| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Polizeivirus ÖsterreichWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.11.2012, 22:43
| #1 |
 |  Polizeivirus Österreich Hallo liebes Forum-Team! Ich habe mir leider den Polizei-Virus Österreich-Variante eingefangen. Habe leider kein Screen-Shot gemacht konnte aber eine Viren-Datei isolieren. War die Variante mit der Webcam und man soll 100 Euro bezahlen damit der Rechner wieder aufgemacht wird. Verwende Windows 7 32-Bit Version, Virensoftware ist Bullguard. Habe ich gleich auch rüberfahren lassen, fand aber diese Datei nicht als Bedrohung. Nur einige Cookies. Heute hat er mir diese Datei angezeigt und in Quarantäne gestellt. Habe aber leider keine Ahnung was dieser Virus noch so alles geändert hat. Also hier sind mal diese Log-Dateien: Anhang 46930 Code:
ATTFilter OTL logfile created on: 11/26/2012 9:26:48 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Monti23-7\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2.99 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 42.79% Memory free 5.98 Gb Paging File | 4.07 Gb Available in Paging File | 68.03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1356.17 Gb Total Space | 1047.43 Gb Free Space | 77.23% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 21.08 Gb Free Space | 52.71% Space Free | Partition Type: NTFS Drive E: | 5.41 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: MONTI23-7-PC | User Name: Monti23-7 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/11/26 20:58:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Monti23-7\Desktop\OTL.exe PRC - [2012/11/25 23:31:07 | 000,178,528 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe PRC - [2012/11/25 23:30:25 | 000,321,376 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe PRC - [2012/11/25 23:26:51 | 000,304,480 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe PRC - [2012/10/31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2011/10/14 03:31:00 | 000,417,792 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2011/10/14 03:30:34 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2011/08/04 16:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2011/04/08 15:44:21 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2011/03/14 18:09:00 | 002,565,520 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011/01/20 17:38:20 | 000,174,064 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/11/07 10:22:00 | 000,286,720 | ---- | M] (Babylon Ltd.) -- C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe PRC - [2010/05/21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2010/05/21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/03/04 04:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009/11/02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2012/11/25 23:31:47 | 000,023,680 | ---- | M] () -- C:\Program Files\BullGuard Ltd\BullGuard\res\de\BackupShellNamespaceRes.dll MOD - [2012/11/25 23:31:34 | 000,073,568 | ---- | M] () -- C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll MOD - [2012/11/25 23:30:13 | 000,450,400 | ---- | M] () -- C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll MOD - [2012/11/18 11:28:21 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9f7b241c4cff24e6d0b554efb60aa8be\WindowsFormsIntegration.ni.dll MOD - [2012/11/18 11:27:21 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll MOD - [2012/11/18 11:26:05 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3a7eb7595728baf4078ec5f97b44180c\IAStorUtil.ni.dll MOD - [2012/11/18 11:13:35 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll MOD - [2012/11/18 11:13:25 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll MOD - [2012/11/18 11:13:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll MOD - [2012/11/18 11:13:19 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll MOD - [2012/11/18 11:13:19 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4d7a457d9f9adcce4d201119b5179c29\System.Transactions.ni.dll MOD - [2012/11/18 11:13:09 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll MOD - [2012/11/17 03:44:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012/11/17 03:44:41 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012/11/17 03:44:38 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll MOD - [2012/11/17 03:44:25 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll MOD - [2012/11/17 03:44:17 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012/11/17 03:44:13 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012/11/17 03:44:12 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012/11/17 03:43:53 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2012/11/02 22:12:13 | 000,189,952 | ---- | M] () -- C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromePI.dll MOD - [2012/10/31 23:15:05 | 000,460,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll MOD - [2012/10/31 23:15:04 | 012,455,448 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll MOD - [2012/10/31 23:15:02 | 004,007,448 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll MOD - [2012/10/31 23:13:47 | 000,587,288 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\libglesv2.dll MOD - [2012/10/31 23:13:46 | 000,123,928 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\libegl.dll MOD - [2012/10/31 23:13:35 | 000,156,712 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\avutil-51.dll