| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.Droppper.BC.Miner + RootkitsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.11.2012, 09:56
| #1 | |
| |  Trojan.Droppper.BC.Miner + Rootkits Guten Morgen liebe Boarduser  Ihr habt richtig geraten, ich habe einen Virus bzw. Trojaner und brauche Hilfe um den loszuwerden. Da ich mir hier schon einen Thread durchgelesen habe, der den selben Trojaner betrifft dachte ich mir füge ich gleich die Malwarebytes Log mit hinzu. Zitat:
|
|
09.11.2012, 10:18
| #2 |
| /// Malwareteam    | Trojan.Droppper.BC.Miner + Rootkits Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Schritt 1: defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung. Schritt 2: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Schritt 3: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
09.11.2012, 10:42
| #3 |
| | Trojan.Droppper.BC.Miner + Rootkits Bin echt begeistert wie schnell und professionell das hier läuft :P
__________________Ihr habt doch sicher Antwortskripte oder?  Okay, zum Thema: Schritt 1: Ausgeführt Schritt 2: Ausgeführt, hier das Logbuch Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-09 10:27:19
-----------------------------
10:27:19.817 OS Version: Windows x64 6.1.7601 Service Pack 1
10:27:19.817 Number of processors: 4 586 0x2A07
10:27:19.818 ComputerName: BITCH UserName: dome
10:27:21.145 Initialize success
10:27:22.189 AVAST engine defs: 12110801
10:27:30.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
10:27:30.705 Disk 0 Vendor: MAXTOR_STM3250310AS 3.AAA Size: 238475MB BusType: 3
10:27:30.735 Disk 0 MBR read successfully
10:27:30.738 Disk 0 MBR scan
10:27:30.762 Disk 0 Windows 7 default MBR code
10:27:30.787 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 75000 MB offset 2048
10:27:30.839 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 75000 MB offset 153602048
10:27:30.859 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 88473 MB offset 307202048
10:27:30.899 Disk 0 scanning C:\Windows\system32\drivers
10:27:41.423 Service scanning
10:27:55.860 Modules scanning
10:27:55.868 Disk 0 trace - called modules:
10:27:55.891 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
10:27:56.222 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d90060]
10:27:56.227 3 CLASSPNP.SYS[fffff8800194443f] -> nt!IofCallDriver -> [0xfffffa8007ade520]
10:27:56.232 5 ACPI.sys[fffff88000ee07a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8007ada680]
10:27:56.929 AVAST engine scan C:\Windows
10:27:58.405 AVAST engine scan C:\Windows\system32
10:28:45.923 File: C:\Windows\system32\services.exe **INFECTED** Win32:Sirefef-ZT [Trj]
10:29:05.767 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
10:29:07.257 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
10:29:48.305 AVAST engine scan C:\Windows\system32\drivers
10:29:55.703 AVAST engine scan C:\Users\dome
10:37:24.919 AVAST engine scan C:\ProgramData
10:38:35.646 Scan finished successfully
10:39:19.487 Disk 0 MBR has been saved successfully to "C:\Users\dome\Desktop\MBR.dat"
10:39:19.490 The log file has been saved successfully to "C:\Users\dome\Desktop\aswMBR.txt"
Code:
ATTFilter 10:39:49.0714 3244 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:39:49.0841 3244 ============================================================
10:39:49.0841 3244 Current date / time: 2012/11/09 10:39:49.0841
10:39:49.0841 3244 SystemInfo:
10:39:49.0841 3244
10:39:49.0841 3244 OS Version: 6.1.7601 ServicePack: 1.0
10:39:49.0841 3244 Product type: Workstation
10:39:49.0842 3244 ComputerName: BITCH
10:39:49.0842 3244 UserName: dome
10:39:49.0842 3244 Windows directory: C:\Windows
10:39:49.0842 3244 System windows directory: C:\Windows
10:39:49.0842 3244 Running under WOW64
10:39:49.0842 3244 Processor architecture: Intel x64
10:39:49.0842 3244 Number of processors: 4
10:39:49.0842 3244 Page size: 0x1000
10:39:49.0842 3244 Boot type: Normal boot
10:39:49.0842 3244 ============================================================
10:39:50.0657 3244 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:39:50.0663 3244 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:39:56.0592 3244 ============================================================
10:39:56.0592 3244 \Device\Harddisk0\DR0:
10:39:56.0613 3244 MBR partitions:
10:39:56.0613 3244 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x927C000
10:39:56.0613 3244 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x927C800, BlocksNum 0x927C000
10:39:56.0613 3244 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x124F8800, BlocksNum 0xACCC800
10:39:56.0613 3244 \Device\Harddisk1\DR1:
10:39:56.0613 3244 MBR partitions:
10:39:56.0613 3244 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
10:39:56.0613 3244 ============================================================
10:39:56.0642 3244 C: <-> \Device\Harddisk0\DR0\Partition3
10:39:56.0677 3244 D: <-> \Device\Harddisk0\DR0\Partition1
10:39:56.0704 3244 E: <-> \Device\Harddisk0\DR0\Partition2
10:39:56.0731 3244 H: <-> \Device\Harddisk1\DR1\Partition1
10:39:56.0732 3244 ============================================================
10:39:56.0732 3244 Initialize success
10:39:56.0732 3244 ============================================================
10:40:01.0414 3648 ============================================================
10:40:01.0414 3648 Scan started
10:40:01.0414 3648 Mode: Manual;
10:40:01.0414 3648 ============================================================
10:40:02.0510 3648 ================ Scan system memory ========================
10:40:02.0510 3648 System memory - ok
10:40:02.0510 3648 ================ Scan services =============================
10:40:02.0631 3648 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:40:02.0634 3648 1394ohci - ok
10:40:02.0671 3648 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:40:02.0678 3648 ACPI - ok
10:40:02.0697 3648 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:40:02.0698 3648 AcpiPmi - ok
10:40:02.0779 3648 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:40:02.0781 3648 AdobeARMservice - ok
10:40:02.0866 3648 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:40:02.0869 3648 AdobeFlashPlayerUpdateSvc - ok
10:40:02.0911 3648 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:40:02.0920 3648 adp94xx - ok
10:40:02.0945 3648 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:40:02.0952 3648 adpahci - ok
10:40:02.0965 3648 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:40:02.0969 3648 adpu320 - ok
10:40:02.0999 3648 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:40:03.0002 3648 AeLookupSvc - ok
10:40:03.0053 3648 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:40:03.0062 3648 AFD - ok
10:40:03.0090 3648 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:40:03.0092 3648 agp440 - ok
10:40:03.0107 3648 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:40:03.0109 3648 ALG - ok
10:40:03.0134 3648 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:40:03.0135 3648 aliide - ok
10:40:03.0166 3648 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:40:03.0171 3648 AMD External Events Utility - ok
10:40:03.0188 3648 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:40:03.0189 3648 amdide - ok
10:40:03.0207 3648 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:40:03.0209 3648 AmdK8 - ok
10:40:03.0421 3648 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:40:03.0624 3648 amdkmdag - ok
10:40:03.0638 3648 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
10:40:03.0643 3648 amdkmdap - ok
10:40:03.0654 3648 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:40:03.0655 3648 AmdPPM - ok
10:40:03.0693 3648 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:40:03.0695 3648 amdsata - ok
10:40:03.0707 3648 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:40:03.0711 3648 amdsbs - ok
10:40:03.0729 3648 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:40:03.0729 3648 amdxata - ok
10:40:03.0764 3648 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:40:03.0766 3648 AppID - ok
10:40:03.0785 3648 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:40:03.0787 3648 AppIDSvc - ok
10:40:03.0806 3648 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:40:03.0808 3648 Appinfo - ok
10:40:03.0835 3648 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
10:40:03.0839 3648 AppMgmt - ok
10:40:03.0869 3648 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:40:03.0870 3648 arc - ok
10:40:03.0885 3648 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:40:03.0887 3648 arcsas - ok
10:40:03.0934 3648 aspnet_state - ok
10:40:03.0960 3648 [ B9DA213B5271DB5FCE962D827E6D620D ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
10:40:03.0961 3648 aswFsBlk - ok
10:40:04.0002 3648 [ 21C9835D0E5AD2FF0F16134BCB32CC71 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
10:40:04.0005 3648 aswMonFlt - ok
10:40:04.0042 3648 [ 1B96A5867ABD4FA6135D8298FCCCF9C6 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
10:40:04.0044 3648 aswRdr - ok
10:40:04.0069 3648 [ 6E98BB288696777A3A8A07A52B0EAEE9 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
10:40:04.0102 3648 aswSnx - ok
10:40:04.0127 3648 [ D9FB49F16E4EB02EFECAE8CBFE4BCB4C ] aswSP C:\Windows\system32\drivers\aswSP.sys
10:40:04.0133 3648 aswSP - ok
10:40:04.0158 3648 [ 7352BB9A564B94BBD7C9CBF165F55006 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
10:40:04.0159 3648 aswTdi - ok
10:40:04.0180 3648 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:40:04.0182 3648 AsyncMac - ok
10:40:04.0208 3648 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:40:04.0209 3648 atapi - ok
10:40:04.0261 3648 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
10:40:04.0264 3648 AtiHDAudioService - ok
10:40:04.0308 3648 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:40:04.0325 3648 AudioEndpointBuilder - ok
10:40:04.0349 3648 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:40:04.0355 3648 AudioSrv - ok
10:40:04.0415 3648 [ 4041D31508A2A084DFB42C595854090F ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:40:04.0416 3648 avast! Antivirus - ok
10:40:04.0451 3648 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:40:04.0454 3648 AxInstSV - ok
10:40:04.0488 3648 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:40:04.0495 3648 b06bdrv - ok
10:40:04.0531 3648 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:40:04.0536 3648 b57nd60a - ok
10:40:04.0572 3648 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:40:04.0575 3648 BDESVC - ok
10:40:04.0582 3648 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:40:04.0583 3648 Beep - ok
10:40:04.0593 3648 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:40:04.0594 3648 blbdrive - ok
10:40:04.0625 3648 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:40:04.0627 3648 bowser - ok
10:40:04.0642 3648 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:40:04.0643 3648 BrFiltLo - ok
10:40:04.0658 3648 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:40:04.0659 3648 BrFiltUp - ok
10:40:04.0682 3648 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:40:04.0686 3648 Browser - ok
10:40:04.0704 3648 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:40:04.0709 3648 Brserid - ok
10:40:04.0720 3648 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:40:04.0721 3648 BrSerWdm - ok
10:40:04.0734 3648 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:40:04.0735 3648 BrUsbMdm - ok
10:40:04.0742 3648 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:40:04.0743 3648 BrUsbSer - ok
10:40:04.0755 3648 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:40:04.0757 3648 BTHMODEM - ok
10:40:04.0781 3648 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:40:04.0784 3648 bthserv - ok
10:40:04.0817 3648 [ 55913573C41CF091F93A1AC07965EA7E ] busenum C:\Windows\system32\DRIVERS\SteelBus64.sys
10:40:04.0820 3648 busenum - ok
10:40:04.0831 3648 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:40:04.0833 3648 cdfs - ok
10:40:04.0875 3648 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:40:04.0878 3648 cdrom - ok
10:40:04.0910 3648 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:40:04.0913 3648 CertPropSvc - ok
10:40:04.0936 3648 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:40:04.0951 3648 circlass - ok
10:40:04.0977 3648 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:40:04.0984 3648 CLFS - ok
10:40:05.0005 3648 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:40:05.0008 3648 clr_optimization_v2.0.50727_32 - ok
10:40:05.0050 3648 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:40:05.0053 3648 clr_optimization_v2.0.50727_64 - ok
10:40:05.0110 3648 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:40:05.0128 3648 clr_optimization_v4.0.30319_32 - ok
10:40:05.0166 3648 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:40:05.0188 3648 clr_optimization_v4.0.30319_64 - ok
10:40:05.0216 3648 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:40:05.0217 3648 CmBatt - ok
10:40:05.0240 3648 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:40:05.0242 3648 cmdide - ok
10:40:05.0283 3648 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:40:05.0300 3648 CNG - ok
10:40:05.0313 3648 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:40:05.0314 3648 Compbatt - ok
10:40:05.0345 3648 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:40:05.0347 3648 CompositeBus - ok
10:40:05.0356 3648 COMSysApp - ok
10:40:05.0368 3648 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:40:05.0369 3648 crcdisk - ok
10:40:05.0407 3648 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:40:05.0411 3648 CryptSvc - ok
10:40:05.0446 3648 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
10:40:05.0453 3648 CSC - ok
10:40:05.0480 3648 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
10:40:05.0497 3648 CscService - ok
10:40:05.0533 3648 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:40:05.0550 3648 DcomLaunch - ok
10:40:05.0582 3648 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:40:05.0588 3648 defragsvc - ok
10:40:05.0618 3648 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:40:05.0621 3648 DfsC - ok
10:40:05.0651 3648 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:40:05.0657 3648 Dhcp - ok
10:40:05.0685 3648 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:40:05.0687 3648 discache - ok
10:40:05.0714 3648 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:40:05.0716 3648 Disk - ok
10:40:05.0741 3648 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:40:05.0746 3648 Dnscache - ok
10:40:05.0766 3648 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:40:05.0772 3648 dot3svc - ok
10:40:05.0793 3648 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:40:05.0798 3648 DPS - ok
10:40:05.0825 3648 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:40:05.0826 3648 drmkaud - ok
10:40:05.0860 3648 [ FB9BEF3401EE5ECC2603311B9C64F44A ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:40:05.0864 3648 dtsoftbus01 - ok
10:40:05.0907 3648 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:40:05.0941 3648 DXGKrnl - ok
10:40:05.0962 3648 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:40:05.0966 3648 EapHost - ok
10:40:06.0058 3648 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:40:06.0135 3648 ebdrv - ok
10:40:06.0151 3648 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:40:06.0153 3648 EFS - ok
10:40:06.0198 3648 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:40:06.0208 3648 ehRecvr - ok
10:40:06.0241 3648 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:40:06.0243 3648 ehSched - ok
10:40:06.0272 3648 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:40:06.0279 3648 elxstor - ok
10:40:06.0296 3648 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:40:06.0297 3648 ErrDev - ok
10:40:06.0330 3648 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:40:06.0336 3648 EventSystem - ok
10:40:06.0366 3648 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:40:06.0369 3648 exfat - ok
10:40:06.0384 3648 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:40:06.0388 3648 fastfat - ok
10:40:06.0420 3648 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:40:06.0437 3648 Fax - ok
10:40:06.0454 3648 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:40:06.0455 3648 fdc - ok
10:40:06.0481 3648 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:40:06.0482 3648 fdPHost - ok
10:40:06.0488 3648 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:40:06.0489 3648 FDResPub - ok
10:40:06.0499 3648 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:40:06.0500 3648 FileInfo - ok
10:40:06.0505 3648 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:40:06.0506 3648 Filetrace - ok
10:40:06.0518 3648 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:40:06.0519 3648 flpydisk - ok
10:40:06.0543 3648 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:40:06.0547 3648 FltMgr - ok
10:40:06.0581 3648 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:40:06.0607 3648 FontCache - ok
10:40:06.0640 3648 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:40:06.0641 3648 FontCache3.0.0.0 - ok
10:40:06.0658 3648 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:40:06.0659 3648 FsDepends - ok
10:40:06.0680 3648 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:40:06.0682 3648 Fs_Rec - ok
10:40:06.0717 3648 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:40:06.0722 3648 fvevol - ok
10:40:06.0745 3648 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:40:06.0747 3648 gagp30kx - ok
10:40:06.0778 3648 GEARAspiWDM - ok
10:40:06.0817 3648 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:40:06.0842 3648 gpsvc - ok
10:40:06.0919 3648 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:40:06.0920 3648 gupdate - ok
10:40:06.0935 3648 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:40:06.0936 3648 gupdatem - ok
10:40:06.0952 3648 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:40:06.0954 3648 hcw85cir - ok
10:40:06.0973 3648 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:40:06.0979 3648 HdAudAddService - ok
10:40:07.0014 3648 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:40:07.0017 3648 HDAudBus - ok
10:40:07.0028 3648 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:40:07.0030 3648 HidBatt - ok
10:40:07.0044 3648 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:40:07.0046 3648 HidBth - ok
10:40:07.0061 3648 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:40:07.0063 3648 HidIr - ok
10:40:07.0086 3648 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
10:40:07.0089 3648 hidserv - ok
10:40:07.0126 3648 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:40:07.0127 3648 HidUsb - ok
10:40:07.0149 3648 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:40:07.0153 3648 hkmsvc - ok
10:40:07.0182 3648 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:40:07.0189 3648 HomeGroupListener - ok
10:40:07.0213 3648 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:40:07.0219 3648 HomeGroupProvider - ok
10:40:07.0236 3648 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:40:07.0238 3648 HpSAMD - ok
10:40:07.0270 3648 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:40:07.0288 3648 HTTP - ok
10:40:07.0310 3648 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:40:07.0310 3648 hwpolicy - ok
10:40:07.0339 3648 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:40:07.0341 3648 i8042prt - ok
10:40:07.0361 3648 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:40:07.0366 3648 iaStorV - ok
10:40:07.0417 3648 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:40:07.0434 3648 idsvc - ok
10:40:07.0458 3648 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:40:07.0459 3648 iirsp - ok
10:40:07.0503 3648 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:40:07.0520 3648 IKEEXT - ok
10:40:07.0602 3648 [ 13089F31AA37CDE1CE3784EE01A48484 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:40:07.0654 3648 IntcAzAudAddService - ok
10:40:07.0672 3648 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:40:07.0673 3648 intelide - ok
10:40:07.0703 3648 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:40:07.0704 3648 intelppm - ok
10:40:07.0727 3648 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:40:07.0730 3648 IPBusEnum - ok
10:40:07.0753 3648 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:40:07.0756 3648 IpFilterDriver - ok
10:40:07.0782 3648 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:40:07.0783 3648 IPMIDRV - ok
10:40:07.0814 3648 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:40:07.0817 3648 IPNAT - ok
10:40:07.0832 3648 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:40:07.0833 3648 IRENUM - ok
10:40:07.0861 3648 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:40:07.0862 3648 isapnp - ok
10:40:07.0877 3648 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:40:07.0883 3648 iScsiPrt - ok
10:40:07.0902 3648 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:40:07.0904 3648 kbdclass - ok
10:40:08.0025 3648 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:40:08.0026 3648 kbdhid - ok
10:40:08.0092 3648 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:40:08.0094 3648 KeyIso - ok
10:40:08.0110 3648 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:40:08.0112 3648 KSecDD - ok
10:40:08.0121 3648 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:40:08.0125 3648 KSecPkg - ok
10:40:08.0140 3648 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:40:08.0141 3648 ksthunk - ok
10:40:08.0165 3648 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:40:08.0173 3648 KtmRm - ok
