| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: telekom Abuse Meldung malwareWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.09.2012, 19:10
| #1 |
| |  telekom Abuse Meldung malware Hallo Zusammen. Ich habe heute einen Brief von der Telekom bekommen, dass von meinem Anschluss unerwünschte Zugriffe auf fremde Rechner erfolgt sind. Ich habe bisher nur ein auffälliges Problem feststellen können. Heute Nacht bekam ich beim einloggen bei Guild wars 2 eine Aufforderung meinen Computer zu authentifizieren, da ich von einer anderen IP Adresse eingeloggt bin. Habe natürlich schon vorher von diesem PC aus gespielt und von keinem anderen. Ein vollständiger Systemscan mit Avira ergab Code:
ATTFilter Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 25. September 2012 16:57
Es wird nach 4259544 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : JIIMBO
Computername : BOOK
Versionsinformationen:
BUILD.DAT : 12.0.0.1199 40869 Bytes 07.09.2012 22:14:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 23.08.2012 01:03:45
AVSCAN.DLL : 12.3.0.15 66256 Bytes 02.05.2012 00:02:50
LUKE.DLL : 12.3.0.15 68304 Bytes 01.05.2012 23:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 01.05.2012 22:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 22.08.2012 01:04:10
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:22:12
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 23:31:36
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 09:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 10:43:53
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 01:03:42
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 17:36:13
VBASE007.VDF : 7.11.41.251 2048 Bytes 06.09.2012 17:36:13
VBASE008.VDF : 7.11.41.252 2048 Bytes 06.09.2012 17:36:13
VBASE009.VDF : 7.11.41.253 2048 Bytes 06.09.2012 17:36:13
VBASE010.VDF : 7.11.41.254 2048 Bytes 06.09.2012 17:36:13
VBASE011.VDF : 7.11.41.255 2048 Bytes 06.09.2012 17:36:13
VBASE012.VDF : 7.11.42.0 2048 Bytes 06.09.2012 17:36:13
VBASE013.VDF : 7.11.42.1 2048 Bytes 06.09.2012 17:36:13
VBASE014.VDF : 7.11.42.65 203264 Bytes 09.09.2012 18:28:21
VBASE015.VDF : 7.11.42.125 156672 Bytes 11.09.2012 18:28:42
VBASE016.VDF : 7.11.42.171 187904 Bytes 12.09.2012 18:28:40
VBASE017.VDF : 7.11.42.235 141312 Bytes 13.09.2012 18:29:15
VBASE018.VDF : 7.11.43.35 133632 Bytes 15.09.2012 18:41:57
VBASE019.VDF : 7.11.43.89 129024 Bytes 18.09.2012 18:41:08
VBASE020.VDF : 7.11.43.141 130560 Bytes 19.09.2012 18:41:16
VBASE021.VDF : 7.11.43.187 121856 Bytes 21.09.2012 01:07:15
VBASE022.VDF : 7.11.43.251 147456 Bytes 24.09.2012 01:07:52
VBASE023.VDF : 7.11.43.252 2048 Bytes 24.09.2012 01:07:52
VBASE024.VDF : 7.11.43.253 2048 Bytes 24.09.2012 01:07:52
VBASE025.VDF : 7.11.43.254 2048 Bytes 24.09.2012 01:07:52
VBASE026.VDF : 7.11.43.255 2048 Bytes 24.09.2012 01:07:52
VBASE027.VDF : 7.11.44.0 2048 Bytes 24.09.2012 01:07:53
VBASE028.VDF : 7.11.44.1 2048 Bytes 24.09.2012 01:07:53
VBASE029.VDF : 7.11.44.2 2048 Bytes 24.09.2012 01:07:53
VBASE030.VDF : 7.11.44.3 2048 Bytes 24.09.2012 01:07:53
VBASE031.VDF : 7.11.44.24 62464 Bytes 24.09.2012 01:07:54
Engineversion : 8.2.10.172
AEVDF.DLL : 8.1.2.10 102772 Bytes 22.08.2012 01:04:08
AESCRIPT.DLL : 8.1.4.56 459131 Bytes 25.09.2012 01:08:04
AESCN.DLL : 8.1.8.2 131444 Bytes 16.02.2012 16:11:36
AESBX.DLL : 8.2.5.12 606578 Bytes 22.08.2012 01:04:09
AERDL.DLL : 8.1.9.15 639348 Bytes 20.01.2012 23:21:32
AEPACK.DLL : 8.3.0.36 811382 Bytes 14.09.2012 18:29:24
AEOFFICE.DLL : 8.1.2.48 201082 Bytes 25.09.2012 01:08:03
AEHEUR.DLL : 8.1.4.104 5280119 Bytes 25.09.2012 01:08:03
AEHELP.DLL : 8.1.23.2 258422 Bytes 22.08.2012 01:04:00
AEGEN.DLL : 8.1.5.36 434549 Bytes 25.08.2012 01:03:36
AEEXP.DLL : 8.1.0.86 90484 Bytes 07.09.2012 18:07:33
AEEMU.DLL : 8.1.3.2 393587 Bytes 22.08.2012 01:03:59
AECORE.DLL : 8.1.27.4 201078 Bytes 22.08.2012 01:03:58
AEBB.DLL : 8.1.1.0 53618 Bytes 20.01.2012 23:21:28
AVWINLL.DLL : 12.3.0.15 27344 Bytes 01.05.2012 22:59:21
AVPREF.DLL : 12.3.0.15 51920 Bytes 01.05.2012 22:44:31
AVREP.DLL : 12.3.0.15 179208 Bytes 01.05.2012 22:13:35
AVARKT.DLL : 12.3.0.15 211408 Bytes 01.05.2012 22:21:32
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 01.05.2012 22:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 16.04.2012 21:11:02
AVSMTP.DLL : 12.3.0.32 63480 Bytes 23.08.2012 01:03:45
NETNT.DLL : 12.3.0.15 17104 Bytes 01.05.2012 23:33:29
RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 23.08.2012 01:03:39
RCTEXT.DLL : 12.3.0.31 100088 Bytes 23.08.2012 01:03:39
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Suche nach Rootkits und aktiver Malware
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\rootkit.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Beginn des Suchlaufs: Dienstag, 25. September 2012 16:57
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'jucheck.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'WajamUpdater.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'postgres.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'KeNotify.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'pg_ctl.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '147' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '41' Modul(e) wurden durchsucht
Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3315' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:'
C:\Program Files\WinRAR\rarnew.dat
[WARNUNG] Das Archiv ist unbekannt oder defekt
C:\Users\JIIMBO\AppData\Local\Temp\JDownloaderSetup.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen
Beginne mit der Desinfektion:
C:\Users\JIIMBO\AppData\Local\Temp\JDownloaderSetup.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56ab7893.qua' verschoben!
Ende des Suchlaufs: Dienstag, 25. September 2012 18:02
Benötigte Zeit: 54:18 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
33110 Verzeichnisse wurden überprüft
848013 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
848012 Dateien ohne Befall
2439 Archive wurden durchsucht
1 Warnungen
1 Hinweise
498330 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Ich habe die Abuse-Abteilung der Telekom noch um ein paar Informationen gebeten: Code:
ATTFilter Sehr geehrter Herr XXX,
Über Ihren Internetzugang wurde ein "Sinkhole" kontaktiert. Das ist ein Server, der als Falle für durch Schadsoftware befallene Rechner dient, indem er einen Command&Control-Server eines Botnets simuliert. Ein Command&Control-Server ist ein Bestandteil eines Botnets, der zwischen dem eigentlichen Verbrecher und seinen "Bots" vermittelt. Unter hxxp://www.elektronik-kompendium.de/sites/net/1501041.htm finden Sie bei Interesse eine gute Erklärung der Struktur eines Botnets sowie eine schematische Darstellung.
Bei den beschwerdegegenständlichen Zugriffen handelt es sich nicht um den Versand von E-Mails. Die Steuerung der Bots erfolgt über die Ports 80 (HTTP) und 443 (HTTPS), das ist die übliche Vorgehensweise der Botnetzbetreiber, da es keine Internetzugänge gibt, bei denen diese Ports gesperrt sind. Per HTTP(S) aktualisieren sich die Bots, liefern gestohlene Login-Daten ab und holen sich ihre Aufgabenlisten ab: An DoS-Attacken teilnehmen, rechtswidrige Inhalte verbreiten, Spam versenden, usw. (Insbesondere die rechtswidrige Verbreitung von Inhalten kann ein sehr teurer "Spaß" werden, wenn plötzlich drei, vier kostenpflichtige Abmahnungen (500-800 Euro pro Abmahnung sind durchaus normal) ins Haus flattern.)
Bei anhaltenden Beschwerden setzten wir eine Port-25-Sperre für Ihren Zugang. Wir können mittels einer solchen Mailversandbeschränkung eine Schadsoftware allerdings ausschließlich daran hindern, Spam von Rechnern aus direkt an fremde Mailsysteme zuzustellen. Alles andere, wozu diese Schadsoftware entworfen sein mag, entzieht sich unserem Einfluss. Die Sperre löst daher nur unser Problem, nämlich dass unser Netzbereich wegen eines zu hohen Spam-Aufkommens von anderen Providern als bedeutsame Quelle der Spam-Plage in deren Blacklists landen, was dann allen unseren Kunden zum Nachteil gereichte.
Die Mailversandbeschränkung bestünde lediglich darin, dass der Port 25 in fremde Netze gesperrt wäre. Dieser Port ist nur für die Zustellung von Mailserver zu Mailserver erforderlich. Die für die Endnutzer vorgesehenen Postausgangsserver benötigen diesen Port nicht.
Der E-Mail-Versand über securesmtp.t-online.de und smtpmail.t-online.de wäre nicht eingeschränkt. Informationen zur Konfiguration und Nutzung Ihres t-online.de-Postfachs mit einem E-Mail-Programm finden Sie unter hxxp://hilfe.telekom.de/hsp/cms/content/HSP/de/3370/FAQ/theme-305643298
Zwecks Verwendung von Postausgangsservern anderer Anbieter trotz einer Port-25-Sperre wenden Sie sich bitte an den Support dieses Anbieters.
Die Umgehung dieser Beschränkung wäre also recht einfach. Dies darf aber aufgrund obengenannter Risiken kein Grund dafür sein, nichts zu tun. Nach Beseitigung der Ursache sollte die ggf. gesetzt Port-25-Sperre auch dann aufgehoben werden, wenn Sie dadurch nicht (mehr) behindert würden. Denn solange die Mailversandbeschränkung bestünde, erhielten Sie von unserem System keine Warnungen mehr.
Die Freischaltung erfolgte übrigens, sobald Sie uns bestätigten, das Sicherheitsproblem beseitigt zu haben. Einer speziellen Form bedarf es dabei nicht.