MOD - [2012/10/31 23:13:34 | 000,274,984 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\avformat-54.dll MOD - [2012/10/31 23:13:32 | 002,168,360 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll MOD - [2012/02/17 19:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll MOD - [2011/10/13 15:01:00 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2011/06/17 10:51:53 | 000,296,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll MOD - [2010/11/13 01:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010/11/13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/11/05 02:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010/05/12 14:13:05 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2009/11/02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009/06/10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ========== Services (SafeList) ========== SRV - [2012/11/26 12:12:22 | 000,398,688 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy) SRV - [2012/11/26 12:12:20 | 000,218,976 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain) SRV - [2012/11/25 23:31:37 | 000,060,256 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll -- (BsBackup) SRV - [2012/11/25 23:31:07 | 000,178,528 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner) SRV - [2012/11/25 23:31:05 | 000,227,168 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan) SRV - [2012/11/25 23:30:25 | 000,321,376 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe -- (BsBhvScan) SRV - [2012/11/25 23:26:51 | 000,304,480 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate) SRV - [2012/11/01 20:31:20 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/04/10 00:16:29 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011/10/14 03:30:34 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010/12/01 18:38:57 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - [2012/11/25 23:31:47 | 000,020,040 | ---- | M] (NovaShield, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NSNetmon.sys -- (NovaShieldTDIDriver) DRV - [2012/11/25 23:31:16 | 000,216,136 | ---- | M] (NovaShield, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\NSKernel.sys -- (NovaShieldFilterDriver) DRV - [2012/11/25 23:30:49 | 000,308,296 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Trufos.sys -- (Trufos) DRV - [2011/10/18 00:40:44 | 000,085,520 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2011/10/14 04:36:14 | 008,852,992 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011/10/14 02:52:32 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2011/04/11 14:32:31 | 000,061,152 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\System32\drivers\BdSpy.sys -- (BdSpy) DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/05 03:13:10 | 000,602,728 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2010/05/06 10:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2010/04/27 17:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2010/04/27 17:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=a06ed3ee000000000000485d6019665d&tlver=1.4.19.19&ss=1&affID=17395 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com IE - HKCU\..\SearchScopes,DefaultScope = {4B90DA04-78FE-41DC-867E-8CD2C5E65D0D} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=a06ed3ee000000000000485d6019665d&tlver=1.4.19.19&ss=1&affID=17395 IE - HKCU\..\SearchScopes\{4B90DA04-78FE-41DC-867E-8CD2C5E65D0D}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/08 15:44:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\Spamfilter\TbSpamfilter [2012/11/25 23:37:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin [2012/11/25 23:37:48 | 000,000,000 | ---D | M] [2011/04/08 15:41:41 | 000,002,428 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.210.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Babylon Translator = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3\ CHR - Extension: Google Mail = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.) O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.) O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TaskTray] File not found O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\Monti23-7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation) O4 - Startup: C:\Users\Monti23-7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra Button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{732048A9-7E8D-428F-9AF3-D5BE1F66BC7A}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A295CD5-A244-421C-A8EF-9E3A343737CB}: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/11/26 20:58:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Monti23-7\Desktop\OTL.exe [2012/11/25 23:32:19 | 000,308,296 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\Trufos.sys [2012/11/25 23:31:54 | 000,100,216 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\BgGamingMonitor.dll [2012/11/25 23:31:54 | 000,054,624 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll [2012/11/25 23:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BullGuard Ltd [2012/11/25 21:46:17 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe [2012/11/08 00:10:54 | 000,000,000 | ---D | C] -- C:\Users\Monti23-7\Documents\My Games ========== Files - Modified Within 30 Days ========== [2012/11/26 21:26:17 | 000,000,000 | ---- | M] () -- C:\Users\Monti23-7\defogger_reenable [2012/11/26 