10:40:08.0205 3648 [ 86DCBF8A41C78561A1DA07AB5E7B1CCC ] LADF_DHP2 C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys
10:40:08.0207 3648 LADF_DHP2 - ok
10:40:08.0219 3648 [ 175C04C7813CE64616B5CB046E5E1383 ] LADF_SBVM C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys
10:40:08.0225 3648 LADF_SBVM - ok
10:40:08.0256 3648 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:40:08.0263 3648 LanmanServer - ok
10:40:08.0288 3648 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:40:08.0290 3648 LanmanWorkstation - ok
10:40:08.0317 3648 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:40:08.0318 3648 lltdio - ok
10:40:08.0355 3648 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:40:08.0359 3648 lltdsvc - ok
10:40:08.0370 3648 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:40:08.0372 3648 lmhosts - ok
10:40:08.0393 3648 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:40:08.0395 3648 LSI_FC - ok
10:40:08.0417 3648 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:40:08.0420 3648 LSI_SAS - ok
10:40:08.0440 3648 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:40:08.0442 3648 LSI_SAS2 - ok
10:40:08.0455 3648 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:40:08.0457 3648 LSI_SCSI - ok
10:40:08.0479 3648 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:40:08.0481 3648 luafv - ok
10:40:08.0506 3648 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
10:40:08.0507 3648 MBAMProtector - ok
10:40:08.0567 3648 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:40:08.0575 3648 MBAMScheduler - ok
10:40:08.0599 3648 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:40:08.0616 3648 MBAMService - ok
10:40:08.0637 3648 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys
10:40:08.0638 3648 MBfilt - ok
10:40:08.0695 3648 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
10:40:08.0699 3648 McComponentHostService - ok
10:40:08.0721 3648 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:40:08.0724 3648 Mcx2Svc - ok
10:40:08.0745 3648 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:40:08.0747 3648 megasas - ok
10:40:08.0765 3648 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:40:08.0771 3648 MegaSR - ok
10:40:08.0792 3648 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
10:40:08.0794 3648 MEIx64 - ok
10:40:08.0809 3648 [ D70476AD02D6FD75282B196D3B58831D ] MEMSWEEP2 C:\Windows\system32\E034.tmp
10:40:08.0811 3648 MEMSWEEP2 - ok
10:40:08.0830 3648 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:40:08.0834 3648 MMCSS - ok
10:40:08.0852 3648 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:40:08.0854 3648 Modem - ok
10:40:08.0875 3648 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:40:08.0876 3648 monitor - ok
10:40:08.0895 3648 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:40:08.0897 3648 mouclass - ok
10:40:08.0917 3648 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:40:08.0918 3648 mouhid - ok
10:40:08.0948 3648 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:40:08.0950 3648 mountmgr - ok
10:40:08.0988 3648 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:40:08.0991 3648 MozillaMaintenance - ok
10:40:09.0003 3648 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:40:09.0006 3648 mpio - ok
10:40:09.0025 3648 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:40:09.0027 3648 mpsdrv - ok
10:40:09.0049 3648 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:40:09.0052 3648 MRxDAV - ok
10:40:09.0092 3648 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:40:09.0106 3648 mrxsmb - ok
10:40:09.0150 3648 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:40:09.0167 3648 mrxsmb10 - ok
10:40:09.0200 3648 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:40:09.0210 3648 mrxsmb20 - ok
10:40:09.0223 3648 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:40:09.0232 3648 msahci - ok
10:40:09.0290 3648 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:40:09.0294 3648 msdsm - ok
10:40:09.0326 3648 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:40:09.0374 3648 MSDTC - ok
10:40:09.0403 3648 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:40:09.0404 3648 Msfs - ok
10:40:09.0428 3648 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:40:09.0429 3648 mshidkmdf - ok
10:40:09.0443 3648 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:40:09.0444 3648 msisadrv - ok
10:40:09.0463 3648 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:40:09.0469 3648 MSiSCSI - ok
10:40:09.0471 3648 msiserver - ok
10:40:09.0524 3648 [ 192476C10371DC83243D67432B2CDCBF ] MSI_MSIBIOS_010507 C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys
10:40:09.0525 3648 MSI_MSIBIOS_010507 - ok
10:40:09.0544 3648 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:40:09.0545 3648 MSKSSRV - ok
10:40:09.0553 3648 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:40:09.0554 3648 MSPCLOCK - ok
10:40:09.0565 3648 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:40:09.0566 3648 MSPQM - ok
10:40:09.0591 3648 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:40:09.0598 3648 MsRPC - ok
10:40:09.0632 3648 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:40:09.0634 3648 mssmbios - ok
10:40:09.0649 3648 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:40:09.0650 3648 MSTEE - ok
10:40:09.0662 3648 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:40:09.0664 3648 MTConfig - ok
10:40:09.0679 3648 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:40:09.0681 3648 Mup - ok
10:40:09.0714 3648 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:40:09.0725 3648 napagent - ok
10:40:09.0770 3648 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:40:09.0776 3648 NativeWifiP - ok
10:40:09.0845 3648 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:40:09.0876 3648 NDIS - ok
10:40:09.0897 3648 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:40:09.0898 3648 NdisCap - ok
10:40:09.0924 3648 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:40:09.0926 3648 NdisTapi - ok
10:40:09.0941 3648 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:40:09.0943 3648 Ndisuio - ok
10:40:09.0958 3648 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:40:09.0962 3648 NdisWan - ok
10:40:09.0989 3648 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:40:09.0991 3648 NDProxy - ok
10:40:10.0064 3648 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
10:40:10.0089 3648 Nero BackItUp Scheduler 4.0 - ok
10:40:10.0113 3648 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:40:10.0114 3648 NetBIOS - ok
10:40:10.0134 3648 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:40:10.0140 3648 NetBT - ok
10:40:10.0157 3648 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:40:10.0160 3648 Netlogon - ok
10:40:10.0190 3648 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:40:10.0199 3648 Netman - ok
10:40:10.0231 3648 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:40:10.0242 3648 NetMsmqActivator - ok
10:40:10.0258 3648 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:40:10.0260 3648 NetPipeActivator - ok
10:40:10.0278 3648 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:40:10.0289 3648 netprofm - ok
10:40:10.0295 3648 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:40:10.0297 3648 NetTcpActivator - ok
10:40:10.0301 3648 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:40:10.0303 3648 NetTcpPortSharing - ok
10:40:10.0338 3648 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:40:10.0340 3648 nfrd960 - ok
10:40:10.0370 3648 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:40:10.0387 3648 NlaSvc - ok
10:40:10.0401 3648 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:40:10.0403 3648 Npfs - ok
10:40:10.0430 3648 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:40:10.0434 3648 nsi - ok
10:40:10.0441 3648 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:40:10.0442 3648 nsiproxy - ok
10:40:10.0496 3648 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:40:10.0539 3648 Ntfs - ok
10:40:10.0555 3648 [ 1B32C54B95121AB1683C7B83B2DB4B96 ] NTIOLib_1_0_4 C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys
10:40:10.0556 3648 NTIOLib_1_0_4 - ok
10:40:10.0567 3648 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:40:10.0568 3648 Null - ok
10:40:10.0590 3648 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
10:40:10.0592 3648 nusb3hub - ok
10:40:10.0606 3648 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:40:10.0610 3648 nusb3xhc - ok
10:40:10.0645 3648 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:40:10.0648 3648 nvraid - ok
10:40:10.0663 3648 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:40:10.0667 3648 nvstor - ok
10:40:10.0705 3648 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:40:10.0708 3648 nv_agp - ok
10:40:10.0720 3648 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:40:10.0721 3648 ohci1394 - ok
10:40:10.0755 3648 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:40:10.0772 3648 p2pimsvc - ok
10:40:10.0803 3648 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:40:10.0820 3648 p2psvc - ok
10:40:10.0843 3648 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:40:10.0853 3648 Parport - ok
10:40:10.0882 3648 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:40:10.0883 3648 partmgr - ok
10:40:10.0905 3648 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:40:10.0949 3648 PcaSvc - ok
10:40:10.0973 3648 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:40:10.0977 3648 pci - ok
10:40:11.0000 3648 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:40:11.0001 3648 pciide - ok
10:40:11.0023 3648 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:40:11.0027 3648 pcmcia - ok
10:40:11.0047 3648 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:40:11.0049 3648 pcw - ok
10:40:11.0068 3648 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:40:11.0080 3648 PEAUTH - ok
10:40:11.0116 3648 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:40:11.0150 3648 PeerDistSvc - ok
10:40:11.0221 3648 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:40:11.0224 3648 PerfHost - ok
10:40:11.0272 3648 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:40:11.0306 3648 pla - ok
10:40:11.0338 3648 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:40:11.0355 3648 PlugPlay - ok
10:40:11.0379 3648 PnkBstrA - ok
10:40:11.0393 3648 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:40:11.0397 3648 PNRPAutoReg - ok
10:40:11.0413 3648 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:40:11.0419 3648 PNRPsvc - ok
10:40:11.0443 3648 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:40:11.0460 3648 PolicyAgent - ok
10:40:11.0487 3648 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:40:11.0495 3648 Power - ok
10:40:11.0524 3648 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:40:11.0527 3648 PptpMiniport - ok
10:40:11.0556 3648 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:40:11.0557 3648 Processor - ok
10:40:11.0582 3648 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:40:11.0588 3648 ProfSvc - ok
10:40:11.0598 3648 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:40:11.0601 3648 ProtectedStorage - ok
10:40:11.0619 3648 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:40:11.0622 3648 Psched - ok
10:40:11.0671 3648 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:40:11.0706 3648 ql2300 - ok
10:40:11.0730 3648 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:40:11.0733 3648 ql40xx - ok
10:40:11.0755 3648 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:40:11.0763 3648 QWAVE - ok
10:40:11.0778 3648 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:40:11.0780 3648 QWAVEdrv - ok
10:40:11.0790 3648 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:40:11.0791 3648 RasAcd - ok
10:40:11.0812 3648 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:40:11.0814 3648 RasAgileVpn - ok
10:40:11.0842 3648 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:40:11.0848 3648 RasAuto - ok
10:40:11.0873 3648 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:40:11.0877 3648 Rasl2tp - ok
10:40:11.0898 3648 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:40:11.0908 3648 RasMan - ok
10:40:11.0935 3648 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:40:11.0938 3648 RasPppoe - ok
10:40:11.0958 3648 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:40:11.0961 3648 RasSstp - ok
10:40:11.0972 3648 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:40:11.0978 3648 rdbss - ok
10:40:11.0998 3648 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:40:12.0000 3648 rdpbus - ok
10:40:12.0004 3648 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:40:12.0006 3648 RDPCDD - ok
10:40:12.0030 3648 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:40:12.0034 3648 RDPDR - ok
10:40:12.0057 3648 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:40:12.0058 3648 RDPENCDD - ok
10:40:12.0065 3648 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:40:12.0067 3648 RDPREFMP - ok
10:40:12.0128 3648 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:40:12.0130 3648 RdpVideoMiniport - ok
10:40:12.0154 3648 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:40:12.0159 3648 RDPWD - ok
10:40:12.0190 3648 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:40:12.0195 3648 rdyboost - ok
10:40:12.0229 3648 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:40:12.0234 3648 RemoteAccess - ok
10:40:12.0256 3648 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:40:12.0262 3648 RemoteRegistry - ok
10:40:12.0269 3648 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:40:12.0275 3648 RpcEptMapper - ok
10:40:12.0287 3648 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:40:12.0290 3648 RpcLocator - ok
10:40:12.0322 3648 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:40:12.0330 3648 RpcSs - ok
10:40:12.0356 3648 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:40:12.0358 3648 rspndr - ok
10:40:12.0398 3648 [ AFC12DFA4C7B089673AD67402CA19EDB ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
10:40:12.0405 3648 RTL8167 - ok
10:40:12.0423 3648 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:40:12.0424 3648 s3cap - ok
10:40:12.0456 3648 [ E13D43901EC079280A2A9BAD9A2CCDA7 ] SAlphamHid C:\Windows\system32\DRIVERS\SAlpham64.sys
10:40:12.0457 3648 SAlphamHid - ok
10:40:12.0465 3648 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:40:12.0467 3648 SamSs - ok
10:40:12.0470 3648 SAVRKBootTasks - ok
10:40:12.0482 3648 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:40:12.0485 3648 sbp2port - ok
10:40:12.0511 3648 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:40:12.0527 3648 SCardSvr - ok
10:40:12.0549 3648 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:40:12.0550 3648 scfilter - ok
10:40:12.0590 3648 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:40:12.0624 3648 Schedule - ok
10:40:12.0649 3648 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:40:12.0651 3648 SCPolicySvc - ok
10:40:12.0672 3648 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:40:12.0679 3648 SDRSVC - ok
10:40:12.0700 3648 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:40:12.0701 3648 secdrv - ok
10:40:12.0713 3648 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:40:12.0718 3648 seclogon - ok
10:40:12.0743 3648 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
10:40:12.0748 3648 SENS - ok
10:40:12.0761 3648 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:40:12.0766 3648 SensrSvc - ok
10:40:12.0785 3648 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:40:12.0786 3648 Serenum - ok
10:40:12.0803 3648 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:40:12.0805 3648 Serial - ok
10:40:12.0828 3648 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:40:12.0829 3648 sermouse - ok
10:40:12.0853 3648 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:40:12.0858 3648 SessionEnv - ok
10:40:12.0875 3648 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:40:12.0877 3648 sffdisk - ok
10:40:12.0886 3648 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:40:12.0888 3648 sffp_mmc - ok
10:40:12.0899 3648 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:40:12.0900 3648 sffp_sd - ok
10:40:12.0920 3648 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:40:12.0922 3648 sfloppy - ok
10:40:12.0951 3648 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:40:12.0961 3648 ShellHWDetection - ok
10:40:12.0986 3648 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:40:12.0987 3648 SiSRaid2 - ok
10:40:13.0001 3648 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:40:13.0004 3648 SiSRaid4 - ok
10:40:13.0064 3648 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
10:40:13.0068 3648 SkypeUpdate - ok
10:40:13.0090 3648 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:40:13.0093 3648 Smb - ok
10:40:13.0124 3648 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:40:13.0128 3648 SNMPTRAP - ok
10:40:13.0187 3648 [ E9CBBDC94EECED8E96FC847AA48F597F ] Sony Ericsson PCCompanion C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
10:40:13.0191 3648 Sony Ericsson PCCompanion - ok
10:40:13.0213 3648 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:40:13.0214 3648 spldr - ok
10:40:13.0242 3648 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:40:13.0259 3648 Spooler - ok
10:40:13.0353 3648 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:40:13.0430 3648 sppsvc - ok
10:40:13.0458 3648 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:40:13.0464 3648 sppuinotify - ok
10:40:13.0492 3648 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:40:13.0500 3648 srv - ok
10:40:13.0516 3648 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:40:13.0525 3648 srv2 - ok
10:40:13.0537 3648 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:40:13.0541 3648 srvnet - ok
10:40:13.0572 3648 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:40:13.0581 3648 SSDPSRV - ok
10:40:13.0594 3648 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:40:13.0603 3648 SstpSvc - ok
10:40:13.0638 3648 Steam Client Service - ok
10:40:13.0661 3648 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:40:13.0663 3648 stexstor - ok
10:40:13.0701 3648 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:40:13.0726 3648 stisvc - ok
10:40:13.0752 3648 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:40:13.0754 3648 storflt - ok
10:40:13.0775 3648 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:40:13.0777 3648 storvsc - ok
10:40:13.0794 3648 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:40:13.0795 3648 swenum - ok
10:40:13.0823 3648 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:40:13.0836 3648 swprv - ok
10:40:13.0882 3648 Synth3dVsc - ok
10:40:13.0933 3648 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:40:13.0976 3648 SysMain - ok
10:40:13.0998 3648 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:40:14.0004 3648 TabletInputService - ok
10:40:14.0030 3648 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:40:14.0047 3648 TapiSrv - ok
10:40:14.0068 3648 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:40:14.0073 3648 TBS - ok
10:40:14.0131 3648 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:40:14.0174 3648 Tcpip - ok
10:40:14.0217 3648 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:40:14.0224 3648 TCPIP6 - ok
10:40:14.0241 3648 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:40:14.0242 3648 tcpipreg - ok
10:40:14.0259 3648 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:40:14.0261 3648 TDPIPE - ok
10:40:14.0281 3648 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:40:14.0283 3648 TDTCP - ok
10:40:14.0303 3648 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:40:14.0305 3648 tdx - ok
10:40:14.0330 3648 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:40:14.0333 3648 TermDD - ok
10:40:14.0366 3648 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:40:14.0392 3648 TermService - ok
10:40:14.0415 3648 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:40:14.0420 3648 Themes - ok
10:40:14.0435 3648 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:40:14.0439 3648 THREADORDER - ok
10:40:14.0444 3648 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:40:14.0457 3648 TrkWks - ok
10:40:14.0481 3648 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:40:14.0484 3648 TrustedInstaller - ok
10:40:14.0505 3648 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:40:14.0507 3648 tssecsrv - ok
10:40:14.0518 3648 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:40:14.0520 3648 TsUsbFlt - ok
10:40:14.0524 3648 tsusbhub - ok
10:40:14.0555 3648 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:40:14.0557 3648 tunnel - ok
10:40:14.0573 3648 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:40:14.0575 3648 uagp35 - ok
10:40:14.0590 3648 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:40:14.0597 3648 udfs - ok
10:40:14.0622 3648 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:40:14.0627 3648 UI0Detect - ok
10:40:14.0656 3648 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:40:14.0658 3648 uliagpkx - ok
10:40:14.0685 3648 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:40:14.0687 3648 umbus - ok
10:40:14.0711 3648 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:40:14.0712 3648 UmPass - ok
10:40:14.0731 3648 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
10:40:14.0739 3648 UmRdpService - ok
10:40:14.0764 3648 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:40:14.0774 3648 upnphost - ok
10:40:14.0791 3648 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:40:14.0794 3648 usbaudio - ok
10:40:14.0814 3648 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:40:14.0817 3648 usbccgp - ok
