0669 6780 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:32:32.0678 6780 Parport - ok
23:32:32.0681 6780 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:32:32.0688 6780 partmgr - ok
23:32:32.0691 6780 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:32:32.0704 6780 PcaSvc - ok
23:32:32.0708 6780 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
23:32:32.0717 6780 pci - ok
23:32:32.0719 6780 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
23:32:32.0725 6780 pciide - ok
23:32:32.0729 6780 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:32:32.0738 6780 pcmcia - ok
23:32:32.0741 6780 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:32:32.0748 6780 pcw - ok
23:32:32.0754 6780 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:32:32.0782 6780 PEAUTH - ok
23:32:32.0803 6780 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:32:32.0813 6780 PerfHost - ok
23:32:32.0831 6780 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
23:32:32.0867 6780 pla - ok
23:32:32.0873 6780 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:32:32.0886 6780 PlugPlay - ok
23:32:32.0888 6780 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:32:32.0898 6780 PNRPAutoReg - ok
23:32:32.0902 6780 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:32:32.0913 6780 PNRPsvc - ok
23:32:32.0919 6780 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:32:32.0946 6780 PolicyAgent - ok
23:32:32.0951 6780 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:32:32.0976 6780 Power - ok
23:32:32.0979 6780 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:32:33.0001 6780 PptpMiniport - ok
23:32:33.0004 6780 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:32:33.0013 6780 Processor - ok
23:32:33.0017 6780 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
23:32:33.0029 6780 ProfSvc - ok
23:32:33.0031 6780 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:32:33.0039 6780 ProtectedStorage - ok
23:32:33.0042 6780 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:32:33.0064 6780 Psched - ok
23:32:33.0067 6780 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
23:32:33.0073 6780 PSI - ok
23:32:33.0089 6780 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:32:33.0115 6780 ql2300 - ok
23:32:33.0118 6780 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:32:33.0126 6780 ql40xx - ok
23:32:33.0130 6780 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:32:33.0145 6780 QWAVE - ok
23:32:33.0147 6780 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:32:33.0159 6780 QWAVEdrv - ok
23:32:33.0270 6780 [ B40AA9BE30D62B288DBF4AAA83FB2A49 ] Radio.fx E:\Tobit Radio.fx\Server\rfx-server.exe
23:32:33.0316 6780 Radio.fx - ok
23:32:33.0320 6780 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:32:33.0342 6780 RasAcd - ok
23:32:33.0345 6780 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:32:33.0367 6780 RasAgileVpn - ok
23:32:33.0370 6780 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:32:33.0394 6780 RasAuto - ok
23:32:33.0397 6780 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:32:33.0419 6780 Rasl2tp - ok
23:32:33.0425 6780 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
23:32:33.0451 6780 RasMan - ok
23:32:33.0454 6780 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:32:33.0477 6780 RasPppoe - ok
23:32:33.0479 6780 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:32:33.0501 6780 RasSstp - ok
23:32:33.0506 6780 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:32:33.0531 6780 rdbss - ok
23:32:33.0533 6780 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:32:33.0543 6780 rdpbus - ok
23:32:33.0545 6780 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:32:33.0566 6780 RDPCDD - ok
23:32:33.0569 6780 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:32:33.0590 6780 RDPENCDD - ok
23:32:33.0592 6780 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:32:33.0613 6780 RDPREFMP - ok
23:32:33.0617 6780 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:32:33.0626 6780 RDPWD - ok
23:32:33.0630 6780 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:32:33.0639 6780 rdyboost - ok
23:32:33.0643 6780 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:32:33.0667 6780 RemoteAccess - ok
23:32:33.0670 6780 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:32:33.0694 6780 RemoteRegistry - ok
23:32:33.0697 6780 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:32:33.0720 6780 RpcEptMapper - ok
23:32:33.0722 6780 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:32:33.0731 6780 RpcLocator - ok
23:32:33.0737 6780 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
23:32:33.0763 6780 RpcSs - ok
23:32:33.0766 6780 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:32:33.0788 6780 rspndr - ok
23:32:33.0794 6780 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
23:32:33.0805 6780 RTL8167 - ok
23:32:33.0807 6780 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
23:32:33.0815 6780 SamSs - ok
23:32:33.0818 6780 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:32:33.0825 6780 sbp2port - ok
23:32:33.0829 6780 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:32:33.0854 6780 SCardSvr - ok
23:32:33.0856 6780 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:32:33.0878 6780 scfilter - ok
23:32:33.0890 6780 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
23:32:33.0922 6780 Schedule - ok
23:32:33.0925 6780 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:32:33.0946 6780 SCPolicySvc - ok
23:32:33.0949 6780 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:32:33.0959 6780 SDRSVC - ok
23:32:33.0962 6780 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:32:33.0983 6780 secdrv - ok
23:32:33.0986 6780 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
23:32:34.0007 6780 seclogon - ok
23:32:34.0019 6780 [ F70A51EB03EE7046784EF62EFCE9528E ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
23:32:34.0038 6780 Secunia PSI Agent - ok
23:32:34.0045 6780 [ AD56CEB08EEB517332355FDE9E5939C8 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
23:32:34.0056 6780 Secunia Update Agent - ok
23:32:34.0059 6780 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
23:32:34.0083 6780 SENS - ok
23:32:34.0085 6780 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:32:34.0094 6780 SensrSvc - ok
23:32:34.0096 6780 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:32:34.0105 6780 Serenum - ok
23:32:34.0107 6780 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:32:34.0115 6780 Serial - ok
23:32:34.0118 6780 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:32:34.0126 6780 sermouse - ok
23:32:34.0131 6780 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
23:32:34.0155 6780 SessionEnv - ok
23:32:34.0158 6780 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:32:34.0167 6780 sffdisk - ok
23:32:34.0169 6780 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:32:34.0179 6780 sffp_mmc - ok
23:32:34.0181 6780 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:32:34.0190 6780 sffp_sd - ok
23:32:34.0192 6780 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:32:34.0200 6780 sfloppy - ok
23:32:34.0204 6780 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:32:34.0229 6780 SharedAccess - ok
23:32:34.0234 6780 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:32:34.0260 6780 ShellHWDetection - ok
23:32:34.0263 6780 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:32:34.0270 6780 SiSRaid2 - ok
23:32:34.0272 6780 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:32:34.0279 6780 SiSRaid4 - ok
23:32:34.0282 6780 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:32:34.0304 6780 Smb - ok
23:32:34.0311 6780 [ FDB6E127DF739D4911319F0C8D339CAF ] snapman C:\Windows\system32\DRIVERS\snapman.sys
23:32:34.0320 6780 snapman - ok
23:32:34.0323 6780 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:32:34.0333 6780 SNMPTRAP - ok
23:32:34.0338 6780 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
23:32:34.0344 6780 Sony PC Companion - ok
23:32:34.0346 6780 [ 7455ED832A33FEF453407F5411C3342D ] speedfan C:\Windows\syswow64\speedfan.sys
23:32:34.0353 6780 speedfan - ok
23:32:34.0355 6780 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:32:34.0362 6780 spldr - ok
23:32:34.0368 6780 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
23:32:34.0381 6780 Spooler - ok
23:32:34.0417 6780 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
23:32:34.0474 6780 sppsvc - ok
23:32:34.0477 6780 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:32:34.0500 6780 sppuinotify - ok
23:32:34.0507 6780 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
23:32:34.0520 6780 srv - ok
23:32:34.0525 6780 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:32:34.0537 6780 srv2 - ok
23:32:34.0540 6780 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:32:34.0550 6780 srvnet - ok
23:32:34.0554 6780 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
23:32:34.0565 6780 ssadbus - ok
23:32:34.0568 6780 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
23:32:34.0576 6780 ssadmdfl - ok
23:32:34.0580 6780 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
23:32:34.0591 6780 ssadmdm - ok
23:32:34.0594 6780 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