Nun aber zurück von dem, was passieren könnte, zu dem, was passiert ist:
Die beschwerdegegenständlichen Zugriffe fanden über die folgenden, Ihrem Zugang zugewiesenen IP-Adressen zu den angegebenen Zeitpunkten statt, die relevanten Zeitangaben aus den Beschwerden haben wir in die jeweilige deutsche Zeitzone (MESZ/MEZ) umgerechnet:
80.135.XX.XXX Sa, 22.09.2012 10:40:26 MESZ Ermahnung
(...)
Mit freundlichen Grüßen Gustav Brenner
Ich wäre sehr dankbar, wenn ihr mir helfen könntet. Denn da ich keine Fehlerquelle finde bin ich so ziemlich aufgeschmissen. |
|
25.09.2012, 19:16
| #2 |
| /// Malware-holic   | telekom Abuse Meldung malware hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
25.09.2012, 21:12
| #3 |
| | telekom Abuse Meldung malware so hier:
__________________OTL Code:
ATTFilter OTL logfile created on: 25.09.2012 21:43:55 - Run 1 OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,84 Gb Available Physical Memory | 73,43% Memory free 7,72 Gb Paging File | 6,44 Gb Available in Paging File | 83,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 195,21 Gb Total Space | 129,78 Gb Free Space | 66,48% Space Free | Partition Type: NTFS Drive D: | 270,45 Gb Total Space | 115,37 Gb Free Space | 42,66% Space Free | Partition Type: NTFS Computer Name: BOOK | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.25 21:38:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.08.23 03:03:43 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2012.06.14 17:20:22 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.01.28 07:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe PRC - [2011.01.28 07:13:43 | 004,538,368 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe PRC - [2010.08.15 19:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe PRC - [2010.03.03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.03.03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2010.03.15 09:56:20 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.08.24 04:40:19 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.14 17:20:22 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.01.28 07:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.03.03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.08.26 22:48:34 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.08.22 03:22:37 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter) DRV:64bit: - [2012.08.22 02:49:23 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2010.03.22 10:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter) DRV:64bit: - [2010.03.15 10:06:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010.03.15 09:00:58 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.03.10 18:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.02.10 15:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.01.12 14:37:34 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.12.02 15:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 22:12:36 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec) DRV:64bit: - [2009.06.22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 96 3D A0 00 80 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@2yourface.com: C:\Users\***\AppData\Roaming\2YourFace\ffextension [2012.08.22 03:51:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\support@2yourface.com: C:\Users\***\AppData\Roaming\2YourFace\ffextension [2012.08.22 03:51:17 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: hxxp://www.rtl.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.rtl.de/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus (Beta) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Better Pop Up Blocker = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\ CHR - Extension: YouTube Unblocker = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.2.2_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus (Beta) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Better Pop Up Blocker = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\ CHR - Extension: YouTube Unblocker = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.2.2_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (2YourFace Addon) - {1185823F-F22F-4027-80E5-4F68ACD5DE5E} - C:\Users\***\AppData\Roaming\2YourFace\bho.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2YourFace_Updater.lnk = C:\Users\***\AppData\Roaming\2YourFace\Updater.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE7EF302-4763-4113-8CF1-3D90B07B7B8C}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.09.25 21:38:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.09.19 12:59:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012.09.19 12:59:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.09.19 12:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012.09.16 04:02:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics [2012.09.15 22:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2 [2012.09.15 22:32:15 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Guild Wars 2 [2012.09.10 00:34:15 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.09.05 19:35:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla [2012.09.05 19:34:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla-Cache [2012.09.05 19:34:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Party [2012.09.05 19:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PartyCasino [2012.09.02 23:31:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\MPlayer [2012.09.02 23:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server [2012.09.02 23:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\PMS [2012.09.02 23:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PS3 Media Server [2012.08.29 17:17:24 | 000,000,000 | ---D | C] -- C:\Casino [2012.08.28 17:18:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.08.28 17:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.08.28 17:16:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2012.08.28 17:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2012.08.28 17:15:47 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2012.08.27 18:45:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Chromium [2012.08.27 18:37:25 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\rockstar games [2012.08.27 04:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2012.08.27 04:31:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockstar Games [2012.08.27 02:12:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games [2012.08.27 02:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.08.27 02:06:23 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.08.26 22:48:28 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.08.26 22:48:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012.08.26 22:48:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.08.26 22:48:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2012.08.26 22:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite ========== Files - Modified Within 30 Days ========== [2012.09.25 21:38:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.09.25 21:32:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-971538506-1350701790-4225575363-1000UA.job [2012.09.25 18:47:04 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-971538506-1350701790-4225575363-1000Core.job [2012.09.25 17:10:01 | 001,967,092 | ---- | M] () -- C:\Users\***\Desktop\IMG_20120925_171001.jpg [2012.09.25 16:30:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.25 13:10:10 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.25 13:10:10 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.25 13:07:24 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.25 13:07:24 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.25 13:07:24 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.25 13:07:24 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.25 13:07:24 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.25 13:02:36 | 3110,080,512 | -HS- | M] () -- C:\hiberfil.sys [2012.09.21 14:59:01 | 000,000,068 | ---- | M] () -- C:\Users\***\Desktop\Guild Wars 2 Handelsposten Guide - YouTube.url [2012.09.21 14:58:46 | 000,000,068 | ---- | M] () -- C:\Users\***\Desktop\BOOGIE NIGHTS - Trailer (1997) - YouTube.url [2012.09.21 14:58:40 | 000,000,121 | ---- | M] () -- C:\Users\***\Desktop\The Introvert Advantage- How to Thrive in an Extrovert World- Amazon.de- Marti Olsen Laney- Englische Bücher.url [2012.09.21 14:58:37 | 000,000,111 | ---- | M] () -- C:\Users\***\Desktop\Wohnen- Übersicht.url [2012.09.19 13:00:14 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.09.17 18:34:32 | 000,000,059 | ---- | M] () -- C:\Users\***\Desktop\SOUND-LOAD - Download and Listen to MP3 Music FREE.url [2012.09.17 17:22:23 | 000,000,103 | ---- | M] () -- C:\Users\***\Desktop\Szeneseitenliste.url [2012.09.16 14:50:10 | 000,007,597 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.09.15 22:33:24 | 000,000,639 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk [2012.09.14 20:54:49 | 000,285,369 | ---- | M] () -- C:\Users\***\Desktop\vRNqsvgvxk6BuomjD4yRIQ2.jpg [2012.09.13 20:21:00 | 002,165,400 | ---- | M] () -- C:\Users\***\Desktop\IMG_20120913_202059.jpg [2012.09.13 20:20:28 | 002,314,823 | ---- | M] () -- C:\Users\***\Desktop\IMG_20120913_202028.jpg [2012.09.13 20:19:31 | 002,499,276 | ---- | M] () -- C:\Users\***\Desktop\IMG_20120913_201931.jpg [2012.09.13 20:16:06 | 002,449,690 | ---- | M] () -- C:\Users\***\Desktop\IMG_20120913_201606.jpg [2012.09.13 20:15:55 | 002,106,234 | ---- | M] () -- C:\Users\***\Desktop\IMG_20120913_201555.jpg [2012.09.11 00:25:16 | 000,061,542 | ---- | M] () -- C:\Users\***\Desktop\royal spadde.JPG [2012.09.09 20:04:23 | 000,534,510 | ---- | M] () -- C:\Users\***\Desktop\Unbet.PNG [2012.09.09 20:04:01 | 000,566,073 | ---- | M] () -- C:\Users\***\Desktop\Unbenannvbt.PNG [2012.09.09 20:03:35 | 000,525,035 | ---- | M] () -- C:\Users\***\Desktop\Unbenannt.PNG [2012.09.09 00:52:52 | 000,000,767 | ---- | M] () -- C:\Users\Public\Desktop\HoldemManager2.lnk [2012.09.01 22:01:16 | 000,000,082 | ---- | M] () -- C:\Users\***\Desktop\[How to] Wärmeleitpaste richtig auftragen - ComputerBase Forum.url [2012.09.01 22:01:05 | 000,000,156 | ---- | M] () -- C:\Users\***\Desktop\Arctic Silver 5 Wärmeleitpaste 3,5g- Amazon.de- Computer & Zubehör.url [2012.09.01 22:01:00 | 000,000,129 | ---- | M] () -- C:\Users\***\Desktop\Nero Burning ROM v11 und v10 - BoerseBZ.url [2012.08.29 15:51:11 | 000,000,068 | ---- | M] () -- C:\Users\***\Desktop\Replace Keyboard Key Toshiba Satellite Tecra Qosmio Portege P200 P205 P300 L350 L355 L355 P500 A500 - YouTube.url [2012.08.28 18:24:57 | 000,000,566 | ---- | M] () -- C:\Users\***\Desktop\graphics standard.xml [2012.08.27 18:42:37 | 000,001,729 | ---- | M] () -- C:\Users\***\Desktop\PlayMaxPayne3.exe - Verknüpfung.lnk [2012.08.27 17:48:30 | 001,591,234 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.08.27 05:42:12 | 000,040,532 | ---- | M] () -- C:\Users\***\Desktop\schnörkel.PNG [2012.08.26 22:48:34 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys ========== Files Created - No Company Name ========== [2012.09.25 18:39:44 | 001,967,092 | ---- | C] () -- C:\Users\***\Desktop\IMG_20120925_171001.jpg [2012.09.21 14:59:01 | 000,000,068 | ---- | C] () -- C:\Users\***\Desktop\Guild Wars 2 Handelsposten Guide - YouTube.url [2012.09.21 14:58:46 | 000,000,068 | ---- | C] () -- C:\Users\***\Desktop\BOOGIE NIGHTS - Trailer (1997) - YouTube.url [2012.09.21 14:58:40 | 000,000,121 | ---- | C] () -- C:\Users\***\Desktop\The Introvert Advantage- How to Thrive in an Extrovert World- Amazon.de- Marti Olsen Laney- Englische Bücher.url [2012.09.21 14:58:37 | 000,000,111 | ---- | C] () -- C:\Users\***\Desktop\Wohnen- Übersicht.url [2012.09.19 13:00:14 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.09.19 13:00:14 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.09.17 18:34:32 | 000,000,059 | ---- | C] () -- C:\Users\***\Desktop\SOUND-LOAD - Download and Listen to MP3 Music FREE.url [2012.09.17 17:22:23 | 000,000,103 | ---- | C] () -- C:\Users\***\Desktop\Szeneseitenliste.url [2012.09.16 14:50:10 | 000,007,597 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.09.15 22:33:24 | 000,000,639 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk [2012.09.14 20:54:57 | 000,285,369 | ---- | C] () -- C:\Users\***\Desktop\vRNqsvgvxk6BuomjD4yRIQ2.jpg [2012.09.13 20:22:08 | 002,499,276 | ---- | C] () -- C:\Users\***\Desktop\IMG_20120913_201931.jpg [2012.09.13 20:22:08 | 002,314,823 | ---- | C] () -- C:\Users\***\Desktop\IMG_20120913_202028.jpg [2012.09.13 20:22:08 | 002,165,400 | ---- | C] () -- C:\Users\***\Desktop\IMG_20120913_202059.jpg [2012.09.13 20:22:08 | 002,106,234 | ---- | C] () -- C:\Users\***\Desktop\IMG_20120913_201555.jpg [2012.09.13 20:22:07 | 002,449,690 | ---- | C] () -- C:\Users\***\Desktop\IMG_20120913_201606.jpg [2012.09.11 00:25:16 | 000,061,542 | ---- | C] () -- C:\Users\***\Desktop\royal spadde.JPG [2012.09.09 20:04:23 | 000,534,510 | ---- | C] () -- C:\Users\***\Desktop\Unbet.PNG [2012.09.09 20:04:01 | 000,566,073 | ---- | C] () -- C:\Users\***\Desktop\Unbenannvbt.PNG [2012.09.09 20:03:35 | 000,525,035 | ---- | C] () -- C:\Users\***\Desktop\Unbenannt.PNG [2012.09.01 22:01:16 | 000,000,082 | ---- | C] () -- C:\Users\***\Desktop\[How to] Wärmeleitpaste richtig auftragen - ComputerBase Forum.url [2012.09.01 22:01:05 | 000,000,156 | ---- | C] () -- C:\Users\***\Desktop\Arctic Silver 5 Wärmeleitpaste 3,5g- Amazon.de- Computer & Zubehör.url [2012.09.01 22:01:00 | 000,000,129 | ---- | C] () -- C:\Users\***\Desktop\Nero Burning ROM v11 und v10 - BoerseBZ.url [2012.08.29 17:17:27 | 000,000,779 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EuroGrand Casino.lnk [2012.08.29 15:51:11 | 000,000,068 | ---- | C] () -- C:\Users\***\Desktop\Replace Keyboard Key Toshiba Satellite Tecra Qosmio Portege P200 P205 P300 L350 L355 L355 P500 A500 - YouTube.url [2012.08.27 18:42:52 | 000,000,566 | ---- | C] () -- C:\Users\***\Desktop\graphics standard.xml [2012.08.27 18:42:37 | 000,001,729 | ---- | C] () -- C:\Users\***\Desktop\PlayMaxPayne3.exe - Verknüpfung.lnk [2012.08.22 03:56:25 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.08.22 02:51:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.08.22 02:50:18 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010.07.27 16:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010.07.27 16:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.08.22 03:51:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\2YourFace [2012.08.26 22:49:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.08.22 15:12:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HEM Data [2012.09.25 02:56:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HoldemManager [2012.09.05 19:34:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Party [2012.08.22 03:50:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge [2012.08.22 02:49:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinBatch ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.08.22 02:46:31 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.08.29 17:17:24 | 000,000,000 | ---D | M] -- C:\Casino [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.08.22 02:46:14 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.09.09 03:09:14 | 000,000,000 | ---D | M] -- C:\HM2Archive [2012.08.22 03:20:57 | 000,000,000 | ---D | M] -- C:\Intel [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.08.28 17:16:09 | 000,000,000 | R--D | M] -- C:\Program Files [2012.09.19 12:59:56 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.09.19 12:57:04 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.08.22 02:46:14 | 000,000,000 | -HSD | M] -- C:\Programme [2012.08.22 02:46:14 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.09.25 21:47:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.08.22 03:46:35 | 000,000,000 | R--D | M] -- C:\Users [2012.09.10 00:34:15 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.07.14 03:14:11 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 07:08:49 | 000,013,734 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.08.22 03:17:06 | 000,001,072 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-971538506-1350701790-4225575363-1000Core.job [2012.08.22 03:17:07 | 000,001,124 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-971538506-1350701790-4225575363-1000UA.job < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\SysWOW64\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe < MD5 for: IASTORV.SYS > [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.09.25 21:47:29 | 001,310,720 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2012.09.25 21:47:29 | 000,262,144 | -HS- | M] () -- C:\Users\***\ntuser.dat.LOG1 [2012.08.22 02:46:21 | 000,000,000 | -HS- | M] () -- C:\Users\***\ntuser.dat.LOG2 [2012.08.22 02:50:57 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.08.22 02:50:57 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.08.22 02:50:57 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.08.22 02:46:21 | 000,000,020 | -HS- | M] () -- C:\Users\***\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > Code:
ATTFilter OTL Extras logfile created on: 25.09.2012 21:43:55 - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 2,84 Gb Available Physical Memory | 73,43% Memory free
7,72 Gb Paging File | 6,44 Gb Available in Paging File | 83,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 129,78 Gb Free Space | 66,48% Space Free | Partition Type: NTFS
Drive D: | 270,45 Gb Total Space | 115,37 Gb Free Space | 42,66% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BEB7F46-E75A-460D-98FA-1569218AF96C}" = lport=137 | protocol=17 | dir=in | app=system |
"{0D12CA43-0C4F-4294-B9B0-DEF2823D6215}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0D30065B-5487-405F-AB21-B0B23E81EF14}" = rport=138 | protocol=17 | dir=out | app=system |
"{179C0436-D055-4167-A1C7-A4CA6B9E5C26}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2739F0E0-A771-4E1C-B0FE-B6E208575D41}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2F44639A-DDA4-41D2-A504-1A99A16653DC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{37699994-039B-493B-82BE-534AA8C2DC66}" = lport=139 | protocol=6 | dir=in | app=system |
"{42B65F13-6F0F-4FCB-A2C2-F455D6C51096}" = rport=139 | protocol=6 | dir=out | app=system |
"{43A3FC5D-2A68-485E-BA08-4A1AF90B547E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{49392EC2-146A-41E1-9ABC-0BE146303C5B}" = lport=138 | protocol=17 | dir=in | app=system |
"{6DCAD057-2181-4260-8CB5-EA80C673A46A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7BD5BEC2-BDB0-4063-B273-1CC58C4F5CBD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7CBA0984-2A4C-4724-BF19-B4CCE57E5036}" = lport=5432 | protocol=6 | dir=in | name=postgres |
"{82D5945A-DE22-40B0-9B3E-09F0CFBA092D}" = lport=445 | protocol=6 | dir=in | app=system |
"{8FED1C3C-74EF-4D25-842F-047741BDC467}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{908DE928-0CB4-423D-8373-CF8A68532DAD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9141B63A-AA4A-42C6-AE57-DDD9C0C72DE1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{99D17B5E-D3E5-496B-855A-22A9B8C2465D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9D0DFEBD-E664-4BAE-B040-207E6A0D4BDE}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{9F6A7A2C-2188-448C-9BB1-85B75FF46A2F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C4E0C092-2E5D-4898-BC6F-EF7649B93CDE}" = rport=137 | protocol=17 | dir=out | app=system |
"{CA9534AD-0D05-4185-8381-561FE2BDDB89}" = rport=445 | protocol=6 | dir=out | app=system |
"{DEA88B96-20B6-42C3-8300-485D1F3586A3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0785E183-F019-4ED5-88C8-219F13E29096}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\2yourface\updater.exe |
"{09E39BC3-2173-4573-95DE-5D981DA1F7DE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1220D42F-7A09-412D-B8E3-C77C79F646E1}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe |
"{1A6D6F8F-E740-48FC-BEEA-5898972EFFD9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{226FB8B9-D029-4751-963F-ACFD6C6FDE01}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{25288162-BB79-432F-AC72-9F63B768FD4F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2C20001A-95AC-42A4-977A-510E79755D8E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2CEBECB4-F101-4050-B958-DAA564B86A74}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2DB1FF02-8B50-4316-B628-57EB1E4DA3AF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{31DC825D-B8B9-434A-8778-A9EDAA93D588}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{33DEDACC-0B3D-4B45-AF76-883A92EC0BE5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{545C280B-1709-4A30-8E6A-7EEC21CF1864}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5B4DFB8A-8F8F-4B7C-90E2-AF0BCD3C1CBC}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{625D1F23-0B2F-46B7-B82C-2D36D78BB780}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{674FF8A0-6CF8-4CE3-AE83-5E3183160B43}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{775D576B-BDC9-4798-A4FA-FF9586D892A3}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{792A80F7-EBCA-476C-AB33-9E238F875637}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{981EFF6F-01CF-47FA-B830-DADC711BC76E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{98AC78C3-CDD2-4A77-AE8B-10411F4677AD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{98C9D3C1-C66C-41C4-B721-9F68B017381F}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe |
"{A0B979C7-7AE8-4C3E-B8E3-8FDCAF32CDD4}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{A2A129BE-2BE9-4BDE-B6E4-70D007D6C2B6}" = protocol=6 | dir=out | app=system |
"{A3E2B81A-51FD-4007-B319-6C26743805D7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ADD26313-7B21-452B-9D30-B8FFB564758E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{B508CF07-EF1A-4042-800B-AC435E483440}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\2yourface\updater.exe |
"{B642E5C4-4E35-4D67-AC58-CD7E4B7631A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B81AA27E-0C2A-4101-A3F5-66FC5DBF24BB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{BAABD0D0-7F61-4FC4-B9BF-5FD00B6572C0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C48A467E-445F-4C0D-8D3B-9C1AFB05FFA4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D16F7193-9A5A-493B-8873-6FF5DDDC7329}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D24A869D-0492-4C4C-9678-3C08B5CF2522}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DA725E4C-F119-43E1-94BE-6A64CF1465B5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DCC057DF-8619-449B-A47B-1872DE3FF4F5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FD2B083B-5579-4304-BEF3-1CEC16418724}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{32B0F3F2-BA2D-4007-BA8B-D68C1CC7F83E}D:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"TCP Query User{5414D603-3AF4-4D61-B128-1684C331BB6B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{63452CD5-E390-4316-9981-68E03734DE11}C:\users\***\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\gw2.exe |
"TCP Query User{A1B72176-2EAA-4C01-B73D-557090CF06CE}C:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe |
"TCP Query User{E17E83E7-A8A4-4FBA-A990-26B26D7C5247}D:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{E26A507D-54F5-4AA0-BF5B-0D65F5ED7D16}D:\program files (x86)\guild wars 2 - kopie\gw2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\guild wars 2 - kopie\gw2.exe |
"TCP Query User{E3D58AC4-DCE8-45FC-AE6C-06EB99EAE7FD}D:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{761719A0-A1DB-4486-8614-C8E1EB357EA3}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{7F1F8539-D1BC-4020-B516-61391593C8D9}C:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe |
"UDP Query User{A01D2746-414A-4B5F-B945-98BE09294C3E}D:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"UDP Query User{A116EC0E-F755-4231-9434-513DA5474FE3}D:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{A118E981-64FB-4B7D-816F-00D82BBF5DE8}C:\users\***\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\gw2.exe |
"UDP Query User{E2E8ECE9-B5CB-42FB-963E-6A9CEE67490A}D:\program files (x86)\guild wars 2 - kopie\gw2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\guild wars 2 - kopie\gw2.exe |
"UDP Query User{F4095518-9B47-4905-B1B9-A6CFF046C57A}D:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\guild wars 2\gw2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{734BB935-6F4E-27BB-16EB-BFF2843373AD}" = ccc-utility64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{B5896016-3143-B94F-585D-DF75DAF1D879}" = ATI Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.20
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002C0EFC-6D28-1740-C633-9762D8D823A1}" = Catalyst Control Center Core Implementation
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0C45734A-4776-0437-2A1F-0673B270C037}" = CCC Help Finnish
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{139303FD-A877-D219-DFDE-1FED7BC8E707}" = CCC Help Hungarian
"{146A78DF-CB21-913E-9E4B-F015B07D96DC}" = CCC Help Danish
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{20F91DE6-B502-3896-A66C-5B6961875EA1}" = CCC Help Russian