21:20:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/11/26 21:19:54 | 000,302,592 | ---- | M] () -- C:\Users\Monti23-7\Desktop\fhguvvlq.exe [2012/11/26 20:58:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Monti23-7\Desktop\OTL.exe [2012/11/26 20:58:24 | 000,050,477 | ---- | M] () -- C:\Users\Monti23-7\Desktop\Defogger.exe [2012/11/26 20:51:09 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/11/26 20:29:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/11/26 20:15:06 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/26 20:15:06 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/26 20:11:10 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/11/26 20:11:10 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/11/26 20:11:10 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/11/26 20:11:10 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/11/26 20:08:27 | 000,000,512 | ---- | M] () -- C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD [2012/11/26 20:06:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/26 20:06:22 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys [2012/11/25 23:31:47 | 000,020,040 | ---- | M] (NovaShield, Inc.) -- C:\Windows\System32\drivers\NSNetmon.sys [2012/11/25 23:31:37 | 000,054,624 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll [2012/11/25 23:31:33 | 000,100,216 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\BgGamingMonitor.dll [2012/11/25 23:31:16 | 000,216,136 | ---- | M] (NovaShield, Inc.) -- C:\Windows\System32\drivers\NSKernel.sys [2012/11/25 23:30:49 | 000,308,296 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\Trufos.sys [2012/11/25 21:49:25 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012/11/25 21:46:19 | 000,000,792 | ---- | M] () -- C:\Users\Monti23-7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012/11/17 03:43:09 | 000,405,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/11/07 21:19:33 | 000,000,216 | ---- | M] () -- C:\Users\Monti23-7\Desktop\XCOM Enemy Unknown.url [2012/11/07 20:33:09 | 000,002,775 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2012/11/26 21:26:17 | 000,000,000 | ---- | C] () -- C:\Users\Monti23-7\defogger_reenable [2012/11/26 21:19:52 | 000,302,592 | ---- | C] () -- C:\Users\Monti23-7\Desktop\fhguvvlq.exe [2012/11/26 20:58:22 | 000,050,477 | ---- | C] () -- C:\Users\Monti23-7\Desktop\Defogger.exe [2012/11/26 20:08:27 | 000,000,512 | ---- | C] () -- C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD [2012/11/25 21:46:19 | 000,000,792 | ---- | C] () -- C:\Users\Monti23-7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012/11/25 21:46:18 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012/11/17 03:02:56 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/17 03:02:00 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/11/07 21:19:33 | 000,000,216 | ---- | C] () -- C:\Users\Monti23-7\Desktop\XCOM Enemy Unknown.url [2012/06/04 21:35:09 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012/06/04 21:35:09 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012/06/04 21:35:08 | 000,239,869 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2012/06/04 21:35:08 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2012/05/30 17:54:32 | 000,272,629 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2012/02/01 18:33:38 | 000,491,520 | ---- | C] () -- C:\Windows\System32\xvid.dll [2011/10/13 14:53:18 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll [2011/10/13 14:53:02 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll [2011/07/25 23:22:30 | 000,000,900 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011/07/21 14:45:34 | 000,000,000 | ---- | C] () -- C:\Users\Monti23-7\AppData\Local\{5A8C793E-48C2-4D39-A1FC-75CD8ABCBDE9} [2011/06/17 10:57:17 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2011/06/17 10:57:16 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2011/06/17 10:57:16 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2011/06/17 10:57:16 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2011/06/17 10:57:16 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2011/06/17 10:57:16 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2011/06/17 10:57:16 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2011/06/17 10:57:16 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2011/06/17 10:57:16 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2011/06/17 10:57:16 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2011/06/17 10:57:16 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2011/06/17 10:57:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2011/06/17 10:57:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2011/06/17 10:57:16 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2011/06/17 10:57:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2011/06/17 10:57:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2011/06/17 10:57:16 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2011/06/17 10:57:16 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2011/06/17 10:57:16 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2011/03/27 23:42:34 | 000,000,237 | ---- | C] () -- C:\Windows\RomeTW.ini ========== ZeroAccess Check ========== [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011/02/27 20:01:12 | 000,000,000 | ---D | M] -- C:\Users\Monti23-7\AppData\Roaming\BullGuard [2012/05/09 21:09:34 | 000,000,000 | ---D | M] -- C:\Users\Monti23-7\AppData\Roaming\Canon [2011/07/25 22:17:49 | 000,000,000 | ---D | M] -- C:\Users\Monti23-7\AppData\Roaming\CD-LabelPrint [2010/12/15 19:20:35 | 000,000,000 | ---D | M] -- C:\Users\Monti23-7\AppData\Roaming\OpenOffice.org [2011/02/27 20:01:12 | 000,000,000 | ---D | M] -- C:\Users\Monti23-7\AppData\Roaming\Software Inspection Library [2011/03/23 19:59:53 | 000,000,000 | ---D | M] -- C:\Users\Monti23-7\AppData\Roaming\The Creative Assembly [2010/12/12 00:09:15 | 000,000,000 | ---D | M] -- C:\Users\Monti23-7\AppData\Roaming\TS3Client ========== Purity Check ========== < End of report > Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-26 21:56:17
