|
Log-Analyse und Auswertung: GVU Trojaner / Virus mit WebcamWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
28.10.2012, 15:35 | #1 |
| GVU Trojaner / Virus mit Webcam Guten Tag, heute hat es den Laptop meiner Schwester erwischt. Habe die empfohlenen Analysen, soweit ich Sie richtig verstanden habe, durchgeführt. Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.28.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 username :: NB [Administrator] 28.10.2012 13:55:08 mbam-log-2012-10-28 (13-55-08).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 189861 Laufzeit: 7 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 1 C:\ProgramData\lsass.exe (Trojan.Delf) -> 1676 -> Löschen bei Neustart. Infizierte Speichermodule: 1 C:\Users\username\AppData\Local\Temp\wpbt0.dll (Trojan.Agent) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\username\AppData\Local\Temp\wpbt0.dll (Trojan.Agent) -> Löschen bei Neustart. C:\ProgramData\lsass.exe (Trojan.Delf) -> Löschen bei Neustart. C:\Users\username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 28.10.2012 14:13:19 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\username\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,69% Memory free 6,19 Gb Paging File | 5,15 Gb Available in Paging File | 83,06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 102,31 Gb Free Space | 68,65% Space Free | Partition Type: NTFS Drive D: | 139,28 Gb Total Space | 120,20 Gb Free Space | 86,30% Space Free | Partition Type: NTFS Drive F: | 122,74 Mb Total Space | 104,46 Mb Free Space | 85,11% Space Free | Partition Type: FAT Computer Name: NB | User Name: username | Logged in as Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe () SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe () SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe () ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation) DRV - (s1018unic) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation) DRV - (s1018mgmt) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation) DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation) DRV - (s1018bus) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation) DRV - (s1018nd5) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation) DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider) DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys () DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3009654975-407849651-2991692621-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKU\S-1-5-21-3009654975-407849651-2991692621-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com IE - HKU\S-1-5-21-3009654975-407849651-2991692621-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3009654975-407849651-2991692621-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3009654975-407849651-2991692621-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-3009654975-407849651-2991692621-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.8.1: C:\Users\username\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 08:23:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.20 16:47:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.02 18:18:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.12.29 14:39:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.20 16:47:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.02 18:18:51 | 000,000,000 | ---D | M] [2008.09.19 16:35:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\username\AppData\Roaming\mozilla\Extensions [2012.10.24 19:28:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\lv4tc53n.default\extensions [2012.08.03 20:06:30 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\username\AppData\Roaming\mozilla\firefox\profiles\lv4tc53n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012.08.02 18:18:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2008.09.19 16:34:01 | 000,000,000 | ---D | M] (PC-WELT-Edition) -- C:\Program Files\mozilla firefox\extensions\pcwelt-cck@extensions.pcwelt.de [2008.09.19 16:34:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\pcwelt-cck@extensions.pcwelt.de\chrome [2008.09.19 16:34:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\pcwelt-cck@extensions.pcwelt.de\components [2008.09.19 16:34:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\pcwelt-cck@extensions.pcwelt.de\defaults [2008.09.19 16:34:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\pcwelt-cck@extensions.pcwelt.de\searchplugins [2012.10.20 16:47:42 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.08.02 18:18:47 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.20 16:47:40 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.08.02 18:18:47 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.08.02 18:18:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.02 18:18:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.02 18:18:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe () O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe () O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\P4P\P4P.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Trust Mouse 15349&15350.exe] C:\Program Files\Trust Mouse 15349&15350\Trust Mouse 15349&15350.exe () O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3009654975-407849651-2991692621-1000..\Run: [Trust Mouse 15349&15350.exe] C:\Program Files\Trust Mouse 15349&15350\Trust Mouse 15349&15350.exe () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://169.254.247.253/codebase/DVM_IPCam2.ocx (DVM_IPCam2 Control) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50746762-4DAD-4C4F-BAF7-DFFED98C9C51}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE510DAB-74AA-4277-91E6-86319F3E3B88}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\username\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\username\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{3238fdf6-865f-11dd-9802-002215ec24c8}\Shell\AutoRun\command - "" = G:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe O33 - MountPoints2\{3b17e599-08da-11df-bdb5-002215ec24c8}\Shell - "" = AutoRun O33 - MountPoints2\{3b17e599-08da-11df-bdb5-002215ec24c8}\Shell\AutoRun\command - "" = G:\Startme.exe O33 - MountPoints2\{95a300d4-320a-11e1-8a7b-002215ec24c8}\Shell - "" = AutoRun O33 - MountPoints2\{95a300d4-320a-11e1-8a7b-002215ec24c8}\Shell\AutoRun\command - "" = G:\SETUP.EXE O33 - MountPoints2\{95a300d4-320a-11e1-8a7b-002215ec24c8}\Shell\configure\command - "" = G:\SETUP.EXE O33 - MountPoints2\{95a300d4-320a-11e1-8a7b-002215ec24c8}\Shell\install\command - "" = G:\SETUP.EXE O33 - MountPoints2\{f2c6ab2e-91fc-11dd-9436-002215ec24c8}\Shell - "" = AutoRun O33 - MountPoints2\{f2c6ab2e-91fc-11dd-9436-002215ec24c8}\Shell\AutoRun\command - "" = G:\LaunchU3.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.28 14:01:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\username\Desktop\OTL.exe [2012.10.28 13:34:58 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\Malwarebytes [2012.10.28 13:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.28 13:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.28 13:34:04 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.28 13:34:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.27 12:47:55 | 000,000,000 | ---D | C] -- C:\Users\username\Desktop\WINDOWS_7_MULTI_DVD_X64.part01 [2012.10.20 16:17:52 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2012.10.20 16:17:34 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.10.20 16:17:33 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012.10.20 16:17:33 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012.10.20 16:17:33 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012.10.20 16:17:33 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012.10.20 16:17:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.10.20 16:15:35 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.10.20 16:15:35 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.09.29 15:55:40 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices [2012.09.29 15:44:39 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2012.09.29 15:44:38 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll [2012.09.29 15:44:38 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll [2012.09.29 15:43:19 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll [2012.09.29 15:43:19 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe [2012.09.29 15:43:16 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll [2012.09.29 15:43:15 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll [2012.09.29 15:43:15 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll [2012.09.29 15:43:15 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll [2012.09.29 15:43:15 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll [2012.09.29 15:43:15 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll [2012.09.29 15:43:15 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll [2012.09.29 15:43:15 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll [2012.09.29 15:43:15 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll [2012.09.29 15:43:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll [2012.09.29 15:26:30 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.09.29 15:24:59 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2012.09.29 15:24:59 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2012.09.29 15:24:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.09.29 15:24:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.09.29 15:24:58 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012.09.29 15:24:58 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2012.09.29 15:24:58 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2012.09.29 15:24:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2012.09.29 15:24:56 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.09.29 15:24:56 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2012.09.29 15:24:56 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2012.09.29 15:24:55 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2012.09.29 15:24:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.09.29 15:24:55 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.09.29 15:24:55 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012.09.29 15:24:55 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012.09.29 15:24:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.09.29 15:24:55 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2012.09.29 15:24:55 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2012.09.29 15:24:55 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2012.09.29 15:24:55 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012.09.29 15:24:55 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012.09.29 15:24:55 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012.09.29 15:24:55 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012.09.29 15:24:54 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.09.29 15:24:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.09.29 15:24:53 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.09.29 15:24:53 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2012.09.29 15:24:53 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2012.09.29 15:24:53 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2012.09.29 15:24:53 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.09.29 15:24:53 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2012.09.29 15:24:53 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2012.09.29 15:24:53 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2012.09.29 15:24:53 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012.09.29 15:24:53 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2012.09.29 15:24:53 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012.09.29 15:23:50 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2012.09.29 15:23:50 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2012.09.29 15:23:50 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2012.09.29 15:23:50 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2012.09.29 15:23:49 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2012.09.29 15:23:49 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2012.09.29 15:23:49 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2012.09.29 15:23:47 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2012.09.29 15:23:46 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2012.09.29 15:23:46 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2012.09.29 15:23:46 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2012.09.29 15:23:46 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2012.09.29 15:23:45 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2012.09.29 15:23:45 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2012.09.29 15:23:45 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2012.09.29 15:23:45 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2012.09.29 15:23:45 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2012.09.29 15:23:10 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2012.09.29 15:23:10 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2012.09.29 15:23:10 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe [2012.09.29 15:23:10 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2012.09.29 15:23:09 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2012.09.29 15:23:09 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll ========== Files - Modified Within 30 Days ========== [2012.10.28 14:12:19 | 000,632,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.28 14:12:19 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.28 14:12:19 | 000,127,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.28 14:12:19 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.28 14:07:28 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.28 14:07:10 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2012.10.28 14:07:05 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_username.job [2012.10.28 14:05:51 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.28 14:05:51 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.28 14:05:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.28 14:05:37 | 3220,463,616 | -HS- | M] () -- C:\hiberfil.sys [2012.10.28 13:55:26 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.28 13:46:28 | 083,023,306 | ---- | M] () -- C:\ProgramData\0tbpw.pad [2012.10.28 13:34:08 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.28 12:08:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\username\Desktop\OTL.exe [2012.10.28 10:39:06 | 000,001,356 | ---- | M] () -- C:\Users\username\AppData\Local\d3d9caps.dat [2012.10.24 20:12:56 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_username.job [2012.10.24 20:12:56 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_username.job [2012.10.20 15:58:56 | 000,370,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.29 15:54:59 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2012.09.29 15:54:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2012.09.29 15:25:11 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2012.09.29 15:25:11 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2012.09.29 15:24:59 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2012.09.29 15:24:59 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2012.09.29 15:24:59 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.09.29 15:24:58 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.09.29 15:24:58 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012.09.29 15:24:58 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2012.09.29 15:24:58 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2012.09.29 15:24:58 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2012.09.29 15:24:56 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2012.09.29 15:24:56 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.09.29 15:24:56 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2012.09.29 15:24:56 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2012.09.29 15:24:55 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.09.29 