"{21744B1A-8222-2565-0BF4-91933F37CD32}" = Catalyst Control Center Graphics Full Existing
"{25BE0917-2374-4921-7C83-4DEDFE47E6BE}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{293F82CD-1BE8-03BC-DBAD-903388CFBB62}" = Catalyst Control Center Localization All
"{2E13E16A-5E1F-FEB8-6329-EBEEDC34B016}" = CCC Help Chinese Standard
"{3205D813-07EB-B6B5-AE8F-9472FA3AACEB}" = CCC Help Polish
"{3D4735F0-2BB9-0D3E-68EB-7444AE09A850}" = CCC Help Greek
"{41ECCDB3-5898-4EDF-2937-E5A328DF4BD3}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{522B2AFF-08BC-AAE9-C074-6072857415E7}" = CCC Help Swedish
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5C4B623D-4F3A-4609-F666-DBD36BFDF8B1}" = CCC Help Korean
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{61539202-097E-487E-9237-B291AB56D54C}" = Bluetooth Monitor 4
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65DD52E5-5BAB-26CB-66DB-0A2C27CE2242}" = CCC Help French
"{6B65AA2D-C096-34DE-22C9-F82BE3F7E492}" = CCC Help Dutch
"{719015FD-7256-F9CD-A6CF-014B3F9D75BE}" = Catalyst Control Center Graphics Full New
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{839D40C8-00B2-338C-63E6-46E9F03AE114}" = CCC Help Czech
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8B2F2B38-E334-4DF1-3268-197213425B8D}" = CCC Help Chinese Traditional
"{8B3953E3-C79C-88AF-CBB7-7C9687557408}" = CCC Help German
"{8BD785CF-30C7-4182-B250-0D5FCE78D4DD}" = Catalyst Control Center - Branding
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{971CCF2C-4767-7FDA-BD9F-5C1B84FD274F}" = CCC Help Norwegian
"{9763F0A1-05D2-3B8B-69E9-863CBC2BBDC9}" = CCC Help Spanish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B7923E7-A4B7-672E-17D0-1B9C12CADA88}" = Catalyst Control Center Graphics Light
"{9BB7E2D9-E744-D21F-94D0-ED9DC47B85C3}" = CCC Help Portuguese
"{A04FB5AC-FB39-B5CE-BBB4-3E2AA569B6EC}" = CCC Help Japanese
"{A6F90342-311E-FE77-2461-5B398D395C07}" = Catalyst Control Center Graphics Previews Common
"{A794ED96-BF39-99BD-ADB4-EE899BAB1275}" = CCC Help Thai
"{A95654B2-4E5B-E98D-C3AA-34037DEBDE65}" = CCC Help Italian
"{AA891DD9-E2ED-D5FE-F303-CD8D1DD5DC4E}" = Catalyst Control Center Localization All
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B01E17BB-55FE-E2DA-7594-63201FC82A21}" = Catalyst Control Center Graphics Previews Vista
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DCE2759D-DB67-0558-6A51-C54775CEED71}" = Catalyst Control Center InstallProxy
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9FABC27-A955-4EDC-7732-F5BADB80F546}" = ccc-core-static
"2YourFace" = 2YourFace 1.0
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"EuroGrand Casino" = EuroGrand Casino
"Guild Wars 2" = Guild Wars 2
"HoldemManager2" = Holdem Manager 2
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"PartyCasino" = PartyCasino
"PokerStars.eu" = PokerStars.eu
"PostgreSQL 8.4" = PostgreSQL 8.4
"PS3 Media Server" = PS3 Media Server
"Rockstar Games Social Club" = Rockstar Games Social Club
"Steam App 730" = Counter-Strike: Global Offensive
"The KMPlayer" = The KMPlayer (remove only)
"VLC media player" = VLC media player 2.0.3
"Wajam" = Wajam
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.09.2012 18:29:10 | Computer Name = *** | Source = PostgreSQL | ID = 0
Description =
Error - 24.09.2012 18:29:30 | Computer Name = *** | Source = PostgreSQL | ID = 0
Description =
Error - 24.09.2012 18:30:30 | Computer Name = *** | Source = PostgreSQL | ID = 0
Description =
Error - 24.09.2012 18:31:40 | Computer Name = *** | Source = PostgreSQL | ID = 0
Description =
Error - 24.09.2012 18:32:25 | Computer Name = *** | Source = PostgreSQL | ID = 0
Description =
Error - 24.09.2012 18:33:30 | Computer Name = *** | Source = PostgreSQL | ID = 0
Description =
Error - 24.09.2012 18:34:15 | Computer Name = *** | Source = PostgreSQL | ID = 0
Description =
Error - 24.09.2012 18:35:00 | Computer Name = *** | Source = PostgreSQL | ID = 0
Description =
Error - 24.09.2012 18:35:05 | Computer Name = *** | Source = PostgreSQL | ID = 0
Description =
Error - 25.09.2012 07:03:02 | Computer Name = *** | Source = PostgreSQL | ID = 0
Description = 2012-09-25 13:03:02 CESTFATAL: the database system is starting up
[ System Events ]
Error - 27.08.2012 13:02:43 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 27.08.2012 13:02:43 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 05.09.2012 13:48:01 | Computer Name = *** | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \...\DR3 gefunden.
Error - 07.09.2012 19:31:56 | Computer Name = *** | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 10.09.2012 13:58:17 | Computer Name = *** | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 14.09.2012 15:04:09 | Computer Name = *** | Source = DCOM | ID = 10010
Description =
Error - 15.09.2012 14:40:52 | Computer Name = *** | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 16.09.2012 08:44:28 | Computer Name = *** | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error - 21.09.2012 04:54:12 | Computer Name = *** | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 22.09.2012 19:43:47 | Computer Name = *** | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
< End of report >
|
|
25.09.2012, 21:31
| #4 |
| /// Malware-holic | telekom Abuse Meldung malware hi Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
25.09.2012, 22:01
| #5 |
| | telekom Abuse Meldung malwareCode:
ATTFilter ComboFix 12-09-24.03 - *** 25.09.2012 22:42:16.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3955.2750 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\AppData\Roaming\2YourFace
c:\users\***\AppData\Roaming\2YourFace\2YourFace.crx
c:\users\***\AppData\Roaming\2YourFace\bho.dll
c:\users\***\AppData\Roaming\2YourFace\FF8Installer.exe
c:\users\***\AppData\Roaming\2YourFace\ffextension\chrome.manifest
c:\users\***\AppData\Roaming\2YourFace\ffextension\chrome\content\ff-overlay.js
c:\users\***\AppData\Roaming\2YourFace\ffextension\chrome\content\ff-overlay.xul
c:\users\***\AppData\Roaming\2YourFace\ffextension\chrome\content\overlay.js
c:\users\***\AppData\Roaming\2YourFace\ffextension\chrome\locale\en-US\overlay.dtd
c:\users\***\AppData\Roaming\2YourFace\ffextension\chrome\locale\en-US\overlay.properties
c:\users\***\AppData\Roaming\2YourFace\ffextension\chrome\skin\overlay.css
c:\users\***\AppData\Roaming\2YourFace\ffextension\defaults\preferences\prefs.js
c:\users\***\AppData\Roaming\2YourFace\ffextension\install.rdf
c:\users\***\AppData\Roaming\2YourFace\uninst.exe
c:\users\***\AppData\Roaming\2YourFace\Updater.exe
c:\users\***\AppData\Roaming\2YourFace\version.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-25 bis 2012-09-25 ))))))))))))))))))))))))))))))
.
.
2012-09-25 20:46 . 2012-09-25 20:46 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-09-25 20:46 . 2012-09-25 20:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-19 10:59 . 2012-09-19 11:00 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-09-16 02:02 . 2012-09-16 02:02 -------- d-----w- c:\users\***\AppData\Local\ElevatedDiagnostics
2012-09-09 22:34 . 2012-09-09 22:34 -------- d-----w- c:\windows\Sun
2012-09-05 17:34 . 2012-09-05 17:34 -------- d-----w- c:\users\***\AppData\Roaming\Mozilla-Cache
2012-09-05 17:34 . 2012-09-05 17:34 -------- d-----w- c:\users\***\AppData\Roaming\Party
2012-09-02 21:31 . 2012-09-02 21:31 -------- d-----w- c:\users\***\AppData\Local\MPlayer
2012-09-02 21:29 . 2012-09-02 21:31 -------- d-----w- c:\programdata\PMS
2012-09-02 21:29 . 2012-09-04 21:26 -------- d-----w- c:\program files (x86)\PS3 Media Server
2012-08-29 15:17 . 2012-08-29 15:17 -------- d-----w- C:\Casino
2012-08-28 15:18 . 2012-08-28 15:18 -------- d-----w- c:\programdata\ATI
2012-08-28 15:16 . 2012-08-28 15:16 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-08-28 15:16 . 2012-08-28 15:16 -------- d-----w- c:\program files\ATI
2012-08-28 15:15 . 2012-08-28 15:17 -------- d-----w- c:\program files\ATI Technologies
2012-08-27 16:45 . 2012-08-27 16:45 -------- d-----w- c:\users\***\AppData\Local\Chromium
2012-08-27 02:31 . 2012-08-27 02:31 -------- d-----w- c:\programdata\Rockstar Games
2012-08-27 00:12 . 2012-08-27 02:56 -------- d-----w- c:\program files (x86)\Rockstar Games
2012-08-27 00:06 . 2012-08-27 00:06 -------- d-----w- c:\program files\7-Zip
2012-08-26 20:48 . 2012-08-26 20:48 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-08-26 20:48 . 2012-08-26 20:49 -------- d-----w- c:\users\***\AppData\Roaming\DAEMON Tools Lite
2012-08-26 20:48 . 2012-08-26 20:48 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-22 10:15 . 2012-08-22 10:15 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-22 10:14 . 2012-08-22 10:15 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-22 10:14 . 2012-08-22 10:15 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-22 02:00 . 2012-08-22 02:00 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-08-22 02:00 . 2012-08-22 02:00 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2012-08-22 02:00 . 2012-08-22 02:00 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-08-22 02:00 . 2012-08-22 02:00 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-08-22 02:00 . 2012-08-22 02:00 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-08-22 02:00 . 2012-08-22 02:00 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-08-22 02:00 . 2012-08-22 02:00 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-08-22 02:00 . 2012-08-22 02:00 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-08-22 02:00 . 2012-08-22 02:00 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2012-08-22 02:00 . 2012-08-22 02:00 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2012-08-22 02:00 . 2012-08-22 02:00 144384 ----a-w- c:\windows\system32\cdd.dll
2012-08-22 02:00 . 2012-08-22 02:00 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2012-08-22 02:00 . 2012-08-22 02:00 1133568 ----a-w- c:\windows\system32\FntCache.dll
2012-08-22 02:00 . 2012-08-22 02:00 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-08-22 02:00 . 2012-08-22 02:00 4068864 ----a-w- c:\windows\system32\mf.dll
2012-08-22 02:00 . 2012-08-22 02:00 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2012-08-22 02:00 . 2012-08-22 02:00 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-08-22 02:00 . 2012-08-22 02:00 206848 ----a-w- c:\windows\system32\mfps.dll
2012-08-22 02:00 . 2012-08-22 02:00 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2012-08-22 01:22 . 2012-08-22 01:22 20592 ----a-w- c:\windows\system32\drivers\CeKbFilter.sys
2012-08-22 00:56 . 2012-08-22 00:56 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-22 00:56 . 2012-08-22 00:56 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-22 00:49 . 2012-08-22 00:49 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-08-22 00:49 . 2012-08-22 00:49 95472 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-08-22 00:49 . 2012-08-22 00:49 3891200 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2012-08-22 00:49 . 2012-08-22 00:49 3555840 ----a-w- c:\windows\system32\bcmihvui64.dll
2012-08-22 00:49 . 2012-08-22 00:49 3058168 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2012-06-30 06:46 . 2012-08-22 01:50 95744 ----a-w- c:\windows\system32\pdfcmon.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-23 348664]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-15 34160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
2YourFace_Updater.lnk - c:\users\***\AppData\Roaming\2YourFace\Updater.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Monitor.lnk - c:\program files (x86)\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2012-8-22 91464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [2012-06-14 109064]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-15 6403072]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-15 188928]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2012-08-22 20592]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-26 283200]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-12 325152]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-971538506-1350701790-4225575363-1000Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22 01:17]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-971538506-1350701790-4225575363-1000UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22 01:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://home.sweetim.com
mStart Page = hxxp://home.sweetim.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Web-Suche - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-2YourFace - c:\users\***\AppData\Roaming\2YourFace\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-25 22:48:19
ComboFix-quarantined-files.txt 2012-09-25 20:48
.