10:40:14.0849 3648 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:40:14.0852 3648 usbcir - ok
10:40:14.0862 3648 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:40:14.0864 3648 usbehci - ok
10:40:14.0891 3648 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:40:14.0897 3648 usbhub - ok
10:40:14.0914 3648 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:40:14.0916 3648 usbohci - ok
10:40:14.0939 3648 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:40:14.0940 3648 usbprint - ok
10:40:14.0965 3648 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:40:14.0966 3648 usbscan - ok
10:40:14.0983 3648 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:40:14.0986 3648 USBSTOR - ok
10:40:15.0003 3648 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:40:15.0005 3648 usbuhci - ok
10:40:15.0027 3648 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:40:15.0032 3648 UxSms - ok
10:40:15.0038 3648 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:40:15.0041 3648 VaultSvc - ok
10:40:15.0061 3648 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:40:15.0063 3648 vdrvroot - ok
10:40:15.0099 3648 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:40:15.0111 3648 vds - ok
10:40:15.0145 3648 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:40:15.0146 3648 vga - ok
10:40:15.0156 3648 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:40:15.0158 3648 VgaSave - ok
10:40:15.0172 3648 VGPU - ok
10:40:15.0198 3648 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:40:15.0202 3648 vhdmp - ok
10:40:15.0237 3648 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:40:15.0239 3648 viaide - ok
10:40:15.0259 3648 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:40:15.0263 3648 vmbus - ok
10:40:15.0279 3648 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:40:15.0280 3648 VMBusHID - ok
10:40:15.0302 3648 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:40:15.0305 3648 volmgr - ok
10:40:15.0334 3648 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:40:15.0341 3648 volmgrx - ok
10:40:15.0360 3648 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:40:15.0366 3648 volsnap - ok
10:40:15.0399 3648 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:40:15.0402 3648 vsmraid - ok
10:40:15.0450 3648 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:40:15.0493 3648 VSS - ok
10:40:15.0501 3648 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
10:40:15.0503 3648 vwifibus - ok
10:40:15.0534 3648 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:40:15.0551 3648 W32Time - ok
10:40:15.0563 3648 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:40:15.0565 3648 WacomPen - ok
10:40:15.0600 3648 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:40:15.0601 3648 WANARP - ok
10:40:15.0610 3648 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:40:15.0611 3648 Wanarpv6 - ok
10:40:15.0658 3648 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:40:15.0692 3648 wbengine - ok
10:40:15.0710 3648 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:40:15.0715 3648 WbioSrvc - ok
10:40:15.0741 3648 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:40:15.0758 3648 wcncsvc - ok
10:40:15.0766 3648 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:40:15.0772 3648 WcsPlugInService - ok
10:40:15.0794 3648 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:40:15.0795 3648 Wd - ok
10:40:15.0823 3648 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:40:15.0834 3648 Wdf01000 - ok
10:40:15.0852 3648 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:40:15.0860 3648 WdiServiceHost - ok
10:40:15.0865 3648 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:40:15.0871 3648 WdiSystemHost - ok
10:40:15.0883 3648 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:40:15.0891 3648 WebClient - ok
10:40:15.0904 3648 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:40:15.0912 3648 Wecsvc - ok
10:40:15.0922 3648 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:40:15.0930 3648 wercplsupport - ok
10:40:15.0957 3648 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:40:15.0963 3648 WerSvc - ok
10:40:15.0997 3648 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:40:15.0998 3648 WfpLwf - ok
10:40:16.0011 3648 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:40:16.0012 3648 WIMMount - ok
10:40:16.0022 3648 WinHttpAutoProxySvc - ok
10:40:16.0065 3648 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:40:16.0069 3648 Winmgmt - ok
10:40:16.0120 3648 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:40:16.0170 3648 WinRM - ok
10:40:16.0214 3648 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:40:16.0215 3648 WinUsb - ok
10:40:16.0252 3648 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:40:16.0277 3648 Wlansvc - ok
10:40:16.0389 3648 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:40:16.0441 3648 wlidsvc - ok
10:40:16.0467 3648 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:40:16.0467 3648 WmiAcpi - ok
10:40:16.0495 3648 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:40:16.0500 3648 wmiApSrv - ok
10:40:16.0521 3648 WMPNetworkSvc - ok
10:40:16.0545 3648 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:40:16.0550 3648 WPCSvc - ok
10:40:16.0568 3648 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:40:16.0576 3648 WPDBusEnum - ok
10:40:16.0604 3648 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:40:16.0606 3648 ws2ifsl - ok
10:40:16.0609 3648 WSearch - ok
10:40:16.0630 3648 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:40:16.0633 3648 WudfPf - ok
10:40:16.0660 3648 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:40:16.0664 3648 WUDFRd - ok
10:40:16.0676 3648 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:40:16.0682 3648 wudfsvc - ok
10:40:16.0707 3648 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:40:16.0723 3648 WwanSvc - ok
10:40:16.0752 3648 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
10:40:16.0755 3648 xusb21 - ok
10:40:16.0766 3648 ================ Scan global ===============================
10:40:16.0783 3648 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:40:16.0807 3648 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:40:16.0820 3648 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:40:16.0850 3648 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:40:16.0887 3648 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
10:40:16.0896 3648 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
10:40:16.0896 3648 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
10:40:16.0896 3648 ================ Scan MBR ==================================
10:40:16.0921 3648 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:40:17.0079 3648 \Device\Harddisk0\DR0 - ok
10:40:17.0080 3648 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
10:40:17.0123 3648 \Device\Harddisk1\DR1 - ok
10:40:17.0124 3648 ================ Scan VBR ==================================
10:40:17.0147 3648 [ D5D9E334525B81E06E54CE9C022984D9 ] \Device\Harddisk0\DR0\Partition1
10:40:17.0148 3648 \Device\Harddisk0\DR0\Partition1 - ok
10:40:17.0166 3648 [ AA0BF0CFFE9D883A3C3E47C40E74BC8E ] \Device\Harddisk0\DR0\Partition2
10:40:17.0168 3648 \Device\Harddisk0\DR0\Partition2 - ok
10:40:17.0186 3648 [ 78110A215898813A177283011549D486 ] \Device\Harddisk0\DR0\Partition3
10:40:17.0188 3648 \Device\Harddisk0\DR0\Partition3 - ok
10:40:17.0190 3648 [ 62A173D3EDF59699C0C240B20AD6CB55 ] \Device\Harddisk1\DR1\Partition1
10:40:17.0191 3648 \Device\Harddisk1\DR1\Partition1 - ok
10:40:17.0192 3648 ============================================================
10:40:17.0192 3648 Scan finished
10:40:17.0192 3648 ============================================================
10:40:17.0195 3284 Detected object count: 1
10:40:17.0195 3284 Actual detected object count: 1
10:40:23.0302 3284 C:\Windows\system32\services.exe - copied to quarantine
10:40:24.0479 3284 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
10:40:24.0490 3284 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
10:40:24.0509 3284 C:\Windows\installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\@ - copied to quarantine
10:40:24.0532 3284 C:\Windows\installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\L\00000004.@ - copied to quarantine
10:40:24.0534 3284 C:\Windows\installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\U\00000004.@ - copied to quarantine
10:40:24.0536 3284 C:\Windows\installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\U\00000008.@ - copied to quarantine
10:40:24.0537 3284 C:\Windows\installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\U\000000cb.@ - copied to quarantine
10:40:24.0539 3284 C:\Windows\installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\U\80000000.@ - copied to quarantine
10:40:24.0541 3284 C:\Windows\installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\U\80000032.@ - copied to quarantine
10:40:24.0543 3284 C:\Windows\installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\U\80000064.@ - copied to quarantine
10:41:06.0854 3284 Backup copy not found, trying to cure infected file..
10:41:06.0854 3284 C:\Windows\system32\services.exe - Cure failed (FFFFFFFF)
10:41:06.0854 3284 C:\Windows\system32\services.exe - processing error
10:41:06.0854 3284 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure
|
|
09.11.2012, 10:54
| #4 | |
| /// Malwareteam | Trojan.Droppper.BC.Miner + RootkitsZitat:
 Jetzt haben wir ein böses Problem! Lass den TDSS-Killer noch einmal laufen, wähle am Schluß (FALLS etwas gefunden wird!) SKIP und poste das neue logfile hier!
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
09.11.2012, 10:56
| #5 |
| | Trojan.Droppper.BC.Miner + Rootkits Ich sehe gerade, dass ich ausversehen auf Cure gekommen bin bei Schritt 3. Habe nochmal gescannt und diesmal geskippt. Code:
ATTFilter 10:54:56.0187 2016 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:54:57.0285 2016 ============================================================
10:54:57.0285 2016 Current date / time: 2012/11/09 10:54:57.0285
10:54:57.0285 2016 SystemInfo:
10:54:57.0285 2016
10:54:57.0285 2016 OS Version: 6.1.7601 ServicePack: 1.0
10:54:57.0285 2016 Product type: Workstation
10:54:57.0285 2016 ComputerName: BITCH
10:54:57.0286 2016 UserName: dome
10:54:57.0286 2016 Windows directory: C:\Windows
10:54:57.0286 2016 System windows directory: C:\Windows
10:54:57.0286 2016 Running under WOW64
10:54:57.0286 2016 Processor architecture: Intel x64
10:54:57.0286 2016 Number of processors: 4
10:54:57.0286 2016 Page size: 0x1000
10:54:57.0286 2016 Boot type: Normal boot
10:54:57.0286 2016 ============================================================
10:54:58.0088 2016 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:54:58.0134 2016 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:54:58.0136 2016 ============================================================
10:54:58.0136 2016 \Device\Harddisk0\DR0:
10:54:58.0138 2016 MBR partitions:
10:54:58.0138 2016 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x927C000
10:54:58.0138 2016 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x927C800, BlocksNum 0x927C000
10:54:58.0138 2016 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x124F8800, BlocksNum 0xACCC800
10:54:58.0138 2016 \Device\Harddisk1\DR1:
10:54:58.0139 2016 MBR partitions:
10:54:58.0139 2016 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
10:54:58.0139 2016 ============================================================
10:54:58.0167 2016 C: <-> \Device\Harddisk0\DR0\Partition3
10:54:58.0203 2016 D: <-> \Device\Harddisk0\DR0\Partition1
10:54:58.0229 2016 E: <-> \Device\Harddisk0\DR0\Partition2
10:54:58.0237 2016 H: <-> \Device\Harddisk1\DR1\Partition1
10:54:58.0238 2016 ============================================================
10:54:58.0238 2016 Initialize success
10:54:58.0238 2016 ============================================================
10:55:01.0161 0948 ============================================================
10:55:01.0161 0948 Scan started
10:55:01.0161 0948 Mode: Manual;
10:55:01.0161 0948 ============================================================
10:55:02.0086 0948 ================ Scan system memory ========================
10:55:02.0086 0948 System memory - ok
10:55:02.0087 0948 ================ Scan services =============================
10:55:02.0207 0948 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:55:02.0209 0948 1394ohci - ok
10:55:02.0256 0948 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:55:02.0259 0948 ACPI - ok
10:55:02.0274 0948 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:55:02.0274 0948 AcpiPmi - ok
10:55:02.0355 0948 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:55:02.0356 0948 AdobeARMservice - ok
10:55:02.0451 0948 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:55:02.0453 0948 AdobeFlashPlayerUpdateSvc - ok
10:55:02.0496 0948 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:55:02.0500 0948 adp94xx - ok
10:55:02.0530 0948 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:55:02.0533 0948 adpahci - ok
10:55:02.0550 0948 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:55:02.0552 0948 adpu320 - ok
10:55:02.0576 0948 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:55:02.0577 0948 AeLookupSvc - ok
10:55:02.0629 0948 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:55:02.0634 0948 AFD - ok
10:55:02.0658 0948 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:55:02.0659 0948 agp440 - ok
10:55:02.0675 0948 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:55:02.0676 0948 ALG - ok
10:55:02.0702 0948 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:55:02.0703 0948 aliide - ok
10:55:02.0742 0948 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:55:02.0745 0948 AMD External Events Utility - ok
10:55:02.0765 0948 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:55:02.0765 0948 amdide - ok
10:55:02.0792 0948 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:55:02.0793 0948 AmdK8 - ok
10:55:03.0022 0948 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:55:03.0062 0948 amdkmdag - ok
10:55:03.0081 0948 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
10:55:03.0082 0948 amdkmdap - ok
10:55:03.0097 0948 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:55:03.0097 0948 AmdPPM - ok
10:55:03.0137 0948 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:55:03.0138 0948 amdsata - ok
10:55:03.0150 0948 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:55:03.0152 0948 amdsbs - ok
10:55:03.0172 0948 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:55:03.0173 0948 amdxata - ok
10:55:03.0207 0948 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:55:03.0208 0948 AppID - ok
10:55:03.0228 0948 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:55:03.0230 0948 AppIDSvc - ok
10:55:03.0249 0948 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:55:03.0250 0948 Appinfo - ok
10:55:03.0278 0948 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
10:55:03.0280 0948 AppMgmt - ok
10:55:03.0303 0948 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:55:03.0305 0948 arc - ok
10:55:03.0320 0948 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:55:03.0321 0948 arcsas - ok
10:55:03.0368 0948 aspnet_state - ok
10:55:03.0395 0948 [ B9DA213B5271DB5FCE962D827E6D620D ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
10:55:03.0396 0948 aswFsBlk - ok
10:55:03.0437 0948 [ 21C9835D0E5AD2FF0F16134BCB32CC71 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
10:55:03.0438 0948 aswMonFlt - ok
10:55:03.0477 0948 [ 1B96A5867ABD4FA6135D8298FCCCF9C6 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
10:55:03.0478 0948 aswRdr - ok
10:55:03.0503 0948 [ 6E98BB288696777A3A8A07A52B0EAEE9 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
10:55:03.0510 0948 aswSnx - ok
10:55:03.0528 0948 [ D9FB49F16E4EB02EFECAE8CBFE4BCB4C ] aswSP C:\Windows\system32\drivers\aswSP.sys
10:55:03.0531 0948 aswSP - ok
10:55:03.0559 0948 [ 7352BB9A564B94BBD7C9CBF165F55006 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
10:55:03.0560 0948 aswTdi - ok
10:55:03.0582 0948 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:55:03.0582 0948 AsyncMac - ok
10:55:03.0609 0948 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:55:03.0610 0948 atapi - ok
10:55:03.0663 0948 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
10:55:03.0664 0948 AtiHDAudioService - ok
10:55:03.0709 0948 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:55:03.0715 0948 AudioEndpointBuilder - ok
10:55:03.0734 0948 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:55:03.0740 0948 AudioSrv - ok
10:55:03.0800 0948 [ 4041D31508A2A084DFB42C595854090F ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:55:03.0801 0948 avast! Antivirus - ok
10:55:03.0836 0948 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:55:03.0837 0948 AxInstSV - ok
10:55:03.0873 0948 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:55:03.0877 0948 b06bdrv - ok
10:55:03.0899 0948 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:55:03.0902 0948 b57nd60a - ok
10:55:03.0940 0948 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:55:03.0942 0948 BDESVC - ok
10:55:03.0950 0948 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:55:03.0950 0948 Beep - ok
10:55:03.0969 0948 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:55:03.0970 0948 blbdrive - ok
10:55:03.0993 0948 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:55:03.0994 0948 bowser - ok
10:55:04.0010 0948 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:55:04.0011 0948 BrFiltLo - ok
10:55:04.0026 0948 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:55:04.0027 0948 BrFiltUp - ok
10:55:04.0050 0948 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:55:04.0052 0948 Browser - ok
10:55:04.0072 0948 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:55:04.0075 0948 Brserid - ok
10:55:04.0088 0948 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:55:04.0089 0948 BrSerWdm - ok
10:55:04.0102 0948 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:55:04.0103 0948 BrUsbMdm - ok
10:55:04.0110 0948 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:55:04.0111 0948 BrUsbSer - ok
10:55:04.0123 0948 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:55:04.0124 0948 BTHMODEM - ok
10:55:04.0158 0948 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:55:04.0159 0948 bthserv - ok
10:55:04.0194 0948 [ 55913573C41CF091F93A1AC07965EA7E ] busenum C:\Windows\system32\DRIVERS\SteelBus64.sys
10:55:04.0195 0948 busenum - ok
10:55:04.0208 0948 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:55:04.0209 0948 cdfs - ok
10:55:04.0251 0948 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:55:04.0253 0948 cdrom - ok
10:55:04.0287 0948 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:55:04.0289 0948 CertPropSvc - ok
10:55:04.0312 0948 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:55:04.0313 0948 circlass - ok
10:55:04.0345 0948 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:55:04.0349 0948 CLFS - ok
10:55:04.0382 0948 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:55:04.0383 0948 clr_optimization_v2.0.50727_32 - ok
10:55:04.0427 0948 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:55:04.0428 0948 clr_optimization_v2.0.50727_64 - ok
10:55:04.0486 0948 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:55:04.0488 0948 clr_optimization_v4.0.30319_32 - ok
10:55:04.0534 0948 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:55:04.0536 0948 clr_optimization_v4.0.30319_64 - ok
10:55:04.0567 0948 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:55:04.0568 0948 CmBatt - ok
10:55:04.0592 0948 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:55:04.0592 0948 cmdide - ok
10:55:04.0634 0948 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:55:04.0638 0948 CNG - ok
10:55:04.0673 0948 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:55:04.0674 0948 Compbatt - ok
10:55:04.0771 0948 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:55:04.0772 0948 CompositeBus - ok
10:55:04.0799 0948 COMSysApp - ok
10:55:04.0811 0948 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:55:04.0812 0948 crcdisk - ok
10:55:04.0842 0948 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:55:04.0844 0948 CryptSvc - ok
10:55:04.0874 0948 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
10:55:04.0879 0948 CSC - ok
10:55:04.0917 0948 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
10:55:04.0923 0948 CscService - ok
10:55:04.0959 0948 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:55:04.0967 0948 DcomLaunch - ok
10:55:04.0992 0948 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:55:04.0996 0948 defragsvc - ok
10:55:05.0020 0948 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:55:05.0021 0948 DfsC - ok
10:55:05.0044 0948 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:55:05.0048 0948 Dhcp - ok
10:55:05.0078 0948 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:55:05.0079 0948 discache - ok
10:55:05.0107 0948 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:55:05.0108 0948 Disk - ok
10:55:05.0133 0948 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:55:05.0136 0948 Dnscache - ok
10:55:05.0158 0948 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:55:05.0161 0948 dot3svc - ok
10:55:05.0177 0948 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:55:05.0180 0948 DPS - ok
10:55:05.0209 0948 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:55:05.0209 0948 drmkaud - ok
10:55:05.0243 0948 [ FB9BEF3401EE5ECC2603311B9C64F44A ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:55:05.0246 0948 dtsoftbus01 - ok