15:24:55 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.09.29 15:24:55 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012.09.29 15:24:55 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012.09.29 15:24:55 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.09.29 15:24:55 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2012.09.29 15:24:55 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2012.09.29 15:24:55 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2012.09.29 15:24:55 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012.09.29 15:24:55 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012.09.29 15:24:55 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2012.09.29 15:24:55 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012.09.29 15:24:55 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012.09.29 15:24:54 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.09.29 15:24:54 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.09.29 15:24:53 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.09.29 15:24:53 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2012.09.29 15:24:53 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2012.09.29 15:24:53 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2012.09.29 15:24:53 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.09.29 15:24:53 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2012.09.29 15:24:53 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2012.09.29 15:24:53 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2012.09.29 15:24:53 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012.09.29 15:24:53 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2012.09.29 15:24:53 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012.09.29 15:23:50 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2012.09.29 15:23:50 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2012.09.29 15:23:50 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2012.09.29 15:23:50 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2012.09.29 15:23:50 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2012.09.29 15:23:49 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2012.09.29 15:23:49 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2012.09.29 15:23:47 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2012.09.29 15:23:46 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2012.09.29 15:23:46 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2012.09.29 15:23:46 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2012.09.29 15:23:46 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2012.09.29 15:23:45 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2012.09.29 15:23:45 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2012.09.29 15:23:45 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2012.09.29 15:23:45 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2012.09.29 15:23:45 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2012.09.29 15:23:10 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2012.09.29 15:23:10 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2012.09.29 15:23:10 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe [2012.09.29 15:23:10 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2012.09.29 15:23:10 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\dxgkrnl.sys.mui [2012.09.29 15:23:09 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2012.09.29 15:23:09 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll ========== Files Created - No Company Name ========== [2012.10.28 13:34:08 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.28 10:36:51 | 3220,463,616 | -HS- | C] () -- C:\hiberfil.sys [2012.10.27 10:45:45 | 083,023,306 | ---- | C] () -- C:\ProgramData\0tbpw.pad [2012.10.24 19:33:03 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_username.job [2012.10.24 19:33:02 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_username.job [2012.10.24 19:33:00 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_username.job [2012.09.29 15:54:59 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2012.09.29 15:54:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2012.09.29 15:24:55 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2010.11.06 09:35:45 | 000,001,264 | ---- | C] () -- C:\Users\username\.keystore [2009.02.02 20:54:47 | 004,238,053 | ---- | C] () -- C:\Users\username\01-razorlight-wire_to_wire.mp3 [2008.12.20 12:15:47 | 000,001,356 | ---- | C] () -- C:\Users\username\AppData\Local\d3d9caps.dat [2008.09.19 18:55:58 | 000,028,672 | ---- | C] () -- C:\Users\username\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.10.27 11:05:48 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\DAEMON Tools Lite [2008.09.19 19:07:54 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\DataCast [2008.09.19 17:03:02 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\DeepBurner [2009.11.01 17:13:35 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\IrfanView [2008.09.19 18:40:21 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Mp3tag [2008.09.29 20:54:45 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\TeamViewer [2011.12.29 14:39:47 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Thunderbird ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.10.2012 14:13:19 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\username\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,69% Memory free 6,19 Gb Paging File | 5,15 Gb Available in Paging File | 83,06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 102,31 Gb Free Space | 68,65% Space Free | Partition Type: NTFS Drive D: | 139,28 Gb Total Space | 120,20 Gb Free Space | 86,30% Space Free | Partition Type: NTFS Drive F: | 122,74 Mb Total Space | 104,46 Mb Free Space | 85,11% Space Free | Partition Type: FAT Computer Name: NB | User Name: username | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3009654975-407849651-2991692621-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05580B2C-A931-428A-B807-BAABF995BE93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1D07A458-4C4F-42BD-B45A-410CEE985746}" = rport=445 | protocol=6 | dir=out | app=system | "{1DAEBFF8-2571-4993-93DB-77ACF48E8BA0}" = rport=137 | protocol=17 | dir=out | app=system | "{20A03A5C-E656-4A29-99E5-1E56692B124B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{24A2F13B-0400-4C66-896E-08A8A555D593}" = lport=138 | protocol=17 | dir=in | app=system | "{25C2FCD7-82D4-4988-8715-26A32E4DC9B0}" = rport=138 | protocol=17 | dir=out | app=system | "{37A955D0-0CCF-446D-B907-32519E24EF54}" = rport=139 | protocol=6 | dir=out | app=system | "{49F0C600-1FD9-435B-98C4-6CE5FBE9D8BC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{4EBAAA93-6CEB-4F46-AF84-41F92A5D96BA}" = lport=445 | protocol=6 | dir=in | app=system | "{6A42B32E-C82A-40CD-9542-0A8B90BD37D4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{835B5ACF-4051-4185-B727-D999AC62A804}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{8963B208-78C6-4CAF-83AB-6B879846136D}" = lport=137 | protocol=17 | dir=in | app=system | "{A3582F87-21F4-450B-AD12-24E6936EF118}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{A86A560A-26D4-4EC9-8208-4EE4D34E77BE}" = lport=139 | protocol=6 | dir=in | app=system | "{B2D0815A-A60D-48E8-93CF-248C03E86147}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B838233F-7B60-44C9-AF3B-43209BB46B03}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D32F0404-6DFB-45ED-9EE6-77F63FB59ECC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{FB0821B9-B4D0-40B1-A3C2-8C4B149534CA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FF9E395F-383E-4B6C-8E86-C58F5E2541E3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06F66F51-1AFD-42D5-B56C-F3A1EC92509B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{1C2F7AF3-24AD-47CD-9D46-768CDFF47CF9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{327ECBF0-3E1E-4271-9588-75EB92FD67F7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3FB25084-F264-4B3C-972A-9C4299EDF193}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{415FBA3A-0F57-431B-958F-141FEC3A40D5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{47E8BB2B-A337-4FDC-B813-129C499CBBC4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{7716228C-47B0-4113-B25C-A9E031B00EDC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{7B138C26-5FC4-4778-9C53-C79D0805F429}" = protocol=17 | dir=in | app=c:\program files\avira\antivir personaledition classic\update.exe | "{8B1396D0-145E-4540-9A39-DD8B343DC35F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{8CD031E3-F904-4ECD-A0DA-00FE93680304}" = protocol=6 | dir=in | app=c:\program files\avira\antivir personaledition classic\update.exe | "{9BEA2AEA-58A6-40D8-A0EC-59FCFA2B1EA0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{B7F64EC3-E931-421C-9432-501D3E0AD3F3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{FAA1505E-003A-4164-8953-22D73808FE47}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "TCP Query User{04AEB49F-EFA8-4E09-A2EA-7BB3A6BC715E}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{11682D3A-EF7C-4051-90C4-A9934AFD81D0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{223E24E5-85DB-4B9C-A847-69C25F6636E1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{336D4768-2D64-420A-BBFE-C5732FAEFF84}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{A2930908-BA0B-4E09-9811-828C487164CB}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{AD7D0717-FF80-49BB-8E16-DE210DB9C5C9}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{0601D87C-B157-43D3-8F04-06C1BCFB9B2A}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{0CE8DDDE-9E98-498A-8721-8FB951210C85}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{7D34FEFC-1CD6-4DA1-B2E7-F4DFD85793C9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{B0B34B55-3D17-4458-9499-780F56707566}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{F173364A-D227-4A23-BE4D-D293C608169F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{F37BD76E-A1D2-4160-92C4-D2183AC8E312}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{088D5DC3-A607-DF3D-6406-7CA7F597F25F}" = Catalyst Control Center Localization Norwegian "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{0A1129C7-E4F7-4EDC-DD38-DC8B467F5DAD}" = CCC Help Italian "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1 "{11435553-1388-0583-98C3-AD3C49E9A038}" = Catalyst Control Center Graphics Full Existing "{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media "{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager "{1C94CB71-A432-873C-E0AC-121EDBD817CE}" = CCC Help German "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2 "{230142CE-A81E-CC3C-35CC-5CC8A49CCB1E}" = Catalyst Control Center Localization Japanese "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 30 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program "{29B9C0F8-380D-133D-6551-142BB77F94C8}" = ccc-core-static "{2C85768B-0BDA-8FB8-3CC8-B36C3CD86151}" = Catalyst Control Center Localization Thai "{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears "{3117A9EF-16BE-3404-CBC8-9AC1BB009335}" = CCC Help French "{31C74C17-B0AC-0F77-E772-9F7FA9891E36}" = CCC Help Turkish "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{32A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java(TM) SE Development Kit 6 Update 22 "{37D7562E-389B-6675-13E2-6D4F6994DD9A}" = Catalyst Control Center Localization Dutch "{389E3080-0B6D-BA11-3369-490623D5FD49}" = CCC Help Portuguese "{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE772A4-97F3-806B-924F-6D77EE00C1AE}" = CCC Help Hungarian "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{431633E7-E6A4-3205-3B80-3F9BC437F797}" = Skins "{46647CBB-A2D5-AA8E-F951-1712A74668C4}" = Catalyst Control Center Localization Turkish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52F3D26F-AE33-2F25-1374-DDB65CEB12F3}" = CCC Help Czech "{54FB7140-FD80-2389-3332-9D85FC74915D}" = Catalyst Control Center Localization Swedish "{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun "{593D6CC5-D02A-BF6C-6463-278368587E02}" = Catalyst Control Center Localization Greek "{5C1748A8-912B-DF0B-5C35-A9C3A2D546A7}" = Catalyst Control Center Localization Czech "{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2 "{5EB5EEA7-6432-5827-0080-899DA70A97BA}" = ATI Catalyst Install Manager "{5F5D5DE9-D467-43D4-0D43-68B4598FF5CB}" = Catalyst Control Center Localization Russian "{60204E20-6172-2517-9B6F-6A87416956A1}" = CCC Help Dutch "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6AE16305-FD12-FFF0-85FA-722360417549}" = Catalyst Control Center Localization Korean "{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding "{7234908A-5F80-B67A-8DE8-98B75FA43810}" = CCC Help Chinese Traditional "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{730801C2-7C9B-2260-614D-A44767CA5DBC}" = CCC Help Thai "{73B9CDF5-9B29-3DD5-0028-C68CD2490F1E}" = CCC Help Korean "{7DEEE76B-ED3D-657E-5475-D67ADA440E47}" = CCC Help Norwegian "{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2 "{8439EDA7-A85C-E830-2E23-197A1BFD24F5}" = Catalyst Control Center Localization Italian "{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{35355EBA-4636-40B2-A995-FEB4CDBD92B3}" = "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{9980C99E-6954-614B-EA1C-333473FC2900}" = ccc-utility "{9A55D681-02D1-6E48-F717-3ACFF6DBB27C}" = CCC Help Russian "{9B74C58F-A6AE-F383-4AC1-F432FDF35884}" = CCC Help Chinese Standard "{9F88C8F3-5953-B3D7-7F91-A7CE3A6F5119}" = Catalyst Control Center Localization Finnish "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A4E83A4C-B057-E197-F156-2FBEFA0761FE}" = Catalyst Control Center Localization French "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9C95D56-88AA-0CF9-FFE4-E0A45C04A6DC}" = Catalyst Control Center Localization Portuguese "{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch "{AEA1F5BA-BC7A-05F2-2832-58B4BCEAABEB}" = Catalyst Control Center Localization Danish "{B10DEBAF-64A4-0FB5-9518-97A21DC2A321}" = CCC Help Greek "{B5D0714F-56A4-52A2-4C62-6B4E8853F25A}" = Catalyst Control Center Localization Spanish "{B9B7F425-0B72-E926-06FF-136154B31077}" = CCC Help Japanese "{BA09B3B4-7D61-B444-52AE-4C3C3CADADDA}" = CCC Help Spanish "{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax "{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C5AEAA52-29F8-DF1E-B472-C2ABDC6EA349}" = Catalyst Control Center Localization Chinese Traditional "{CC77812E-22CB-754E-15C4-1E7BB9B2E89A}" = Catalyst Control Center Graphics Previews Vista "{CC81D746-51BB-4F97-52EB-BF64E14B1904}" = CCC Help Swedish "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEE0CD9D-7759-7D58-F33D-D1968D29B8A2}" = Catalyst Control Center Localization Hungarian "{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service "{D45D831B-1431-0A69-841B-828F958E95BB}" = CCC Help Danish "{D9F9D5C6-B889-C333-033B-863C85BB0D6F}" = CCC Help Finnish "{DA918D70-293B-6776-CD3C-7965EC7D8680}" = Catalyst Control Center Graphics Previews Common "{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DD07CD74-B4BF-1347-D10C-5A32485D8451}" = CCC Help English "{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash "{E3DE4A3B-DB2A-9107-BCDD-1C6A64CFB4F5}" = Catalyst Control Center Localization German "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0 "{EAEDD68A-1037-35C3-707A-1A5316856EF8}" = Catalyst Control Center Core Implementation "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0F8875B-F4F4-6BBC-5D86-CFAD9D6B7F12}" = Catalyst Control Center Localization Polish "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F53B03FE-A48A-9051-F350-554E415730F5}" = Catalyst Control Center Localization Chinese Standard "{F6141E53-ABEC-97AF-99E7-C12588A20812}" = Catalyst Control Center Graphics Full New "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8935FC0-DE7D-41C3-FC9C-7867B29D2E10}" = Catalyst Control Center Graphics Light "{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P "{FFA6416E-798F-773E-B7A9-0F79BA40ECB8}" = CCC Help Polish "7-Zip" = 7-Zip 4.57 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver "Avira AntiVir Desktop" = Avira Free Antivirus "DAEMON Tools