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD15 rev.51.0
Running: fhguvvlq.exe; Driver: C:\Users\MONTI2~1\AppData\Local\Temp\pwdiruoc.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C3EA49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C784D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91826000, 0x3B80E5, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[368] kernel32.dll!SetUnhandledExceptionFilter 7769F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtCreateFile + 6 77A355CE 4 Bytes [28, 98, C3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtCreateFile + B 77A355D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtMapViewOfSection + 6 77A35C2E 4 Bytes [28, 9B, C3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtMapViewOfSection + B 77A35C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenFile + 6 77A35CDE 4 Bytes [68, 98, C3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenFile + B 77A35CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcess + 6 77A35D8E 4 Bytes [A8, 99, C3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcess + B 77A35D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcessToken + B 77A35DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcessTokenEx + 6 77A35DAE 4 Bytes [A8, 9A, C3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcessTokenEx + B 77A35DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThread + 6 77A35E0E 4 Bytes [68, 99, C3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThread + B 77A35E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThreadToken + 6 77A35E1E 4 Bytes [68, 9A, C3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThreadToken + B 77A35E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThreadTokenEx + B 77A35E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtQueryAttributesFile + 6 77A35F3E 4 Bytes [A8, 98, C3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtQueryAttributesFile + B 77A35F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtQueryFullAttributesFile + B 77A35FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtSetInformationFile + 6 77A3663E 4 Bytes [28, 99, C3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtSetInformationFile + B 77A36643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtSetInformationThread + 6 77A3669E 4 Bytes [28, 9A, C3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtSetInformationThread + B 77A366A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtUnmapViewOfSection + 6 77A369BE 4 Bytes [68, 9B, C3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtUnmapViewOfSection + B 77A369C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtCreateFile + 6 77A355CE 4 Bytes [28, 88, 12, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtCreateFile + B 77A355D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtMapViewOfSection + 6 77A35C2E 4 Bytes [28, 8B, 12, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtMapViewOfSection + B 77A35C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenFile + 6 77A35CDE 4 Bytes [68, 88, 12, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenFile + B 77A35CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenProcess + 6 77A35D8E 4 Bytes [A8, 89, 12, 00] {TEST AL, 0x89; ADC AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenProcess + B 77A35D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenProcessToken + B 77A35DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenProcessTokenEx + 6 77A35DAE 4 Bytes [A8, 8A, 12, 00] {TEST AL, 0x8a; ADC AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenProcessTokenEx + B 77A35DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenThread + 6 77A35E0E 4 Bytes [68, 89, 12, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenThread + B 77A35E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenThreadToken + 6 77A35E1E 4 Bytes [68, 8A, 12, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenThreadToken + B 77A35E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenThreadTokenEx + B 77A35E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtQueryAttributesFile + 6 77A35F3E 4 Bytes [A8, 88, 12, 00] {TEST AL, 0x88; ADC AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtQueryAttributesFile + B 77A35F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtQueryFullAttributesFile + B 77A35FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtSetInformationFile + 6 77A3663E 4 Bytes [28, 89, 12, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtSetInformationFile + B 77A36643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtSetInformationThread + 6 77A3669E 4 Bytes [28, 8A, 12, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtSetInformationThread + B 77A366A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtUnmapViewOfSection + 6 77A369BE 4 Bytes [68, 8B, 12, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtUnmapViewOfSection + B 77A369C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtCreateFile + 6 77A355CE 4 Bytes [28, 5C, 8E, 00] {SUB [ESI+ECX*4+0x0], BL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtCreateFile + B 77A355D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtMapViewOfSection + 6 77A35C2E 4 Bytes [28, 5F, 8E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtMapViewOfSection + B 77A35C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenFile + 6 77A35CDE 4 Bytes [68, 5C, 8E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenFile + B 77A35CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenProcess + 6 77A35D8E 4 Bytes [A8, 5D, 8E, 00] {TEST AL, 0x5d; MOV ES, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenProcess + B 77A35D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenProcessToken + B 77A35DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenProcessTokenEx + 6 77A35DAE 4 Bytes [A8, 5E, 8E, 00] {TEST AL, 0x5e; MOV ES, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenProcessTokenEx + B 77A35DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenThread + 6 77A35E0E 4 Bytes [68, 5D, 8E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenThread + B 77A35E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenThreadToken + 6 77A35E1E 4 Bytes [68, 5E, 8E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenThreadToken + B 77A35E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenThreadTokenEx + B 77A35E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtQueryAttributesFile + 6 77A35F3E 4 Bytes [A8, 5C, 8E, 00] {TEST AL, 0x5c; MOV ES, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtQueryAttributesFile + B 77A35F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtQueryFullAttributesFile + B 77A35FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtSetInformationFile + 6 77A3663E 4 Bytes [28, 5D, 8E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtSetInformationFile + B 77A36643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtSetInformationThread + 6 77A3669E 4 Bytes [28, 5E, 8E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtSetInformationThread + B 77A366A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtUnmapViewOfSection + 6 77A369BE 4 Bytes [68, 5F, 8E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtUnmapViewOfSection + B 77A369C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtCreateFile + 6 77A355CE 4 Bytes [28, E0, D3, 00] {SUB AL, AH; ROL DWORD [EAX], CL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtCreateFile + B 77A355D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtMapViewOfSection + 6 77A35C2E 4 Bytes [28, E3, D3, 00] {SUB BL, AH; ROL DWORD [EAX], CL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtMapViewOfSection + B 77A35C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenFile + 6 77A35CDE 4 Bytes [68, E0, D3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenFile + B 77A35CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcess + 6 77A35D8E 4 Bytes [A8, E1, D3, 00] {TEST AL, 0xe1; ROL DWORD [EAX], CL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcess + B 77A35D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcessToken + B 77A35DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcessTokenEx + 6 77A35DAE 4 Bytes [A8, E2, D3, 00] {TEST AL, 0xe2; ROL DWORD [EAX], CL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcessTokenEx + B 77A35DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThread + 6 77A35E0E 4 Bytes [68, E1, D3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThread + B 77A35E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThreadToken + 6 77A35E1E 4 Bytes [68, E2, D3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThreadToken + B 77A35E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThreadTokenEx + B 77A35E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtQueryAttributesFile + 6 77A35F3E 4 Bytes [A8, E0, D3, 00] {TEST AL, 0xe0; ROL DWORD [EAX], CL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtQueryAttributesFile + B 77A35F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtQueryFullAttributesFile + B 77A35FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationFile + 6 77A3663E 4 Bytes [28, E1, D3, 00] {SUB CL, AH; ROL DWORD [EAX], CL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationFile + B 77A36643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationThread + 6 77A3669E 4 Bytes [28, E2, D3, 00] {SUB DL, AH; ROL DWORD [EAX], CL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationThread + B 77A366A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtUnmapViewOfSection + 6 77A369BE 4 Bytes [68, E3, D3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtUnmapViewOfSection + B 77A369C3 1 Byte [E2]
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000045 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp NSNetmon.sys (NovaShield Kernel Module /NovaShield, Inc.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp NSNetmon.sys (NovaShield Kernel Module /NovaShield, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp NSNetmon.sys (NovaShield Kernel Module /NovaShield, Inc.)