23:32:34.0604 6780 ssadserd - ok
23:32:34.0608 6780 [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
23:32:34.0616 6780 sscdbus - ok
23:32:34.0618 6780 [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
23:32:34.0624 6780 sscdmdfl - ok
23:32:34.0627 6780 [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
23:32:34.0634 6780 sscdmdm - ok
23:32:34.0638 6780 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:32:34.0663 6780 SSDPSRV - ok
23:32:34.0665 6780 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:32:34.0689 6780 SstpSvc - ok
23:32:34.0691 6780 Steam Client Service - ok
23:32:34.0697 6780 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
23:32:34.0706 6780 Stereo Service - ok
23:32:34.0709 6780 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:32:34.0716 6780 stexstor - ok
23:32:34.0723 6780 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
23:32:34.0742 6780 stisvc - ok
23:32:34.0744 6780 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
23:32:34.0751 6780 swenum - ok
23:32:34.0757 6780 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:32:34.0786 6780 swprv - ok
23:32:34.0836 6780 [ A214C8AA6A6C06C9DBAB1310E38DAB4A ] syncagentsrv C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
23:32:34.0912 6780 syncagentsrv - ok
23:32:34.0932 6780 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
23:32:34.0962 6780 SysMain - ok
23:32:34.0965 6780 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:32:34.0978 6780 TabletInputService - ok
23:32:34.0983 6780 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:32:35.0010 6780 TapiSrv - ok
23:32:35.0013 6780 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:32:35.0037 6780 TBS - ok
23:32:35.0052 6780 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:32:35.0079 6780 Tcpip - ok
23:32:35.0095 6780 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:32:35.0119 6780 TCPIP6 - ok
23:32:35.0123 6780 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:32:35.0145 6780 tcpipreg - ok
23:32:35.0148 6780 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:32:35.0155 6780 TDPIPE - ok
23:32:35.0167 6780 [ 843DAFC2CD4ED5D57FA40FD2000C6296 ] tdrpman C:\Windows\system32\DRIVERS\tdrpman.sys
23:32:35.0187 6780 tdrpman - ok
23:32:35.0190 6780 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:32:35.0198 6780 TDTCP - ok
23:32:35.0201 6780 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:32:35.0224 6780 tdx - ok
23:32:35.0227 6780 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
23:32:35.0234 6780 TermDD - ok
23:32:35.0241 6780 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
23:32:35.0271 6780 TermService - ok
23:32:35.0274 6780 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:32:35.0286 6780 Themes - ok
23:32:35.0289 6780 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:32:35.0310 6780 THREADORDER - ok
23:32:35.0319 6780 [ 31C9790525705B292F3B30F6676873CD ] tib_mounter C:\Windows\system32\DRIVERS\tib_mounter.sys
23:32:35.0337 6780 tib_mounter - ok
23:32:35.0386 6780 [ E9CA6ED72EA9F56BD6E98C7042092A1C ] TomTomHOMEService E:\Tom\TomTom HOME 2\TomTomHOMEService.exe
23:32:35.0392 6780 TomTomHOMEService - ok
23:32:35.0395 6780 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:32:35.0421 6780 TrkWks - ok
23:32:35.0426 6780 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:32:35.0449 6780 TrustedInstaller - ok
23:32:35.0452 6780 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:32:35.0474 6780 tssecsrv - ok
23:32:35.0477 6780 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:32:35.0485 6780 TsUsbFlt - ok
23:32:35.0510 6780 [ 811A229718C85356BC81EB20F35EB7F6 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
23:32:35.0535 6780 TuneUp.UtilitiesSvc - ok
23:32:35.0538 6780 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
23:32:35.0544 6780 TuneUpUtilitiesDrv - ok
23:32:35.0547 6780 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:32:35.0570 6780 tunnel - ok
23:32:35.0572 6780 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:32:35.0579 6780 uagp35 - ok
23:32:35.0585 6780 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:32:35.0609 6780 udfs - ok
23:32:35.0613 6780 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:32:35.0624 6780 UI0Detect - ok
23:32:35.0626 6780 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:32:35.0633 6780 uliagpkx - ok
23:32:35.0635 6780 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:32:35.0644 6780 umbus - ok
23:32:35.0646 6780 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:32:35.0653 6780 UmPass - ok
23:32:35.0660 6780 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:32:35.0687 6780 upnphost - ok
23:32:35.0690 6780 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:32:35.0699 6780 usbccgp - ok
23:32:35.0701 6780 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:32:35.0711 6780 usbcir - ok
23:32:35.0714 6780 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
23:32:35.0722 6780 usbehci - ok
23:32:35.0727 6780 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:32:35.0738 6780 usbhub - ok
23:32:35.0741 6780 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:32:35.0748 6780 usbohci - ok
23:32:35.0751 6780 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:32:35.0761 6780 usbprint - ok
23:32:35.0763 6780 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:32:35.0771 6780 USBSTOR - ok
23:32:35.0774 6780 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:32:35.0781 6780 usbuhci - ok
23:32:35.0784 6780 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
23:32:35.0794 6780 usb_rndisx - ok
23:32:35.0796 6780 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:32:35.0820 6780 UxSms - ok
23:32:35.0824 6780 [ 5BF180F7F7C2F68ED6D5777840270BCE ] UxTuneUp C:\Windows\System32\uxtuneup.dll
23:32:35.0830 6780 UxTuneUp - ok
23:32:35.0832 6780 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
23:32:35.0840 6780 VaultSvc - ok
23:32:35.0842 6780 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:32:35.0849 6780 vdrvroot - ok
23:32:35.0855 6780 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
23:32:35.0882 6780 vds - ok
23:32:35.0885 6780 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:32:35.0894 6780 vga - ok
23:32:35.0896 6780 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:32:35.0918 6780 VgaSave - ok
23:32:35.0921 6780 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:32:35.0930 6780 vhdmp - ok
23:32:35.0932 6780 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
23:32:35.0938 6780 viaide - ok
23:32:35.0942 6780 [ 927CBC96C4635F235301411E530FB56E ] vididr C:\Windows\system32\DRIVERS\vididr.sys
23:32:35.0950 6780 vididr - ok
23:32:35.0954 6780 [ 88B4E5C396003BCF479CA4D9BE851D57 ] vidsflt C:\Windows\system32\DRIVERS\vidsflt.sys
23:32:35.0961 6780 vidsflt - ok
23:32:35.0964 6780 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:32:35.0971 6780 volmgr - ok
23:32:35.0975 6780 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:32:35.0986 6780 volmgrx - ok
23:32:35.0990 6780 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:32:36.0000 6780 volsnap - ok
23:32:36.0004 6780 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:32:36.0012 6780 vsmraid - ok
23:32:36.0032 6780 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
23:32:36.0069 6780 VSS - ok
23:32:36.0071 6780 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:32:36.0081 6780 vwifibus - ok
23:32:36.0084 6780 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:32:36.0095 6780 vwififlt - ok
23:32:36.0101 6780 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:32:36.0127 6780 W32Time - ok
23:32:36.0131 6780 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:32:36.0139 6780 WacomPen - ok
23:32:36.0142 6780 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:32:36.0164 6780 WANARP - ok
23:32:36.0166 6780 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:32:36.0186 6780 Wanarpv6 - ok
23:32:36.0202 6780 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
23:32:36.0226 6780 wbengine - ok
23:32:36.0231 6780 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:32:36.0245 6780 WbioSrvc - ok
23:32:36.0251 6780 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:32:36.0267 6780 wcncsvc - ok
23:32:36.0269 6780 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:32:36.0278 6780 WcsPlugInService - ok
23:32:36.0280 6780 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:32:36.0287 6780 Wd - ok
23:32:36.0294 6780 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:32:36.0308 6780 Wdf01000 - ok
23:32:36.0311 6780 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:32:36.0325 6780 WdiServiceHost - ok
23:32:36.0327 6780 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:32:36.0339 6780 WdiSystemHost - ok
23:32:36.0343 6780 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
23:32:36.0358 6780 WebClient - ok
23:32:36.0362 6780 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:32:36.0387 6780 Wecsvc - ok
23:32:36.0390 6780 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:32:36.0415 6780 wercplsupport - ok
23:32:36.0418 6780 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:32:36.0442 6780 WerSvc - ok