Lite" = DAEMON Tools Lite "ENTERPRISE" = Microsoft Office Enterprise 2007 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.41 "RealPlayer 6.0" = RealPlayer "SMSERIAL" = Motorola SM56 Speakerphone Modem "SynTPDeinstKey" = Synaptics Pointing Device Driver "Trust Mouse 15349&15350_is1" = Trust Mouse 15349&15350 version 1.0.0.0 "USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam "VLC media player" = VLC media player 0.9.2 "Winamp" = Winamp "x3_Codec" = x3_Codec "x3Codec" = x3Codec "xuggle-xuggler" = xuggle-xuggler ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3009654975-407849651-2991692621-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 27.10.2012 07:30:09 | Computer Name = NB | Source = Outlook | ID = 35 Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet (Fehler=0x8007043c). Error - 27.10.2012 07:30:09 | Computer Name = NB | Source = Outlook | ID = 35 Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet (Fehler=0x8007043c). Error - 27.10.2012 07:30:09 | Computer Name = NB | Source = Outlook | ID = 35 Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet (Fehler=0x8007043c). Error - 27.10.2012 07:30:09 | Computer Name = NB | Source = Outlook | ID = 35 Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet (Fehler=0x8007043c). Error - 27.10.2012 07:30:29 | Computer Name = NB | Source = Outlook | ID = 35 Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet (Fehler=0x8007043c). Error - 27.10.2012 07:30:29 | Computer Name = NB | Source = Outlook | ID = 35 Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet (Fehler=0x8007043c). Error - 27.10.2012 07:30:29 | Computer Name = NB | Source = Outlook | ID = 35 Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet (Fehler=0x8007043c). Error - 27.10.2012 07:30:29 | Computer Name = NB | Source = Outlook | ID = 35 Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet (Fehler=0x8007043c). Error - 27.10.2012 07:30:29 | Computer Name = NB | Source = Outlook | ID = 35 Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet (Fehler=0x8007043c). Error - 27.10.2012 07:30:29 | Computer Name = NB | Source = Outlook | ID = 35 Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet (Fehler=0x8007043c). [ System Events ] Error - 27.10.2012 08:58:16 | Computer Name = NB | Source = DCOM | ID = 10005 Description = Error - 28.10.2012 05:36:59 | Computer Name = NB | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 27.10.2012 um 15:06:11 unerwartet heruntergefahren. Error - 28.10.2012 05:39:37 | Computer Name = NB | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 28.10.2012 08:35:15 | Computer Name = NB | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 28.10.2012 08:45:52 | Computer Name = NB | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.2.24 für die Netzwerkkarte mit der Netzwerkadresse 0015AFE8C331 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 28.10.2012 08:47:34 | Computer Name = NB | Source = Server | ID = 2505 Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetbiosSmb vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Error - 28.10.2012 08:47:57 | Computer Name = NB | Source = DCOM | ID = 10010 Description = Error - 28.10.2012 08:48:00 | Computer Name = NB | Source = DCOM | ID = 10010 Description = Error - 28.10.2012 08:56:23 | Computer Name = NB | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 28.10.2012 09:08:00 | Computer Name = NB | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = < End of report > Danke und Gruß Mat. |
28.10.2012, 15:53 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner / Virus mit Webcam 1. aswMBR
__________________Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ |
28.10.2012, 20:14 | #3 |
| GVU Trojaner / Virus mit WebcamCode:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-10-28 19:50:23 ----------------------------- 19:50:23.878 OS Version: Windows 6.0.6002 Service Pack 2 19:50:23.879 Number of processors: 2 586 0xF0D 19:50:23.880 ComputerName: NB UserName: 19:50:52.724 Initialize success 19:58:30.659 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 19:58:30.666 Disk 0 Vendor: ST9320320AS 0303 Size: 305245MB BusType: 3 19:58:30.679 Disk 0 MBR read successfully 19:58:30.683 Disk 0 MBR scan 19:58:30.688 Disk 0 unknown MBR code 19:58:30.703 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 10000 MB offset 2048 19:58:30.714 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152622 MB offset 20482048 19:58:30.720 Disk 0 Partition - 00 0F Extended LBA 142622 MB offset 333051904 19:58:30.768 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 142621 MB offset 333053952 19:58:30.775 Disk 0 scanning sectors +625141760 19:58:30.890 Disk 0 scanning C:\Windows\system32\drivers 19:58:40.841 Service scanning 19:58:55.024 Modules scanning 19:59:00.550 Disk 0 trace - called modules: 19:59:00.579 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 19:59:00.584 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b71808] 19:59:00.589 3 CLASSPNP.SYS[8a5a68b3] -> nt!IofCallDriver -> [0x85330950] 19:59:00.595 5 acpi.sys[806946bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x8531cb98] 19:59:00.600 Scan finished successfully 20:00:34.239 Disk 0 MBR has been saved successfully to "C:\Users\username\Desktop\MBR.dat" 20:00:34.245 The log file has been saved successfully to "C:\Users\username\Desktop\aswMBR.txt" Code:
ATTFilter 20:06:50.0157 3044 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47 20:06:50.0187 3044 ============================================================ 20:06:50.0187 3044 Current date / time: 2012/10/28 20:06:50.0187 20:06:50.0187 3044 SystemInfo: 20:06:50.0187 3044 20:06:50.0187 3044 OS Version: 6.0.6002 ServicePack: 2.0 20:06:50.0187 3044 Product type: Workstation 20:06:50.0187 3044 ComputerName: NB 20:06:50.0188 3044 UserName: username 20:06:50.0188 3044 Windows directory: C:\Windows 20:06:50.0188 3044 System windows directory: C:\Windows 20:06:50.0188 3044 Processor architecture: Intel x86 20:06:50.0188 3044 Number of processors: 2 20:06:50.0188 3044 Page size: 0x1000 20:06:50.0188 3044 Boot type: Normal boot 20:06:50.0188 3044 ============================================================ 20:06:51.0411 3044 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x1ADEC4, SectorsPerTrack: 0x5, TracksPerCylinder: 0x47, Type 'K0', Flags 0x00000050 20:06:51.0433 3044 Drive \Device\Harddisk2\DR3 - Size: 0x7B00000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 20:06:51.0434 3044 ============================================================ 20:06:51.0434 3044 \Device\Harddisk0\DR0: 20:06:51.0435 3044 MBR partitions: 20:06:51.0435 3044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x12A17000 20:06:51.0462 3044 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13DA0000, BlocksNum 0x1168E800 20:06:51.0462 3044 \Device\Harddisk2\DR3: 20:06:51.0463 3044 MBR partitions: 20:06:51.0463 3044 ============================================================ 20:06:51.0511 3044 C: <-> \Device\Harddisk0\DR0\Partition1 20:06:51.0570 3044 D: <-> \Device\Harddisk0\DR0\Partition2 20:06:51.0571 3044 ============================================================ 20:06:51.0571 3044 Initialize success 20:06:51.0571 3044 ============================================================ 20:08:22.0101 4484 ============================================================ 20:08:22.0101 4484 Scan started 20:08:22.0101 4484 Mode: Manual; SigCheck; TDLFS; 20:08:22.0101 4484 ============================================================ 20:08:22.0432 4484 ================ Scan system memory ======================== 20:08:22.0432 4484 System memory - ok 20:08:22.0432 4484 ================ Scan services ============================= 20:08:22.0632 4484 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 20:08:22.0783 4484 ACPI - ok 20:08:22.0834 4484 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 20:08:22.0864 4484 adp94xx - ok 20:08:22.0891 4484 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 20:08:22.0915 4484 adpahci - ok 20:08:22.0929 4484 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 20:08:22.0944 4484 adpu160m - ok 20:08:22.0961 4484 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 20:08:22.0977 4484 adpu320 - ok 20:08:23.0056 4484 [ 609A6F49B6AF0F25837F8A0EDDDB0745 ] ADSMService C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe 20:08:23.0081 4484 ADSMService ( UnsignedFile.Multi.Generic ) - warning 20:08:23.0081 4484 ADSMService - detected UnsignedFile.Multi.Generic (1) 20:08:23.0115 4484 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 20:08:23.0159 4484 AeLookupSvc - ok 20:08:23.0213 4484 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 20:08:23.0250 4484 AFD - ok 20:08:23.0288 4484 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 20:08:23.0309 4484 agp440 - ok 20:08:23.0336 4484 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 20:08:23.0361 4484 aic78xx - ok 20:08:23.0381 4484 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 20:08:23.0451 4484 ALG - ok 20:08:23.0475 4484 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 20:08:23.0494 4484 aliide - ok 20:08:23.0511 4484 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 20:08:23.0532 4484 amdagp - ok 20:08:23.0549 4484 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 20:08:23.0569 4484 amdide - ok 20:08:23.0588 4484 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 20:08:23.0648 4484 AmdK7 - ok 20:08:23.0670 4484 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 20:08:23.0724 4484 AmdK8 - ok 20:08:23.0796 4484 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 20:08:23.0826 4484 AntiVirSchedulerService - ok 20:08:23.0856 4484 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 20:08:23.0871 4484 AntiVirService - ok 20:08:23.0918 4484 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 20:08:23.0949 4484 Appinfo - ok 20:08:23.0981 4484 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 20:08:23.0999 4484 arc - ok 20:08:24.0026 4484 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 20:08:24.0045 4484 arcsas - ok 20:08:24.0075 4484 [ 4385E371C25C94C804E9D3152BD9E1F7 ] AsDsm C:\Windows\system32\drivers\AsDsm.sys 20:08:24.0093 4484 AsDsm - ok 20:08:24.0135 4484 [ 66597AD6098352D11239C0C42100B176 ] ASLDRService C:\Program Files\ATK Hotkey\ASLDRSrv.exe 20:08:24.0157 4484 ASLDRService ( UnsignedFile.Multi.Generic ) - warning 20:08:24.0157 4484 ASLDRService - detected UnsignedFile.Multi.Generic (1) 20:08:24.0193 4484 [ 7B4D08D2017AC06689D422E06C43F0AA ] ASMMAP C:\Program Files\ATKGFNEX\ASMMAP.sys 20:08:24.0205 4484 ASMMAP - ok 20:08:24.0228 4484 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 20:08:24.0274 4484 AsyncMac - ok 20:08:24.0319 4484 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 20:08:24.0338 4484 atapi - ok 20:08:24.0388 4484 [ 44362605F5FFF00C9B7696B47680A8C5 ] athr C:\Windows\system32\DRIVERS\athr.sys 20:08:24.0450 4484 athr - ok 20:08:24.0520 4484 [ B886D349AFAD502DE4F6EA0C64B1CC4D ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe 20:08:24.0575 4484 Ati External Event Utility - ok 20:08:24.0695 4484 [ 8AE1745BFC7D383DAA3F82FE8D7BE7C0 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 20:08:24.0878 4484 atikmdag - ok 20:08:24.0905 4484 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe 20:08:24.0924 4484 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning 20:08:24.0924 4484 ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1) 20:08:24.0998 4484 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 20:08:25.0047 4484 AudioEndpointBuilder - ok 20:08:25.0058 4484 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 20:08:25.0095 4484 Audiosrv - ok 20:08:25.0129 4484 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 20:08:25.0146 4484 avgntflt - ok 20:08:25.0183 4484 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 20:08:25.0198 4484 avipbb - ok 20:08:25.0236 4484 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 20:08:25.0250 4484 avkmgr - ok 20:08:25.0299 4484 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 20:08:25.0338 4484 Beep - ok 20:08:25.0407 4484 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 20:08:25.0441 4484 BFE - ok 20:08:25.0528 4484 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll 20:08:25.0661 4484 BITS - ok 20:08:25.0673 4484 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 20:08:25.0715 4484 blbdrive - ok 20:08:25.0740 4484 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 20:08:25.0771 4484 bowser - ok 20:08:25.0808 4484 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 20:08:25.0848 4484 BrFiltLo - ok 20:08:25.0862 4484 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 20:08:25.0911 4484 BrFiltUp - ok 20:08:25.0934 4484 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 20:08:25.0991 4484 Browser - ok 20:08:26.0024 4484 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 20:08:26.0120 4484 Brserid - ok 20:08:26.0146 4484 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 20:08:26.0221 4484 BrSerWdm - ok 20:08:26.0245 4484 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 20:08:26.0325 4484 BrUsbMdm - ok 20:08:26.0350 4484 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 20:08:26.0434 4484 BrUsbSer - ok 20:08:26.0456 4484 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 20:08:26.0524 4484 BTHMODEM - ok 20:08:26.0555 4484 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 20:08:26.0597 4484 cdfs - ok 20:08:26.0652 4484 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 20:08:26.0690 4484 cdrom - ok 20:08:26.0743 4484 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 20:08:26.0770 4484 CertPropSvc - ok 20:08:26.0805 4484 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys 20:08:26.0845 4484 circlass - ok 20:08:26.0893 4484 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 20:08:26.0921 4484 CLFS - ok 20:08:26.0982 4484 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:08:27.0033 4484 clr_optimization_v2.0.50727_32 - ok 20:08:27.0115 4484 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:08:27.0192 4484 clr_optimization_v4.0.30319_32 - ok 20:08:27.0232 4484 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 20:08:27.0288 4484 CmBatt - ok 20:08:27.0305 4484 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 20:08:27.0325 4484 cmdide - ok 20:08:27.0341 4484 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 20:08:27.0360 4484 Compbatt - ok 20:08:27.0370 4484 COMSysApp - ok 20:08:27.0384 4484 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 20:08:27.0404 4484 crcdisk - ok 20:08:27.0423 4484 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 20:08:27.0472 4484 Crusoe - ok 20:08:27.0521 4484 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll 20:08:27.0561 4484 CryptSvc - ok 20:08:27.0632 4484 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 20:08:27.0788 4484 DcomLaunch - ok 20:08:27.0821 4484 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 20:08:27.0838 4484 DfsC - ok 20:08:28.0061 4484 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 20:08:28.0393 4484 DFSR - ok 20:08:28.0471 4484 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 20:08:28.0550 4484 Dhcp - ok 20:08:28.0591 4484 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 20:08:28.0615 4484 disk - ok 20:08:28.0646 4484 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 20:08:28.0690 4484 Dnscache - ok 20:08:28.0738 4484 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 20:08:28.0792 4484 dot3svc - ok 20:08:28.0809 4484 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 20:08:28.0853 4484 DPS - ok 20:08:28.0883 4484 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 20:08:28.0931 4484 drmkaud - ok 20:08:28.0972 4484 [ FB38473835476A6FB272215A1D972AF9 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 20:08:28.0992 4484 dtsoftbus01 - ok 20:08:29.0041 4484 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 20:08:29.0077 4484 DXGKrnl - ok 20:08:29.0140 4484 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 20:08:29.0191 4484 E1G60 - ok 20:08:29.0216 4484 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 20:08:29.0273 4484 EapHost - ok 20:08:29.0336 4484 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 20:08:29.0354 4484 Ecache - ok 