---- EOF - GMER 1.0.15 ----
|
|
27.11.2012, 12:50
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Polizeivirus Österreich Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
28.11.2012, 21:38
| #3 |
| | Polizeivirus Österreich So, habe jetzt diese Scans durchgeführt. Lief alles ohne Komplikationen. Hier die Berichte
__________________aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-28 20:55:23
-----------------------------
20:55:23.415 OS Version: Windows 6.1.7601 Service Pack 1
20:55:23.415 Number of processors: 4 586 0x2505
20:55:23.417 ComputerName: MONTI23-7-PC UserName: Monti23-7
20:55:52.677 Initialize success
21:00:46.944 AVAST engine defs: 12112800
21:01:08.974 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:01:08.979 Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
21:01:09.001 Disk 0 MBR read successfully
21:01:09.005 Disk 0 MBR scan
21:01:09.047 Disk 0 unknown MBR code
21:01:09.050 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:01:09.062 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1388713 MB offset 206848
21:01:09.095 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 40960 MB offset 2844291072
21:01:09.113 Disk 0 Partition 4 00 12 Compaq diag NTFS 1024 MB offset 2928177152
21:01:09.132 Disk 0 scanning sectors +2930275120
21:01:09.220 Disk 0 scanning C:\Windows\system32\drivers
21:01:21.636 Service scanning
21:01:40.904 Modules scanning
21:01:44.681 Disk 0 trace - called modules:
21:01:44.725 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
21:01:44.736 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e0d7c8]
21:01:44.747 3 CLASSPNP.SYS[8b5ad59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x862cd028]
21:01:47.889 AVAST engine scan C:\Windows
21:01:51.578 AVAST engine scan C:\Windows\system32
21:05:32.549 AVAST engine scan C:\Windows\system32\drivers
21:05:46.625 AVAST engine scan C:\Users\Monti23-7
21:15:08.690 AVAST engine scan C:\ProgramData
21:19:50.201 Scan finished successfully
21:29:08.729 Disk 0 MBR has been saved successfully to "C:\Users\Monti23-7\Desktop\MBR.dat"
21:29:08.762 The log file has been saved successfully to "C:\Users\Monti23-7\Desktop\aswMBR.txt"
Code:
ATTFilter 21:33:23.0959 6064 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:33:24.0183 6064 ============================================================
21:33:24.0183 6064 Current date / time: 2012/11/28 21:33:24.0183
21:33:24.0183 6064 SystemInfo:
21:33:24.0183 6064
21:33:24.0183 6064 OS Version: 6.1.7601 ServicePack: 1.0
21:33:24.0183 6064 Product type: Workstation
21:33:24.0183 6064 ComputerName: MONTI23-7-PC
21:33:24.0183 6064 UserName: Monti23-7
21:33:24.0183 6064 Windows directory: C:\Windows
21:33:24.0183 6064 System windows directory: C:\Windows
21:33:24.0183 6064 Processor architecture: Intel x86
21:33:24.0183 6064 Number of processors: 4
21:33:24.0183 6064 Page size: 0x1000
21:33:24.0183 6064 Boot type: Normal boot
21:33:24.0183 6064 ============================================================
21:33:24.0569 6064 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:33:24.0623 6064 ============================================================
21:33:24.0623 6064 \Device\Harddisk0\DR0:
21:33:24.0623 6064 MBR partitions:
21:33:24.0623 6064 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:33:24.0623 6064 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xA9854800
21:33:24.0623 6064 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xA9887000, BlocksNum 0x5000000
21:33:24.0623 6064 ============================================================
21:33:24.0698 6064 C: <-> \Device\Harddisk0\DR0\Partition2
21:33:24.0812 6064 D: <-> \Device\Harddisk0\DR0\Partition3
21:33:24.0812 6064 ============================================================
21:33:24.0812 6064 Initialize success
21:33:24.0812 6064 ============================================================
21:33:43.0939 5836 ============================================================
21:33:43.0939 5836 Scan started
21:33:43.0939 5836 Mode: Manual; SigCheck; TDLFS;
21:33:43.0939 5836 ============================================================
21:33:44.0362 5836 ================ Scan system memory ========================
21:33:44.0362 5836 System memory - ok
21:33:44.0363 5836 ================ Scan services =============================
21:33:44.0483 5836 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:33:44.0583 5836 1394ohci - ok