23:32:36.0444 6780 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:32:36.0465 6780 WfpLwf - ok
23:32:36.0467 6780 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:32:36.0474 6780 WIMMount - ok
23:32:36.0475 6780 WinDefend - ok
23:32:36.0478 6780 WinHttpAutoProxySvc - ok
23:32:36.0485 6780 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:32:36.0530 6780 Winmgmt - ok
23:32:36.0553 6780 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
23:32:36.0595 6780 WinRM - ok
23:32:36.0601 6780 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:32:36.0610 6780 WinUsb - ok
23:32:36.0621 6780 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:32:36.0642 6780 Wlansvc - ok
23:32:36.0645 6780 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:32:36.0653 6780 WmiAcpi - ok
23:32:36.0658 6780 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:32:36.0668 6780 wmiApSrv - ok
23:32:36.0670 6780 WMPNetworkSvc - ok
23:32:36.0673 6780 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:32:36.0683 6780 WPCSvc - ok
23:32:36.0685 6780 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:32:36.0696 6780 WPDBusEnum - ok
23:32:36.0698 6780 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:32:36.0721 6780 ws2ifsl - ok
23:32:36.0724 6780 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
23:32:36.0738 6780 wscsvc - ok
23:32:36.0740 6780 WSearch - ok
23:32:36.0759 6780 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
23:32:36.0793 6780 wuauserv - ok
23:32:36.0796 6780 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:32:36.0818 6780 WudfPf - ok
23:32:36.0823 6780 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:32:36.0847 6780 WUDFRd - ok
23:32:36.0849 6780 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:32:36.0872 6780 wudfsvc - ok
23:32:36.0877 6780 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:32:36.0891 6780 WwanSvc - ok
23:32:36.0895 6780 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
23:32:36.0902 6780 xusb21 - ok
23:32:36.0907 6780 ================ Scan global ===============================
23:32:36.0909 6780 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:32:36.0913 6780 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
23:32:36.0920 6780 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
23:32:36.0924 6780 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:32:36.0931 6780 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:32:36.0936 6780 [Global] - ok
23:32:36.0936 6780 ================ Scan MBR ==================================
23:32:36.0937 6780 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:32:37.0010 6780 \Device\Harddisk0\DR0 - ok
23:32:37.0028 6780 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
23:32:37.0089 6780 \Device\Harddisk1\DR1 - ok
23:32:37.0132 6780 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
23:32:37.0216 6780 \Device\Harddisk2\DR2 - ok
23:32:37.0237 6780 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR3
23:32:37.0386 6780 \Device\Harddisk3\DR3 - ok
23:32:37.0387 6780 ================ Scan VBR ==================================
23:32:37.0389 6780 [ 2CD688033A15C496DFD915757A45D467 ] \Device\Harddisk0\DR0\Partition1
23:32:37.0390 6780 \Device\Harddisk0\DR0\Partition1 - ok
23:32:37.0392 6780 [ 78CB68DC44C1050DA8B297C63C4BD557 ] \Device\Harddisk0\DR0\Partition2
23:32:37.0393 6780 \Device\Harddisk0\DR0\Partition2 - ok
23:32:37.0419 6780 [ 14688257992FA9FC364EC3E5F2F762F6 ] \Device\Harddisk1\DR1\Partition1
23:32:37.0420 6780 \Device\Harddisk1\DR1\Partition1 - ok
23:32:37.0422 6780 [ C78FB5917532E13676A13642325FA6C7 ] \Device\Harddisk1\DR1\Partition2
23:32:37.0423 6780 \Device\Harddisk1\DR1\Partition2 - ok
23:32:37.0445 6780 [ 0575101A000DA4E81CEC6784ED3EFEB5 ] \Device\Harddisk1\DR1\Partition3
23:32:37.0446 6780 \Device\Harddisk1\DR1\Partition3 - ok
23:32:37.0449 6780 [ F6586B70B897909AE7F06EE64F102F76 ] \Device\Harddisk2\DR2\Partition1
23:32:37.0450 6780 \Device\Harddisk2\DR2\Partition1 - ok
23:32:37.0475 6780 [ 0CDC909D008228143B0C125A28E9695E ] \Device\Harddisk2\DR2\Partition2
23:32:37.0476 6780 \Device\Harddisk2\DR2\Partition2 - ok
23:32:37.0478 6780 [ 200A877FEA0FD5F5F0D2DB58D268FA21 ] \Device\Harddisk2\DR2\Partition3
23:32:37.0479 6780 \Device\Harddisk2\DR2\Partition3 - ok
23:32:37.0481 6780 [ A54E002D8CCD9E8AB3B230F71D70D9C1 ] \Device\Harddisk3\DR3\Partition1
23:32:37.0482 6780 \Device\Harddisk3\DR3\Partition1 - ok
23:32:37.0505 6780 [ 7D5CBD54740DEDB2A8E5B8E2E8F80484 ] \Device\Harddisk3\DR3\Partition2
23:32:37.0507 6780 \Device\Harddisk3\DR3\Partition2 - ok
23:32:37.0509 6780 [ F04E10B237C61EE22FB2CF22F2F85C44 ] \Device\Harddisk3\DR3\Partition3
23:32:37.0511 6780 \Device\Harddisk3\DR3\Partition3 - ok
23:32:37.0511 6780 ============================================================
23:32:37.0511 6780 Scan finished
23:32:37.0511 6780 ============================================================
23:32:37.0516 8072 Detected object count: 3
23:32:37.0516 8072 Actual detected object count: 3
23:33:28.0519 8072 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
23:33:28.0519 8072 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:33:28.0520 8072 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
23:33:28.0520 8072 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:33:28.0521 8072 HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
23:33:28.0521 8072 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
12.09.2012, 00:13
| #21 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Exploit.Java.CVE-2012-1723.dg in Firefox-Ordner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ --> Exploit.Java.CVE-2012-1723.dg in Firefox-Ordner |
|
12.09.2012, 00:51
| #22 |
| | Exploit.Java.CVE-2012-1723.dg in Firefox-OrdnerCode:
ATTFilter ComboFix 12-09-11.02 - *** 12.09.2012 1:37.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8159.6500 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\FlashPlayerInstaller.exe
c:\windows\SysWow64\muzapp.exe
H:\install.exe
I:\SETUP.EXE
J:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-11 bis 2012-09-11 ))))))))))))))))))))))))))))))
.
.
2012-09-11 16:02 . 2012-09-11 16:02 -------- d-----w- C:\_OTL
2012-09-05 17:29 . 2012-09-05 17:29 -------- d-----w- c:\program files (x86)\ESET
2012-09-03 21:21 . 2012-09-05 15:24 -------- d-----w- c:\programdata\Kaspersky Lab
2012-09-03 08:20 . 2012-09-03 08:20 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-02 23:09 . 2012-09-02 23:09 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-02 23:09 . 2012-09-02 23:09 289768 ----a-w- c:\windows\system32\javaws.exe
2012-09-02 23:09 . 2012-09-02 23:09 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-02 23:09 . 2012-09-02 23:09 189416 ----a-w- c:\windows\system32\javaw.exe
2012-09-02 23:09 . 2012-09-02 23:09 188904 ----a-w- c:\windows\system32\java.exe
2012-09-02 23:09 . 2012-09-02 23:09 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-02 23:09 . 2012-09-02 23:09 -------- d-----w- c:\program files\Java
2012-08-31 22:10 . 2012-03-13 17:18 2469760 ----a-w- c:\windows\SysWow64\BootMan.exe
2012-08-31 22:10 . 2012-03-13 17:05 3316736 ----a-w- c:\windows\system32\BootMan.exe
2012-08-31 22:10 . 2011-07-29 11:54 9096 ----a-w- c:\windows\system32\EuGdiDrv.sys
2012-08-31 22:10 . 2011-07-29 11:54 86408 ----a-w- c:\windows\SysWow64\setupempdrv03.exe
2012-08-31 22:10 . 2011-07-29 11:54 8456 ----a-w- c:\windows\SysWow64\EuGdiDrv.sys
2012-08-31 22:10 . 2011-07-29 11:54 16776 ----a-w- c:\windows\system32\epmntdrv.sys
2012-08-31 22:10 . 2011-07-29 11:54 14216 ----a-w- c:\windows\SysWow64\epmntdrv.sys
2012-08-31 22:10 . 2011-07-29 11:54 100232 ----a-w- c:\windows\system32\setupempdrvx64.exe
2012-08-31 22:10 . 2011-07-29 11:54 19840 ----a-w- c:\windows\SysWow64\EuEpmGdi.dll
2012-08-31 22:10 . 2011-07-29 11:54 16256 ----a-w- c:\windows\system32\EuEpmGdi.dll
2012-08-30 22:08 . 2012-08-30 22:08 367200 ----a-w- c:\windows\system32\drivers\afcdp.sys
2012-08-30 22:08 . 2012-08-30 22:08 228488 ----a-w- c:\windows\system32\drivers\vididr.sys
2012-08-30 22:08 . 2012-08-30 22:08 166024 ----a-w- c:\windows\system32\drivers\vidsflt.sys
2012-08-30 22:08 . 2012-08-30 22:08 1340040 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2012-08-30 22:08 . 2012-08-30 22:08 1093256 ----a-w- c:\windows\system32\drivers\tib_mounter.sys
2012-08-30 22:08 . 2012-08-30 22:08 340104 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-08-30 22:08 . 2012-08-30 22:08 155272 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2012-08-30 22:08 . 2012-08-30 22:08 -------- d-----w- c:\program files (x86)\Common Files\Acronis
2012-08-30 22:08 . 2012-08-30 22:08 -------- d-----w- c:\program files (x86)\Acronis
2012-08-30 00:15 . 2012-08-30 00:15 -------- d-----w- c:\program files (x86)\ProtectDisc Driver Installer
2012-08-20 22:38 . 2012-08-20 22:42 -------- d-----w- c:\users\***\.android