20:08:29.0402 4484 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 20:08:29.0422 4484 ehRecvr - ok 20:08:29.0438 4484 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 20:08:29.0466 4484 ehSched - ok 20:08:29.0477 4484 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 20:08:29.0499 4484 ehstart - ok 20:08:29.0534 4484 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys 20:08:29.0564 4484 elxstor - ok 20:08:29.0636 4484 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 20:08:29.0745 4484 EMDMgmt - ok 20:08:29.0812 4484 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys 20:08:29.0894 4484 ErrDev - ok 20:08:29.0960 4484 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 20:08:30.0021 4484 EventSystem - ok 20:08:30.0066 4484 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 20:08:30.0099 4484 exfat - ok 20:08:30.0150 4484 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 20:08:30.0177 4484 fastfat - ok 20:08:30.0209 4484 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 20:08:30.0252 4484 fdc - ok 20:08:30.0290 4484 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 20:08:30.0347 4484 fdPHost - ok 20:08:30.0357 4484 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 20:08:30.0445 4484 FDResPub - ok 20:08:30.0469 4484 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 20:08:30.0485 4484 FileInfo - ok 20:08:30.0497 4484 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 20:08:30.0535 4484 Filetrace - ok 20:08:30.0555 4484 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 20:08:30.0596 4484 flpydisk - ok 20:08:30.0641 4484 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 20:08:30.0660 4484 FltMgr - ok 20:08:30.0731 4484 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 20:08:30.0799 4484 FontCache - ok 20:08:30.0886 4484 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 20:08:30.0900 4484 FontCache3.0.0.0 - ok 20:08:30.0929 4484 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 20:08:30.0953 4484 Fs_Rec - ok 20:08:30.0982 4484 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 20:08:30.0997 4484 gagp30kx - ok 20:08:31.0057 4484 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 20:08:31.0132 4484 gpsvc - ok 20:08:31.0215 4484 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9d636450eca7d C:\Program Files\Google\Update\GoogleUpdate.exe 20:08:31.0226 4484 gupdate1c9d636450eca7d - ok 20:08:31.0248 4484 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 20:08:31.0258 4484 gupdatem - ok 20:08:31.0313 4484 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 20:08:31.0379 4484 HdAudAddService - ok 20:08:31.0435 4484 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 20:08:31.0484 4484 HDAudBus - ok 20:08:31.0503 4484 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 20:08:31.0552 4484 HidBth - ok 20:08:31.0569 4484 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 20:08:31.0628 4484 HidIr - ok 20:08:31.0669 4484 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll 20:08:31.0705 4484 hidserv - ok 20:08:31.0749 4484 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 20:08:31.0780 4484 HidUsb - ok 20:08:31.0814 4484 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 20:08:31.0887 4484 hkmsvc - ok 20:08:31.0919 4484 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 20:08:31.0935 4484 HpCISSs - ok 20:08:31.0990 4484 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 20:08:32.0047 4484 HTTP - ok 20:08:32.0074 4484 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys 20:08:32.0088 4484 i2omp - ok 20:08:32.0152 4484 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 20:08:32.0180 4484 i8042prt - ok 20:08:32.0206 4484 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 20:08:32.0230 4484 iaStorV - ok 20:08:32.0317 4484 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 20:08:32.0404 4484 idsvc - ok 20:08:32.0455 4484 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 20:08:32.0480 4484 iirsp - ok 20:08:32.0536 4484 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 20:08:32.0645 4484 IKEEXT - ok 20:08:32.0749 4484 [ B795745F7E51AA20D46753EC5A811ACA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 20:08:32.0821 4484 IntcAzAudAddService - ok 20:08:32.0906 4484 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 20:08:32.0922 4484 intelide - ok 20:08:32.0950 4484 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 20:08:32.0994 4484 intelppm - ok 20:08:33.0020 4484 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 20:08:33.0086 4484 IPBusEnum - ok 20:08:33.0116 4484 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:08:33.0162 4484 IpFilterDriver - ok 20:08:33.0205 4484 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 20:08:33.0251 4484 iphlpsvc - ok 20:08:33.0259 4484 IpInIp - ok 20:08:33.0280 4484 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 20:08:33.0311 4484 IPMIDRV - ok 20:08:33.0368 4484 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 20:08:33.0411 4484 IPNAT - ok 20:08:33.0434 4484 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 20:08:33.0462 4484 IRENUM - ok 20:08:33.0480 4484 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys 20:08:33.0496 4484 isapnp - ok 20:08:33.0553 4484 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 20:08:33.0572 4484 iScsiPrt - ok 20:08:33.0596 4484 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 20:08:33.0613 4484 iteatapi - ok 20:08:33.0636 4484 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 20:08:33.0651 4484 iteraid - ok 20:08:33.0672 4484 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 20:08:33.0688 4484 kbdclass - ok 20:08:33.0711 4484 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 20:08:33.0752 4484 kbdhid - ok 20:08:33.0777 4484 [ CC2A86D7BBF14977340DCA61BBCBA771 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys 20:08:33.0805 4484 kbfiltr - ok 20:08:33.0845 4484 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 20:08:33.0914 4484 KeyIso - ok 20:08:33.0943 4484 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 20:08:33.0977 4484 KSecDD - ok 20:08:34.0041 4484 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 20:08:34.0142 4484 KtmRm - ok 20:08:34.0182 4484 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll 20:08:34.0277 4484 LanmanServer - ok 20:08:34.0316 4484 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 20:08:34.0423 4484 LanmanWorkstation - ok 20:08:34.0495 4484 [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe 20:08:34.0513 4484 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 20:08:34.0513 4484 LightScribeService - detected UnsignedFile.Multi.Generic (1) 20:08:34.0535 4484 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 20:08:34.0573 4484 lltdio - ok 20:08:34.0602 4484 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 20:08:34.0681 4484 lltdsvc - ok 20:08:34.0696 4484 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 20:08:34.0773 4484 lmhosts - ok 20:08:34.0797 4484 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 20:08:34.0813 4484 LSI_FC - ok 20:08:34.0836 4484 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 20:08:34.0853 4484 LSI_SAS - ok 20:08:34.0869 4484 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 20:08:34.0885 4484 LSI_SCSI - ok 20:08:34.0901 4484 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 20:08:34.0939 4484 luafv - ok 20:08:34.0973 4484 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 20:08:35.0041 4484 Mcx2Svc - ok 20:08:35.0111 4484 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 20:08:35.0128 4484 MDM - ok 20:08:35.0163 4484 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys 20:08:35.0184 4484 megasas - ok 20:08:35.0212 4484 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys 20:08:35.0261 4484 MegaSR - ok 20:08:35.0329 4484 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 20:08:35.0346 4484 Microsoft Office Groove Audit Service - ok 20:08:35.0417 4484 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 20:08:35.0510 4484 MMCSS - ok 20:08:35.0539 4484 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 20:08:35.0587 4484 Modem - ok 20:08:35.0616 4484 [ CBB59C41F19EFEA1A000793E08070A62 ] MODEMCSA C:\Windows\system32\drivers\MODEMCSA.sys 20:08:35.0659 4484 MODEMCSA - ok 20:08:35.0681 4484 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 20:08:35.0731 4484 monitor - ok 20:08:35.0753 4484 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 20:08:35.0776 4484 mouclass - ok 20:08:35.0793 4484 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 20:08:35.0845 4484 mouhid - ok 20:08:35.0869 4484 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 20:08:35.0891 4484 MountMgr - ok 20:08:35.0948 4484 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 20:08:35.0978 4484 MozillaMaintenance - ok 20:08:36.0020 4484 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys 20:08:36.0059 4484 mpio - ok 20:08:36.0079 4484 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 20:08:36.0125 4484 mpsdrv - ok 20:08:36.0182 4484 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 20:08:36.0306 4484 MpsSvc - ok 20:08:36.0327 4484 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 20:08:36.0343 4484 Mraid35x - ok 20:08:36.0393 4484 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 20:08:36.0418 4484 MRxDAV - ok 20:08:36.0467 4484 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 20:08:36.0504 4484 mrxsmb - ok 20:08:36.0532 4484 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:08:36.0567 4484 mrxsmb10 - ok 20:08:36.0591 4484 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:08:36.0630 4484 mrxsmb20 - ok 20:08:36.0659 4484 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys 20:08:36.0676 4484 msahci - ok 20:08:36.0700 4484 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys 20:08:36.0718 4484 msdsm - ok 20:08:36.0737 4484 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 20:08:36.0807 4484 MSDTC - ok 20:08:36.0830 4484 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 20:08:36.0870 4484 Msfs - ok 20:08:36.0901 4484 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 20:08:36.0920 4484 msisadrv - ok 20:08:36.0950 4484 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 20:08:37.0035 4484 MSiSCSI - ok 20:08:37.0042 4484 msiserver - ok 20:08:37.0072 4484 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 20:08:37.0113 4484 MSKSSRV - ok 20:08:37.0129 4484 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 20:08:37.0167 4484 MSPCLOCK - ok 20:08:37.0183 4484 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 20:08:37.0221 4484 MSPQM - ok 20:08:37.0271 4484 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 20:08:37.0291 4484 MsRPC - ok 20:08:37.0308 4484 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 20:08:37.0324 4484 mssmbios - ok 20:08:37.0340 4484 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 20:08:37.0385 4484 MSTEE - ok 20:08:37.0418 4484 [ 97AFFA9D95FFE20EEE6229BC6BE166CF ] MTsensor C:\Windows\system32\DRIVERS\ATKACPI.sys 20:08:37.0443 4484 MTsensor - ok 20:08:37.0489 4484 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 20:08:37.0505 4484 Mup - ok 20:08:37.0527 4484 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 20:08:37.0622 4484 napagent - ok 20:08:37.0660 4484 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 20:08:37.0703 4484 NativeWifiP - ok 20:08:37.0769 4484 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 20:08:37.0822 4484 NDIS - ok 20:08:37.0883 4484 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 20:08:37.0938 4484 NdisTapi - ok 20:08:37.0964 4484 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 20:08:38.0000 4484 Ndisuio - ok 20:08:38.0063 4484 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 20:08:38.0094 4484 NdisWan - ok 20:08:38.0126 4484 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 20:08:38.0161 4484 NDProxy - ok 20:08:38.0185 4484 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 20:08:38.0216 4484 NetBIOS - ok 20:08:38.0256 4484 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 20:08:38.0281 4484 netbt - ok 20:08:38.0310 4484 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 20:08:38.0357 4484 Netlogon - ok 20:08:38.0392 4484 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 20:08:38.0482 4484 Netman - ok 20:08:38.0503 4484 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 20:08:38.0597 4484 netprofm - ok 20:08:38.0645 4484 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:08:38.0661 4484 NetTcpPortSharing - ok 20:08:38.0698 4484 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 20:08:38.0714 4484 nfrd960 - ok 20:08:38.0737 4484 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 20:08:38.0829 4484 NlaSvc - ok 20:08:38.0873 4484 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 20:08:38.0913 4484 Npfs - ok 20:08:38.0933 4484 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 20:08:39.0013 4484 nsi - ok 20:08:39.0027 4484 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 20:08:39.0065 4484 nsiproxy - ok 20:08:39.0137 4484 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 20:08:39.0204 4484 Ntfs - ok 20:08:39.0225 4484 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 20:08:39.0289 4484 ntrigdigi - ok 20:08:39.0309 4484 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 20:08:39.0338 4484 Null - ok 20:08:39.0360 4484 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys 20:08:39.0377 4484 nvraid - ok 20:08:39.0391 4484 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys 20:08:39.0407 4484 nvstor - ok 20:08:39.0431 4484 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 20:08:39.0448 4484 nv_agp - ok 20:08:39.0456 4484 NwlnkFlt - ok 20:08:39.0466 4484 NwlnkFwd - ok 20:08:39.0511 4484 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 20:08:39.0643 4484 odserv - ok 20:08:39.0697 4484 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 20:08:39.0741 4484 ohci1394 - ok 20:08:39.0788 4484 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:08:39.0813 4484 ose - ok 20:08:39.0894 4484 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 20:08:40.0067 4484 p2pimsvc - ok 20:08:40.0093 4484 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 20:08:40.0269 4484 p2psvc - ok 20:08:40.0315 4484 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 20:08:40.0489 4484 Parport - ok 20:08:40.0562 4484 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 20:08:40.0584 4484 partmgr - ok 20:08:40.0622 4484 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 20:08:40.0708 4484 Parvdm - ok 20:08:40.0744 4484 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 20:08:40.0845 4484 PcaSvc - ok 20:08:40.0890 4484 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 20:08:40.0917 4484 pci - ok 20:08:40.0932 4484 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys 20:08:40.0957 4484 pciide - ok 20:08:40.0986 4484 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 20:08:41.0004 4484 pcmcia - ok 20:08:41.0052 4484 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 20:08:41.0168 4484 PEAUTH - ok 20:08:41.0288 4484 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 20:08:41.0421 4484 pla - ok 20:08:41.0497 4484 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 20:08:41.0602 4484 PlugPlay - ok 20:08:41.0635 4484 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 20:08:41.0740 4484 PNRPAutoReg - ok 20:08:41.0768 4484 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 20:08:41.0858 4484 PNRPsvc - ok 20:08:41.0933 4484 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 20:08:41.0997 4484 PolicyAgent - ok 20:08:42.0035 4484 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 20:08:42.0074 4484 PptpMiniport - ok 20:08:42.0092 4484 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys 20:08:42.0122 4484 Processor - ok 20:08:42.0177 4484 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 20:08:42.0252 4484 ProfSvc - ok 20:08:42.0273 4484 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 20:08:42.0320 4484 ProtectedStorage - ok 20:08:42.0363 4484 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 20:08:42.0402 4484 PSched - ok 20:08:42.0446 4484 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 20:08:42.0518 4484 ql2300 - ok 20:08:42.0557 4484 