10:55:05.0282 0948 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:55:05.0290 0948 DXGKrnl - ok
10:55:05.0312 0948 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:55:05.0315 0948 EapHost - ok
10:55:05.0408 0948 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:55:05.0422 0948 ebdrv - ok
10:55:05.0451 0948 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:55:05.0453 0948 EFS - ok
10:55:05.0500 0948 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:55:05.0506 0948 ehRecvr - ok
10:55:05.0525 0948 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:55:05.0527 0948 ehSched - ok
10:55:05.0565 0948 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:55:05.0570 0948 elxstor - ok
10:55:05.0589 0948 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:55:05.0589 0948 ErrDev - ok
10:55:05.0615 0948 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:55:05.0619 0948 EventSystem - ok
10:55:05.0650 0948 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:55:05.0652 0948 exfat - ok
10:55:05.0669 0948 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:55:05.0671 0948 fastfat - ok
10:55:05.0722 0948 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:55:05.0729 0948 Fax - ok
10:55:05.0746 0948 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:55:05.0747 0948 fdc - ok
10:55:05.0765 0948 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:55:05.0767 0948 fdPHost - ok
10:55:05.0780 0948 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:55:05.0782 0948 FDResPub - ok
10:55:05.0808 0948 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:55:05.0809 0948 FileInfo - ok
10:55:05.0823 0948 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:55:05.0824 0948 Filetrace - ok
10:55:05.0852 0948 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:55:05.0853 0948 flpydisk - ok
10:55:05.0878 0948 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:55:05.0881 0948 FltMgr - ok
10:55:05.0919 0948 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:55:05.0929 0948 FontCache - ok
10:55:05.0974 0948 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:55:05.0975 0948 FontCache3.0.0.0 - ok
10:55:05.0992 0948 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:55:05.0993 0948 FsDepends - ok
10:55:06.0022 0948 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:55:06.0023 0948 Fs_Rec - ok
10:55:06.0043 0948 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:55:06.0045 0948 fvevol - ok
10:55:06.0062 0948 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:55:06.0063 0948 gagp30kx - ok
10:55:06.0095 0948 GEARAspiWDM - ok
10:55:06.0142 0948 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:55:06.0150 0948 gpsvc - ok
10:55:06.0236 0948 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:55:06.0237 0948 gupdate - ok
10:55:06.0252 0948 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:55:06.0253 0948 gupdatem - ok
10:55:06.0270 0948 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:55:06.0271 0948 hcw85cir - ok
10:55:06.0290 0948 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:55:06.0293 0948 HdAudAddService - ok
10:55:06.0331 0948 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:55:06.0333 0948 HDAudBus - ok
10:55:06.0346 0948 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:55:06.0347 0948 HidBatt - ok
10:55:06.0361 0948 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:55:06.0362 0948 HidBth - ok
10:55:06.0387 0948 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:55:06.0388 0948 HidIr - ok
10:55:06.0412 0948 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
10:55:06.0414 0948 hidserv - ok
10:55:06.0443 0948 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:55:06.0444 0948 HidUsb - ok
10:55:06.0475 0948 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:55:06.0478 0948 hkmsvc - ok
10:55:06.0499 0948 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:55:06.0503 0948 HomeGroupListener - ok
10:55:06.0530 0948 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:55:06.0535 0948 HomeGroupProvider - ok
10:55:06.0553 0948 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:55:06.0554 0948 HpSAMD - ok
10:55:06.0598 0948 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:55:06.0604 0948 HTTP - ok
10:55:06.0635 0948 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:55:06.0636 0948 hwpolicy - ok
10:55:06.0665 0948 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:55:06.0667 0948 i8042prt - ok
10:55:06.0688 0948 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:55:06.0692 0948 iaStorV - ok
10:55:06.0786 0948 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:55:06.0793 0948 idsvc - ok
10:55:06.0817 0948 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:55:06.0818 0948 iirsp - ok
10:55:06.0864 0948 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:55:06.0872 0948 IKEEXT - ok
10:55:06.0960 0948 [ 13089F31AA37CDE1CE3784EE01A48484 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:55:06.0974 0948 IntcAzAudAddService - ok
10:55:06.0989 0948 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:55:06.0990 0948 intelide - ok
10:55:07.0020 0948 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:55:07.0021 0948 intelppm - ok
10:55:07.0045 0948 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:55:07.0048 0948 IPBusEnum - ok
10:55:07.0070 0948 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:55:07.0072 0948 IpFilterDriver - ok
10:55:07.0099 0948 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:55:07.0100 0948 IPMIDRV - ok
10:55:07.0132 0948 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:55:07.0133 0948 IPNAT - ok
10:55:07.0149 0948 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:55:07.0150 0948 IRENUM - ok
10:55:07.0178 0948 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:55:07.0179 0948 isapnp - ok
10:55:07.0194 0948 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:55:07.0197 0948 iScsiPrt - ok
10:55:07.0210 0948 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:55:07.0212 0948 kbdclass - ok
10:55:07.0225 0948 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:55:07.0226 0948 kbdhid - ok
10:55:07.0234 0948 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:55:07.0237 0948 KeyIso - ok
10:55:07.0260 0948 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:55:07.0262 0948 KSecDD - ok
10:55:07.0272 0948 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:55:07.0274 0948 KSecPkg - ok
10:55:07.0290 0948 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:55:07.0291 0948 ksthunk - ok
10:55:07.0324 0948 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:55:07.0329 0948 KtmRm - ok
10:55:07.0364 0948 [ 86DCBF8A41C78561A1DA07AB5E7B1CCC ] LADF_DHP2 C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys
10:55:07.0366 0948 LADF_DHP2 - ok
10:55:07.0379 0948 [ 175C04C7813CE64616B5CB046E5E1383 ] LADF_SBVM C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys
10:55:07.0382 0948 LADF_SBVM - ok
10:55:07.0415 0948 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:55:07.0420 0948 LanmanServer - ok
10:55:07.0447 0948 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:55:07.0452 0948 LanmanWorkstation - ok
10:55:07.0485 0948 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:55:07.0486 0948 lltdio - ok
10:55:07.0523 0948 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:55:07.0528 0948 lltdsvc - ok
10:55:07.0554 0948 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:55:07.0556 0948 lmhosts - ok
10:55:07.0577 0948 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:55:07.0578 0948 LSI_FC - ok
10:55:07.0602 0948 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:55:07.0603 0948 LSI_SAS - ok
10:55:07.0624 0948 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:55:07.0626 0948 LSI_SAS2 - ok
10:55:07.0639 0948 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:55:07.0641 0948 LSI_SCSI - ok
10:55:07.0655 0948 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:55:07.0656 0948 luafv - ok
10:55:07.0690 0948 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
10:55:07.0690 0948 MBAMProtector - ok
10:55:07.0759 0948 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:55:07.0763 0948 MBAMScheduler - ok
10:55:07.0791 0948 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:55:07.0796 0948 MBAMService - ok
10:55:07.0813 0948 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys
10:55:07.0814 0948 MBfilt - ok
10:55:07.0871 0948 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
10:55:07.0874 0948 McComponentHostService - ok
10:55:07.0897 0948 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:55:07.0900 0948 Mcx2Svc - ok
10:55:07.0921 0948 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:55:07.0922 0948 megasas - ok
10:55:07.0949 0948 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:55:07.0952 0948 MegaSR - ok
10:55:07.0976 0948 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
10:55:07.0977 0948 MEIx64 - ok
10:55:07.0993 0948 [ D70476AD02D6FD75282B196D3B58831D ] MEMSWEEP2 C:\Windows\system32\E034.tmp
10:55:07.0995 0948 MEMSWEEP2 - ok
10:55:08.0014 0948 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:55:08.0017 0948 MMCSS - ok
10:55:08.0028 0948 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:55:08.0029 0948 Modem - ok
10:55:08.0050 0948 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:55:08.0051 0948 monitor - ok
10:55:08.0071 0948 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:55:08.0072 0948 mouclass - ok
10:55:08.0093 0948 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:55:08.0094 0948 mouhid - ok
10:55:08.0182 0948 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:55:08.0183 0948 mountmgr - ok
10:55:08.0264 0948 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:55:08.0265 0948 MozillaMaintenance - ok
10:55:08.0278 0948 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:55:08.0280 0948 mpio - ok
10:55:08.0292 0948 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:55:08.0293 0948 mpsdrv - ok
10:55:08.0316 0948 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:55:08.0318 0948 MRxDAV - ok
10:55:08.0343 0948 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:55:08.0345 0948 mrxsmb - ok
10:55:08.0367 0948 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:55:08.0370 0948 mrxsmb10 - ok
10:55:08.0384 0948 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:55:08.0386 0948 mrxsmb20 - ok
10:55:08.0398 0948 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:55:08.0399 0948 msahci - ok
10:55:08.0424 0948 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:55:08.0426 0948 msdsm - ok
10:55:08.0452 0948 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:55:08.0455 0948 MSDTC - ok
10:55:08.0478 0948 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:55:08.0479 0948 Msfs - ok
10:55:08.0495 0948 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:55:08.0496 0948 mshidkmdf - ok
10:55:08.0518 0948 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:55:08.0519 0948 msisadrv - ok
10:55:08.0539 0948 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:55:08.0542 0948 MSiSCSI - ok
10:55:08.0545 0948 msiserver - ok
10:55:08.0591 0948 [ 192476C10371DC83243D67432B2CDCBF ] MSI_MSIBIOS_010507 C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys
10:55:08.0592 0948 MSI_MSIBIOS_010507 - ok
10:55:08.0611 0948 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:55:08.0612 0948 MSKSSRV - ok
10:55:08.0620 0948 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:55:08.0621 0948 MSPCLOCK - ok
10:55:08.0632 0948 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:55:08.0633 0948 MSPQM - ok
10:55:08.0658 0948 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:55:08.0662 0948 MsRPC - ok
10:55:08.0691 0948 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:55:08.0692 0948 mssmbios - ok
10:55:08.0708 0948 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:55:08.0709 0948 MSTEE - ok
10:55:08.0721 0948 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:55:08.0722 0948 MTConfig - ok
10:55:08.0738 0948 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:55:08.0740 0948 Mup - ok
10:55:08.0773 0948 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:55:08.0780 0948 napagent - ok
10:55:08.0812 0948 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:55:08.0816 0948 NativeWifiP - ok
10:55:08.0871 0948 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:55:08.0879 0948 NDIS - ok
10:55:08.0898 0948 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:55:08.0899 0948 NdisCap - ok
10:55:08.0925 0948 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:55:08.0926 0948 NdisTapi - ok
10:55:08.0941 0948 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:55:08.0943 0948 Ndisuio - ok
10:55:08.0959 0948 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:55:08.0961 0948 NdisWan - ok
10:55:08.0989 0948 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:55:08.0991 0948 NDProxy - ok
10:55:09.0071 0948 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
10:55:09.0079 0948 Nero BackItUp Scheduler 4.0 - ok
10:55:09.0097 0948 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:55:09.0098 0948 NetBIOS - ok
10:55:09.0118 0948 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:55:09.0121 0948 NetBT - ok
10:55:09.0141 0948 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:55:09.0144 0948 Netlogon - ok
10:55:09.0174 0948 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:55:09.0180 0948 Netman - ok
10:55:09.0215 0948 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:55:09.0217 0948 NetMsmqActivator - ok
10:55:09.0233 0948 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:55:09.0235 0948 NetPipeActivator - ok
10:55:09.0262 0948 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:55:09.0269 0948 netprofm - ok
10:55:09.0290 0948 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:55:09.0292 0948 NetTcpActivator - ok
10:55:09.0298 0948 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:55:09.0300 0948 NetTcpPortSharing - ok
10:55:09.0330 0948 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:55:09.0331 0948 nfrd960 - ok
10:55:09.0362 0948 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:55:09.0368 0948 NlaSvc - ok
10:55:09.0377 0948 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:55:09.0378 0948 Npfs - ok
10:55:09.0405 0948 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:55:09.0409 0948 nsi - ok
10:55:09.0416 0948 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:55:09.0417 0948 nsiproxy - ok
10:55:09.0472 0948 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:55:09.0484 0948 Ntfs - ok
10:55:09.0506 0948 [ 1B32C54B95121AB1683C7B83B2DB4B96 ] NTIOLib_1_0_4 C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys
10:55:09.0506 0948 NTIOLib_1_0_4 - ok
10:55:09.0518 0948 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:55:09.0519 0948 Null - ok
10:55:09.0541 0948 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
10:55:09.0542 0948 nusb3hub - ok
10:55:09.0556 0948 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:55:09.0558 0948 nusb3xhc - ok
10:55:09.0588 0948 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:55:09.0590 0948 nvraid - ok
10:55:09.0606 0948 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:55:09.0608 0948 nvstor - ok
10:55:09.0639 0948 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:55:09.0641 0948 nv_agp - ok
10:55:09.0654 0948 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:55:09.0655 0948 ohci1394 - ok
10:55:09.0689 0948 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:55:09.0695 0948 p2pimsvc - ok
10:55:09.0720 0948 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:55:09.0727 0948 p2psvc - ok
10:55:09.0751 0948 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:55:09.0753 0948 Parport - ok
10:55:09.0774 0948 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:55:09.0775 0948 partmgr - ok
10:55:09.0789 0948 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:55:09.0793 0948 PcaSvc - ok
10:55:09.0808 0948 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:55:09.0810 0948 pci - ok
10:55:09.0859 0948 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:55:09.0860 0948 pciide - ok
10:55:09.0881 0948 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:55:09.0884 0948 pcmcia - ok
10:55:09.0898 0948 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:55:09.0899 0948 pcw - ok
10:55:09.0919 0948 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:55:09.0925 0948 PEAUTH - ok
10:55:09.0966 0948 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:55:09.0979 0948 PeerDistSvc - ok
10:55:10.0038 0948 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:55:10.0041 0948 PerfHost - ok
10:55:10.0089 0948 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:55:10.0102 0948 pla - ok
10:55:10.0130 0948 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:55:10.0137 0948 PlugPlay - ok
10:55:10.0155 0948 PnkBstrA - ok
10:55:10.0168 0948 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:55:10.0172 0948 PNRPAutoReg - ok
10:55:10.0189 0948 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:55:10.0194 0948 PNRPsvc - ok
10:55:10.0218 0948 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:55:10.0224 0948 PolicyAgent - ok
10:55:10.0255 0948 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:55:10.0260 0948 Power - ok
10:55:10.0291 0948 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:55:10.0293 0948 PptpMiniport - ok
10:55:10.0323 0948 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:55:10.0325 0948 Processor - ok
10:55:10.0350 0948 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:55:10.0355 0948 ProfSvc - ok
10:55:10.0366 0948 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:55:10.0369 0948 ProtectedStorage - ok
10:55:10.0387 0948 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:55:10.0389 0948 Psched - ok
10:55:10.0439 0948 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:55:10.0451 0948 ql2300 - ok
10:55:10.0472 0948 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:55:10.0474 0948 ql40xx - ok
10:55:10.0497 0948 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:55:10.0503 0948 QWAVE - ok
10:55:10.0512 0948 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:55:10.0513 0948 QWAVEdrv - ok
10:55:10.0524 0948 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:55:10.0525 0948 RasAcd - ok
10:55:10.0546 0948 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:55:10.0547 0948 RasAgileVpn - ok
10:55:10.0560 0948 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:55:10.0564 0948 RasAuto - ok
10:55:10.0591 0948 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:55:10.0593 0948 Rasl2tp - ok
10:55:10.0616 0948 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:55:10.0622 0948 RasMan - ok
10:55:10.0644 0948 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:55:10.0646 0948 RasPppoe - ok
10:55:10.0668 0948 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:55:10.0669 0948 RasSstp - ok
10:55:10.0681 0948 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:55:10.0684 0948 rdbss - ok
10:55:10.0707 0948 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:55:10.0708 0948 rdpbus - ok
10:55:10.0722 0948 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:55:10.0723 0948 RDPCDD - ok
10:55:10.0747 0948 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:55:10.0749 0948 RDPDR - ok
10:55:10.0774 0948 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:55:10.0775 0948 RDPENCDD - ok
10:55:10.0783 0948 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:55:10.0784 0948 RDPREFMP - ok
10:55:10.0838 0948 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:55:10.0839 0948 RdpVideoMiniport - ok
10:55:10.0863 0948 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:55:10.0866 0948 RDPWD - ok
10:55:10.0899 0948 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:55:10.0902 0948 rdyboost - ok
10:55:10.0930 0948 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:55:10.0933 0948 RemoteAccess - ok
10:55:10.0965 0948 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:55:10.0970 0948 RemoteRegistry - ok
10:55:10.0978 0948 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:55:10.0983 0948 RpcEptMapper - ok
10:55:10.0996 0948 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:55:10.0999 0948 RpcLocator - ok
10:55:11.0031 0948 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:55:11.0039 0948 RpcSs - ok
10:55:11.0065 0948 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:55:11.0066 0948 rspndr - ok
10:55:11.0107 0948 [ AFC12DFA4C7B089673AD67402CA19EDB ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
10:55:11.0111 0948 RTL8167 - ok
10:55:11.0132 0948 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:55:11.0133 0948 s3cap - ok
10:55:11.0165 0948 [ E13D43901EC079280A2A9BAD9A2CCDA7 ] SAlphamHid C:\Windows\system32\DRIVERS\SAlpham64.sys
10:55:11.0166 0948 SAlphamHid - ok
10:55:11.0174 0948 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:55:11.0177 0948 SamSs - ok
10:55:11.0180 0948 SAVRKBootTasks - ok
10:55:11.0192 0948 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:55:11.0193 0948 sbp2port - ok
10:55:11.0220 0948 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:55:11.0225 0948 SCardSvr - ok
10:55:11.0250 0948 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:55:11.0251 0948 scfilter - ok
10:55:11.0290 0948 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:55:11.0302 0948 Schedule - ok
10:55:11.0325 0948 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:55:11.0327 0948 SCPolicySvc - ok