2012-08-15 19:37 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 19:37 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 19:37 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 19:37 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 19:37 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 19:37 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 19:37 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 19:37 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 19:37 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 19:37 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 19:37 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 19:37 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-13 01:22 . 2012-08-13 01:22 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-03 08:20 . 2012-07-17 00:07 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-03 08:20 . 2012-02-18 01:33 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-24 23:23 . 2012-03-31 23:34 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-24 23:23 . 2012-02-18 01:04 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-21 09:13 . 2012-07-18 09:20 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-07-18 09:20 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-07-18 09:20 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-07-18 09:20 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-07-18 09:20 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2012-07-18 09:20 266776 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-08-21 09:13 . 2012-07-18 09:20 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2012-07-18 09:20 142128 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-08-21 09:13 . 2012-07-18 09:20 19600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-08-21 09:12 . 2012-07-18 09:19 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-07-18 09:19 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-21 09:12 . 2012-02-18 02:32 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-15 19:38 . 2012-02-17 17:50 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-17 00:16 . 2012-02-18 01:52 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-07-17 00:16 . 2012-02-18 01:52 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-07-10 23:49 . 2012-07-10 23:18 947440 ----a-w- c:\windows\PE_Rom.dll
2012-07-10 23:49 . 2012-07-10 23:24 1012976 ----a-w- c:\windows\PE_File.dll
2012-07-05 21:10 . 2012-07-05 21:10 27760 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-07-05 21:10 . 2012-07-05 21:10 14448 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-07-03 11:46 . 2012-04-17 23:55 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-27 20:33 . 2012-07-18 09:19 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-06-19 14:54 . 2012-07-18 00:24 4065296 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2012-06-14 11:43 . 2012-07-18 00:24 5096448 ----a-w- c:\windows\system32\RCoRes64.dat
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RfxSrvTray"="e:\tobit radio.fx\Client\rfx-tray.exe" [2012-01-18 2057048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"Arvo"="f:\program files (x86)\ROCCAT\Arvo Keyboard\ArvoHID.EXE" [2009-09-01 172032]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2012-05-01 1895424]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-08-23 6049096]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2012-07-24 943856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="f:\program files (x86)\iTunes\iTunesHelper.exe"
"DNS7reminder"="e:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "c:\programdata\Nuance\NaturallySpeaking11\Ereg.ini"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"PDFPrint"=c:\program files (x86)\PDF24\pdf24.exe
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
"Malwarebytes' Anti-Malware"="f:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 136176]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592]
R2 MBAMService;MBAMService;f:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-12-08 36328]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-07-05 14448]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-06-27 1326176]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-12-08 146920]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-24 250568]
R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;g:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-06-19 8704]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-06-27 12368]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-08-30 155272]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys [2012-08-30 1093256]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-08-30 228488]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys [2012-08-30 166024]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;f:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-08-30 3729400]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-06-13 922240]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-08-21 133912]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2011-06-05 296808]
S2 Radio.fx;Radio.fx Server;e:\tobit radio.fx\Server\rfx-server.exe [2012-01-26 3665752]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-06-27 681056]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-08-18 7027752]
S2 TomTomHOMEService;TomTomHOMEService;e:\tom\TomTom HOME 2\TomTomHOMEService.exe [2012-06-21 92632]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-08-30 367200]
S3 ArvoFltr;ROCCAT Arvo;c:\windows\system32\drivers\ArvoFltr.sys [2009-05-06 15872]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2011-09-09 1660480]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-03-29 11856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:23]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 17:40]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 17:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2012-08-23 01:51 2741024 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2012-08-23 01:51 2741024 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2012-08-23 01:51 2741024 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 13:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 13:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 13:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 13:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-08-23 403888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - f:\icq\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Type***]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Type***]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Type***]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\Type***]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-12 01:42:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-09-11 23:42
.
Vor Suchlauf: 10 Verzeichnis(se), 73.115.049.984 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 72.765.915.136 Bytes frei
.
- - End Of File - - F19F9940C6FEEBC1635DD2514526DB13
|
|
12.09.2012, 12:59
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Exploit.Java.CVE-2012-1723.dg in Firefox-Ordner Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.09.2012, 17:32
| #24 |
| | Exploit.Java.CVE-2012-1723.dg in Firefox-OrdnerCode:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-12 18:26:06
Windows 6.1.7601 Service Pack 1
Running: yk9p3s7z.exe
---- Files - GMER 1.0.15 ----
File C:\avast! sandbox 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Program Files 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Program Files\AVAST Software 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Program Files\AVAST Software\Avast 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Program Files\AVAST Software\Avast\sfzone 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\ProgramData 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\ProgramData\NVIDIA Corporation 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\ProgramData\NVIDIA Corporation\Drs 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\ProgramData\NVIDIA Corporation\Drs\nvdrssel.bin 1 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\chrome_shutdown_ms.txt 3 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Network Action Predictor 6144 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Archived History 53248 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Bookmarks 1191 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Bookmarks.bak 1191 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\data_0 81920 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\data_1 1318912 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\data_2 1056768 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\data_3 8396800 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000001 16393 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000002 46529 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000003 46317 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000004 156951 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000005 62486 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000007 144446 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000008 28693 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000009 16817 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000a 46580 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000b 25552 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000c 45707 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000d 