Vor Suchlauf: 9 Verzeichnis(se), 139.167.318.016 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 141.156.610.048 Bytes frei
.
- - End Of File - - 188C7DCC447BF80245849431C1F2F557
|
|
25.09.2012, 22:05
| #6 |
| /// Malware-holic | telekom Abuse Meldung malware frage. ist das der einzige pc im haus? 2. öffne avira, verwaltung, quarantäne, poste funde mit pfadangabe download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ --> telekom Abuse Meldung malware |
|
25.09.2012, 22:24
| #7 |
| | telekom Abuse Meldung malware Nein wir haben noch 2 andere im Haus. Bei mir ists nur am wahrscheinlichsten, dass ich mir da was eingefangen hab. Quarantäne: Code:
ATTFilter Typ: Datei
Quelle: C:\Users\***\AppData\Local\Temp\JDownloaderSetup.exe
Status: Infiziert
Quarantäne-Objekt: 56ab7893.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.172
Virendefinitionsdatei: 7.11.44.24
Meldung: ADWARE/InstallCore.Gen
Datum/Uhrzeit: 25.09.2012, 18:02
Code:
ATTFilter 23:17:49.0889 2308 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
23:17:50.0324 2308 ============================================================
23:17:50.0324 2308 Current date / time: 2012/09/25 23:17:50.0324
23:17:50.0324 2308 SystemInfo:
23:17:50.0324 2308
23:17:50.0324 2308 OS Version: 6.1.7600 ServicePack: 0.0
23:17:50.0324 2308 Product type: Workstation
23:17:50.0324 2308 ComputerName: ***
23:17:50.0324 2308 UserName: ***
23:17:50.0324 2308 Windows directory: C:\Windows
23:17:50.0324 2308 System windows directory: C:\Windows
23:17:50.0324 2308 Running under WOW64
23:17:50.0325 2308 Processor architecture: Intel x64
23:17:50.0325 2308 Number of processors: 4
23:17:50.0325 2308 Page size: 0x1000
23:17:50.0325 2308 Boot type: Normal boot
23:17:50.0325 2308 ============================================================
23:17:51.0289 2308 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:17:51.0301 2308 ============================================================
23:17:51.0301 2308 \Device\Harddisk0\DR0:
23:17:51.0302 2308 MBR partitions:
23:17:51.0302 2308 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:17:51.0302 2308 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1866E000
23:17:51.0302 2308 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x186A0800, BlocksNum 0x21CE5000
23:17:51.0302 2308 ============================================================
23:17:51.0328 2308 C: <-> \Device\Harddisk0\DR0\Partition2
23:17:51.0376 2308 D: <-> \Device\Harddisk0\DR0\Partition3
23:17:51.0376 2308 ============================================================
23:17:51.0376 2308 Initialize success
23:17:51.0376 2308 ============================================================
23:19:02.0989 5356 ============================================================
23:19:02.0989 5356 Scan started
23:19:02.0989 5356 Mode: Manual; SigCheck;
23:19:02.0989 5356 ============================================================
23:19:04.0050 5356 ================ Scan system memory ========================
23:19:04.0050 5356 System memory - ok
23:19:04.0050 5356 ================ Scan services =============================
23:19:04.0206 5356 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
23:19:04.0268 5356 1394ohci - ok
23:19:04.0315 5356 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
23:19:04.0315 5356 ACPI - ok
23:19:04.0346 5356 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
23:19:04.0393 5356 AcpiPmi - ok
23:19:04.0502 5356 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:19:04.0502 5356 AdobeARMservice - ok
23:19:04.0564 5356 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:19:04.0580 5356 adp94xx - ok
23:19:04.0611 5356 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:19:04.0627 5356 adpahci - ok
23:19:04.0658 5356 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:19:04.0658 5356 adpu320 - ok
23:19:04.0689 5356 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:19:04.0736 5356 AeLookupSvc - ok
23:19:04.0798 5356 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
23:19:04.0830 5356 AFD - ok
23:19:04.0876 5356 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
23:19:04.0892 5356 agp440 - ok
23:19:04.0923 5356 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:19:04.0954 5356 ALG - ok
23:19:04.0970 5356 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
23:19:04.0986 5356 aliide - ok
23:19:05.0048 5356 [ 57B773D82E8CC3C6D7E02CC8A6632043 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:19:05.0110 5356 AMD External Events Utility - ok
23:19:05.0142 5356 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
23:19:05.0142 5356 amdide - ok
23:19:05.0173 5356 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:19:05.0188 5356 AmdK8 - ok
23:19:05.0344 5356 [ AEFAF27F1B7E52C705DF4FB6C96732F6 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
23:19:05.0422 5356 amdkmdag - ok
23:19:05.0454 5356 [ 8149DB73BE27950EC72767A1193153A6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
23:19:05.0469 5356 amdkmdap - ok
23:19:05.0500 5356 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:19:05.0516 5356 AmdPPM - ok
23:19:05.0547 5356 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
23:19:05.0563 5356 amdsata - ok
23:19:05.0578 5356 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:19:05.0594 5356 amdsbs - ok
23:19:05.0625 5356 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
23:19:05.0625 5356 amdxata - ok
23:19:05.0688 5356 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:19:05.0703 5356 AntiVirSchedulerService - ok
23:19:05.0719 5356 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:19:05.0719 5356 AntiVirService - ok
23:19:05.0766 5356 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
23:19:05.0812 5356 AppID - ok
23:19:05.0828 5356 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:19:05.0875 5356 AppIDSvc - ok
23:19:05.0922 5356 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
23:19:05.0953 5356 Appinfo - ok
23:19:06.0000 5356 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
23:19:06.0000 5356 arc - ok
23:19:06.0015 5356 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:19:06.0031 5356 arcsas - ok
23:19:06.0109 5356 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:19:06.0109 5356 aspnet_state - ok
23:19:06.0140 5356 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:19:06.0171 5356 AsyncMac - ok
23:19:06.0202 5356 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
23:19:06.0218 5356 atapi - ok
23:19:06.0265 5356 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:19:06.0327 5356 AudioEndpointBuilder - ok
23:19:06.0327 5356 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:19:06.0374 5356 AudioSrv - ok
23:19:06.0390 5356 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
23:19:06.0405 5356 avgntflt - ok
23:19:06.0436 5356 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
23:19:06.0452 5356 avipbb - ok
23:19:06.0468 5356 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
23:19:06.0468 5356 avkmgr - ok
23:19:06.0499 5356 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:19:06.0717 5356 AxInstSV - ok
23:19:06.0764 5356 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
23:19:06.0795 5356 b06bdrv - ok
23:19:06.0842 5356 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:19:06.0873 5356 b57nd60a - ok
23:19:06.0967 5356 [ 5B5C36B2EC500462A715DB6BCBAF5DA7 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
23:19:07.0014 5356 BCM43XX - ok
23:19:07.0060 5356 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:19:07.0076 5356 BDESVC - ok
23:19:07.0123 5356 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:19:07.0154 5356 Beep - ok
23:19:07.0216 5356 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
23:19:07.0248 5356 BFE - ok
23:19:07.0294 5356 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
23:19:07.0326 5356 BITS - ok
23:19:07.0357 5356 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:19:07.0357 5356 blbdrive - ok
23:19:07.0404 5356 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:19:07.0435 5356 bowser - ok
23:19:07.0466 5356 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:19:07.0482 5356 BrFiltLo - ok
23:19:07.0482 5356 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:19:07.0497 5356 BrFiltUp - ok
23:19:07.0513 5356 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
23:19:07.0544 5356 BridgeMP - ok
23:19:07.0575 5356 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
23:19:07.0606 5356 Browser - ok
23:19:07.0638 5356 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:19:07.0653 5356 Brserid - ok
23:19:07.0669 5356 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:19:07.0684 5356 BrSerWdm - ok
23:19:07.0716 5356 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:19:07.0731 5356 BrUsbMdm - ok
23:19:07.0747 5356 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:19:07.0778 5356 BrUsbSer - ok
23:19:07.0825 5356 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
23:19:07.0856 5356 BthEnum - ok
23:19:07.0872 5356 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:19:07.0903 5356 BTHMODEM - ok
23:19:07.0950 5356 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
23:19:07.0965 5356 BthPan - ok
23:19:08.0012 5356 [ 21084CEB85280468C9ACA3C805C0F8CF ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
23:19:08.0059 5356 BTHPORT - ok
23:19:08.0090 5356 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:19:08.0137 5356 bthserv - ok
23:19:08.0152 5356 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
23:19:08.0168 5356 BTHUSB - ok
23:19:08.0215 5356 catchme - ok
23:19:08.0246 5356 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:19:08.0277 5356 cdfs - ok
23:19:08.0324 5356 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:19:08.0340 5356 cdrom - ok
23:19:08.0386 5356 [ 7E83E47BD1FF93E11CD69F1AD65A9581 ] CeKbFilter C:\Windows\system32\DRIVERS\CeKbFilter.sys
23:19:08.0386 5356 CeKbFilter - ok
23:19:08.0433 5356 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
23:19:08.0480 5356 CertPropSvc - ok
23:19:08.0496 5356 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:19:08.0527 5356 circlass - ok
23:19:08.0558 5356 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:19:08.0574 5356 CLFS - ok
23:19:08.0636 5356 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:19:08.0652 5356 clr_optimization_v2.0.50727_32 - ok
23:19:08.0683 5356 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:19:08.0683 5356 clr_optimization_v2.0.50727_64 - ok
23:19:08.0761 5356 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:19:08.0761 5356 clr_optimization_v4.0.30319_32 - ok
23:19:08.0808 5356 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:19:08.0808 5356 clr_optimization_v4.0.30319_64 - ok
23:19:08.0854 5356 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:19:08.0870 5356 CmBatt - ok
23:19:08.0886 5356 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
23:19:08.0901 5356 cmdide - ok
23:19:08.0932 5356 [ 937BEB186A735ACA91D717044A49D17E ] CNG C:\Windows\system32\Drivers\cng.sys
23:19:08.0979 5356 CNG - ok
23:19:09.0010 5356 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:19:09.0026 5356 Compbatt - ok
23:19:09.0057 5356 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
23:19:09.0088 5356 CompositeBus - ok
23:19:09.0104 5356 COMSysApp - ok
23:19:09.0135 5356 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:19:09.0151 5356 crcdisk - ok
23:19:09.0198 5356 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:19:09.0229 5356 CryptSvc - ok
23:19:09.0276 5356 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:19:09.0322 5356 DcomLaunch - ok
23:19:09.0338 5356 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:19:09.0400 5356 defragsvc - ok
23:19:09.0432 5356 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:19:09.0447 5356 DfsC - ok
23:19:09.0494 5356 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
23:19:09.0541 5356 Dhcp - ok
23:19:09.0572 5356 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:19:09.0619 5356 discache - ok