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 20:08:42.0576 4484 ql40xx - ok 20:08:42.0609 4484 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 20:08:42.0712 4484 QWAVE - ok 20:08:42.0731 4484 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 20:08:42.0764 4484 QWAVEdrv - ok 20:08:42.0776 4484 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 20:08:42.0820 4484 RasAcd - ok 20:08:42.0849 4484 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 20:08:42.0944 4484 RasAuto - ok 20:08:42.0972 4484 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 20:08:43.0006 4484 Rasl2tp - ok 20:08:43.0053 4484 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 20:08:43.0149 4484 RasMan - ok 20:08:43.0192 4484 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 20:08:43.0227 4484 RasPppoe - ok 20:08:43.0282 4484 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 20:08:43.0302 4484 RasSstp - ok 20:08:43.0350 4484 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 20:08:43.0391 4484 rdbss - ok 20:08:43.0420 4484 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 20:08:43.0460 4484 RDPCDD - ok 20:08:43.0486 4484 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 20:08:43.0518 4484 rdpdr - ok 20:08:43.0528 4484 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 20:08:43.0566 4484 RDPENCDD - ok 20:08:43.0605 4484 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 20:08:43.0648 4484 RDPWD - ok 20:08:43.0687 4484 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 20:08:43.0753 4484 RemoteAccess - ok 20:08:43.0813 4484 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 20:08:43.0900 4484 RemoteRegistry - ok 20:08:43.0928 4484 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 20:08:43.0982 4484 RpcLocator - ok 20:08:44.0009 4484 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 20:08:44.0095 4484 RpcSs - ok 20:08:44.0147 4484 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 20:08:44.0191 4484 rspndr - ok 20:08:44.0220 4484 [ 557D431125AA3D58F2D132FDA1EB8255 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS 20:08:44.0237 4484 RTSTOR - ok 20:08:44.0273 4484 [ 1C5C2CB892553D2CF3F45A4BB323FCD6 ] s1018bus C:\Windows\system32\DRIVERS\s1018bus.sys 20:08:44.0293 4484 s1018bus - ok 20:08:44.0304 4484 [ 38F5EA219593F19B6B3A1B9C169E3B61 ] s1018mdfl C:\Windows\system32\DRIVERS\s1018mdfl.sys 20:08:44.0322 4484 s1018mdfl - ok 20:08:44.0345 4484 [ 666AF6B64FC7DF92D3CA4819EA91631D ] s1018mdm C:\Windows\system32\DRIVERS\s1018mdm.sys 20:08:44.0365 4484 s1018mdm - ok 20:08:44.0394 4484 [ F4CEDA6E2DDFF2AF8BD745615A7CA9C0 ] s1018mgmt C:\Windows\system32\DRIVERS\s1018mgmt.sys 20:08:44.0421 4484 s1018mgmt ( UnsignedFile.Multi.Generic ) - warning 20:08:44.0422 4484 s1018mgmt - detected UnsignedFile.Multi.Generic (1) 20:08:44.0443 4484 [ 3622D9FF2253DCBE885B10736609A4CA ] s1018nd5 C:\Windows\system32\DRIVERS\s1018nd5.sys 20:08:44.0462 4484 s1018nd5 - ok 20:08:44.0492 4484 [ 49431EFDA842B474531C29FFAE9F5D09 ] s1018obex C:\Windows\system32\DRIVERS\s1018obex.sys 20:08:44.0514 4484 s1018obex - ok 20:08:44.0532 4484 [ AC6B514CB4474F4C867D7CDC9CD54F05 ] s1018unic C:\Windows\system32\DRIVERS\s1018unic.sys 20:08:44.0557 4484 s1018unic - ok 20:08:44.0583 4484 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 20:08:44.0651 4484 SamSs - ok 20:08:44.0671 4484 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 20:08:44.0695 4484 sbp2port - ok 20:08:44.0748 4484 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 20:08:44.0827 4484 SCardSvr - ok 20:08:44.0886 4484 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 20:08:44.0996 4484 Schedule - ok 20:08:45.0009 4484 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 20:08:45.0040 4484 SCPolicySvc - ok 20:08:45.0064 4484 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 20:08:45.0100 4484 sdbus - ok 20:08:45.0130 4484 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 20:08:45.0216 4484 SDRSVC - ok 20:08:45.0235 4484 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 20:08:45.0304 4484 secdrv - ok 20:08:45.0327 4484 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 20:08:45.0436 4484 seclogon - ok 20:08:45.0452 4484 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll 20:08:45.0551 4484 SENS - ok 20:08:45.0567 4484 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 20:08:45.0626 4484 Serenum - ok 20:08:45.0670 4484 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 20:08:45.0729 4484 Serial - ok 20:08:45.0751 4484 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 20:08:45.0781 4484 sermouse - ok 20:08:45.0817 4484 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 20:08:45.0902 4484 SessionEnv - ok 20:08:45.0917 4484 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 20:08:45.0942 4484 sffdisk - ok 20:08:45.0951 4484 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 20:08:45.0999 4484 sffp_mmc - ok 20:08:46.0021 4484 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 20:08:46.0052 4484 sffp_sd - ok 20:08:46.0063 4484 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 20:08:46.0104 4484 sfloppy - ok 20:08:46.0143 4484 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 20:08:46.0221 4484 SharedAccess - ok 20:08:46.0259 4484 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 20:08:46.0335 4484 ShellHWDetection - ok 20:08:46.0354 4484 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys 20:08:46.0373 4484 sisagp - ok 20:08:46.0398 4484 [ A029482BE40DEF54DF02FCE751AA16DC ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSGB6.sys 20:08:46.0423 4484 SiSGbeLH - ok 20:08:46.0446 4484 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 20:08:46.0463 4484 SiSRaid2 - ok 20:08:46.0479 4484 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 20:08:46.0498 4484 SiSRaid4 - ok 20:08:46.0610 4484 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 20:08:46.0841 4484 slsvc - ok 20:08:46.0897 4484 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 20:08:47.0012 4484 SLUINotify - ok 20:08:47.0061 4484 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 20:08:47.0087 4484 Smb - ok 20:08:47.0144 4484 [ D9BFD2298F5CF116D8EAAE3B02DCEE2E ] smserial C:\Windows\system32\DRIVERS\smserial.sys 20:08:47.0290 4484 smserial - ok 20:08:47.0395 4484 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 20:08:47.0488 4484 SNMPTRAP - ok 20:08:47.0556 4484 [ A709DFA1674C1ED61EF7B5F29B38EEB1 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys 20:08:47.0685 4484 SNP2UVC - ok 20:08:47.0724 4484 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 20:08:47.0743 4484 spldr - ok 20:08:47.0784 4484 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 20:08:47.0871 4484 Spooler - ok 20:08:47.0920 4484 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 20:08:47.0955 4484 srv - ok 20:08:47.0974 4484 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 20:08:48.0004 4484 srv2 - ok 20:08:48.0042 4484 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 20:08:48.0073 4484 srvnet - ok 20:08:48.0110 4484 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 20:08:48.0198 4484 SSDPSRV - ok 20:08:48.0221 4484 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 20:08:48.0237 4484 ssmdrv - ok 20:08:48.0252 4484 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 20:08:48.0335 4484 SstpSvc - ok 20:08:48.0393 4484 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 20:08:48.0512 4484 stisvc - ok 20:08:48.0584 4484 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 20:08:48.0602 4484 swenum - ok 20:08:48.0655 4484 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 20:08:48.0760 4484 swprv - ok 20:08:48.0784 4484 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 20:08:48.0801 4484 Symc8xx - ok 20:08:48.0823 4484 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 20:08:48.0839 4484 Sym_hi - ok 20:08:48.0853 4484 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 20:08:48.0871 4484 Sym_u3 - ok 20:08:48.0900 4484 [ 55F6E55CC2430CA8713387106FA79817 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 20:08:48.0919 4484 SynTP - ok 20:08:48.0978 4484 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 20:08:49.0087 4484 SysMain - ok 20:08:49.0115 4484 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 20:08:49.0192 4484 TabletInputService - ok 20:08:49.0242 4484 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 20:08:49.0351 4484 TapiSrv - ok 20:08:49.0373 4484 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 20:08:49.0471 4484 TBS - ok 20:08:49.0544 4484 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 20:08:49.0608 4484 Tcpip - ok 20:08:49.0656 4484 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 20:08:49.0705 4484 Tcpip6 - ok 20:08:49.0764 4484 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 20:08:49.0786 4484 tcpipreg - ok 20:08:49.0826 4484 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 20:08:49.0881 4484 TDPIPE - ok 20:08:49.0903 4484 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 20:08:49.0954 4484 TDTCP - ok 20:08:50.0001 4484 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 20:08:50.0043 4484 tdx - ok 20:08:50.0064 4484 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 20:08:50.0082 4484 TermDD - ok 20:08:50.0144 4484 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 20:08:50.0272 4484 TermService - ok 20:08:50.0290 4484 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 20:08:50.0367 4484 Themes - ok 20:08:50.0396 4484 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 20:08:50.0459 4484 THREADORDER - ok 20:08:50.0491 4484 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 20:08:50.0588 4484 TrkWks - ok 20:08:50.0642 4484 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 20:08:50.0666 4484 TrustedInstaller - ok 20:08:50.0700 4484 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 20:08:50.0740 4484 tssecsrv - ok 20:08:50.0765 4484 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 20:08:50.0793 4484 tunmp - ok 20:08:50.0842 4484 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 20:08:50.0864 4484 tunnel - ok 20:08:50.0884 4484 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys 20:08:50.0906 4484 uagp35 - ok 20:08:50.0945 4484 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 20:08:50.0988 4484 udfs - ok 20:08:51.0024 4484 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 20:08:51.0158 4484 UI0Detect - ok 20:08:51.0180 4484 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 20:08:51.0199 4484 uliagpkx - ok 20:08:51.0219 4484 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys 20:08:51.0244 4484 uliahci - ok 20:08:51.0263 4484 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 20:08:51.0281 4484 UlSata - ok 20:08:51.0296 4484 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 20:08:51.0315 4484 ulsata2 - ok 20:08:51.0335 4484 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 20:08:51.0368 4484 umbus - ok 20:08:51.0396 4484 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 20:08:51.0509 4484 upnphost - ok 20:08:51.0529 4484 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 20:08:51.0570 4484 usbccgp - ok 20:08:51.0591 4484 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 20:08:51.0658 4484 usbcir - ok 20:08:51.0699 4484 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 20:08:51.0732 4484 usbehci - ok 20:08:51.0780 4484 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 20:08:51.0809 4484 usbhub - ok 20:08:51.0827 4484 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 20:08:51.0867 4484 usbohci - ok 20:08:51.0899 4484 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 20:08:51.0937 4484 usbprint - ok 20:08:51.0951 4484 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:08:51.0995 4484 USBSTOR - ok 20:08:52.0020 4484 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 20:08:52.0068 4484 usbuhci - ok 20:08:52.0102 4484 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 20:08:52.0158 4484 usbvideo - ok 20:08:52.0200 4484 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 20:08:52.0296 4484 UxSms - ok 20:08:52.0356 4484 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 20:08:52.0480 4484 vds - ok 20:08:52.0511 4484 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 20:08:52.0558 4484 vga - ok 20:08:52.0580 4484 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 20:08:52.0612 4484 VgaSave - ok 20:08:52.0628 4484 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys 20:08:52.0647 4484 viaagp - ok 20:08:52.0663 4484 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys 20:08:52.0696 4484 ViaC7 - ok 20:08:52.0707 4484 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys 20:08:52.0726 4484 viaide - ok 20:08:52.0744 4484 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 20:08:52.0765 4484 volmgr - ok 20:08:52.0805 4484 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 20:08:52.0831 4484 volmgrx - ok 20:08:52.0881 4484 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys 20:08:52.0906 4484 volsnap - ok 20:08:52.0928 4484 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 20:08:52.0947 4484 vsmraid - ok 20:08:52.0993 4484 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 20:08:53.0144 4484 VSS - ok 20:08:53.0186 4484 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 20:08:53.0311 4484 W32Time - ok 20:08:53.0338 4484 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 20:08:53.0393 4484 WacomPen - ok 20:08:53.0410 4484 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 20:08:53.0438 4484 Wanarp - ok 20:08:53.0455 4484 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 20:08:53.0487 4484 Wanarpv6 - ok 20:08:53.0538 4484 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 20:08:53.0668 4484 wcncsvc - ok 20:08:53.0698 4484 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 20:08:53.0804 4484 WcsPlugInService - ok 20:08:53.0831 4484 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys 20:08:53.0850 4484 Wd - ok 20:08:53.0877 4484 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 20:08:53.0919 4484 Wdf01000 - ok 20:08:53.0956 4484 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 20:08:54.0063 4484 WdiServiceHost - ok 20:08:54.0078 4484 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 20:08:54.0175 4484 WdiSystemHost - ok 20:08:54.0219 4484 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 20:08:54.0305 4484 WebClient - ok 20:08:54.0345 4484 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 20:08:54.0436 4484 Wecsvc - ok 20:08:54.0458 4484 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 20:08:54.0548 4484 wercplsupport - ok 20:08:54.0576 4484 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 20:08:54.0701 4484 WerSvc - ok 20:08:54.0756 4484 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 20:08:54.0776 4484 WinDefend - ok 20:08:54.0784 4484 WinHttpAutoProxySvc - ok 20:08:54.0858 4484 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 20:08:55.0004 4484 Winmgmt - ok 20:08:55.0074 4484 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 20:08:55.0245 4484 WinRM - ok 20:08:55.0293 4484 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 20:08:55.0415 4484 Wlansvc - ok 20:08:55.0441 4484 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 20:08:55.0479 4484 WmiAcpi - ok 20:08:55.0530 4484 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 20:08:55.0568 4484 wmiApSrv - ok 20:08:55.0643 4484 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 20:08:55.0693 4484 WMPNetworkSvc - ok 20:08:55.0745 4484 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 20:08:55.0851 4484 WPCSvc - ok 20:08:55.0880 4484 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 20:08:55.0973 4484 WPDBusEnum - ok 20:08:55.0996 4484 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 20:08:56.0018 4484 WpdUsb - ok 20:08:56.0144 4484 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 20:08:56.0227 4484 WPFFontCache_v0400 - ok 20:08:56.0255 4484 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 20:08:56.0306 4484 ws2ifsl - ok 20:08:56.0355 4484 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll 20:08:56.0480 4484 wscsvc - ok 20:08:56.0488 4484 WSearch - ok 20:08:56.0592 4484 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 20:08:56.0761 4484 wuauserv - ok 