34151 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000e 28219 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00000f 39342 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000011 17704 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000012 179545 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000013 142940 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000014 32707 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000015 29262 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000016 37154 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000017 65455 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000018 37123 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000019 183035 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001a 33497 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001b 32756 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001c 37009 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001d 151781 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001e 31978 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00001f 33133 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000020 170435 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000021 25637 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000022 18896 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000023 56040 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000025 43667 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000026 45452 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000027 83079 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000028 29758 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000029 26701 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00002a 27891 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00002c 122076 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00002d 28757 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00002e 66747 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00002f 25547 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000030 95213 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000031 78367 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000032 106284 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000033 72089 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000034 85735 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000035 79568 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000036 78449 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000037 66171 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000039 67582 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00003a 75526 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00003b 92970 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00003c 237266 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00003d 159371 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00003e 25655 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00003f 110422 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000040 17122 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000041 104428 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000042 23114 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000043 25646 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000044 25873 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000045 26628 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000046 28759 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000047 16574 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000048 147475 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000049 151325 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00004a 118488 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00004b 107669 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00004d 168434 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00004e 123630 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00004f 145863 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000050 150164 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000051 157297 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000052 171787 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000053 24914 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000054 22165 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000055 24278 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000056 24444 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000057 30036 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000058 48078 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000059 23964 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00005a 24719 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00005b 23700 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00005c 25880 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00005d 272085 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00005e 23307 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00005f 20537 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000061 16531 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000062 39532 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000063 23370 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000064 17959 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000065 23536 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000066 18926 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000067 37597 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000068 17740 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000069 18664 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00006a 22219 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00006b 25276 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00006c 37226 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00006d 167116 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00006e 33497 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00006f 25305 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000070 33940 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000071 18063 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000072 844480 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000073 68517 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000010 35030 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000024 270774 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000038 88238 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00004c 116226 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000060 16875 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000074 32707 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000075 17424 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000076 19738 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000077 43463 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000078 35537 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000079 25052 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00007a 25017 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00007b 63655 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00007c 52033 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00007d 21592 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00007e 57209 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00007f 32151 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000080 31958 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000081 57367 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000082 51196 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000083 29513 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000084 31387 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000085 164036 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000086 67232 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000087 91342 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000088 25212 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_000089 30248 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00008a 108128 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\f_00008b 172128 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cache\index 524656 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Cookies 21504 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Current Session 621910 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Current Tabs 192985 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Favicons 36864 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\History 102400 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\History Index 2012-07 462848 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\History Provider Cache 11184 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\JumpListIcons 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\JumpListIconsOld 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Last Session 1154 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Last Tabs 1026 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Local