23:19:09.0650 5356 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:19:09.0666 5356 Disk - ok
23:19:09.0697 5356 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:19:09.0712 5356 Dnscache - ok
23:19:09.0744 5356 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
23:19:09.0790 5356 dot3svc - ok
23:19:09.0806 5356 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
23:19:09.0868 5356 DPS - ok
23:19:09.0900 5356 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:19:09.0915 5356 drmkaud - ok
23:19:09.0962 5356 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
23:19:09.0962 5356 dtsoftbus01 - ok
23:19:10.0009 5356 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:19:10.0024 5356 DXGKrnl - ok
23:19:10.0056 5356 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:19:10.0102 5356 EapHost - ok
23:19:10.0180 5356 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
23:19:10.0243 5356 ebdrv - ok
23:19:10.0258 5356 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
23:19:10.0274 5356 EFS - ok
23:19:10.0336 5356 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:19:10.0368 5356 ehRecvr - ok
23:19:10.0414 5356 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:19:10.0430 5356 ehSched - ok
23:19:10.0477 5356 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:19:10.0492 5356 elxstor - ok
23:19:10.0508 5356 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
23:19:10.0524 5356 ErrDev - ok
23:19:10.0586 5356 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:19:10.0617 5356 EventSystem - ok
23:19:10.0648 5356 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:19:10.0695 5356 exfat - ok
23:19:10.0711 5356 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:19:10.0758 5356 fastfat - ok
23:19:10.0804 5356 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
23:19:10.0836 5356 Fax - ok
23:19:10.0851 5356 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:19:10.0882 5356 fdc - ok
23:19:10.0929 5356 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:19:10.0960 5356 fdPHost - ok
23:19:10.0976 5356 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:19:11.0007 5356 FDResPub - ok
23:19:11.0023 5356 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:19:11.0038 5356 FileInfo - ok
23:19:11.0054 5356 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:19:11.0101 5356 Filetrace - ok
23:19:11.0132 5356 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:19:11.0132 5356 flpydisk - ok
23:19:11.0179 5356 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:19:11.0194 5356 FltMgr - ok
23:19:11.0241 5356 [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache C:\Windows\system32\FntCache.dll
23:19:11.0288 5356 FontCache - ok
23:19:11.0350 5356 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:19:11.0350 5356 FontCache3.0.0.0 - ok
23:19:11.0382 5356 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:19:11.0382 5356 FsDepends - ok
23:19:11.0428 5356 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:19:11.0428 5356 Fs_Rec - ok
23:19:11.0460 5356 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:19:11.0475 5356 fvevol - ok
23:19:11.0491 5356 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:19:11.0506 5356 gagp30kx - ok
23:19:11.0553 5356 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
23:19:11.0584 5356 gpsvc - ok
23:19:11.0616 5356 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:19:11.0647 5356 hcw85cir - ok
23:19:11.0678 5356 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:19:11.0694 5356 HdAudAddService - ok
23:19:11.0834 5356 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:19:11.0865 5356 HDAudBus - ok
23:19:11.0896 5356 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
23:19:11.0896 5356 HECIx64 - ok
23:19:11.0912 5356 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:19:11.0928 5356 HidBatt - ok
23:19:11.0943 5356 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:19:11.0959 5356 HidBth - ok
23:19:11.0974 5356 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:19:11.0974 5356 HidIr - ok
23:19:12.0006 5356 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
23:19:12.0052 5356 hidserv - ok
23:19:12.0084 5356 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:19:12.0099 5356 HidUsb - ok
23:19:12.0146 5356 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:19:12.0177 5356 hkmsvc - ok
23:19:12.0208 5356 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:19:12.0240 5356 HomeGroupListener - ok
23:19:12.0271 5356 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:19:12.0302 5356 HomeGroupProvider - ok
23:19:12.0333 5356 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
23:19:12.0349 5356 HpSAMD - ok
23:19:12.0380 5356 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:19:12.0427 5356 HTTP - ok
23:19:12.0442 5356 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:19:12.0458 5356 hwpolicy - ok
23:19:12.0474 5356 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:19:12.0474 5356 i8042prt - ok
23:19:12.0489 5356 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
23:19:12.0505 5356 iaStorV - ok
23:19:12.0567 5356 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:19:12.0583 5356 idsvc - ok
23:19:12.0614 5356 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:19:12.0614 5356 iirsp - ok
23:19:12.0661 5356 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
23:19:12.0723 5356 IKEEXT - ok
23:19:12.0754 5356 [ 4B6363CD4610BB848531BB260B15DFCC ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
23:19:12.0786 5356 Impcd - ok
23:19:12.0864 5356 [ 490947A9AFF7CA31EF2E08F5776105EB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:19:12.0895 5356 IntcAzAudAddService - ok
23:19:12.0926 5356 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
23:19:12.0942 5356 intelide - ok
23:19:12.0957 5356 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:19:12.0988 5356 intelppm - ok
23:19:13.0020 5356 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:19:13.0066 5356 IPBusEnum - ok
23:19:13.0098 5356 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:19:13.0129 5356 IpFilterDriver - ok
23:19:13.0176 5356 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:19:13.0222 5356 iphlpsvc - ok
23:19:13.0238 5356 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:19:13.0238 5356 IPMIDRV - ok
23:19:13.0254 5356 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:19:13.0285 5356 IPNAT - ok
23:19:13.0332 5356 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:19:13.0332 5356 IRENUM - ok
23:19:13.0363 5356 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
23:19:13.0378 5356 isapnp - ok
23:19:13.0394 5356 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:19:13.0410 5356 iScsiPrt - ok
23:19:13.0441 5356 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:19:13.0441 5356 kbdclass - ok
23:19:13.0488 5356 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:19:13.0503 5356 kbdhid - ok
23:19:13.0519 5356 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
23:19:13.0519 5356 KeyIso - ok
23:19:13.0550 5356 [ 16C1B906FC5EAD84769F90B736B6BF0E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:19:13.0566 5356 KSecDD - ok
23:19:13.0581 5356 [ 0B711550C56444879D71C7DAABDA6C83 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:19:13.0597 5356 KSecPkg - ok
23:19:13.0628 5356 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:19:13.0675 5356 ksthunk - ok
23:19:13.0706 5356 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:19:13.0753 5356 KtmRm - ok
23:19:13.0800 5356 [ C926920B8978DE6ACFE9E15C709E9B57 ] LanmanServer C:\Windows\System32\srvsvc.dll
23:19:13.0846 5356 LanmanServer - ok
23:19:13.0862 5356 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:19:13.0909 5356 LanmanWorkstation - ok
23:19:13.0971 5356 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:19:14.0002 5356 lltdio - ok
23:19:14.0018 5356 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:19:14.0065 5356 lltdsvc - ok
23:19:14.0080 5356 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:19:14.0112 5356 lmhosts - ok
23:19:14.0190 5356 [ 23DE5B62B0445A6F874BE633C95B483E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:19:14.0205 5356 LMS - ok
23:19:14.0252 5356 [ 2825A71E7501CB33B3B9F856610C729D ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
23:19:14.0268 5356 LPCFilter - ok
23:19:14.0283 5356 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:19:14.0299 5356 LSI_FC - ok
23:19:14.0299 5356 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:19:14.0314 5356 LSI_SAS - ok
23:19:14.0330 5356 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:19:14.0346 5356 LSI_SAS2 - ok
23:19:14.0377 5356 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:19:14.0377 5356 LSI_SCSI - ok
23:19:14.0392 5356 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:19:14.0439 5356 luafv - ok
23:19:14.0470 5356 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:19:14.0486 5356 Mcx2Svc - ok
23:19:14.0502 5356 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:19:14.0517 5356 megasas - ok
23:19:14.0548 5356 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:19:14.0564 5356 MegaSR - ok
23:19:14.0580 5356 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:19:14.0626 5356 MMCSS - ok
23:19:14.0642 5356 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:19:14.0689 5356 Modem - ok
23:19:14.0720 5356 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:19:14.0751 5356 monitor - ok
23:19:14.0798 5356 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:19:14.0814 5356 mouclass - ok
23:19:14.0829 5356 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:19:14.0845 5356 mouhid - ok
23:19:14.0860 5356 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:19:14.0876 5356 mountmgr - ok
23:19:14.0892 5356 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
23:19:14.0907 5356 mpio - ok
23:19:14.0938 5356 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:19:14.0970 5356 mpsdrv - ok
23:19:15.0016 5356 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:19:15.0079 5356 MpsSvc - ok
23:19:15.0094 5356 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:19:15.0126 5356 MRxDAV - ok
23:19:15.0141 5356 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:19:15.0157 5356 mrxsmb - ok
23:19:15.0188 5356 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:19:15.0219 5356 mrxsmb10 - ok
23:19:15.0235 5356 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:19:15.0266 5356 mrxsmb20 - ok
23:19:15.0282 5356 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
23:19:15.0297 5356 msahci - ok
23:19:15.0313 5356 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
23:19:15.0328 5356 msdsm - ok
23:19:15.0344 5356 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:19:15.0375 5356 MSDTC - ok
23:19:15.0422 5356 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:19:15.0453 5356 Msfs - ok
23:19:15.0453 5356 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:19:15.0500 5356 mshidkmdf - ok
23:19:15.0516 5356 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
23:19:15.0516 5356 msisadrv - ok
23:19:15.0547 5356 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:19:15.0594 5356 MSiSCSI - ok
23:19:15.0594 5356 msiserver - ok
23:19:15.0640 5356 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:19:15.0672 5356 MSKSSRV - ok
23:19:15.0703 5356 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:19:15.0734 5356 MSPCLOCK - ok
23:19:15.0765 5356 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:19:15.0812 5356 MSPQM - ok
23:19:15.0828 5356 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:19:15.0843 5356 MsRPC - ok
23:19:15.0859 5356 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:19:15.0874 5356 mssmbios - ok
23:19:15.0890 5356 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:19:15.0921 5356 MSTEE - ok
23:19:15.0952 5356 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:19:15.0968 5356 MTConfig - ok
23:19:15.0999 5356 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:19:16.0015 5356 Mup - ok