20:08:56.0837 4484 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 20:08:56.0869 4484 WUDFRd - ok 20:08:56.0895 4484 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll 20:08:57.0009 4484 wudfsvc - ok 20:08:57.0052 4484 [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys 20:08:57.0118 4484 yukonwlh - ok 20:08:57.0141 4484 ================ Scan global =============================== 20:08:57.0168 4484 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 20:08:57.0233 4484 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 20:08:57.0352 4484 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 20:08:57.0484 4484 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 20:08:57.0557 4484 [Global] - ok 20:08:57.0558 4484 ================ Scan MBR ================================== 20:08:57.0569 4484 [ 64B1E91C5C6C2157642651010728F90F ] \Device\Harddisk0\DR0 20:08:58.0015 4484 \Device\Harddisk0\DR0 - ok 20:08:58.0025 4484 [ 047B03828414F096C1469FD4518BFE5E ] \Device\Harddisk2\DR3 20:09:01.0817 4484 \Device\Harddisk2\DR3 - ok 20:09:01.0818 4484 ================ Scan VBR ================================== 20:09:01.0824 4484 [ 63D46AFF2363682344B473C654F5DB66 ] \Device\Harddisk0\DR0\Partition1 20:09:01.0828 4484 \Device\Harddisk0\DR0\Partition1 - ok 20:09:01.0868 4484 [ C77E3F90DCCC726F2A57E2AC5966574F ] \Device\Harddisk0\DR0\Partition2 20:09:01.0871 4484 \Device\Harddisk0\DR0\Partition2 - ok 20:09:01.0872 4484 ============================================================ 20:09:01.0872 4484 Scan finished 20:09:01.0872 4484 ============================================================ 20:09:01.0894 3540 Detected object count: 5 20:09:01.0894 3540 Actual detected object count: 5 20:09:20.0788 3540 ADSMService ( UnsignedFile.Multi.Generic ) - skipped by user 20:09:20.0788 3540 ADSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:09:20.0791 3540 ASLDRService ( UnsignedFile.Multi.Generic ) - skipped by user 20:09:20.0791 3540 ASLDRService ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:09:20.0795 3540 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user 20:09:20.0795 3540 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:09:20.0799 3540 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 20:09:20.0799 3540 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:09:20.0804 3540 s1018mgmt ( UnsignedFile.Multi.Generic ) - skipped by user 20:09:20.0804 3540 s1018mgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:10:01.0371 3644 Deinitialize success |
29.10.2012, 11:54 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner / Virus mit Webcam Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
30.10.2012, 19:52 | #5 |
| GVU Trojaner / Virus mit WebcamCode:
ATTFilter ComboFix 12-10-30.03 - username 30.10.2012 19:12:47.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3071.2053 [GMT 1:00] ausgeführt von:: c:\users\username\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\0tbpw.pad c:\windows\msvcr71.dll c:\windows\system32\muzapp.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-09-28 bis 2012-10-30 )))))))))))))))))))))))))))))) . . 2012-10-30 18:35 . 2012-10-30 18:36 -------- d-----w- c:\users\username\AppData\Local\temp 2012-10-30 18:35 . 2012-10-30 18:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-28 12:34 . 2012-10-28 12:34 -------- d-----w- c:\users\username\AppData\Roaming\Malwarebytes 2012-10-28 12:34 . 2012-10-28 12:34 -------- d-----w- c:\programdata\Malwarebytes 2012-10-28 12:34 . 2012-10-28 12:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-10-28 12:34 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-20 15:47 . 2012-10-20 15:47 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll 2012-10-20 15:17 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2012-10-20 15:17 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll 2012-10-20 15:17 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-20 15:17 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-20 15:17 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-10-20 15:17 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll 2012-10-20 15:17 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-10-20 15:17 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-10-20 15:17 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-10-20 15:17 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-10-20 15:17 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-20 15:15 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-20 15:15 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-30 17:58 . 2008-08-24 06:12 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-09-29 14:24 . 2012-09-29 14:24 161792 ----a-w- c:\windows\system32\msls31.dll 2012-09-29 14:24 . 2012-09-29 14:24 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-09-29 14:24 . 2012-09-29 14:24 86528 ----a-w- c:\windows\system32\iesysprep.dll 2012-09-29 14:24 . 2012-09-29 14:24 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-09-29 14:24 . 2012-09-29 14:24 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-09-29 14:24 . 2012-09-29 14:24 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-09-29 14:24 . 2012-09-29 14:24 63488 ----a-w- c:\windows\system32\tdc.ocx 2012-09-29 14:24 . 2012-09-29 14:24 367104 ----a-w- c:\windows\system32\html.iec 2012-09-29 14:24 . 2012-09-29 14:24 74752 ----a-w- c:\windows\system32\iesetup.dll 2012-09-29 14:24 . 2012-09-29 14:24 23552 ----a-w- c:\windows\system32\licmgr10.dll 2012-09-29 14:24 . 2012-09-29 14:24 152064 ----a-w- c:\windows\system32\wextract.exe 2012-09-29 14:24 . 2012-09-29 14:24 150528 ----a-w- c:\windows\system32\iexpress.exe 2012-09-29 14:24 . 2012-09-29 14:24 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-09-29 14:24 . 2012-09-29 14:24 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-09-29 14:24 . 2012-09-29 14:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-09-29 14:24 . 2012-09-29 14:24 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-09-29 14:24 . 2012-09-29 14:24 35840 ----a-w- c:\windows\system32\imgutil.dll 2012-09-29 14:24 . 2012-09-29 14:24 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-09-29 14:24 . 2012-09-29 14:24 11776 ----a-w- c:\windows\system32\mshta.exe 2012-09-29 14:24 . 2012-09-29 14:24 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-09-29 14:24 . 2012-09-29 14:24 101888 ----a-w- c:\windows\system32\admparse.dll 2012-09-29 14:23 . 2012-09-29 14:23 979456 ----a-w- c:\windows\system32\MFH264Dec.dll 2012-09-29 14:23 . 2012-09-29 14:23 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll 2012-09-29 14:23 . 2012-09-29 14:23 302592 ----a-w- c:\windows\system32\mfmp4src.dll 2012-09-29 14:23 . 2012-09-29 14:23 261632 ----a-w- c:\windows\system32\mfreadwrite.dll 2012-09-29 14:23 . 2012-09-29 14:23 2873344 ----a-w- c:\windows\system32\mf.dll 2012-09-29 14:23 . 2012-09-29 14:23 98816 ----a-w- c:\windows\system32\mfps.dll 2012-09-29 14:23 . 2012-09-29 14:23 586240 ----a-w- c:\windows\system32\stobject.dll 2012-09-29 14:23 . 2012-09-29 14:23 209920 ----a-w- c:\windows\system32\mfplat.dll 2012-09-29 14:23 . 2012-09-29 14:23 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2012-09-29 14:23 . 2012-09-29 14:23 486400 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-29 14:23 . 2012-09-29 14:23 478720 ----a-w- c:\windows\system32\dxgi.dll 2012-09-29 14:23 . 2012-09-29 14:23 189952 ----a-w- c:\windows\system32\d3d10core.dll 2012-09-29 14:23 . 2012-09-29 14:23 1029120 ----a-w- c:\windows\system32\d3d10.dll 2012-09-29 14:23 . 2012-09-29 14:23 847360 ----a-w- c:\windows\system32\OpcServices.dll 2012-09-29 14:23 . 2012-09-29 14:23 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2012-09-29 14:23 . 2012-09-29 14:23 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2012-09-29 14:23 . 2012-09-29 14:23 37376 ----a-w- c:\windows\system32\cdd.dll 2012-09-29 14:23 . 2012-09-29 14:23 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2012-09-29 14:23 . 2012-09-29 14:23 258048 ----a-w- c:\windows\system32\winspool.drv 2012-09-29 14:23 . 2012-09-29 14:23 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2012-09-29 14:23 . 2012-09-29 14:23 519680 ----a-w- c:\windows\system32\d3d11.dll 2012-09-29 14:23 . 2012-09-29 14:23 4096 ----a-w- c:\windows\system32\drivers\de-DE\dxgkrnl.sys.mui 2012-09-29 14:23 . 2012-09-29 14:23 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2012-09-29 14:23 . 2012-09-29 14:23 252928 ----a-w- c:\windows\system32\dxdiag.exe 2012-09-29 14:23 . 2012-09-29 14:23 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2012-09-29 14:23 . 2012-09-29 14:23 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2012-09-29 14:23 . 2012-09-29 14:23 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2012-09-29 14:23 . 2012-09-29 14:23 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2012-09-08 14:12 . 2012-09-08 15:23 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-09-08 14:12 . 2012-09-08 15:23 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-09-08 14:12 . 2012-09-08 15:23 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-08-27 23:50 . 2012-09-08 14:48 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{54DCF8D6-E259-4CA0-AD58-B2CAA0B748D1}\mpengine.dll 2012-10-20 15:47 . 2012-08-02 17:18 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Trust Mouse 15349&15350.exe"="c:\program files\Trust Mouse 15349&15350\Trust Mouse 15349&15350.exe" [2007-09-05 578560] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936] "P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 4853760] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-09-03 630784] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440] "ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496] "PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240] "ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-08-24 37232] "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-08-24 33136] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352] "Trust Mouse 15349&15350.exe"="c:\program files\Trust Mouse 15349&15350\Trust Mouse 15349&15350.exe" [2007-09-05 578560] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-26 185872] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-08 348664] "Skytel"="Skytel.exe" [2007-11-20 1826816] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhalt des "geplante Tasks" Ordners . 2012-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-16 14:54] . 2012-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-16 14:54] . 2012-10-30 c:\windows\Tasks\ReclaimerUpdateFiles_username.job - c:\users\username\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-10-20 15:32] . 2012-10-24 c:\windows\Tasks\ReclaimerUpdateXML_username.job - c:\users\username\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-10-20 15:32] . 2012-10-30 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_username.job - c:\users\username\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-10-20 15:32] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.asus.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://169.254.247.253/codebase/DVM_IPCam2.ocx FF - ProfilePath - c:\users\username\AppData\Roaming\Mozilla\Firefox\Profiles\lv4tc53n.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - ExtSQL: !HIDDEN! 2009-09-09 09:44; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - Entfernte verwaiste Registrierungseinträge - - - - . AddRemove-InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6} - c:\program files\InstallShield Installation Information\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-10-30 19:36 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . . C:\ADSM_PData_0150 . Scan erfolgreich abgeschlossen versteckte Dateien: 1 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2012-10-30 19:41:37 ComboFix-quarantined-files.txt 2012-10-30 18:41 . Vor Suchlauf: 7 Verzeichnis(se), 109.631.143.936 Bytes frei Nach Suchlauf: 11 Verzeichnis(se), 108.972.138.496 Bytes frei . - - End Of File - - F9CC0CC897FD04D593CA7A204C389073 |
31.10.2012, 18:18 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner / Virus mit Webcam Ok, eine Kontrolle bitte:
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ --> GVU Trojaner / Virus mit Webcam |
01.11.2012, 15:00 | #7 |
| GVU Trojaner / Virus mit WebcamCode:
ATTFilter OTL Extras logfile created on: 01.11.2012 14:48:35 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\username\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 70,78% Memory free 6,19 Gb Paging File | 5,30 Gb Available in Paging File | 85,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 101,49 Gb Free Space | 68,09% Space Free | Partition Type: NTFS Drive D: | 139,28 Gb Total Space | 120,20 Gb Free Space | 86,30% Space Free | Partition Type: NTFS Computer Name: NB | User Name: username | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3009654975-407849651-2991692621-1000\SOFTWARE\Classes\<extension>] .bat [@ = batfile] -- Reg Error: Key error. File not found .cmd [@ = cmdfile] -- Reg Error: Key error. File not found .com [@ = ComFile] -- Reg Error: Key error. File not found .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05580B2C-A931-428A-B807-BAABF995BE93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1D07A458-4C4F-42BD-B45A-410CEE985746}" = rport=445 | protocol=6 | dir=out | app=system | "{1DAEBFF8-2571-4993-93DB-77ACF48E8BA0}" = rport=137 | protocol=17 | dir=out | app=system | "{20A03A5C-E656-4A29-99E5-1E56692B124B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{24A2F13B-0400-4C66-896E-08A8A555D593}" = lport=138 | protocol=17 | dir=in | app=system | "{25C2FCD7-82D4-4988-8715-26A32E4DC9B0}" = rport=138 | protocol=17 | dir=out | app=system | "{37A955D0-0CCF-446D-B907-32519E24EF54}" = rport=139 | protocol=6 | dir=out | app=system | "{49F0C600-1FD9-435B-98C4-6CE5FBE9D8BC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{4EBAAA93-6CEB-4F46-AF84-41F92A5D96BA}" = lport=445 | protocol=6 | dir=in | app=system | "{6A42B32E-C82A-40CD-9542-0A8B90BD37D4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{835B5ACF-4051-4185-B727-D999AC62A804}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{8963B208-78C6-4CAF-83AB-6B879846136D}" = lport=137 | protocol=17 | dir=in | app=system | "{A3582F87-21F4-450B-AD12-24E6936EF118}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{A86A560A-26D4-4EC9-8208-4EE4D34E77BE}" = lport=139 | protocol=6 | dir=in | app=system | "{B2D0815A-A60D-48E8-93CF-248C03E86147}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B838233F-7B60-44C9-AF3B-43209BB46B03}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D32F0404-6DFB-45ED-9EE6-77F63FB59ECC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{FB0821B9-B4D0-40B1-A3C2-8C4B149534CA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FF9E395F-383E-4B6C-8E86-C58F5E2541E3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06F66F51-1AFD-42D5-B56C-F3A1EC92509B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{1C2F7AF3-24AD-47CD-9D46-768CDFF47CF9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{327ECBF0-3E1E-4271-9588-75EB92FD67F7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3FB25084-F264-4B3C-972A-9C4299EDF193}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{415FBA3A-0F57-431B-958F-141FEC3A40D5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{47E8BB2B-A337-4FDC-B813-129C499CBBC4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{7716228C-47B0-4113-B25C-A9E031B00EDC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{7B138C26-5FC4-4778-9C53-C79D0805F429}" = protocol=17 | dir=in | app=c:\program files\avira\antivir personaledition classic\update.exe | "{8B1396D0-145E-4540-9A39-DD8B343DC35F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{8CD031E3-F904-4ECD-A0DA-00FE93680304}" = protocol=6 | dir=in | app=c:\program files\avira\antivir personaledition classic\update.exe | "{9BEA2AEA-58A6-40D8-A0EC-59FCFA2B1EA0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{B7F64EC3-E931-421C-9432-501D3E0AD3F3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{FAA1505E-003A-4164-8953-22D73808FE47}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "TCP Query