Storage 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Preferences 14986 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Shortcuts 12288 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Top Sites 20480 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\User StyleSheets 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\User StyleSheets\Custom.css 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Visited Links 131072 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Default\Web Data 75776 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Local State 1909 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\PepperFlash 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Safe Browsing Bloom 2764912 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Safe Browsing Bloom Filter 2 864268 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Safe Browsing Csd Whitelist 134408 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Safe Browsing Download 1486328 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\sfzone_profile\Safe Browsing Download Whitelist 16820 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\*** 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Local 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Local\Microsoft 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Local\Microsoft\Windows 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Local\Microsoft\Windows\Explorer 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db 24 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db 24 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db 24 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db 24 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db 3256 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db 24 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Local\Microsoft\Windows\History 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Local\Microsoft\Windows\History\History.IE5 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 16384 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LFWWDE0 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LFWWDE0\desktop.ini 67 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AW9C2V04 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AW9C2V04\desktop.ini 67 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D92GP1N8 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D92GP1N8\desktop.ini 67 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 32768 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4MBRJB8 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4MBRJB8\desktop.ini 67 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Local\Temp 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\LocalLow 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\LocalLow\Microsoft 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\23B523C9E7746F715D33C6527C18EB9D 4464 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\48C226A0FE7D97DE1C716B47235CB639_A62A12E9232B27717F82C4F61F73EB86 1084 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8890A77645B73478F5B1DED18ACBF795_D3DB95C0E7608ACC9AA10ACCCCEBBDF5 471 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4B372709D6C2AD766C34D274501DC76_C08D897FBCD7D5D638FCD154D1404CBE 1938 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FDCDA60516A338BF2CE73506D1835F5D_EB0A434D23B40DF48D0DE6FB6A09D527 471 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\23B523C9E7746F715D33C6527C18EB9D 256 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\48C226A0FE7D97DE1C716B47235CB639_A62A12E9232B27717F82C4F61F73EB86 400 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_D3DB95C0E7608ACC9AA10ACCCCEBBDF5 400 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D725F3459E2275E9EA5871B92AD896D0 244 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F4B372709D6C2AD766C34D274501DC76_C08D897FBCD7D5D638FCD154D1404CBE 374 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FDCDA60516A338BF2CE73506D1835F5D_EB0A434D23B40DF48D0DE6FB6A09D527 404 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Roaming 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Roaming\Macromedia 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Roaming\Macromedia\Flash Player 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N8PUV9ZJ 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N8PUV9ZJ\res.brandwire.tv 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N8PUV9ZJ\res.brandwire.tv\scdn 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N8PUV9ZJ\res.brandwire.tv\scdn\content 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N8PUV9ZJ\res.brandwire.tv\scdn\content\brandwire 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N8PUV9ZJ\res.brandwire.tv\scdn\content\brandwire\PublishingContainer.swf 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N8PUV9ZJ\res.brandwire.tv\scdn\content\brandwire\PublishingContainer.swf\bwcontainer.sol 61 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N8PUV9ZJ\s.ytimg.com 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Roaming\Macromedia\Flash Player\macromedia.com 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#res.brandwire.tv 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#res.brandwire.tv\settings.sol 86 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com\settings.sol 81 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 541 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Roaming\Microsoft 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Roaming\Microsoft\Windows 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Roaming\Microsoft\Windows\Cookies 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 16384 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\Desktop 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\C\Users\***\Downloads 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\snx_fs.dat 42720 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\ProgramData 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\ProgramData\NVIDIA Corporation 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\ProgramData\NVIDIA Corporation\Drs 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\ProgramData\NVIDIA Corporation\Drs\nvdrssel.bin 1 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\*** 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt 4 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal 10832 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 45056 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 270336 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 1056768 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 4202496 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001 28765 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000002 48089 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000003 146212 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000004 17272 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000005 40472 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000006 26081 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000007 128361 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000008 19716 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000009 43433 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000a 19810 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000b 90924 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c 45805 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\index 524656 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\databases 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db 7168 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db-journal 512 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Favicons 16384 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal 16384 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\C4EC.tmp 150798 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Local Storage 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_icmlaeflemplmjndnaapfdbbnpncnbda_0.localstorage 79872 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_icmlaeflemplmjndnaapfdbbnpncnbda_0.localstorage-journal 16384 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Login Data 12288 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Managed Mode Settings 8 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Media Cache 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_0 8192 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_1 270336 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_2 8192 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_3 8192 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Media Cache\index 524656 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor 10240 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs 5120 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs-journal 1544 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Pepper Data 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\FUM4L7A8 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\settings.sol 410 