10:55:11.0348 0948 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:55:11.0353 0948 SDRSVC - ok
10:55:11.0376 0948 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:55:11.0377 0948 secdrv - ok
10:55:11.0389 0948 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:55:11.0393 0948 seclogon - ok
10:55:11.0418 0948 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
10:55:11.0423 0948 SENS - ok
10:55:11.0437 0948 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:55:11.0441 0948 SensrSvc - ok
10:55:11.0455 0948 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:55:11.0456 0948 Serenum - ok
10:55:11.0479 0948 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:55:11.0481 0948 Serial - ok
10:55:11.0512 0948 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:55:11.0513 0948 sermouse - ok
10:55:11.0537 0948 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:55:11.0542 0948 SessionEnv - ok
10:55:11.0559 0948 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:55:11.0560 0948 sffdisk - ok
10:55:11.0570 0948 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:55:11.0571 0948 sffp_mmc - ok
10:55:11.0583 0948 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:55:11.0584 0948 sffp_sd - ok
10:55:11.0604 0948 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:55:11.0605 0948 sfloppy - ok
10:55:11.0635 0948 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:55:11.0642 0948 ShellHWDetection - ok
10:55:11.0661 0948 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:55:11.0663 0948 SiSRaid2 - ok
10:55:11.0677 0948 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:55:11.0679 0948 SiSRaid4 - ok
10:55:11.0740 0948 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
10:55:11.0742 0948 SkypeUpdate - ok
10:55:11.0766 0948 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:55:11.0768 0948 Smb - ok
10:55:11.0800 0948 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:55:11.0804 0948 SNMPTRAP - ok
10:55:11.0880 0948 [ E9CBBDC94EECED8E96FC847AA48F597F ] Sony Ericsson PCCompanion C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
10:55:11.0882 0948 Sony Ericsson PCCompanion - ok
10:55:11.0897 0948 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:55:11.0898 0948 spldr - ok
10:55:11.0926 0948 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:55:11.0934 0948 Spooler - ok
10:55:12.0020 0948 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:55:12.0043 0948 sppsvc - ok
10:55:12.0067 0948 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:55:12.0069 0948 sppuinotify - ok
10:55:12.0101 0948 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:55:12.0105 0948 srv - ok
10:55:12.0117 0948 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:55:12.0121 0948 srv2 - ok
10:55:12.0137 0948 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:55:12.0138 0948 srvnet - ok
10:55:12.0173 0948 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:55:12.0179 0948 SSDPSRV - ok
10:55:12.0187 0948 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:55:12.0192 0948 SstpSvc - ok
10:55:12.0222 0948 Steam Client Service - ok
10:55:12.0245 0948 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:55:12.0246 0948 stexstor - ok
10:55:12.0285 0948 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:55:12.0294 0948 stisvc - ok
10:55:12.0320 0948 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:55:12.0321 0948 storflt - ok
10:55:12.0335 0948 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:55:12.0336 0948 storvsc - ok
10:55:12.0361 0948 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:55:12.0362 0948 swenum - ok
10:55:12.0391 0948 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:55:12.0399 0948 swprv - ok
10:55:12.0424 0948 Synth3dVsc - ok
10:55:12.0476 0948 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:55:12.0490 0948 SysMain - ok
10:55:12.0507 0948 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:55:12.0509 0948 TabletInputService - ok
10:55:12.0538 0948 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:55:12.0542 0948 TapiSrv - ok
10:55:12.0560 0948 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:55:12.0563 0948 TBS - ok
10:55:12.0624 0948 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:55:12.0638 0948 Tcpip - ok
10:55:12.0684 0948 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:55:12.0692 0948 TCPIP6 - ok
10:55:12.0708 0948 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:55:12.0709 0948 tcpipreg - ok
10:55:12.0727 0948 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:55:12.0727 0948 TDPIPE - ok
10:55:12.0749 0948 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:55:12.0750 0948 TDTCP - ok
10:55:12.0770 0948 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:55:12.0772 0948 tdx - ok
10:55:12.0806 0948 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:55:12.0808 0948 TermDD - ok
10:55:12.0842 0948 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:55:12.0851 0948 TermService - ok
10:55:12.0874 0948 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:55:12.0878 0948 Themes - ok
10:55:12.0895 0948 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:55:12.0898 0948 THREADORDER - ok
10:55:12.0907 0948 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:55:12.0912 0948 TrkWks - ok
10:55:12.0941 0948 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:55:12.0943 0948 TrustedInstaller - ok
10:55:12.0964 0948 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:55:12.0965 0948 tssecsrv - ok
10:55:12.0978 0948 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:55:12.0979 0948 TsUsbFlt - ok
10:55:12.0981 0948 tsusbhub - ok
10:55:13.0014 0948 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:55:13.0016 0948 tunnel - ok
10:55:13.0032 0948 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:55:13.0033 0948 uagp35 - ok
10:55:13.0050 0948 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:55:13.0053 0948 udfs - ok
10:55:13.0073 0948 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:55:13.0077 0948 UI0Detect - ok
10:55:13.0090 0948 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:55:13.0091 0948 uliagpkx - ok
10:55:13.0119 0948 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:55:13.0120 0948 umbus - ok
10:55:13.0137 0948 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:55:13.0138 0948 UmPass - ok
10:55:13.0157 0948 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
10:55:13.0162 0948 UmRdpService - ok
10:55:13.0181 0948 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:55:13.0187 0948 upnphost - ok
10:55:13.0209 0948 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:55:13.0210 0948 usbaudio - ok
10:55:13.0232 0948 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:55:13.0233 0948 usbccgp - ok
10:55:13.0259 0948 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:55:13.0260 0948 usbcir - ok
10:55:13.0271 0948 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:55:13.0273 0948 usbehci - ok
10:55:13.0300 0948 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:55:13.0303 0948 usbhub - ok
10:55:13.0315 0948 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:55:13.0316 0948 usbohci - ok
10:55:13.0340 0948 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:55:13.0341 0948 usbprint - ok
10:55:13.0366 0948 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:55:13.0367 0948 usbscan - ok
10:55:13.0384 0948 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:55:13.0386 0948 USBSTOR - ok
10:55:13.0396 0948 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:55:13.0397 0948 usbuhci - ok
10:55:13.0419 0948 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:55:13.0424 0948 UxSms - ok
10:55:13.0431 0948 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:55:13.0433 0948 VaultSvc - ok
10:55:13.0454 0948 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:55:13.0455 0948 vdrvroot - ok
10:55:13.0491 0948 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:55:13.0498 0948 vds - ok
10:55:13.0529 0948 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:55:13.0530 0948 vga - ok
10:55:13.0541 0948 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:55:13.0542 0948 VgaSave - ok
10:55:13.0556 0948 VGPU - ok
10:55:13.0582 0948 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:55:13.0584 0948 vhdmp - ok
10:55:13.0605 0948 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:55:13.0606 0948 viaide - ok
10:55:13.0634 0948 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:55:13.0637 0948 vmbus - ok
10:55:13.0655 0948 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:55:13.0656 0948 VMBusHID - ok
10:55:13.0678 0948 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:55:13.0680 0948 volmgr - ok
10:55:13.0710 0948 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:55:13.0713 0948 volmgrx - ok
10:55:13.0736 0948 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:55:13.0739 0948 volsnap - ok
10:55:13.0775 0948 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:55:13.0777 0948 vsmraid - ok
10:55:13.0825 0948 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:55:13.0838 0948 VSS - ok
10:55:13.0844 0948 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
10:55:13.0845 0948 vwifibus - ok
10:55:13.0876 0948 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:55:13.0884 0948 W32Time - ok
10:55:13.0897 0948 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:55:13.0898 0948 WacomPen - ok
10:55:13.0934 0948 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:55:13.0935 0948 WANARP - ok
10:55:13.0945 0948 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:55:13.0946 0948 Wanarpv6 - ok
10:55:13.0997 0948 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:55:14.0013 0948 wbengine - ok
10:55:14.0027 0948 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:55:14.0030 0948 WbioSrvc - ok
10:55:14.0060 0948 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:55:14.0067 0948 wcncsvc - ok
10:55:14.0076 0948 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:55:14.0080 0948 WcsPlugInService - ok
10:55:14.0103 0948 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:55:14.0104 0948 Wd - ok
10:55:14.0123 0948 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:55:14.0127 0948 Wdf01000 - ok
10:55:14.0136 0948 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:55:14.0140 0948 WdiServiceHost - ok
10:55:14.0153 0948 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:55:14.0157 0948 WdiSystemHost - ok
10:55:14.0176 0948 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:55:14.0181 0948 WebClient - ok
10:55:14.0197 0948 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:55:14.0202 0948 Wecsvc - ok
10:55:14.0214 0948 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:55:14.0218 0948 wercplsupport - ok
10:55:14.0233 0948 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:55:14.0237 0948 WerSvc - ok
10:55:14.0256 0948 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:55:14.0257 0948 WfpLwf - ok
10:55:14.0270 0948 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:55:14.0271 0948 WIMMount - ok
10:55:14.0276 0948 WinHttpAutoProxySvc - ok
10:55:14.0316 0948 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:55:14.0319 0948 Winmgmt - ok
10:55:14.0377 0948 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:55:14.0396 0948 WinRM - ok
10:55:14.0448 0948 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:55:14.0449 0948 WinUsb - ok
10:55:14.0486 0948 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:55:14.0497 0948 Wlansvc - ok
10:55:14.0607 0948 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:55:14.0621 0948 wlidsvc - ok
10:55:14.0643 0948 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:55:14.0643 0948 WmiAcpi - ok
10:55:14.0671 0948 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:55:14.0672 0948 wmiApSrv - ok
10:55:14.0689 0948 WMPNetworkSvc - ok
10:55:14.0713 0948 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:55:14.0718 0948 WPCSvc - ok
10:55:14.0736 0948 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:55:14.0740 0948 WPDBusEnum - ok
10:55:14.0763 0948 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:55:14.0764 0948 ws2ifsl - ok
10:55:14.0767 0948 WSearch - ok
10:55:14.0789 0948 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:55:14.0790 0948 WudfPf - ok
10:55:14.0819 0948 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:55:14.0821 0948 WUDFRd - ok
10:55:14.0835 0948 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:55:14.0839 0948 wudfsvc - ok
10:55:14.0857 0948 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:55:14.0861 0948 WwanSvc - ok
10:55:14.0896 0948 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
10:55:14.0897 0948 xusb21 - ok
10:55:14.0909 0948 ================ Scan global ===============================
10:55:14.0927 0948 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:55:14.0950 0948 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:55:14.0967 0948 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:55:14.0994 0948 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:55:15.0022 0948 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
10:55:15.0029 0948 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
10:55:15.0029 0948 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
10:55:15.0029 0948 ================ Scan MBR ==================================
10:55:15.0056 0948 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:55:15.0211 0948 \Device\Harddisk0\DR0 - ok
10:55:15.0215 0948 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
10:55:15.0341 0948 \Device\Harddisk1\DR1 - ok
10:55:15.0342 0948 ================ Scan VBR ==================================
10:55:15.0366 0948 [ D5D9E334525B81E06E54CE9C022984D9 ] \Device\Harddisk0\DR0\Partition1
10:55:15.0367 0948 \Device\Harddisk0\DR0\Partition1 - ok
10:55:15.0385 0948 [ AA0BF0CFFE9D883A3C3E47C40E74BC8E ] \Device\Harddisk0\DR0\Partition2
10:55:15.0387 0948 \Device\Harddisk0\DR0\Partition2 - ok
10:55:15.0405 0948 [ 78110A215898813A177283011549D486 ] \Device\Harddisk0\DR0\Partition3
10:55:15.0406 0948 \Device\Harddisk0\DR0\Partition3 - ok
10:55:15.0410 0948 [ 62A173D3EDF59699C0C240B20AD6CB55 ] \Device\Harddisk1\DR1\Partition1
10:55:15.0413 0948 \Device\Harddisk1\DR1\Partition1 - ok
10:55:15.0414 0948 ============================================================
10:55:15.0414 0948 Scan finished
10:55:15.0414 0948 ============================================================
10:55:15.0422 4760 Detected object count: 1
10:55:15.0422 4760 Actual detected object count: 1
10:55:21.0608 4760 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - skipped by user
10:55:21.0608 4760 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Skip
|
|
09.11.2012, 11:05
| #6 | |
| /// Malwareteam | Trojan.Droppper.BC.Miner + Rootkits Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Trojan.Droppper.BC.Miner + Rootkits |
|
09.11.2012, 11:38
| #7 |
| | Trojan.Droppper.BC.Miner + Rootkits So Combofix ist fertig. Code:
ATTFilter ComboFix 12-11-09.02 - dome 09.11.2012 11:21:34.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.8163.6330 [GMT 1:00]
ausgeführt von:: c:\users\dome\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\@
c:\windows\Installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\L\00000004.@
c:\windows\Installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\U\00000004.@
c:\windows\Installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\U\00000008.@
c:\windows\Installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\U\000000cb.@
c:\windows\Installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\U\80000000.@
c:\windows\Installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\U\80000032.@
c:\windows\Installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\U\80000064.@
c:\windows\IsUn0407.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
H:\install.exe
.
Infizierte Kopie von c:\windows\system32\services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-09 bis 2012-11-09 ))))))))))))))))))))))))))))))
.
.
2012-11-09 09:40 . 2012-11-09 09:40 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-08 21:16 . 2012-11-08 21:16 -------- d-----w- c:\users\dome\AppData\Roaming\Malwarebytes
2012-11-08 21:15 . 2012-11-08 21:15 -------- d-----w- c:\programdata\Malwarebytes
2012-11-08 21:15 . 2012-11-08 21:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-08 21:15 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-08 18:22 . 2012-11-08 18:22 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-11-06 09:12 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FFCC89B4-7D0E-4F35-B82C-BD180CA515AD}\mpengine.dll
2012-11-02 12:45 . 2012-11-02 12:45 -------- d-----w- c:\program files (x86)\SR Squad Manager
2012-10-30 09:16 . 2012-10-30 09:16 -------- d-----w- c:\users\dome\AppData\Local\Package Cache
2012-10-28 12:11 . 2012-10-28 12:11 289768 ----a-w- c:\windows\system32\javaws.exe
2012-10-28 12:11 . 2012-10-28 12:11 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-28 12:11 . 2012-10-28 12:11 189416 ----a-w- c:\windows\system32\javaw.exe
2012-10-28 12:11 . 2012-10-28 12:11 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-10-28 12:11 . 2012-10-28 12:11 188904 ----a-w- c:\windows\system32\java.exe
2012-10-28 12:07 . 2012-10-28 12:07 -------- d-----w- c:\programdata\Ask
2012-10-28 12:06 . 2012-10-28 12:06 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-28 12:04 . 2012-10-28 12:04 -------- d-----w- c:\program files (x86)\Helden-Software
2012-10-12 21:37 . 2012-10-12 21:37 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-10-11 07:55 . 2012-10-11 07:55 -------- d-----w- c:\program files (x86)\THQ
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-28 12:11 . 2011-07-25 21:30 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-08 19:26 . 2012-04-05 20:44 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 19:26 . 2011-07-25 15:48 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-04 18:58 . 2012-10-04 18:58 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-08-24 11:15 . 2012-09-22 12:46 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 12:46 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 12:46 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 12:46 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 12:46 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 12:46 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 12:46 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 12:46 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 12:46 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 12:46 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 12:46 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 12:46 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 12:46 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 12:46 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 12:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 12:46 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 12:46 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 12:46 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 12:46 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 12:46 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 12:46 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 12:46 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 13:51 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 13:51 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 13:51 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 13:51 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 07:53 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-10 13:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files (x86)\uTorrentBar_DE\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar_DE\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-08-10 22:54 194928 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files (x86)\uTorrentBar_DE\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-08-01 124480]
"Steam"="d:\program files (x86)\Steam\Steam.exe" [2012-08-06 1353080]
"Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2010-08-02 402944]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-10-30 963984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"Logitech G35"="c:\program files (x86)\Logitech\G35\G35.exe" [2010-10-05 1811800]
"Live Update 5"="c:\program files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe" [2012-01-30 315392]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"Philips Device Listener"="c:\program files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2012-06-23 380416]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-09-06 413696]
.
c:\users\dome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-8-10 0]
Logitech blank Produktregistrierung.lnk - c:\program files (x86)\Logitech\G35\eReg.exe [2008-2-13 493832]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\E034.tmp [2010-05-26 6144]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-06-08 153808]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-25 254528]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 69976]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys [2012-01-20 106496]
S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys [2010-09-29 62168]
S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys [2010-09-29 377176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [2010-05-10 33592]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys [2012-01-20 34944]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:26]
.