23:19:16.0030 5356 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
23:19:16.0077 5356 napagent - ok
23:19:16.0124 5356 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:19:16.0155 5356 NativeWifiP - ok
23:19:16.0202 5356 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
23:19:16.0218 5356 NDIS - ok
23:19:16.0233 5356 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:19:16.0280 5356 NdisCap - ok
23:19:16.0311 5356 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:19:16.0374 5356 NdisTapi - ok
23:19:16.0389 5356 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:19:16.0420 5356 Ndisuio - ok
23:19:16.0452 5356 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:19:16.0483 5356 NdisWan - ok
23:19:16.0498 5356 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:19:16.0530 5356 NDProxy - ok
23:19:16.0545 5356 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:19:16.0592 5356 NetBIOS - ok
23:19:16.0623 5356 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:19:16.0654 5356 NetBT - ok
23:19:16.0670 5356 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
23:19:16.0670 5356 Netlogon - ok
23:19:16.0717 5356 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:19:16.0748 5356 Netman - ok
23:19:16.0779 5356 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:19:16.0795 5356 NetMsmqActivator - ok
23:19:16.0810 5356 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:19:16.0810 5356 NetPipeActivator - ok
23:19:16.0842 5356 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:19:16.0935 5356 netprofm - ok
23:19:16.0951 5356 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:19:16.0966 5356 NetTcpActivator - ok
23:19:16.0966 5356 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:19:16.0982 5356 NetTcpPortSharing - ok
23:19:17.0013 5356 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:19:17.0029 5356 nfrd960 - ok
23:19:17.0060 5356 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:19:17.0122 5356 NlaSvc - ok
23:19:17.0138 5356 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:19:17.0169 5356 Npfs - ok
23:19:17.0200 5356 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:19:17.0232 5356 nsi - ok
23:19:17.0263 5356 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:19:17.0294 5356 nsiproxy - ok
23:19:17.0341 5356 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:19:17.0372 5356 Ntfs - ok
23:19:17.0403 5356 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:19:17.0450 5356 Null - ok
23:19:17.0466 5356 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
23:19:17.0481 5356 nvraid - ok
23:19:17.0497 5356 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
23:19:17.0497 5356 nvstor - ok
23:19:17.0528 5356 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
23:19:17.0528 5356 nv_agp - ok
23:19:17.0559 5356 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
23:19:17.0559 5356 ohci1394 - ok
23:19:17.0590 5356 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:19:17.0637 5356 p2pimsvc - ok
23:19:17.0653 5356 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:19:17.0668 5356 p2psvc - ok
23:19:17.0700 5356 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:19:17.0700 5356 Parport - ok
23:19:17.0731 5356 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:19:17.0746 5356 partmgr - ok
23:19:17.0778 5356 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:19:17.0793 5356 PcaSvc - ok
23:19:17.0824 5356 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
23:19:17.0840 5356 pci - ok
23:19:17.0856 5356 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
23:19:17.0856 5356 pciide - ok
23:19:17.0871 5356 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:19:17.0887 5356 pcmcia - ok
23:19:17.0918 5356 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:19:17.0918 5356 pcw - ok
23:19:17.0934 5356 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:19:17.0996 5356 PEAUTH - ok
23:19:18.0074 5356 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:19:18.0090 5356 PerfHost - ok
23:19:18.0136 5356 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
23:19:18.0136 5356 PGEffect - ok
23:19:18.0183 5356 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
23:19:18.0261 5356 pla - ok
23:19:18.0292 5356 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:19:18.0339 5356 PlugPlay - ok
23:19:18.0370 5356 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:19:18.0386 5356 PNRPAutoReg - ok
23:19:18.0417 5356 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:19:18.0433 5356 PNRPsvc - ok
23:19:18.0464 5356 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:19:18.0511 5356 PolicyAgent - ok
23:19:18.0558 5356 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:19:18.0589 5356 Power - ok
23:19:18.0636 5356 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:19:18.0682 5356 PptpMiniport - ok
23:19:18.0698 5356 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:19:18.0698 5356 Processor - ok
23:19:18.0745 5356 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
23:19:18.0792 5356 ProfSvc - ok
23:19:18.0807 5356 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:19:18.0823 5356 ProtectedStorage - ok
23:19:18.0838 5356 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:19:18.0885 5356 Psched - ok
23:19:18.0932 5356 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:19:18.0963 5356 ql2300 - ok
23:19:18.0994 5356 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:19:18.0994 5356 ql40xx - ok
23:19:19.0026 5356 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:19:19.0041 5356 QWAVE - ok
23:19:19.0057 5356 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:19:19.0072 5356 QWAVEdrv - ok
23:19:19.0088 5356 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:19:19.0135 5356 RasAcd - ok
23:19:19.0182 5356 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:19:19.0213 5356 RasAgileVpn - ok
23:19:19.0228 5356 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:19:19.0291 5356 RasAuto - ok
23:19:19.0322 5356 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:19:19.0384 5356 Rasl2tp - ok
23:19:19.0416 5356 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
23:19:19.0447 5356 RasMan - ok
23:19:19.0478 5356 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:19:19.0525 5356 RasPppoe - ok
23:19:19.0540 5356 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:19:19.0572 5356 RasSstp - ok
23:19:19.0603 5356 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:19:19.0650 5356 rdbss - ok
23:19:19.0665 5356 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:19:19.0681 5356 rdpbus - ok
23:19:19.0696 5356 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:19:19.0728 5356 RDPCDD - ok
23:19:19.0759 5356 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:19:19.0790 5356 RDPENCDD - ok
23:19:19.0806 5356 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:19:19.0837 5356 RDPREFMP - ok
23:19:19.0868 5356 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:19:19.0915 5356 RDPWD - ok
23:19:19.0946 5356 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:19:19.0946 5356 rdyboost - ok
23:19:19.0977 5356 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:19:20.0040 5356 RemoteAccess - ok
23:19:20.0055 5356 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:19:20.0102 5356 RemoteRegistry - ok
23:19:20.0133 5356 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
23:19:20.0164 5356 RFCOMM - ok
23:19:20.0196 5356 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:19:20.0242 5356 RpcEptMapper - ok
23:19:20.0274 5356 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:19:20.0274 5356 RpcLocator - ok
23:19:20.0320 5356 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
23:19:20.0367 5356 RpcSs - ok
23:19:20.0398 5356 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:19:20.0445 5356 rspndr - ok
23:19:20.0476 5356 [ 4E821C740A675F6D040BE41D59A62B1D ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
23:19:20.0492 5356 RTHDMIAzAudService - ok
23:19:20.0539 5356 [ FD978B2BF8A9B2390DCBEF435E9C1F9F ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
23:19:20.0539 5356 RTL8167 - ok
23:19:20.0554 5356 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
23:19:20.0570 5356 SamSs - ok
23:19:20.0586 5356 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
23:19:20.0601 5356 sbp2port - ok
23:19:20.0617 5356 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:19:20.0664 5356 SCardSvr - ok
23:19:20.0679 5356 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:19:20.0742 5356 scfilter - ok
23:19:20.0773 5356 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
23:19:20.0804 5356 Schedule - ok
23:19:20.0835 5356 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:19:20.0866 5356 SCPolicySvc - ok
23:19:20.0898 5356 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:19:20.0913 5356 SDRSVC - ok
23:19:20.0960 5356 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:19:21.0007 5356 secdrv - ok
23:19:21.0038 5356 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
23:19:21.0085 5356 seclogon - ok
23:19:21.0100 5356 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
23:19:21.0147 5356 SENS - ok
23:19:21.0163 5356 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:19:21.0194 5356 SensrSvc - ok
23:19:21.0210 5356 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:19:21.0225 5356 Serenum - ok
23:19:21.0272 5356 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:19:21.0303 5356 Serial - ok
23:19:21.0319 5356 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:19:21.0350 5356 sermouse - ok
23:19:21.0366 5356 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
23:19:21.0397 5356 SessionEnv - ok
23:19:21.0428 5356 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
23:19:21.0459 5356 sffdisk - ok
23:19:21.0459 5356 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:19:21.0475 5356 sffp_mmc - ok
23:19:21.0475 5356 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
23:19:21.0490 5356 sffp_sd - ok
23:19:21.0490 5356 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:19:21.0506 5356 sfloppy - ok
23:19:21.0537 5356 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:19:21.0584 5356 SharedAccess - ok
23:19:21.0615 5356 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:19:21.0631 5356 ShellHWDetection - ok
23:19:21.0678 5356 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:19:21.0693 5356 SiSRaid2 - ok
23:19:21.0709 5356 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:19:21.0709 5356 SiSRaid4 - ok
23:19:21.0756 5356 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
23:19:21.0756 5356 SkypeUpdate - ok
23:19:21.0787 5356 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:19:21.0834 5356 Smb - ok
23:19:21.0865 5356 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:19:21.0880 5356 SNMPTRAP - ok
23:19:21.0896 5356 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:19:21.0912 5356 spldr - ok
23:19:21.0943 5356 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
23:19:21.0958 5356 Spooler - ok
23:19:22.0052 5356 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
23:19:22.0114 5356 sppsvc - ok
23:19:22.0146 5356 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:19:22.0177 5356 sppuinotify - ok
23:19:22.0224 5356 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:19:22.0255 5356 srv - ok
23:19:22.0286 5356 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:19:22.0317 5356 srv2 - ok
23:19:22.0333 5356 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:19:22.0348 5356 srvnet - ok
23:19:22.0395 5356 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:19:22.0426 5356 SSDPSRV - ok
23:19:22.0426 5356 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:19:22.0473 5356 SstpSvc - ok
23:19:22.0504 5356 Steam Client Service - ok
23:19:22.0536 5356 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:19:22.0536 5356 stexstor - ok
23:19:22.0582 5356 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
23:19:22.0614 5356 stisvc - ok