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences 15940 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\QuotaManager 13312 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal 3608 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Shortcuts 12288 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal 12824 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Top Sites 20480 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal 12824 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Web Data 83968 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal 16384 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Local State 15254 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies 6144 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Google\Chrome\User Data\Service State 52 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Temp 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Temp\scoped_dir_5200_28405 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Temp\scoped_dir_5200_28405\aswWebRepChrome.crx 455535 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\Local\Temp\scoped_dir_5200_28405\CRX_INSTALL 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\LocalLow 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\LocalLow\Microsoft 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\04AFA8793E5CDC4A81C6CD4554A30707 561 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\27371171D8BBA336302695C6CEB04833 865 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\49514950C94E8026A2B06312597DFF49_33A0493B3756EC93EB52782457685E27 3283 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\49514950C94E8026A2B06312597DFF49_AFC22B77ED08EE3E2B28B6DE75CADDF5 3283 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50299D713B35BED683DD1955F30B34F5_29497D0D74504DAA7856A14E488E2201 1185 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6AA3321A15A787985201D7A6820782F0_0AB46376AFB6F40B0426680E3025D384 1866 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_46B4111B8BE55032A9F53FE8A92B4D3C 1866 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_8CA7164968F366C9A94AC8E71C4BDD9B 1866 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BD8A14C7C024625432CC03FE72E47EF0_2C4BAA6B6BDA93AC5060DE2284C6FACA 1987 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BD8A14C7C024625432CC03FE72E47EF0_C0E7C768E729760F62C292FF12DDBAAB 1987 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CA7B2D59B4E9BC2D316D1AECDFC12F63_C45E84BE58E9E625B74CB86331BEFB1B 1596 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData 0 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\04AFA8793E5CDC4A81C6CD4554A30707 262 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\27371171D8BBA336302695C6CEB04833 272 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\49514950C94E8026A2B06312597DFF49_33A0493B3756EC93EB52782457685E27 368 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\49514950C94E8026A2B06312597DFF49_AFC22B77ED08EE3E2B28B6DE75CADDF5 368 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50299D713B35BED683DD1955F30B34F5_29497D0D74504DAA7856A14E488E2201 396 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6AA3321A15A787985201D7A6820782F0_0AB46376AFB6F40B0426680E3025D384 422 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_46B4111B8BE55032A9F53FE8A92B4D3C 408 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_8CA7164968F366C9A94AC8E71C4BDD9B 404 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BD8A14C7C024625432CC03FE72E47EF0_2C4BAA6B6BDA93AC5060DE2284C6FACA 422 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BD8A14C7C024625432CC03FE72E47EF0_C0E7C768E729760F62C292FF12DDBAAB 422 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CA7B2D59B4E9BC2D316D1AECDFC12F63_C45E84BE58E9E625B74CB86331BEFB1B 408 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\C\Users\***\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D725F3459E2275E9EA5871B92AD896D0 244 bytes
File C:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\snx_fs.dat 24940 bytes
File C:\avast! sandbox\snx_rhive 262144 bytes
File C:\avast! sandbox\snx_rhive.LOG1 41984 bytes
File C:\avast! sandbox\snx_rhive.LOG2 0 bytes
File C:\avast! sandbox\snx_rhive{c0a98fec-d676-11e1-8a14-5404a6efce11}.TM.blf 65536 bytes
File C:\avast! sandbox\snx_rhive{c0a98fec-d676-11e1-8a14-5404a6efce11}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\avast! sandbox\snx_rhive{c0a98fec-d676-11e1-8a14-5404a6efce11}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
File E:\avast! sandbox 0 bytes
File E:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000 0 bytes
File E:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone 0 bytes
File E:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\E 0 bytes
File E:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage 0 bytes
File E:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\E 0 bytes
File F:\avast! sandbox 0 bytes
File F:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000 0 bytes
File F:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone 0 bytes
File F:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\F 0 bytes
File F:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage 0 bytes
File F:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\F 0 bytes
File G:\avast! sandbox 0 bytes
File G:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000 0 bytes
File G:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone 0 bytes
File G:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\sfzone\G 0 bytes
File G:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage 0 bytes
File G:\avast! sandbox\S-1-5-21-3269441660-1231751284-1862436623-1000\webStorage\G 0 bytes
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:30:33 on 12.09.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Mozilla Corporation Firefox 15.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys "AsIO" (AsIO) - ? - C:\Windows\SysWow64\drivers\AsIO.sys (File found, but it contains no detailed information) "AsUpIO" (AsUpIO) - ? - C:\Windows\SysWow64\drivers\AsUpIO.sys (File found, but it contains no detailed information) "aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys "aswKbd" (aswKbd) - "AVAST Software" - C:\Windows\system32\drivers\aswKbd.sys "aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys "aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\System32\Drivers\aswrdr2.sys "aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys "aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys "avast! Firewall Core Firewall Service" (aswNdis2) - "AVAST Software" - C:\Windows\system32\drivers\aswNdis2.sys "avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys "avast! TDI Firewall driver" (aswFW) - "AVAST Software" - C:\Windows\system32\drivers\aswFW.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "epmntdrv" (epmntdrv) - ? - C:\Windows\system32\epmntdrv.sys (File found, but it contains no detailed information) "EuGdiDrv" (EuGdiDrv) - ? - C:\Windows\system32\EuGdiDrv.sys (File found, but it contains no detailed information) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "MSICDSetup" (MSICDSetup) - ? - D:\CDriver64.sys (File not found) "PSI" (PSI) - "Secunia" - C:\Windows\System32\DRIVERS\psi_mf.sys "speedfan" (speedfan) - "Almico Software" - C:\Windows\SysWOW64\speedfan.sys "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - F:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\ashShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - F:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - F:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - F:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - F:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - F:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files (x86)\real\realplayer\rpshell.dll {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\SDShelEx-win32.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_257.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab {1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\Windows\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ7.7" - "ICQ, LLC." - F:\icq\ICQ7.7\ICQ.exe -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [Known DLLs] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )----- "advapi32" - "Microsoft Corporation" - C:\Windows\system32\advapi32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "clbcatq" - "Microsoft Corporation" - C:\Windows\system32\clbcatq.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "COMDLG32" - "Microsoft Corporation" - C:\Windows\system32\COMDLG32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "DifxApi" - "Microsoft Corporation" - C:\Windows\system32\difxapi.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "gdi32" - "Microsoft Corporation" - C:\Windows\system32\gdi32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "IERTUTIL" - "Microsoft Corporation" - C:\Windows\system32\IERTUTIL.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "IMAGEHLP" - "Microsoft Corporation" - C:\Windows\system32\IMAGEHLP.