User{04AEB49F-EFA8-4E09-A2EA-7BB3A6BC715E}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{11682D3A-EF7C-4051-90C4-A9934AFD81D0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{223E24E5-85DB-4B9C-A847-69C25F6636E1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{336D4768-2D64-420A-BBFE-C5732FAEFF84}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{A2930908-BA0B-4E09-9811-828C487164CB}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{AD7D0717-FF80-49BB-8E16-DE210DB9C5C9}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{0601D87C-B157-43D3-8F04-06C1BCFB9B2A}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{0CE8DDDE-9E98-498A-8721-8FB951210C85}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{7D34FEFC-1CD6-4DA1-B2E7-F4DFD85793C9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{B0B34B55-3D17-4458-9499-780F56707566}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{F173364A-D227-4A23-BE4D-D293C608169F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{F37BD76E-A1D2-4160-92C4-D2183AC8E312}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{088D5DC3-A607-DF3D-6406-7CA7F597F25F}" = Catalyst Control Center Localization Norwegian "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{0A1129C7-E4F7-4EDC-DD38-DC8B467F5DAD}" = CCC Help Italian "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1 "{11435553-1388-0583-98C3-AD3C49E9A038}" = Catalyst Control Center Graphics Full Existing "{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media "{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager "{1C94CB71-A432-873C-E0AC-121EDBD817CE}" = CCC Help German "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2 "{230142CE-A81E-CC3C-35CC-5CC8A49CCB1E}" = Catalyst Control Center Localization Japanese "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 30 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program "{29B9C0F8-380D-133D-6551-142BB77F94C8}" = ccc-core-static "{2C85768B-0BDA-8FB8-3CC8-B36C3CD86151}" = Catalyst Control Center Localization Thai "{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears "{3117A9EF-16BE-3404-CBC8-9AC1BB009335}" = CCC Help French "{31C74C17-B0AC-0F77-E772-9F7FA9891E36}" = CCC Help Turkish "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{32A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java(TM) SE Development Kit 6 Update 22 "{37D7562E-389B-6675-13E2-6D4F6994DD9A}" = Catalyst Control Center Localization Dutch "{389E3080-0B6D-BA11-3369-490623D5FD49}" = CCC Help Portuguese "{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE772A4-97F3-806B-924F-6D77EE00C1AE}" = CCC Help Hungarian "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{431633E7-E6A4-3205-3B80-3F9BC437F797}" = Skins "{46647CBB-A2D5-AA8E-F951-1712A74668C4}" = Catalyst Control Center Localization Turkish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52F3D26F-AE33-2F25-1374-DDB65CEB12F3}" = CCC Help Czech "{54FB7140-FD80-2389-3332-9D85FC74915D}" = Catalyst Control Center Localization Swedish "{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun "{593D6CC5-D02A-BF6C-6463-278368587E02}" = Catalyst Control Center Localization Greek "{5C1748A8-912B-DF0B-5C35-A9C3A2D546A7}" = Catalyst Control Center Localization Czech "{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2 "{5EB5EEA7-6432-5827-0080-899DA70A97BA}" = ATI Catalyst Install Manager "{5F5D5DE9-D467-43D4-0D43-68B4598FF5CB}" = Catalyst Control Center Localization Russian "{60204E20-6172-2517-9B6F-6A87416956A1}" = CCC Help Dutch "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6AE16305-FD12-FFF0-85FA-722360417549}" = Catalyst Control Center Localization Korean "{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding "{7234908A-5F80-B67A-8DE8-98B75FA43810}" = CCC Help Chinese Traditional "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{730801C2-7C9B-2260-614D-A44767CA5DBC}" = CCC Help Thai "{73B9CDF5-9B29-3DD5-0028-C68CD2490F1E}" = CCC Help Korean "{7DEEE76B-ED3D-657E-5475-D67ADA440E47}" = CCC Help Norwegian "{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2 "{8439EDA7-A85C-E830-2E23-197A1BFD24F5}" = Catalyst Control Center Localization Italian "{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{35355EBA-4636-40B2-A995-FEB4CDBD92B3}" = "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{9980C99E-6954-614B-EA1C-333473FC2900}" = ccc-utility "{9A55D681-02D1-6E48-F717-3ACFF6DBB27C}" = CCC Help Russian "{9B74C58F-A6AE-F383-4AC1-F432FDF35884}" = CCC Help Chinese Standard "{9F88C8F3-5953-B3D7-7F91-A7CE3A6F5119}" = Catalyst Control Center Localization Finnish "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A4E83A4C-B057-E197-F156-2FBEFA0761FE}" = Catalyst Control Center Localization French "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9C95D56-88AA-0CF9-FFE4-E0A45C04A6DC}" = Catalyst Control Center Localization Portuguese "{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch "{AEA1F5BA-BC7A-05F2-2832-58B4BCEAABEB}" = Catalyst Control Center Localization Danish "{B10DEBAF-64A4-0FB5-9518-97A21DC2A321}" = CCC Help Greek "{B5D0714F-56A4-52A2-4C62-6B4E8853F25A}" = Catalyst Control Center Localization Spanish "{B9B7F425-0B72-E926-06FF-136154B31077}" = CCC Help Japanese "{BA09B3B4-7D61-B444-52AE-4C3C3CADADDA}" = CCC Help Spanish "{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax "{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C5AEAA52-29F8-DF1E-B472-C2ABDC6EA349}" = Catalyst Control Center Localization Chinese Traditional "{CC77812E-22CB-754E-15C4-1E7BB9B2E89A}" = Catalyst Control Center Graphics Previews Vista "{CC81D746-51BB-4F97-52EB-BF64E14B1904}" = CCC Help Swedish "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEE0CD9D-7759-7D58-F33D-D1968D29B8A2}" = Catalyst Control Center Localization Hungarian "{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service "{D45D831B-1431-0A69-841B-828F958E95BB}" = CCC Help Danish "{D9F9D5C6-B889-C333-033B-863C85BB0D6F}" = CCC Help Finnish "{DA918D70-293B-6776-CD3C-7965EC7D8680}" = Catalyst Control Center Graphics Previews Common "{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DD07CD74-B4BF-1347-D10C-5A32485D8451}" = CCC Help English "{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash "{E3DE4A3B-DB2A-9107-BCDD-1C6A64CFB4F5}" = Catalyst Control Center Localization German "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0 "{EAEDD68A-1037-35C3-707A-1A5316856EF8}" = Catalyst Control Center Core Implementation "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0F8875B-F4F4-6BBC-5D86-CFAD9D6B7F12}" = Catalyst Control Center Localization Polish "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F53B03FE-A48A-9051-F350-554E415730F5}" = Catalyst Control Center Localization Chinese Standard "{F6141E53-ABEC-97AF-99E7-C12588A20812}" = Catalyst Control Center Graphics Full New "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8935FC0-DE7D-41C3-FC9C-7867B29D2E10}" = Catalyst Control Center Graphics Light "{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P "{FFA6416E-798F-773E-B7A9-0F79BA40ECB8}" = CCC Help Polish "7-Zip" = 7-Zip 4.57 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver "Avira AntiVir Desktop" = Avira Free Antivirus "DAEMON Tools Lite" = DAEMON Tools Lite "ENTERPRISE" = Microsoft Office Enterprise 2007 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.41 "RealPlayer 6.0" = RealPlayer "SMSERIAL" = Motorola SM56 Speakerphone Modem "SynTPDeinstKey" = Synaptics Pointing Device Driver "Trust Mouse 15349&15350_is1" = Trust Mouse 15349&15350 version 1.0.0.0 "USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam "VLC media player" = VLC media player 0.9.2 "Winamp" = Winamp "x3_Codec" = x3_Codec "x3Codec" = x3Codec "xuggle-xuggler" = xuggle-xuggler ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3009654975-407849651-2991692621-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 27.10.2012 07:32:30 | Computer Name = NB | Source = Outlook | ID = 35 Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet (Fehler=0x8007043c). Error - 27.10.2012 07:32:30 | Computer Name = NB | Source = Outlook | ID = 35 Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet (Fehler=0x8007043c). Error - 27.10.2012 07:32:30 | Computer Name = NB | Source = Outlook | ID = 35 Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet (Fehler=0x8007043c). Error - 27.10.2012 07:32:30 | Computer Name = NB | Source = Outlook | ID = 35 Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet (Fehler=0x8007043c). Error - 27.10.2012 07:32:30 | Computer Name = NB | Source = Outlook | ID = 35 Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet (Fehler=0x8007043c). Error - 27.10.2012 07:32:30 | Computer Name = NB | Source = Outlook | ID = 35 Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet (Fehler=0x8007043c). Error - 27.10.2012 07:32:30 | Computer Name = NB | Source = Outlook | ID = 35 Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet (Fehler=0x8007043c). Error - 27.10.2012 07:32:30 | Computer Name = NB | Source = Outlook | ID = 35 Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet (Fehler=0x8007043c). Error - 27.10.2012 07:32:30 | Computer Name = NB | Source = Outlook | ID = 35 Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet (Fehler=0x8007043c). Error - 27.10.2012 07:32:30 | Computer Name = NB | Source = Outlook | ID = 35 Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet (Fehler=0x8007043c). [ System Events ] Error - 28.10.2012 08:56:23 | Computer Name = NB | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 28.10.2012 09:08:00 | Computer Name = NB | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 28.10.2012 14:47:14 | Computer Name = NB | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 30.10.2012 13:59:12 | Computer Name = NB | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 30.10.2012 14:04:48 | Computer Name = NB | Source = Service Control Manager | ID = 7030 Description = Error - 30.10.2012 14:23:06 | Computer Name = NB | Source = Service Control Manager | ID = 7030 Description = Error - 30.10.2012 14:35:55 | Computer Name = NB | Source = Service Control Manager | ID = 7030 Description = Error - 30.10.2012 14:48:40 | Computer Name = NB | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 30.10.2012 um 19:46:51 unerwartet heruntergefahren. Error - 30.10.2012 14:51:41 | Computer Name = NB | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 01.11.2012 09:43:17 | Computer Name = NB | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = < End of report > Code:
ATTFilter OTL logfile created on: 01.11.2012 14:48:35 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\username\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 70,78% Memory free 6,19 Gb Paging File | 5,30 Gb Available in Paging File | 85,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 101,49 Gb Free Space | 68,09% Space Free | Partition Type: NTFS Drive D: | 139,28 Gb Total Space | 120,20 Gb Free Space | 86,30% Space Free | Partition Type: NTFS Computer Name: NB | User Name: username | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\username\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Windows\ASScrPro.exe () PRC - C:\Program Files\Winamp\winampa.exe () PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe () PRC - C:\Windows\System32\ASUSTPE.exe (ASUS) PRC - C:\Program Files\Trust Mouse 15349&15350\Trust Mouse 15349&15350.exe () PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Program Files\P4G\BatteryLife.exe (ATK) PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe () PRC - C:\Program Files\P4P\P4P.exe () PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe () PRC - C:\Program Files\ATK Hotkey\Hcontrol.exe (ATK0100) PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe () PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe () PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe () PRC - C:\Program Files\Wireless Console 2\wcourier.exe () PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe () PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.) PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\ASScrPro.exe () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2990.36961__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2990.36918__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2990.36974__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2990.37146__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2990.36953__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2990.36939__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2990.37110__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2990.37068__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2990.37179__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2990.37184__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2990.36932__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2990.37118__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2990.37177__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2990.37125__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2990.37118__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2990.37177__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2990.37076__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2990.36986__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2990.37070__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2990.37062__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2990.36940__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2990.37138__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2990.37104__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2990.36993__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2990.36980__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2990.37090__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2990.37076__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2990.37068__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2990.36992__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2990.37075__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2990.37089__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2990.37103__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2990.37161_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2990.36947__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2990.37161__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2990.37169__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2990.36911__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2990.37168__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2990.37194__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2990.37205__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2990.36910__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2990.36926__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2990.36911__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2990.36909__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2990.36910__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2990.37169__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Program Files\Winamp\winampa.exe () MOD - C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Program Files\ASUS\ASUS Live Update\ALU.exe () MOD - C:\Program Files\Trust Mouse 15349&15350\Trust Mouse 15349&15350.exe () MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll () MOD - C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll () MOD - C:\Program Files\P4P\P4P.exe () MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll () MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll () MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Program Files\Motorola\SMSERIAL\sm56ita.dll () MOD - C:\Program Files\Motorola\SMSERIAL\sm56esp.dll () MOD - C:\Program Files\Motorola\SMSERIAL\sm56brz.dll () MOD - C:\Program Files\Motorola\SMSERIAL\sm56kor.dll () MOD - C:\Program Files\Motorola\SMSERIAL\sm56ger.dll () MOD - C:\Program Files\Motorola\SMSERIAL\sm56fra.dll () MOD - C:\Program Files\Motorola\SMSERIAL\sm56dnk.dll () MOD - C:\Program Files\Motorola\SMSERIAL\sm56jpn.dll () MOD - C:\Program Files\Motorola\SMSERIAL\sm56cht.dll () MOD - C:\Program Files\Motorola\SMSERIAL\sm56chs.dll () MOD - C:\Program Files\ASUS\ATK Media\GERSTRING.