23:19:22.0629 5356 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:19:22.0645 5356 swenum - ok
23:19:22.0676 5356 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:19:22.0723 5356 swprv - ok
23:19:22.0770 5356 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
23:19:22.0785 5356 SynTP - ok
23:19:22.0848 5356 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
23:19:22.0894 5356 SysMain - ok
23:19:22.0910 5356 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:19:22.0926 5356 TabletInputService - ok
23:19:22.0941 5356 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
23:19:22.0988 5356 TapiSrv - ok
23:19:22.0988 5356 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:19:23.0035 5356 TBS - ok
23:19:23.0097 5356 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:19:23.0128 5356 Tcpip - ok
23:19:23.0191 5356 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:19:23.0222 5356 TCPIP6 - ok
23:19:23.0253 5356 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:19:23.0284 5356 tcpipreg - ok
23:19:23.0316 5356 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:19:23.0331 5356 TDPIPE - ok
23:19:23.0362 5356 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:19:23.0394 5356 TDTCP - ok
23:19:23.0409 5356 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:19:23.0456 5356 tdx - ok
23:19:23.0472 5356 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:19:23.0472 5356 TermDD - ok
23:19:23.0518 5356 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
23:19:23.0550 5356 TermService - ok
23:19:23.0565 5356 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:19:23.0581 5356 Themes - ok
23:19:23.0596 5356 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:19:23.0628 5356 THREADORDER - ok
23:19:23.0659 5356 [ 11699D47B3491D86249C168496D55C92 ] tosrfec C:\Windows\system32\DRIVERS\tosrfec.sys
23:19:23.0659 5356 tosrfec - ok
23:19:23.0690 5356 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:19:23.0737 5356 TrkWks - ok
23:19:23.0784 5356 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:19:23.0815 5356 TrustedInstaller - ok
23:19:23.0830 5356 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:19:23.0862 5356 tssecsrv - ok
23:19:23.0893 5356 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:19:23.0940 5356 tunnel - ok
23:19:23.0971 5356 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:19:23.0971 5356 uagp35 - ok
23:19:23.0986 5356 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:19:24.0018 5356 udfs - ok
23:19:24.0049 5356 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:19:24.0064 5356 UI0Detect - ok
23:19:24.0080 5356 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
23:19:24.0096 5356 uliagpkx - ok
23:19:24.0127 5356 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:19:24.0142 5356 umbus - ok
23:19:24.0158 5356 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:19:24.0174 5356 UmPass - ok
23:19:24.0252 5356 [ CC3775100ABA633984F73DFAE1F55CAE ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:19:24.0298 5356 UNS - ok
23:19:24.0330 5356 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:19:24.0376 5356 upnphost - ok
23:19:24.0408 5356 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:19:24.0423 5356 usbccgp - ok
23:19:24.0439 5356 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
23:19:24.0454 5356 usbcir - ok
23:19:24.0486 5356 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:19:24.0501 5356 usbehci - ok
23:19:24.0532 5356 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:19:24.0548 5356 usbhub - ok
23:19:24.0564 5356 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
23:19:24.0579 5356 usbohci - ok
23:19:24.0595 5356 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:19:24.0626 5356 usbprint - ok
23:19:24.0642 5356 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:19:24.0657 5356 USBSTOR - ok
23:19:24.0688 5356 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:19:24.0704 5356 usbuhci - ok
23:19:24.0735 5356 [ D501E12614B00A3252073101D6A1A74B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
23:19:24.0751 5356 usbvideo - ok
23:19:24.0782 5356 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:19:24.0813 5356 UxSms - ok
23:19:24.0829 5356 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
23:19:24.0829 5356 VaultSvc - ok
23:19:24.0860 5356 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
23:19:24.0860 5356 vdrvroot - ok
23:19:24.0907 5356 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
23:19:24.0922 5356 vds - ok
23:19:24.0954 5356 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:19:24.0969 5356 vga - ok
23:19:25.0000 5356 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:19:25.0047 5356 VgaSave - ok
23:19:25.0047 5356 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
23:19:25.0063 5356 vhdmp - ok
23:19:25.0078 5356 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
23:19:25.0078 5356 viaide - ok
23:19:25.0110 5356 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
23:19:25.0125 5356 volmgr - ok
23:19:25.0141 5356 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:19:25.0156 5356 volmgrx - ok
23:19:25.0172 5356 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
23:19:25.0172 5356 volsnap - ok
23:19:25.0203 5356 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:19:25.0219 5356 vsmraid - ok
23:19:25.0266 5356 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
23:19:25.0312 5356 VSS - ok
23:19:25.0328 5356 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:19:25.0344 5356 vwifibus - ok
23:19:25.0375 5356 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:19:25.0406 5356 vwififlt - ok
23:19:25.0437 5356 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:19:25.0468 5356 W32Time - ok
23:19:25.0500 5356 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:19:25.0515 5356 WacomPen - ok
23:19:25.0562 5356 [ 4AA2CC5979AFF984227364F2C23B04F3 ] WajamUpdater C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
23:19:25.0593 5356 WajamUpdater ( UnsignedFile.Multi.Generic ) - warning
23:19:25.0593 5356 WajamUpdater - detected UnsignedFile.Multi.Generic (1)
23:19:25.0624 5356 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:19:25.0671 5356 WANARP - ok
23:19:25.0671 5356 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:19:25.0702 5356 Wanarpv6 - ok
23:19:25.0765 5356 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
23:19:25.0796 5356 wbengine - ok
23:19:25.0812 5356 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:19:25.0827 5356 WbioSrvc - ok
23:19:25.0843 5356 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:19:25.0858 5356 wcncsvc - ok
23:19:25.0874 5356 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:19:25.0890 5356 WcsPlugInService - ok
23:19:25.0905 5356 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:19:25.0921 5356 Wd - ok
23:19:25.0936 5356 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:19:25.0952 5356 Wdf01000 - ok
23:19:25.0968 5356 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:19:25.0999 5356 WdiServiceHost - ok
23:19:25.0999 5356 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:19:26.0014 5356 WdiSystemHost - ok
23:19:26.0061 5356 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
23:19:26.0077 5356 WebClient - ok
23:19:26.0092 5356 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:19:26.0139 5356 Wecsvc - ok
23:19:26.0170 5356 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:19:26.0202 5356 wercplsupport - ok
23:19:26.0217 5356 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:19:26.0264 5356 WerSvc - ok
23:19:26.0280 5356 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:19:26.0326 5356 WfpLwf - ok
23:19:26.0326 5356 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:19:26.0342 5356 WIMMount - ok
23:19:26.0373 5356 WinDefend - ok
23:19:26.0373 5356 WinHttpAutoProxySvc - ok
23:19:26.0436 5356 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:19:26.0482 5356 Winmgmt - ok
23:19:26.0545 5356 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
23:19:26.0607 5356 WinRM - ok
23:19:26.0638 5356 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:19:26.0654 5356 WinUsb - ok
23:19:26.0701 5356 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:19:26.0732 5356 Wlansvc - ok
23:19:26.0748 5356 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:19:26.0763 5356 WmiAcpi - ok
23:19:26.0794 5356 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:19:26.0810 5356 wmiApSrv - ok
23:19:26.0841 5356 WMPNetworkSvc - ok
23:19:26.0872 5356 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:19:26.0919 5356 WPCSvc - ok
23:19:26.0935 5356 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:19:26.0982 5356 WPDBusEnum - ok
23:19:26.0997 5356 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:19:27.0044 5356 ws2ifsl - ok
23:19:27.0060 5356 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
23:19:27.0091 5356 wscsvc - ok
23:19:27.0091 5356 WSearch - ok
23:19:27.0153 5356 [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv C:\Windows\system32\wuaueng.dll
23:19:27.0216 5356 wuauserv - ok
23:19:27.0216 5356 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:19:27.0247 5356 WudfPf - ok
23:19:27.0278 5356 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:19:27.0325 5356 WUDFRd - ok
23:19:27.0356 5356 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:19:27.0403 5356 wudfsvc - ok
23:19:27.0418 5356 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:19:27.0450 5356 WwanSvc - ok
23:19:27.0481 5356 ================ Scan global ===============================
23:19:27.0496 5356 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:19:27.0528 5356 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
23:19:27.0543 5356 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
23:19:27.0559 5356 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:19:27.0606 5356 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:19:27.0606 5356 [Global] - ok
23:19:27.0606 5356 ================ Scan MBR ==================================
23:19:27.0621 5356 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:19:27.0840 5356 \Device\Harddisk0\DR0 - ok
23:19:27.0840 5356 ================ Scan VBR ==================================
23:19:27.0840 5356 [ 0A9414F44EA6067B8DC70A4A95A4E2E7 ] \Device\Harddisk0\DR0\Partition1
23:19:27.0840 5356 \Device\Harddisk0\DR0\Partition1 - ok
23:19:27.0855 5356 [ 303722901FE22B500219D1AB2C648C33 ] \Device\Harddisk0\DR0\Partition2
23:19:27.0855 5356 \Device\Harddisk0\DR0\Partition2 - ok
23:19:27.0871 5356 [ B8F6950478465028C3BBF1EE5368E560 ] \Device\Harddisk0\DR0\Partition3
23:19:27.0886 5356 \Device\Harddisk0\DR0\Partition3 - ok
23:19:27.0886 5356 ============================================================
23:19:27.0886 5356 Scan finished
23:19:27.0886 5356 ============================================================
23:19:27.0886 3784 Detected object count: 1
23:19:27.0886 3784 Actual detected object count: 1
23:19:33.0939 3784 WajamUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
23:19:33.0939 3784 WajamUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
25.09.2012, 22:32
| #8 |
| /// Malware-holic | telekom Abuse Meldung malware hi poste mal otl logs der anderen beiden pcs, nummerieren bitte, + die funde der instalierten antimalware programme
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
25.09.2012, 22:35
| #9 |
| | telekom Abuse Meldung malware ok, das werde ich morgen machen. Danke schon mal soweit! |
|
25.09.2012, 22:46
| #10 |
| /// Malware-holic | telekom Abuse Meldung malware kein prob bitte die rechner nur dann online bringen, wenn unbedingt nötig, ansonsten netzwerkkabel raus, bzw wlan aus
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu telekom Abuse Meldung malware |
| .dll, adware, avg, avira, beseitigung, botnetzbetreiber, brief, computer, desktop, euro, gesperrt, home, kunde, malware, modul, ntdll.dll, problem, programm, prozesse, registry, server, services.exe, sinkhole, spam, svchost.exe, temp, warnung, windows, winlogon.exe, wuauclt.exe |
Linear-Darstellung