2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-04 09:38]
.
2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-04 09:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-17 6602856]
"SteelSeries Engine"="c:\program files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" [2012-01-20 227328]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = hxxp://search.chatzum.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{22C4C66D-6ECE-4231-B3E8-4F8D9D78DB66}: NameServer = 195.50.140.246 195.50.140.180
FF - ProfilePath - c:\users\dome\AppData\Roaming\Mozilla\Firefox\Profiles\34ry4oxj.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://utils.chatzum.com/?url=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extentions.y2layers.installId - c5c0669b-6248-43fb-87bd-8c6791d7aeb3
FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,buzzdock,YontooNewOffers
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - c:\program files (x86)\ChatZum Toolbar\tbunsoDFA0.tmp\tbcore3.dll
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKLM-Run-Super-Charger - c:\program files (x86)\MSI\Super-Charger\StartSuperCharger.exe
WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-ChatZum Toolbar - c:\program files (x86)\ChatZum Toolbar\tbunsoDFA0.tmp\uninstaller.exe
AddRemove-PunkBusterSvc - e:\bf3\Battlefield 3\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\E034.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-161220022-3051712212-4226366938-1000\Software\G*e*n*i*e*"!\FM Genie Scout 12]
"GameDir"="c:\\Users\\dome\\Documents\\Sports Interactive\\Football Manager 2012\\games"
"ShortlistDir"="c:\\Users\\dome\\Documents\\Sports Interactive\\Football Manager 2012\\shortlists"
"FMPath"=""
"ScreenshotsDir"="c:\\Users\\dome\\Documents\\Sports Interactive\\Football Manager 2012"
"SaveDir"="c:\\Users\\dome\\Documents\\Sports Interactive\\Football Manager 2012\\"
"HistoryDir"="c:\\FM Genie Scout 12\\History Points"
"LangDB"="c:\\FM Genie Scout 12\\lang_db.dat"
"LastSaveGame"=""
"Language"="German"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000032
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009fe2
"VersionOf201"=dword:0000007b
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"ShowGuidNotification"=dword:00000000
"ShowDonateNotification"=dword:00000000
"Version"=dword:000000cc
"UniqueID"="56-A5B0-E22F"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000004
"StaffSearchFeatureNum"=dword:00000000
"ClubSearchFeatureNum"=dword:00000003
"FilterByClubFeatureNum"=dword:00000004
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000006
"HintsFeatureNum"=dword:00000000
"GenieReportFeatureNum"=dword:00000002
"TopFormationFeatureNum"=dword:00000002
"ScreenshotFeatureNum"=dword:00000000
"AdClicksNum"=dword:00000000
"AdImpressionsNum"=dword:00000020
"GameLoadedCounter"=dword:00000007
.
[HKEY_USERS\S-1-5-21-161220022-3051712212-4226366938-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-161220022-3051712212-4226366938-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-161220022-3051712212-4226366938-1000\Software\SecuROM\License information*]
"datasecu"=hex:46,e2,c8,a6,e8,a9,0b,8c,80,bf,bf,1f,7c,f8,a5,c8,7c,dd,95,df,13,
d3,4b,0c,85,db,96,e5,46,72,29,d1,4e,c1,41,ca,fc,6e,6e,69,b0,be,94,2f,53,dc,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\MSI\Live Update 5\LU5.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-11-09 11:36:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-11-09 10:36
.
Vor Suchlauf: 4.809.953.280 Bytes frei
Nach Suchlauf: 6.329.303.040 Bytes frei
.
- - End Of File - - 1BA4FCF8545935E5673DD0AC64F17D7F
|
|
09.11.2012, 11:49
| #8 | |
| /// Malwareteam | Trojan.Droppper.BC.Miner + Rootkits Schritt 1: Software deinstallieren
Schritt 2: CF-Script Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter FOLDER::
c:\windows\Installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}
DDS::
mStart Page = hxxp://search.chatzum.com/
FIREFOX::
FF - ProfilePath - c:\users\dome\AppData\Roaming\Mozilla\Firefox\Profiles\34ry4oxj.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - user.js: extentions.y2layers.installId - c5c0669b-6248-43fb-87bd-8c6791d7aeb3
FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,buzzdock,YontooNewOffers
FF - user.js: extensions.autoDisableScopes - 14
REGISTRY::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
CLEARJAVACACHE::
Wichtig:
Schritt 3: Scan mit adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
09.11.2012, 12:10
| #9 |
| | Trojan.Droppper.BC.Miner + Rootkits So hier der Combofixlog: Code:
ATTFilter ComboFix 12-11-09.02 - dome 09.11.2012 12:00:29.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.8163.6207 [GMT 1:00]
ausgeführt von:: c:\users\dome\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\dome\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-09 bis 2012-11-09 ))))))))))))))))))))))))))))))
.
.
2012-11-09 11:03 . 2012-11-09 11:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-09 11:01 . 2012-11-09 11:01 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FFCC89B4-7D0E-4F35-B82C-BD180CA515AD}\offreg.dll
2012-11-09 09:40 . 2012-11-09 09:40 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-08 21:16 . 2012-11-08 21:16 -------- d-----w- c:\users\dome\AppData\Roaming\Malwarebytes
2012-11-08 21:15 . 2012-11-08 21:15 -------- d-----w- c:\programdata\Malwarebytes
2012-11-08 21:15 . 2012-11-08 21:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-08 21:15 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-08 18:22 . 2012-11-08 18:22 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-11-06 09:12 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FFCC89B4-7D0E-4F35-B82C-BD180CA515AD}\mpengine.dll
2012-11-02 12:45 . 2012-11-02 12:45 -------- d-----w- c:\program files (x86)\SR Squad Manager
2012-10-30 09:16 . 2012-10-30 09:16 -------- d-----w- c:\users\dome\AppData\Local\Package Cache
2012-10-28 12:11 . 2012-10-28 12:11 289768 ----a-w- c:\windows\system32\javaws.exe
2012-10-28 12:11 . 2012-10-28 12:11 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-28 12:11 . 2012-10-28 12:11 189416 ----a-w- c:\windows\system32\javaw.exe
2012-10-28 12:11 . 2012-10-28 12:11 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-10-28 12:11 . 2012-10-28 12:11 188904 ----a-w- c:\windows\system32\java.exe
2012-10-28 12:07 . 2012-10-28 12:07 -------- d-----w- c:\programdata\Ask
2012-10-28 12:06 . 2012-10-28 12:06 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-28 12:04 . 2012-10-28 12:04 -------- d-----w- c:\program files (x86)\Helden-Software
2012-10-12 21:37 . 2012-10-12 21:37 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-10-11 07:55 . 2012-10-11 07:55 -------- d-----w- c:\program files (x86)\THQ
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-28 12:11 . 2011-07-25 21:30 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-08 19:26 . 2012-04-05 20:44 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 19:26 . 2011-07-25 15:48 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-04 18:58 . 2012-10-04 18:58 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-08-24 11:15 . 2012-09-22 12:46 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 12:46 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 12:46 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 12:46 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 12:46 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 12:46 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 12:46 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 12:46 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 12:46 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 12:46 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 12:46 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 12:46 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 12:46 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 12:46 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 12:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 12:46 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 12:46 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 12:46 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 12:46 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 12:46 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 12:46 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 12:46 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 13:51 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 13:51 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 13:51 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 13:51 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 07:53 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-10 13:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files (x86)\uTorrentBar_DE\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar_DE\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files (x86)\uTorrentBar_DE\prxtbuTo0.dll" [2011-05-09 176936]
"{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}"= "c:\program files (x86)\ChatZum Toolbar\tbunsoDFA0.tmp\tbcore3.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_CLASSES_ROOT\clsid\{37d48d9c-3f7e-412f-b5bf-611be7ccfca1}]
[HKEY_CLASSES_ROOT\TBSB09850.TBSB09850.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB09850.TBSB09850]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-08-01 124480]
"Steam"="d:\program files (x86)\Steam\Steam.exe" [2012-08-06 1353080]
"Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2010-08-02 402944]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"Logitech G35"="c:\program files (x86)\Logitech\G35\G35.exe" [2010-10-05 1811800]
"Live Update 5"="c:\program files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe" [2012-01-30 315392]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"Philips Device Listener"="c:\program files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2012-06-23 380416]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-09-06 413696]
.
c:\users\dome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-8-10 0]
Logitech blank Produktregistrierung.lnk - c:\program files (x86)\Logitech\G35\eReg.exe [2008-2-13 493832]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\E034.tmp [2010-05-26 6144]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-06-08 153808]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-25 254528]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 69976]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys [2012-01-20 106496]
S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys [2010-09-29 62168]
S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys [2010-09-29 377176]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [2010-05-10 33592]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys [2012-01-20 34944]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:26]
.
2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-04 09:38]
.
2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-04 09:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-17 6602856]
"SteelSeries Engine"="c:\program files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" [2012-01-20 227328]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = hxxp://search.chatzum.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{22C4C66D-6ECE-4231-B3E8-4F8D9D78DB66}: NameServer = 195.50.140.246 195.50.140.180
FF - ProfilePath - c:\users\dome\AppData\Roaming\Mozilla\Firefox\Profiles\34ry4oxj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://utils.chatzum.com/?url=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-ChatZum Toolbar - c:\program files (x86)\ChatZum Toolbar\tbunsoDFA0.tmp\uninstaller.exe
AddRemove-PunkBusterSvc - e:\bf3\Battlefield 3\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\E034.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-161220022-3051712212-4226366938-1000\Software\G*e*n*i*e*"!\FM Genie Scout 12]
"GameDir"="c:\\Users\\dome\\Documents\\Sports Interactive\\Football Manager 2012\\games"
"ShortlistDir"="c:\\Users\\dome\\Documents\\Sports Interactive\\Football Manager 2012\\shortlists"
"FMPath"=""
"ScreenshotsDir"="c:\\Users\\dome\\Documents\\Sports Interactive\\Football Manager 2012"
"SaveDir"="c:\\Users\\dome\\Documents\\Sports Interactive\\Football Manager 2012\\"
"HistoryDir"="c:\\FM Genie Scout 12\\History Points"
"LangDB"="c:\\FM Genie Scout 12\\lang_db.dat"
"LastSaveGame"=""
"Language"="German"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000032
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009fe2
"VersionOf201"=dword:0000007b
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"ShowGuidNotification"=dword:00000000
"ShowDonateNotification"=dword:00000000
"Version"=dword:000000cc
"UniqueID"="56-A5B0-E22F"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000004
"StaffSearchFeatureNum"=dword:00000000
"ClubSearchFeatureNum"=dword:00000003
"FilterByClubFeatureNum"=dword:00000004
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000006
"HintsFeatureNum"=dword:00000000
"GenieReportFeatureNum"=dword:00000002
"TopFormationFeatureNum"=dword:00000002
"ScreenshotFeatureNum"=dword:00000000
"AdClicksNum"=dword:00000000
"AdImpressionsNum"=dword:00000020
"GameLoadedCounter"=dword:00000007
.
[HKEY_USERS\S-1-5-21-161220022-3051712212-4226366938-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-161220022-3051712212-4226366938-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-161220022-3051712212-4226366938-1000\Software\SecuROM\License information*]
"datasecu"=hex:46,e2,c8,a6,e8,a9,0b,8c,80,bf,bf,1f,7c,f8,a5,c8,7c,dd,95,df,13,
d3,4b,0c,85,db,96,e5,46,72,29,d1,4e,c1,41,ca,fc,6e,6e,69,b0,be,94,2f,53,dc,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-09 12:06:45
ComboFix-quarantined-files.txt 2012-11-09 11:06
ComboFix2.txt 2012-11-09 10:36
.
Vor Suchlauf: 6.566.825.984 Bytes frei
Nach Suchlauf: 6.968.528.896 Bytes frei
.
- - End Of File - - D4030C4A90F16B5E168177870E9965CB
Code:
ATTFilter # AdwCleaner v2.007 - Datei am 09/11/2012 um 12:08:45 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : dome - BITCH
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\dome\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Windows\SysWOW64\conduitEngine.tmp
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\Program Files (x86)\uTorrentBar_DE
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\Users\dome\AppData\Local\Conduit
Ordner Gefunden : C:\Users\dome\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\dome\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\dome\AppData\LocalLow\Toolbar4
Ordner Gefunden : C:\Users\dome\AppData\LocalLow\uTorrentBar_DE
Ordner Gefunden : C:\Users\dome\AppData\Roaming\Mozilla\Firefox\Profiles\34ry4oxj.default\ConduitCommon
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\uTorrentBar_DE
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\ChatZum Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\Software\ChatZum Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Schlüssel Gefunden : HKLM\Software\uTorrentBar_DE
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F088D26-D02C-495C-A455-98D62A30ACA3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBE6655B-9E49-468B-B496-48315365D729}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ChatZum Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_DE Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Schlüssel Gefunden : HKU\S-1-5-21-161220022-3051712212-4226366938-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gefunden : HKU\S-1-5-21-161220022-3051712212-4226366938-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.chatzum.com/
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.chatzum.com/
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\dome\AppData\Roaming\Mozilla\Firefox\Profiles\34ry4oxj.default\prefs.js
Gefunden : user_pref("CT2851647..clientLogIsEnabled", false);
Gefunden : user_pref("CT2851647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gefunden : user_pref("CT2851647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gefunden : user_pref("CT2851647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2851647.CTID", "CT2851647");
Gefunden : user_pref("CT2851647.CurrentServerDate", "25-7-2011");
Gefunden : user_pref("CT2851647.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2851647.DialogsGetterLastCheckTime", "Mon Jul 25 2011 16:32:07 GMT+0200");
Gefunden : user_pref("CT2851647.DownloadReferralCookieData", "");
Gefunden : user_pref("CT2851647.EMailNotifierPollDate", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gefunden : user_pref("CT2851647.FeedLastCount2532783744689806690", 139);
Gefunden : user_pref("CT2851647.FeedPollDate2429156812186649977", "Mon Jul 25 2011 16:32:06 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813040823546", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813130095866", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813224203613", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813230837251", "Mon Jul 25 2011 16:32:06 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813454291735", "Mon Jul 25 2011 16:32:06 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813729834876", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813860870021", "Mon Jul 25 2011 16:32:06 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156814264681793", "Mon Jul 25 2011 16:32:06 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156814863075366", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156815257761081", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gefunden : user_pref("CT2851647.FeedTTL2429156813040823546", 15);
Gefunden : user_pref("CT2851647.FeedTTL2429156813130095866", 10);
Gefunden : user_pref("CT2851647.FeedTTL2429156813454291735", 5);
Gefunden : user_pref("CT2851647.FeedTTL2429156814264681793", 5);
Gefunden : user_pref("CT2851647.FirstServerDate", "25-7-2011");
Gefunden : user_pref("CT2851647.FirstTime", true);
Gefunden : user_pref("CT2851647.FirstTimeFF3", true);
Gefunden : user_pref("CT2851647.FixPageNotFoundErrors", false);
Gefunden : user_pref("CT2851647.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2851647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2851647.HasUserGlobalKeys", true);
Gefunden : user_pref("CT2851647.Initialize", true);
Gefunden : user_pref("CT2851647.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2851647.InstallationAndCookieDataSentCount", 1);
Gefunden : user_pref("CT2851647.InstallationType", "UnknownIntegration");
Gefunden : user_pref("CT2851647.InstalledDate", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gefunden : user_pref("CT2851647.IsGrouping", false);
Gefunden : user_pref("CT2851647.IsInitSetupIni", true);
Gefunden : user_pref("CT2851647.IsMulticommunity", false);
Gefunden : user_pref("CT2851647.IsOpenThankYouPage", true);
Gefunden : user_pref("CT2851647.IsOpenUninstallPage", false);
Gefunden : user_pref("CT2851647.LanguagePackLastCheckTime", "Mon Jul 25 2011 16:32:07 GMT+0200");
Gefunden : user_pref("CT2851647.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2851647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2851647.LastLogin_3.5.0.12", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gefunden : user_pref("CT2851647.LatestVersion", "3.3.3.2");
Gefunden : user_pref("CT2851647.Locale", "de");
Gefunden : user_pref("CT2851647.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2851647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2851647.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2851647.MyStuffEnabledAtInstallation", true);
Gefunden : user_pref("CT2851647.OriginalFirstVersion", "3.5.0.12");
Gefunden : user_pref("CT2851647.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2851647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Gefunden : user_pref("CT2851647.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2851647.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2851647.SearchInNewTabLastCheckTime", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gefunden : user_pref("CT2851647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2851647.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gefunden : user_pref("CT2851647.SearchProtectorToolbarDisabled", true);
Gefunden : user_pref("CT2851647.ServiceMapLastCheckTime", "Mon Jul 25 2011 16:32:03 GMT+0200");
Gefunden : user_pref("CT2851647.SettingsLastCheckTime", "Mon Jul 25 2011 16:32:03 GMT+0200");
Gefunden : user_pref("CT2851647.SettingsLastUpdate", "1311168866");
Gefunden : user_pref("CT2851647.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2851647.ThirdPartyComponentsLastCheck", "Mon Jul 25 2011 16:32:03 GMT+0200");
Gefunden : user_pref("CT2851647.ThirdPartyComponentsLastUpdate", "1255344657");
Gefunden : user_pref("CT2851647.ToolbarShrinkedFromSetup", false);
Gefunden : user_pref("CT2851647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851647");
Gefunden : user_pref("CT2851647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gefunden : user_pref("CT2851647.UserID", "UN52651897385341616");
Gefunden : user_pref("CT2851647.WeatherNetwork", "");
Gefunden : user_pref("CT2851647.WeatherPollDate", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gefunden : user_pref("CT2851647.WeatherUnit", "C");
Gefunden : user_pref("CT2851647.alertChannelId", "1243681");
Gefunden : user_pref("CT2851647.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Gefunden : user_pref("CT2851647.components.1000034", false);
Gefunden : user_pref("CT2851647.components.1000234", false);
Gefunden : user_pref("CT2851647.components.129351532245432032", false);
Gefunden : user_pref("CT2851647.components.129351532245744535", false);
Gefunden : user_pref("CT2851647.components.129416031642500897", false);
Gefunden : user_pref("CT2851647.components.2532783744689806690", false);
Gefunden : user_pref("CT2851647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gefunden : user_pref("CT2851647.globalFirstTimeInfoLastCheckTime", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gefunden : user_pref("CT2851647.homepageProtectorEnableByLogin", true);
Gefunden : user_pref("CT2851647.initDone", true);
Gefunden : user_pref("CT2851647.isAppTrackingManagerOn", true);
Gefunden : user_pref("CT2851647.myStuffEnabled", true);
Gefunden : user_pref("CT2851647.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2851647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2851647.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2851647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2851647.searchProtectorDialogDelayInSec", 10);
Gefunden : user_pref("CT2851647.searchProtectorEnableByLogin", true);
Gefunden : user_pref("CT2851647.testingCtid", "");
Gefunden : user_pref("CT2851647.toolbarAppMetaDataLastCheckTime", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gefunden : user_pref("CT2851647.toolbarContextMenuLastCheckTime", "Mon Jul 25 2011 16:32:07 GMT+0200");
Gefunden : user_pref("CT2851647.usagesFlag", 2);
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1243681/1239354/DE", "\"0\"[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851647", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851647",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2851647&octid=[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Gefunden : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\dome\\AppData\\Roaming\\Mozilla\\Fi[...]