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe () SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe () SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe () ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\username\AppData\Local\Temp\catchme.sys File not found DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation) DRV - (s1018unic) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation) DRV - (s1018mgmt) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation) DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation) DRV - (s1018bus) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation) DRV - (s1018nd5) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation) DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider) DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys () DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3009654975-407849651-2991692621-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com IE - HKU\S-1-5-21-3009654975-407849651-2991692621-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3009654975-407849651-2991692621-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3009654975-407849651-2991692621-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-3009654975-407849651-2991692621-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.8.1: C:\Users\username\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 08:23:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.20 16:47:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.02 18:18:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.12.29 14:39:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.20 16:47:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.02 18:18:51 | 000,000,000 | ---D | M] [2008.09.19 16:35:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\username\AppData\Roaming\mozilla\Extensions [2012.10.24 19:28:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\lv4tc53n.default\extensions [2012.08.03 20:06:30 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\username\AppData\Roaming\mozilla\firefox\profiles\lv4tc53n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012.08.02 18:18:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2008.09.19 16:34:01 | 000,000,000 | ---D | M] (PC-WELT-Edition) -- C:\Program Files\mozilla firefox\extensions\pcwelt-cck@extensions.pcwelt.de [2008.09.19 16:34:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\pcwelt-cck@extensions.pcwelt.de\chrome [2008.09.19 16:34:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\pcwelt-cck@extensions.pcwelt.de\components [2008.09.19 16:34:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\pcwelt-cck@extensions.pcwelt.de\defaults [2008.09.19 16:34:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\pcwelt-cck@extensions.pcwelt.de\searchplugins [2012.10.20 16:47:42 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.08.02 18:18:47 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.20 16:47:40 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.08.02 18:18:47 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.08.02 18:18:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.02 18:18:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.02 18:18:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.10.30 19:35:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe () O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe () O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\P4P\P4P.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Trust Mouse 15349&15350.exe] C:\Program Files\Trust Mouse 15349&15350\Trust Mouse 15349&15350.exe () O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKU\S-1-5-21-3009654975-407849651-2991692621-1000..\Run: [Trust Mouse 15349&15350.exe] C:\Program Files\Trust Mouse 15349&15350\Trust Mouse 15349&15350.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3009654975-407849651-2991692621-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3009654975-407849651-2991692621-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://169.254.247.253/codebase/DVM_IPCam2.ocx (DVM_IPCam2 Control) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE510DAB-74AA-4277-91E6-86319F3E3B88}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\username\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\username\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-3009654975-407849651-2991692621-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.30 19:49:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.30 19:41:47 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.10.30 19:41:47 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Local\temp [2012.10.30 19:03:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.30 19:03:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.30 19:03:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.10.30 19:02:54 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.10.30 19:02:50 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.30 19:02:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.30 19:02:21 | 004,991,862 | R--- | C] (Swearware) -- C:\Users\username\Desktop\ComboFix.exe [2012.10.28 19:50:12 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\username\Desktop\aswMBR.exe [2012.10.28 19:50:12 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\username\Desktop\tdsskiller.exe [2012.10.28 14:01:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\username\Desktop\OTL.exe [2012.10.28 13:34:58 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\Malwarebytes [2012.10.28 13:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.28 13:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.28 13:34:04 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.28 13:34:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.27 12:47:55 | 000,000,000 | ---D | C] -- C:\Users\username\Desktop\WINDOWS_7_MULTI_DVD_X64.part01 [2012.10.20 16:17:52 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2012.10.20 16:17:34 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.10.20 16:17:33 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012.10.20 16:17:33 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012.10.20 16:17:33 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012.10.20 16:17:33 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012.10.20 16:17:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.10.20 16:15:35 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.10.20 16:15:35 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe ========== Files - Modified Within 30 Days ========== [2012.11.01 14:45:20 | 000,632,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.01 14:45:20 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.01 14:45:20 | 000,127,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.01 14:45:20 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.01 14:41:13 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.01 14:41:10 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_username.job [2012.11.01 14:41:00 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.01 14:41:00 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.01 14:40:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.01 14:40:49 | 3220,463,616 | -HS- | M] () -- C:\hiberfil.sys [2012.10.30 19:55:21 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.30 19:49:01 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2012.10.30 19:35:47 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.10.30 19:35:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_username.job [2012.10.30 19:00:18 | 004,991,862 | R--- | M] (Swearware) -- C:\Users\username\Desktop\ComboFix.exe [2012.10.28 20:06:06 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\username\Desktop\tdsskiller.exe [2012.10.28 20:00:34 | 000,000,512 | ---- | M] () -- C:\Users\username\Desktop\MBR.dat [2012.10.28 19:45:42 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\username\Desktop\aswMBR.exe [2012.10.28 13:34:08 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.28 12:08:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\username\Desktop\OTL.exe [2012.10.28 10:39:06 | 000,001,356 | ---- | M] () -- C:\Users\username\AppData\Local\d3d9caps.dat [2012.10.24 20:12:56 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_username.job [2012.10.20 15:58:56 | 000,370,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.10.30 19:03:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.30 19:03:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.30 19:03:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.30 19:03:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.30 19:03:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.10.28 20:00:34 | 000,000,512 | ---- | C] () -- C:\Users\username\Desktop\MBR.dat [2012.10.28 13:34:08 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.28 10:36:51 | 3220,463,616 | -HS- | C] () -- C:\hiberfil.sys [2012.10.24 19:33:03 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_username.job [2012.10.24 19:33:02 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_username.job [2012.10.24 19:33:00 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_username.job [2010.11.06 09:35:45 | 000,001,264 | ---- | C] () -- C:\Users\username\.keystore [2009.02.02 20:54:47 | 004,238,053 | ---- | C] () -- C:\Users\username\01-razorlight-wire_to_wire.mp3 [2008.12.20 12:15:47 | 000,001,356 | ---- | C] () -- C:\Users\username\AppData\Local\d3d9caps.dat [2008.09.19 18:55:58 | 000,028,672 | ---- | C] () -- C:\Users\username\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > |
02.11.2012, 18:45 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner / Virus mit Webcam Sieht auch gut aus adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
03.11.2012, 13:16 | #9 |
| GVU Trojaner / Virus mit WebcamCode:
ATTFilter # AdwCleaner v2.006 - Datei am 03/11/2012 um 13:10:33 erstellt # Aktualisiert am 30/10/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzer : username - NB # Bootmodus : Normal # Ausgeführt unter : C:\Users\username\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\AppDataLow\Software Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v15.0.1 (de) Profilname : default Datei : C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\lv4tc53n.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [963 octets] - [03/11/2012 13:10:33] ########## EOF - C:\AdwCleaner[R1].txt - [1022 octets] ########## |
03.11.2012, 17:06 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner / Virus mit Webcam adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten |
03.11.2012, 18:09 | #11 |
| GVU Trojaner / Virus mit WebcamCode:
ATTFilter # AdwCleaner v2.006 - Datei am 03/11/2012 um 18:04:46 erstellt # Aktualisiert am 30/10/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzer : username - NB # Bootmodus : Normal # Ausgeführt unter : C:\Users\username\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v15.0.1 (de) Profilname : default Datei : C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\lv4tc53n.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [1091 octets] - [03/11/2012 13:10:33] AdwCleaner[S1].txt - [1025 octets] - [03/11/2012 18:04:46] ########## EOF - C:\AdwCleaner[S1].txt - [1085 octets] ########## |
03.11.2012, 18:55 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner / Virus mit Webcam Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
03.11.2012, 20:51 | #13 |
| GVU Trojaner / Virus mit Webcam Hm ... Eset hat wieder was gefunden. Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.03.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 username :: NB [Administrator] 03.11.2012 19:21:25 mbam-log-2012-11-03 (19-21-25).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 192764 Laufzeit: 4 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=8abf0de0bf4f554ca66855823fd82026 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-11-03 07:28:05 # local_time=2012-11-03 08:28:05 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1792 16777215 100 0 4849875 4849875 0 0 # compatibility_mode=5892 16776574 100 100 4822405 189500401 0 0 # compatibility_mode=8192 67108863 100 0 3783 3783 0 0 # scanned=134510 # found=2 # cleaned=0 # scan_time=3211 C:\Users\username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x3_Codec 1.5.0.0\Visit x3_Codec website.lnk LNK/URL.B trojan (unable to clean) 00000000000000000000000000000000 I D:\Musik\MeliMusik\test\Setup86_64.exe multiple threats (unable to clean) 00000000000000000000000000000000 I |
04.11.2012, 16:37 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner / Virus mit Webcam Das erste ist eine Verknüpfung, imho ein Fehalarm Code:
ATTFilter D:\Musik\MeliMusik\test\Setup86_64.exe
__________________ Logfiles bitte immer in CODE-Tags posten |
04.11.2012, 17:40 | #15 |
| GVU Trojaner / Virus mit Webcam Hm die Exe sagt mir nix ... aber wenn ich die google, kommen keine schönen Ergebnisse. :-/ Was ist das? Ich habe heute Mittag einen Fullscan mit dem installierten Avira gemacht. Das kam dabei raus: Code:
ATTFilter Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <VistaOS> C:\Users\username\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2TV70POW\swflash[1].cab [WARNUNG] Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen. Beginne mit der Suche in 'D:\' <DATA> D:\Musik\MeliMusik\R´NB\Sean Kingston - Fire Burning.mp3 [FUND] Enthält Erkennungsmuster des Exploits EXP/GetCodec.AK D:\Musik\MeliMusik\test\Setup86_64.exe [0] Archivtyp: AutoIt --> xampp\htdocs\bundle\source\FGT_MFC_Zwinky_Webfetti_Predictad_GameBound.exe --> Object [2] Archivtyp: AutoIt --> Program Files\AutoIt3\My\MultiBundle\FGT_Zwinky_Webfetti_Predicatad_GameBound\FGSetup.exe [FUND] Ist das Trojanische Pferd TR/Dldr.AutoIt.AT --> Program Files\AutoIt3\My\MultiBundle\FGT_Zwinky_Webfetti_Predicatad_GameBound\TSInstSU.exe [FUND] Ist das Trojanische Pferd TR/Dldr.Swizzor.628321.L --> Program Files\AutoIt3\My\C4D\TSNew3\TorrentSpeeder-1.0.0.1-setup.exe [FUND] Ist das Trojanische Pferd TR/Dldr.Swizzor.366087.L D:\Musik\MeliMusik\Various Artists\Revolverheld\Revolverheld feat Marta Jandova Halt Dich An Mir Fest.mp3 [FUND] Ist das Trojanische Pferd TR/WMALoader.B Beginne mit der Desinfektion: D:\Musik\MeliMusik\Various Artists\Revolverheld\Revolverheld feat Marta Jandova Halt Dich An Mir Fest.mp3 [FUND] Ist das Trojanische Pferd TR/WMALoader.B [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5458f58a.qua' verschoben! D:\Musik\MeliMusik\test\Setup86_64.exe [FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Backdoor.Gen3 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4cc9da2e.qua' verschoben! D:\Musik\MeliMusik\R´NB\Sean Kingston - Fire Burning.mp3 [FUND] Enthält Erkennungsmuster des Exploits EXP/GetCodec.AK [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1f6b80c6.qua' verschoben! Ende des Suchlaufs: Sonntag, 4. November 2012 12:53 Benötigte Zeit: 1:14:19 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 24931 Verzeichnisse wurden überprüft 525666 Dateien wurden geprüft 6 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 3 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 525660 Dateien ohne Befall 3217 Archive wurden durchsucht 1 Warnungen 14 Hinweise 537323 Objekte wurden beim Rootkitscan durchsucht 11 Versteckte Objekte wurden gefunden Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=8abf0de0bf4f554ca66855823fd82026 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-11-04 01:24:56 # local_time=2012-11-04 02:24:56 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1792 16777215 100 0 4914569 4914569 0 0 # compatibility_mode=5892 16776574 100 100 4887099 189565095 0 0 # compatibility_mode=8192 67108863 100 0 3756 3756 0 0 # scanned=132104 # found=1 # cleaned=0 # scan_time=3128 C:\Users\username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x3_Codec 1.5.0.0\Visit x3_Codec website.lnk LNK/URL.B Trojaner (Säubern nicht möglich) 00000000000000000000000000000000 I |
Themen zu GVU Trojaner / Virus mit Webcam |
7-zip, autorun, avira, bho, error, excel, fehler, firefox, flash player, format, home, iexplore.exe, install.exe, installation, logfile, object, plug-in, realtek, registry, rundll, security, senden, software, svchost.exe, trojaner, usb, usb 2.0, virus, vista |