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "IMM32" - "Microsoft Corporation" - C:\Windows\system32\IMM32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "kernel32" - "Microsoft Corporation" - C:\Windows\system32\kernel32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "LPK" - "Microsoft Corporation" - C:\Windows\system32\LPK.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "MSCTF" - "Microsoft Corporation" - C:\Windows\system32\MSCTF.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "MSVCRT" - "Microsoft Corporation" - C:\Windows\system32\MSVCRT.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "NORMALIZ" - "Microsoft Corporation" - C:\Windows\system32\NORMALIZ.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "NSI" - "Microsoft Corporation" - C:\Windows\system32\NSI.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "ole32" - "Microsoft Corporation" - C:\Windows\system32\ole32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "OLEAUT32" - "Microsoft Corporation" - C:\Windows\system32\OLEAUT32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "PSAPI" - "Microsoft Corporation" - C:\Windows\system32\PSAPI.DLL (Hidden registry entry, rootkit activity | File signed by Microsoft) "rpcrt4" - "Microsoft Corporation" - C:\Windows\system32\rpcrt4.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "sechost" - "Microsoft Corporation" - C:\Windows\system32\sechost.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "Setupapi" - "Microsoft Corporation" - C:\Windows\system32\Setupapi.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "SHELL32" - "Microsoft Corporation" - C:\Windows\system32\SHELL32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "SHLWAPI" - "Microsoft Corporation" - C:\Windows\system32\SHLWAPI.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "URLMON" - "Microsoft Corporation" - C:\Windows\system32\URLMON.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "user32" - "Microsoft Corporation" - C:\Windows\system32\user32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "USP10" - "Microsoft Corporation" - C:\Windows\system32\USP10.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "WININET" - "Microsoft Corporation" - C:\Windows\system32\WININET.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "WLDAP32" - "Microsoft Corporation" - C:\Windows\system32\WLDAP32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "WS2_32" - "Microsoft Corporation" - C:\Windows\system32\WS2_32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "RfxSrvTray" - "Tobit.Software" - "E:\Tobit Radio.fx\Client\rfx-tray.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Arvo" - "ROCCAT" - "f:\Program Files (x86)\ROCCAT\Arvo Keyboard\ArvoHID.EXE" "avast" - "AVAST Software" - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui "IAStorIcon" - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe "KeePass 2 PreLoad" - "Dominik Reichl" - "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Advanced SystemCare Service 5" (AdvancedSystemCareService5) - "IObit" - F:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe "ASUS Com Service" (asComSvc) - ? - C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe (File found, but it contains no detailed information) "ASUS HM Com Service" (asHmComSvc) - ? - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe (File found, but it contains no detailed information) "ASUS System Control Service" (AsSysCtrlService) - ? - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe (File found, but it contains no detailed information) "avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe "avast! Firewall" (avast! Firewall) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\afwServ.exe "Dragon Service" (DragonSvc) - "Nuance Communications, Inc." - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - f:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe "Radio.fx Server" (Radio.fx) - ? - E:\Tobit Radio.fx\Server\rfx-server.exe "Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Program Files (x86)\Secunia\PSI\PSIA.exe "Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Program Files (x86)\Secunia\PSI\sua.exe "Sony PC Companion" (Sony PC Companion) - "Avanquest Software" - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe "TomTomHOMEService" (TomTomHOMEService) - "TomTom" - E:\Tom\TomTom HOME 2\TomTomHOMEService.exe "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-12 18:33:28
-----------------------------
18:33:28.543 OS Version: Windows x64 6.1.7601 Service Pack 1
18:33:28.543 Number of processors: 4 586 0x2A07
18:33:28.543 ComputerName: ***-PC UserName: ***
18:33:28.745 Initialize success
18:33:28.761 AVAST engine defs: 12091200
18:33:53.347 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:33:53.362 Disk 0 Vendor: OCZ-VERT 2.15 Size: 114473MB BusType: 3
18:33:53.362 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
18:33:53.362 Disk 1 Vendor: ST310005 JC4B Size: 953869MB BusType: 3
18:33:53.362 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3
18:33:53.362 Disk 2 Vendor: SAMSUNG_ CT10 Size: 381554MB BusType: 3
18:33:53.362 Disk 0 MBR read successfully
18:33:53.362 Disk 0 MBR scan
18:33:53.362 Disk 0 Windows 7 default MBR code
18:33:53.362 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:33:53.378 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
18:33:53.378 Disk 0 scanning C:\Windows\system32\drivers
18:33:54.782 Service scanning
18:33:55.687 Service MSICDSetup D:\CDriver64.sys **LOCKED** 21
18:33:57.184 Modules scanning
18:33:57.184 Disk 0 trace - called modules:
18:33:57.184 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
18:33:57.184 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800996c060]
18:33:57.184 3 CLASSPNP.SYS[fffff88001d2843f] -> nt!IofCallDriver -> [0xfffffa8008751800]
18:33:57.184 5 ACPI.sys[fffff88000fac7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8008756050]
18:33:57.340 AVAST engine scan C:\Windows
18:33:57.699 AVAST engine scan C:\Windows\system32
18:34:15.545 AVAST engine scan C:\Windows\system32\drivers
18:34:16.731 AVAST engine scan C:\Users\***
18:34:51.269 AVAST engine scan C:\ProgramData
18:34:56.464 Scan finished successfully
18:35:16.011 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
18:35:16.011 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
|
|
12.09.2012, 20:25
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Exploit.Java.CVE-2012-1723.dg in Firefox-Ordner Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.09.2012, 22:17
| #26 |
| | Exploit.Java.CVE-2012-1723.dg in Firefox-OrdnerCode:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.07.13 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-PC [Administrator] 12.09.2012 22:16:36 mbam-log-2012-09-12 (22-16-36).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|K:\|L:\|M:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 643670 Laufzeit: 42 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 09/13/2012 at 01:09 AM
Application Version : 5.5.1016
Core Rules Database Version : 9216
Trace Rules Database Version: 7028
Scan type : Complete Scan
Total Scan Time : 00:43:50
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 640
Memory threats detected : 0
Registry items scanned : 67350
Registry threats detected : 0
File items scanned : 220673
File threats detected : 3
Adware.Tracking Cookie
media.rockstargames.com [ E:\OLD\USERS\ADMINISTRATOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RPQWRR5E ]
media.rockstargames.com [ H:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RPQWRR5E ]
media.rockstargames.com [ K:\OLD\USERS\ADMINISTRATOR\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RPQWRR5E ]
Zum Beispiel will Winamp nun bei JEDEM Lied -welches ich in die Playlist ziehe- eine Bestätigung über die Benutzerkontensteuerung. |
|
13.09.2012, 15:35
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Exploit.Java.CVE-2012-1723.dg in Firefox-Ordner Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen neuen Vollscan machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.09.2012, 19:26
| #28 |
| | Exploit.Java.CVE-2012-1723.dg in Firefox-OrdnerCode:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.13.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-PC [Administrator] 13.09.2012 17:45:03 mbam-log-2012-09-13 (17-45-03).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|K:\|L:\|M:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 625028 Laufzeit: 43 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
14.09.2012, 13:30
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Exploit.Java.CVE-2012-1723.dg in Firefox-Ordner Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.09.2012, 20:23
| #30 |
| | Exploit.Java.CVE-2012-1723.dg in Firefox-Ordner Vielen Dank für die Hilfe und die ergänzenden Tipps. Eigentlich mache ich die wichtigen Sachen mit der AVAST safezone und Chrome. Aber ich bin da wohl zuletzt beim FF etwas fahrlässig geworden. Ich werde mir auf jeden Fall deine Vorschläge/ Links mal zu Gemüte führen. Letztlich ist es ja immer die eigene Bequemlichkeit, die den bösen Jungs die Tür öffnet. Der PC arbeitet momentan ohne Auffälligkeiten! Vielen Dank. |
|
| Themen zu Exploit.Java.CVE-2012-1723.dg in Firefox-Ordner |
| de-cleaner, gefunde, monatliche, scan, schädling |
Linear-Darstellung