Gefunden : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12");
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "data:text/plain,keyword.URL=hxxp://de.se[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2851647");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2851647");
Gefunden : user_pref("CommunityToolbar.ToolbarsList4", "CT2851647");
Gefunden : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Jul 25 2011 16:32:06 GMT+0200");
Gefunden : user_pref("CommunityToolbar.globalUserId", "8039b80e-c71f-4395-97ef-76d5d2df4b4e");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jul 25 2011 16:32:0[...]
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Jul 25 2011 16:32:14 GMT+020[...]
Gefunden : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.locale", "en");
Gefunden : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gefunden : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");
Gefunden : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.notifications.userId", "05cf1917-110a-40e8-8559-270e1ac94e35");
Gefunden : user_pref("browser.newtab.url", "search.chatzum.com");
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("id_chatzum_installed_version", "1.0.17");
Gefunden : user_pref("id_chatzum_tabpage", "hxxp%3A//searchsafer.com/");
Gefunden : user_pref("keyword.URL", "hxxp://utils.chatzum.com/?url=");
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\dome\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [23985 octets] - [09/11/2012 12:08:45]
########## EOF - C:\AdwCleaner[R1].txt - [24046 octets] ##########
|
|
09.11.2012, 12:15
| #10 |
| /// Malwareteam | Trojan.Droppper.BC.Miner + Rootkits Schritt 1: Fix mit adwCleaner
Schritt 2: OTL
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
09.11.2012, 12:37
| #11 |
| | Trojan.Droppper.BC.Miner + Rootkits So hier die erneute ADWlog: Code:
ATTFilter # AdwCleaner v2.007 - Datei am 09/11/2012 um 12:20:58 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : dome - BITCH
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\dome\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Windows\SysWOW64\conduitEngine.tmp
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\uTorrentBar_DE
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\dome\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\dome\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\dome\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\dome\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\dome\AppData\LocalLow\uTorrentBar_DE
Ordner Gelöscht : C:\Users\dome\AppData\Roaming\Mozilla\Firefox\Profiles\34ry4oxj.default\ConduitCommon
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\uTorrentBar_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Schlüssel Gelöscht : HKLM\Software\uTorrentBar_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F088D26-D02C-495C-A455-98D62A30ACA3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBE6655B-9E49-468B-B496-48315365D729}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_DE Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\dome\AppData\Roaming\Mozilla\Firefox\Profiles\34ry4oxj.default\prefs.js
C:\Users\dome\AppData\Roaming\Mozilla\Firefox\Profiles\34ry4oxj.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2851647..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2851647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2851647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2851647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2851647.CTID", "CT2851647");
Gelöscht : user_pref("CT2851647.CurrentServerDate", "25-7-2011");
Gelöscht : user_pref("CT2851647.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2851647.DialogsGetterLastCheckTime", "Mon Jul 25 2011 16:32:07 GMT+0200");
Gelöscht : user_pref("CT2851647.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2851647.EMailNotifierPollDate", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedLastCount2532783744689806690", 139);
Gelöscht : user_pref("CT2851647.FeedPollDate2429156812186649977", "Mon Jul 25 2011 16:32:06 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156813040823546", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156813130095866", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156813224203613", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156813230837251", "Mon Jul 25 2011 16:32:06 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156813454291735", "Mon Jul 25 2011 16:32:06 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156813729834876", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156813860870021", "Mon Jul 25 2011 16:32:06 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156814264681793", "Mon Jul 25 2011 16:32:06 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156814863075366", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156815257761081", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedTTL2429156813040823546", 15);
Gelöscht : user_pref("CT2851647.FeedTTL2429156813130095866", 10);
Gelöscht : user_pref("CT2851647.FeedTTL2429156813454291735", 5);
Gelöscht : user_pref("CT2851647.FeedTTL2429156814264681793", 5);
Gelöscht : user_pref("CT2851647.FirstServerDate", "25-7-2011");
Gelöscht : user_pref("CT2851647.FirstTime", true);
Gelöscht : user_pref("CT2851647.FirstTimeFF3", true);
Gelöscht : user_pref("CT2851647.FixPageNotFoundErrors", false);
Gelöscht : user_pref("CT2851647.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2851647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2851647.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2851647.Initialize", true);
Gelöscht : user_pref("CT2851647.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2851647.InstallationAndCookieDataSentCount", 1);
Gelöscht : user_pref("CT2851647.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2851647.InstalledDate", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gelöscht : user_pref("CT2851647.IsGrouping", false);
Gelöscht : user_pref("CT2851647.IsInitSetupIni", true);
Gelöscht : user_pref("CT2851647.IsMulticommunity", false);
Gelöscht : user_pref("CT2851647.IsOpenThankYouPage", true);
Gelöscht : user_pref("CT2851647.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2851647.LanguagePackLastCheckTime", "Mon Jul 25 2011 16:32:07 GMT+0200");
Gelöscht : user_pref("CT2851647.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2851647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2851647.LastLogin_3.5.0.12", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gelöscht : user_pref("CT2851647.LatestVersion", "3.3.3.2");
Gelöscht : user_pref("CT2851647.Locale", "de");
Gelöscht : user_pref("CT2851647.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2851647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2851647.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2851647.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2851647.OriginalFirstVersion", "3.5.0.12");
Gelöscht : user_pref("CT2851647.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2851647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Gelöscht : user_pref("CT2851647.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2851647.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2851647.SearchInNewTabLastCheckTime", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gelöscht : user_pref("CT2851647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2851647.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2851647.SearchProtectorToolbarDisabled", true);
Gelöscht : user_pref("CT2851647.ServiceMapLastCheckTime", "Mon Jul 25 2011 16:32:03 GMT+0200");
Gelöscht : user_pref("CT2851647.SettingsLastCheckTime", "Mon Jul 25 2011 16:32:03 GMT+0200");
Gelöscht : user_pref("CT2851647.SettingsLastUpdate", "1311168866");
Gelöscht : user_pref("CT2851647.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2851647.ThirdPartyComponentsLastCheck", "Mon Jul 25 2011 16:32:03 GMT+0200");
Gelöscht : user_pref("CT2851647.ThirdPartyComponentsLastUpdate", "1255344657");
Gelöscht : user_pref("CT2851647.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT2851647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851647");
Gelöscht : user_pref("CT2851647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2851647.UserID", "UN52651897385341616");
Gelöscht : user_pref("CT2851647.WeatherNetwork", "");
Gelöscht : user_pref("CT2851647.WeatherPollDate", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gelöscht : user_pref("CT2851647.WeatherUnit", "C");
Gelöscht : user_pref("CT2851647.alertChannelId", "1243681");
Gelöscht : user_pref("CT2851647.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Gelöscht : user_pref("CT2851647.components.1000034", false);
Gelöscht : user_pref("CT2851647.components.1000234", false);
Gelöscht : user_pref("CT2851647.components.129351532245432032", false);
Gelöscht : user_pref("CT2851647.components.129351532245744535", false);
Gelöscht : user_pref("CT2851647.components.129416031642500897", false);
Gelöscht : user_pref("CT2851647.components.2532783744689806690", false);
Gelöscht : user_pref("CT2851647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2851647.globalFirstTimeInfoLastCheckTime", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gelöscht : user_pref("CT2851647.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2851647.initDone", true);
Gelöscht : user_pref("CT2851647.isAppTrackingManagerOn", true);
Gelöscht : user_pref("CT2851647.myStuffEnabled", true);
Gelöscht : user_pref("CT2851647.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2851647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2851647.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2851647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2851647.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2851647.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2851647.testingCtid", "");
Gelöscht : user_pref("CT2851647.toolbarAppMetaDataLastCheckTime", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gelöscht : user_pref("CT2851647.toolbarContextMenuLastCheckTime", "Mon Jul 25 2011 16:32:07 GMT+0200");
Gelöscht : user_pref("CT2851647.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1243681/1239354/DE", "\"0\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851647", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851647",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2851647&octid=[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\dome\\AppData\\Roaming\\Mozilla\\Fi[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "data:text/plain,keyword.URL=hxxp://de.se[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2851647");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2851647");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2851647");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Jul 25 2011 16:32:06 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "8039b80e-c71f-4395-97ef-76d5d2df4b4e");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jul 25 2011 16:32:0[...]
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Jul 25 2011 16:32:14 GMT+020[...]
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "05cf1917-110a-40e8-8559-270e1ac94e35");
Gelöscht : user_pref("browser.newtab.url", "search.chatzum.com");
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("id_chatzum_installed_version", "1.0.17");
Gelöscht : user_pref("id_chatzum_tabpage", "hxxp%3A//searchsafer.com/");
Gelöscht : user_pref("keyword.URL", "hxxp://utils.chatzum.com/?url=");
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\dome\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [24078 octets] - [09/11/2012 12:08:45]
AdwCleaner[S1].txt - [23476 octets] - [09/11/2012 12:20:58]
########## EOF - C:\AdwCleaner[S1].txt - [23537 octets] ##########
Code:
ATTFilter OTL logfile created on: 09.11.2012 12:29:02 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\dome\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,97 Gb Total Physical Memory | 5,75 Gb Available Physical Memory | 72,17% Memory free 15,94 Gb Paging File | 13,48 Gb Available in Paging File | 84,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 86,40 Gb Total Space | 6,60 Gb Free Space | 7,63% Space Free | Partition Type: NTFS Drive D: | 73,24 Gb Total Space | 12,64 Gb Free Space | 17,26% Space Free | Partition Type: NTFS Drive E: | 73,24 Gb Total Space | 48,39 Gb Free Space | 66,07% Space Free | Partition Type: NTFS Drive F: | 6,90 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive H: | 931,51 Gb Total Space | 118,35 Gb Free Space | 12,70% Space Free | Partition Type: NTFS Computer Name: BITCH | User Name: dome | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\dome\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () PRC - C:\Program Files (x86)\MSI\Live Update 5\LU5.exe (Micro-Star International) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c)) PRC - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe () PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe () MOD - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\MExplorer.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (busenum) -- C:\Windows\SysNative\drivers\SteelBus64.sys (SteelSeries Corporation) DRV:64bit: - (SAlphamHid) -- C:\Windows\SysNative\drivers\SAlpham64.sys (SteelSeries Corporation) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (LADF_SBVM) -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys (Logitech) DRV:64bit: - (LADF_DHP2) -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys (Logitech) DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\E034.tmp (Sophos Plc) DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (GEARAspiWDM) -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (NTIOLib_1_0_4) -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys (MSI) DRV - (SAVRKBootTasks) -- C:\Windows\SysWOW64\SAVRKBootTasks.sys (Sophos Plc) DRV - (MSI_MSIBIOS_010507) -- C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys (Your Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 13 19 D2 D6 66 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{B7A63A07-C732-4FA5-ADE4-A03EF0983B4F}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=100A77E8-47D9-48FE-A858-2FAFD0ACFB36&apn_sauid=DF9929F8-081B-498F-B770-5D3B0564326D IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1426 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.3: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\dome\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.22 10:00:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 00:06:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.28 13:08:34 | 000,000,000 | ---D | M] [2012.01.05 14:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dome\AppData\Roaming\mozilla\Extensions [2012.01.05 14:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dome\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [2012.11.03 10:16:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dome\AppData\Roaming\mozilla\Firefox\Profiles\34ry4oxj.default\extensions [2012.09.15 08:34:59 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\dome\AppData\Roaming\mozilla\Firefox\Profiles\34ry4oxj.default\extensions\ich@maltegoetz.de [2012.11.03 10:16:02 | 000,530,388 | ---- | M] () (No name found) -- C:\Users\dome\AppData\Roaming\mozilla\firefox\profiles\34ry4oxj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.07.26 00:27:24 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\dome\AppData\Roaming\mozilla\firefox\profiles\34ry4oxj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.27 00:06:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.27 00:06:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2012.10.27 00:06:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.03.22 10:00:34 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.10.27 00:06:51 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.02.20 09:36:11 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.10 18:24:43 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.20 09:36:11 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.20 09:36:11 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.20 09:36:11 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.20 09:36:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2012.11.09 11:30:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SteelSeries Engine] C:\Programme\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe () O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe () O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c)) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe () O4 - HKCU..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\dome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O4 - Startup: C:\Users\dome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Produktregistrierung.lnk = C:\Program Files (x86)\Logitech\G35\eReg.exe (Leader Technologies/Logitech) O4 - Startup: C:\Users\dome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22C4C66D-6ECE-4231-B3E8-4F8D9D78DB66}: NameServer = 195.50.140.246 195.50.140.180 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.08.31 08:39:28 | 008,110,472 | R--- | M] (Electronic Arts, Inc.) - F:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2012.09.05 04:18:38 | 000,000,000 | R--D | M] - F:\Autorun -- [ UDF ] O32 - AutoRun File - [2012.08.31 08:41:57 | 000,048,902 | R--- | M] () - F:\Autorun.ico -- [ UDF ] O32 - AutoRun File - [2012.09.05 04:18:36 | 000,000,124 | R--- | M] () - F:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.09 12:27:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\dome\Desktop\OTL.exe [2012.11.09 12:22:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.11.09 12:06:47 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.11.09 11:54:38 | 004,998,937 | R--- | C] (Swearware) -- C:\Users\dome\Desktop\ComboFix.exe [2012.11.09 11:18:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.11.09 11:18:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.11.09 11:18:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.11.09 11:12:33 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.09 11:12:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.11.09 10:40:23 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.11.09 10:28:35 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\dome\Desktop\tdsskiller.exe [2012.11.09 10:25:42 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\dome\Desktop\aswMBR.exe [2012.11.08 22:16:29 | 000,000,000 | ---D | C] -- C:\Users\dome\AppData\Roaming\Malwarebytes [2012.11.08 22:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.08 22:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.08 22:15:24 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.08 22:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.08 19:22:31 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012.11.06 16:34:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 13 [2012.11.05 18:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III [2012.11.04 16:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Sports [2012.11.02 13:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SR Squad Manager [2012.11.02 13:45:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SR Squad Manager [2012.10.30 10:16:39 | 000,000,000 | ---D | C] -- C:\Users\dome\AppData\Local\Package Cache [2012.10.28 13:11:44 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.10.28 13:11:44 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.10.28 13:11:36 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.10.28 13:11:36 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.10.28 13:11:36 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2012.10.28 13:06:55 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.10.28 13:04:24 | 000,000,000 | ---D | C] -- C:\Users\dome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Helden-Software [2012.10.28 13:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helden-Software [2012.10.28 13:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Helden-Software [2012.10.27 00:06:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.12 22:37:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012.10.11 08:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ [2012.10.11 08:55:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ [2012.10.10 14:06:54 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.10.10 14:06:54 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.10.10 14:06:53 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.10.10 14:06:44 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.10.10 14:06:44 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.10.10 14:06:43 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.10.10 14:06:43 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.10.10 14:06:42 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.10.10 14:06:42 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.10.10 14:06:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.10.10 14:06:42 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.10.10 14:06:42 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.10.10 14:06:42 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.10.10 14:06:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.10.10 14:06:42 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.10.10 14:06:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.10.10 14:06:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 14:06:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 14:06:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 14:06:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 14:06:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 14:06:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 14:06:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 14:06:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 14:06:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 14:06:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 14:06:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 14:06:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 14:06:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 14:06:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 14:06:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 14:06:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 14:06:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 14:06:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 14:06:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.10.10 14:06:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 14:06:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 14:06:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 14:06:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.10.10 14:06:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 14:06:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 14:06:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 14:06:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 14:06:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 14:06:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 14:06:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 14:06:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 14:06:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 14:06:41 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.10.10 14:06:41 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.10.10 14:06:41 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.10.10 14:06:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 14:06:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 14:06:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 14:06:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 14:06:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 14:06:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 14:06:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 14:06:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 14:06:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 14:06:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 14:06:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.10.10 14:06:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.10.10 14:06:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.10.10 14:06:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.10.10 14:06:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 14:06:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 14:06:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 14:06:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 14:06:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.10.10 14:06:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.10.10 14:06:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.10.10 14:06:29 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.10.10 14:06:09 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.10.10 14:06:08 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.09 12:31:24 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.09 12:31:24 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.09 12:29:46 | 001,642,566 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.09 12:29:46 | 000,707,446 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.09 12:29:46 | 000,661,064 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.09 12:29:46 | 000,153,038 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.09 12:29:46 | 000,125,254 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.09 12:27:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dome\Desktop\OTL.exe [2012.11.09 12:26:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.09 12:26:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.09 12:23:41 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.09 12:22:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.09 12:21:57 | 2124,791,807 | -HS- | M] () -- C:\hiberfil.sys [2012.11.09 12:08:04 | 000,541,569 | ---- | M] () -- C:\Users\dome\Desktop\adwcleaner.exe [2012.11.09 11:55:00 | 004,998,937 | R--- | M] (Swearware) -- C:\Users\dome\Desktop\ComboFix.exe [2012.11.09 11:30:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.11.09 10:39:19 | 000,000,512 | ---- | M] () -- C:\Users\dome\Desktop\MBR.dat [2012.11.09 10:28:37 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\dome\Desktop\tdsskiller.exe [2012.11.09 10:26:11 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\dome\Desktop\aswMBR.exe [2012.11.09 10:25:05 | 000,000,168 | ---- | M] () -- C:\Users\dome\defogger_reenable [2012.11.09 10:24:31 | 000,050,477 | ---- | M] () -- C:\Users\dome\Desktop\Defogger.exe [2012.11.08 22:15:25 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.06 16:34:49 | 000,000,726 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 13.lnk [2012.11.05 18:47:57 | 000,000,728 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012.11.04 16:44:56 | 000,000,533 | ---- | M] () -- C:\Users\Public\Desktop\NBA 2K12.lnk [2012.11.02 13:54:13 | 000,001,103 | ---- | M] () -- C:\Users\dome\AppData\Roaming\SquadManagerOptions.xml [2012.11.02 13:45:03 | 000,002,595 | ---- | M] () -- C:\Users\Public\Desktop\SR Squad Manager.lnk [2012.10.30 10:16:42 | 000,001,901 | ---- | M] () -- C:\Users\dome\Desktop\MechWarrior Online.lnk [2012.10.28 13:12:12 | 000,000,285 | ---- | M] () -- C:\Users\dome\.dsa4.properties [2012.10.28 13:11:29 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.10.28 13:11:29 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.10.28 13:11:29 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2012.10.28 13:11:28 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.10.28 13:11:28 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.10.28 13:11:28 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.10.28 13:06:39 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.10.12 09:02:06 | 000,000,222 | ---- | M] () -- C:\Users\dome\Desktop\XCOM Enemy Unknown.url [6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.09 12:08:01 | 000,541,569 | ---- | C] () -- C:\Users\dome\Desktop\adwcleaner.exe [2012.11.09 11:18:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.11.09 11:18:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.11.09 11:18:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.11.09 11:18:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.11.09 11:18:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.09 10:39:19 | 000,000,512 | ---- | C] () -- C:\Users\dome\Desktop\MBR.dat [2012.11.09 10:25:05 | 000,000,168 | ---- | C] () -- C:\Users\dome\defogger_reenable [2012.11.09 10:24:30 | 000,050,477 | ---- | C] () -- C:\Users\dome\Desktop\Defogger.exe [2012.11.08 22:15:25 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.06 16:34:49 | 000,000,726 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 13.lnk [2012.11.05 18:47:42 | 000,000,728 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012.11.04 16:44:56 | 000,000,533 | ---- | C] () -- C:\Users\Public\Desktop\NBA 2K12.lnk [2012.11.02 13:45:03 | 000,002,595 | ---- | C] () -- C:\Users\Public\Desktop\SR Squad Manager.lnk [2012.10.30 10:16:42 | 000,001,901 | ---- | C] () -- C:\Users\dome\Desktop\MechWarrior Online.lnk [2012.10.12 09:02:06 | 000,000,222 | ---- | C] () -- C:\Users\dome\Desktop\XCOM Enemy Unknown.url [2012.09.30 09:53:21 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe [2012.08.05 19:21:22 | 000,000,092 | ---- | C] () -- C:\Users\dome\AppData\Local\fusioncache.dat [2012.07.04 17:53:38 | 000,000,531 | ---- | C] () -- C:\Windows\eReg.dat [2012.04.10 18:48:28 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll [2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.04.03 21:57:39 | 000,003,937 | ---- | C] () -- C:\Users\dome\.heldEinstellungen4_1.xml [2012.04.03 21:57:38 | 000,000,285 | ---- | C] () -- C:\Users\dome\.dsa4.properties [2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.12.29 13:55:07 | 000,000,000 | ---- | C] () -- C:\Users\dome\AppData\Local\{1F866D96-11B0-4FE7-89EA-F8F0F714BCD4} [2011.11.18 14:42:15 | 000,000,000 | ---- | C] () -- C:\Users\dome\AppData\Local\{581710D3-45DF-4CD5-9C6A-9CAF59E1FBE0} [2011.10.28 10:28:32 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.10.28 10:28:29 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.10.20 22:26:22 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin [2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.09.08 17:25:19 | 000,001,103 | ---- | C] () -- C:\Users\dome\AppData\Roaming\SquadManagerOptions.xml [2011.09.08 17:23:32 | 001,669,102 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.08.03 23:32:35 | 000,000,205 | ---- | C] () -- C:\Users\dome\AppData\Roaming\default.rss [2011.07.25 14:50:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.07.25 14:47:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Files - Unicode (All) ========== [2012.11.06 00:01:51 | 000,001,830 | ---- | M] ()(C:\Windows\SysNative\???????????????????????????????????????????????????i????????????????????8???????????????????????????????????????°?????????8???-?????????????????J???????????????????????????????????????°?????????8???-??.lnk) -- C:\Windows\SysNative\㩈獜牥敩屮浡牥捩湡搠摡䅜敭楲慣慄*敓獡湯㔠䅜敭楲慣慄*㔰へ‴*牂楡獮䈠慲湩湡畁潴潭楢敬癡i猀㈥愰摮㈥䄰瑵浯扯汩獥愮楶䜀ႚ쉅ᜂ樴㡥耀8Ѡ䆘߯䃈߯䛠߯៰Ѡ㧠߯⃠Ѡ꽈ѝ껠ѝꛀѝꤰѝꮠѝ䋐߯ᰀѠᤨѠ㶈߯ᏠѠ㯨߯䖨߯㱐߯∘Ѡ⊀ѠᬰѠᚸѠ᫈Ѡ⁸ѠឈѠ‐Ѡ䐈߯ᣀѠ↰Ѡ᩠ѠᡘѠ㢨߯ᜐ樴悆耀JѠ䆘߯䃈߯䛠߯៰Ѡ㧠߯⃠Ѡ꽈ѝ껠ѝꛀѝꤰѝꮠѝ䋐߯ᰀѠᤨѠ㶈߯ᏠѠ㯨߯䖨߯㱐߯∘Ѡ⊀ѠᬰѠᚸѠ᫈Ѡ⁸ѠឈѠ‐Ѡ䐈.lnk [2012.11.06 00:01:51 | 000,001,830 | ---- | C] ()(C:\Windows\SysNative\???????????????????????????????????????????????????i????????????????????8???????????????????????????????????????°?????????8???-?????????????????J???????????????????????????????????????°?????????8???-??.lnk) -- C:\Windows\SysNative\㩈獜牥敩屮浡牥捩湡搠摡䅜敭楲慣慄*敓獡湯㔠䅜敭楲慣慄*㔰へ‴*牂楡獮䈠慲湩湡畁潴潭楢敬癡i猀㈥愰摮㈥䄰瑵浯扯汩獥愮楶䜀ႚ쉅ᜂ樴㡥耀8Ѡ䆘߯䃈߯䛠߯៰Ѡ㧠߯⃠Ѡ꽈ѝ껠ѝꛀѝꤰѝꮠѝ䋐߯ᰀѠᤨѠ㶈߯ᏠѠ㯨߯䖨߯㱐߯∘Ѡ⊀ѠᬰѠᚸѠ᫈Ѡ⁸ѠឈѠ‐Ѡ䐈߯ᣀѠ↰Ѡ᩠ѠᡘѠ㢨߯ᜐ樴悆耀JѠ䆘߯䃈߯䛠߯៰Ѡ㧠߯⃠Ѡ꽈ѝ껠ѝꛀѝꤰѝꮠѝ䋐߯ᰀѠᤨѠ㶈߯ᏠѠ㯨߯䖨߯㱐߯∘Ѡ⊀ѠᬰѠᚸѠ᫈Ѡ⁸ѠឈѠ‐Ѡ䐈.lnk < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.11.2012 12:29:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\dome\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,97 Gb Total Physical Memory | 5,75 Gb Available Physical Memory | 72,17% Memory free
15,94 Gb Paging File | 13,48 Gb Available in Paging File | 84,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 86,40 Gb Total Space | 6,60 Gb Free Space | 7,63% Space Free | Partition Type: NTFS
Drive D: | 73,24 Gb Total Space | 12,64 Gb Free Space | 17,26% Space Free | Partition Type: NTFS
Drive E: | 73,24 Gb Total Space | 48,39 Gb Free Space | 66,07% Space Free | Partition Type: NTFS
Drive F: | 6,90 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 931,51 Gb Total Space | 118,35 Gb Free Space | 12,70% Space Free | Partition Type: NTFS
Computer Name: BITCH | User Name: dome | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1A763B1F-E034-4D61-9BF4-1E3989582857}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{869F7E61-AA2D-4B7B-AE6A-463FFB0A4B2D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{1C167CC5-8176-4B6C-A10B-ADAA3B7FE507}C:\program files (x86)\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"UDP Query User{8363B301-1B22-4D5C-8934-408D30C4344C}C:\program files (x86)\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}" = Logitech G35
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"SteelSeries Engine" = SteelSeries Engine
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04E9B02B-4F85-4B73-B865-27B9B8B35877}" = NBA 2K12
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.7.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39930321-4C58-4B8B-BCBF-342698C9801D}" = Max Payne
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5C318BD3-BA72-43E4-9D16-A18210B4A5A5}" = Media Go
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9c5ea4f3-9ea7-4090-be3d-64df995bd61f}" = Nero 9 Essentials
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C93F8F79-128F-483E-93D9-A7744F8A66BD}_is1" = DS-Timer Version 1.0.0.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DE29025A-091F-4998-AD2D-24C84421190F}" = Railroad Tycoon 3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EE22C0A1-89C4-47EC-91EF-201B4F404757}" = SR Squad Manager
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.00.175
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F8511A0F-D91D-4E3D-A59C-3CA8FB8EAFE8}" = MechWarrior Online
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Close Combat The Longest Day5.50" = Close Combat The Longest Day
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dead.Island.Game.of.The.Year.Edition_is1" = Dead.Island.Game.of.The.Year.Edition
"Diablo III" = Diablo III
"EAX(tm) Unified (SHELL)" = EAX(tm) Unified (SHELL)
"ESN Sonar-0.70.3" = ESN Sonar
"ESN Sonar-0.70.4" = ESN Sonar
"Guild Wars 2" = Guild Wars 2
"IDroo" = IDroo 1.0.0.154
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"mIRC" = mIRC
"Mount&Blade" = Mount&Blade
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"OpenTTD" = OpenTTD 1.2.1
"Origin" = Origin
"Philips Songbird" = Philips Songbird
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"RollerCoaster Tycoon Setup" = Roll
"S2TNG" = Die Siedler II - Die nächste Generation
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 49520" = Borderlands 2
"Steam App 730" = Counter-Strike: Global Offensive
"Tony Hawks Pro Skater HD_is1" = Tony Hawks Pro Skater HD
"VLC media player" = VLC media player 2.0.2
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"xSIMS_Nude_Clothes_Females" = Sims 3 - Nude Clothes Females
"xSIMS_TS3_Fem_Micro_Bikini_01" = Sims 3 - Fem Micro Bikini 1
"xSIMS_TS3_Fem_Suspenders_Set_1_Bra_1" = Sims 3 - Fem Suspenders Set 1 - Bra 1
"xSIMS_TS3_G-String_Swaro_01" = Sims 3 - G-String Swaro 1
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{74d11f91-05cc-44f6-8e49-94fe7f33c79b}" = MechWarrior Online
"SOE-PlanetSide 2 Beta" = PlanetSide 2 Beta
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.09.2012 09:28:06 | Computer Name = bitch | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest-
oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 30.09.2012 09:28:45 | Computer Name = bitch | Source = Application Error | ID = 1000
Error - 30.09.2012 09:28:48 | Computer Name = bitch | Source = Application Error
| ID = 1000
Error - 30.09.2012 09:28:51 | Computer Name = bitch | Source = Application Error | ID = 1000
Error - 30.09.2012 09:28:53 | Computer Name = bitch | Source = Application Error
| ID = 1000
Error - 30.09.2012 09:28:55 | Computer Name = bitch | Source = Application Error | ID = 1000
Error - 30.09.2012 09:29:18 | Computer Name = bitch | Source = Application Error
| ID = 1000
Error - 30.09.2012 09:29:46 | Computer Name = bitch | Source = Application Error | ID = 1000
Error - 30.09.2012 09:31:07 | Computer Name = bitch | Source = Application Error
| ID = 1000
Error - 30.09.2012 09:31:10 | Computer Name = bitch | Source = Application Error | ID = 1000
Error - 30.09.2012 09:31:32 | Computer Name = bitch | Source = Application Error
| ID = 1000
Error - 30.09.2012 15:26:45 | Computer Name = bitch | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: demo32.exe, Version: 0.0.0.0, Zeitstempel:
0x41783a3f Name des fehlerhaften Moduls: demo32.exe, Version: 0.0.0.0, Zeitstempel:
0x41783a3f Ausnahmecode: 0xc0000006 Fehleroffset: 0x00040e66 ID des fehlerhaften Prozesses:
0x440 Startzeit der fehlerhaften Anwendung: 0x01cd9f40f1490fe6 Pfad der fehlerhaften
Anwendung: F:\demo32.exe Pfad des fehlerhaften Moduls: F:\demo32.exe Berichtskennung:
c4d83cf5-0b34-11e2-b646-6c626d43c553
Error - 30.09.2012 15:26:46 | Computer Name = bitch | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder
der Datenträger fehlt. Das Programm demo32.exe wurde wegen dieses Fehlers geschlossen.
Programm:
demo32.exe Datei: Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1.
Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem,
das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn
Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk
befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese
sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen
und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche
Daten Fehlerwert: C0000013 Datenträgertyp: 0
Error - 30.09.2012 15:28:24 | Computer Name = bitch | Source = MsiInstaller | ID = 1013
Description =
Error - 30.09.2012 15:35:10 | Computer Name = bitch | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Sony\Media Go\MediaGo.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files (x86)\Sony\Media Go\Sony.Mrs.MANIFEST" in Zeile 3. Die im Manifest gefundene
Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis:
Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0". Definition:
Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
[ System Events ]
Error - 09.11.2012 06:30:55 | Computer Name = bitch | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 09.11.2012 06:30:55 | Computer Name = bitch | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 09.11.2012 07:02:09 | Computer Name = bitch | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 09.11.2012 07:03:45 | Computer Name = bitch | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 09.11.2012 07:06:16 | Computer Name = bitch | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 09.11.2012 07:21:57 | Computer Name = bitch | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 09.11.2012 07:21:59 | Computer Name = bitch | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 09.11.2012 07:22:47 | Computer Name = bitch | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
MBAMScheduler erreicht.
Error - 09.11.2012 07:22:47 | Computer Name = bitch | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 09.11.2012 07:24:04 | Computer Name = bitch | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SAVRKBootTasks
< End of report >
Wenn es das soweit war, bedanke ich mich recht herzlich für die schnelle und vorallem gute Hilfe |
|
12.11.2012, 07:14
| #12 | |
| /// Malwareteam | Trojan.Droppper.BC.Miner + RootkitsZitat:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
15.11.2012, 08:23
| #13 |
| /// Malwareteam | Trojan.Droppper.BC.Miner + Rootkits Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
19.11.2012, 13:30
| #14 |
| /// Malwareteam | Trojan.Droppper.BC.Miner + Rootkits Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
| Themen zu Trojan.Droppper.BC.Miner + Rootkits |
| 00000008.@, access, administrator, aktion, anti-malware, autostart, brauche, dateien, explorer, malwarebytes, morgen, registrierung, richtig, rootkit, rootkits, schonmal, service, speicher, thread, trojaner, version, virus.win64.zaccess.a |
Linear-Darstellung