21:33:44.0614 5836 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:33:44.0634 5836 ACPI - ok
21:33:44.0648 5836 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:33:44.0739 5836 AcpiPmi - ok
21:33:44.0812 5836 [ 0D4C486A24A711A45FD83ACDF4D18506 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:33:44.0837 5836 AdobeFlashPlayerUpdateSvc - ok
21:33:44.0877 5836 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:33:44.0897 5836 adp94xx - ok
21:33:44.0922 5836 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:33:44.0940 5836 adpahci - ok
21:33:44.0974 5836 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:33:44.0990 5836 adpu320 - ok
21:33:45.0017 5836 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:33:45.0052 5836 AeLookupSvc - ok
21:33:45.0096 5836 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
21:33:45.0156 5836 AFD - ok
21:33:45.0170 5836 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
21:33:45.0192 5836 agp440 - ok
21:33:45.0208 5836 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
21:33:45.0219 5836 aic78xx - ok
21:33:45.0230 5836 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
21:33:45.0305 5836 ALG - ok
21:33:45.0321 5836 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
21:33:45.0342 5836 aliide - ok
21:33:45.0364 5836 [ 2B207D12162F6A831564BE4F72307032 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:33:45.0415 5836 AMD External Events Utility - ok
21:33:45.0426 5836 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:33:45.0441 5836 amdagp - ok
21:33:45.0457 5836 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
21:33:45.0467 5836 amdide - ok
21:33:45.0481 5836 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:33:45.0539 5836 AmdK8 - ok
21:33:45.0725 5836 [ E652316A5C46E19766B4D6066A1D9F74 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:33:45.0972 5836 amdkmdag - ok
21:33:45.0990 5836 [ 1BE5B3052FFDE789B72C37FA3EC48CD5 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
21:33:46.0030 5836 amdkmdap - ok
21:33:46.0062 5836 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:33:46.0099 5836 AmdPPM - ok
21:33:46.0140 5836 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:33:46.0162 5836 amdsata - ok
21:33:46.0169 5836 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:33:46.0193 5836 amdsbs - ok
21:33:46.0219 5836 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:33:46.0238 5836 amdxata - ok
21:33:46.0252 5836 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
21:33:46.0398 5836 AppID - ok
21:33:46.0442 5836 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:33:46.0485 5836 AppIDSvc - ok
21:33:46.0543 5836 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
21:33:46.0586 5836 Appinfo - ok
21:33:46.0597 5836 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
21:33:46.0609 5836 arc - ok
21:33:46.0627 5836 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:33:46.0638 5836 arcsas - ok
21:33:46.0653 5836 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:33:46.0749 5836 AsyncMac - ok
21:33:46.0768 5836 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
21:33:46.0778 5836 atapi - ok
21:33:46.0806 5836 [ 7725AECCEDDF81BD8374C77157E450EA ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
21:33:46.0822 5836 AtiHDAudioService - ok
21:33:46.0863 5836 [ 8DF873D0587596C1D35A9CECECC61DA1 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
21:33:46.0875 5836 AtiHdmiService - ok
21:33:46.0900 5836 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:33:46.0936 5836 AudioEndpointBuilder - ok
21:33:46.0943 5836 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:33:46.0967 5836 Audiosrv - ok
21:33:47.0009 5836 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:33:47.0092 5836 AxInstSV - ok
21:33:47.0120 5836 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
21:33:47.0178 5836 b06bdrv - ok
21:33:47.0186 5836 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
21:33:47.0209 5836 b57nd60x - ok
21:33:47.0267 5836 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
21:33:47.0319 5836 BDESVC - ok
21:33:47.0344 5836 [ FE7D7035833981F5B4EE746805E9C30E ] BdSpy C:\Windows\system32\DRIVERS\BdSpy.sys
21:33:47.0361 5836 BdSpy - ok
21:33:47.0367 5836 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
21:33:47.0414 5836 Beep - ok
21:33:47.0449 5836 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
21:33:47.0545 5836 BFE - ok
21:33:47.0574 5836 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
21:33:47.0615 5836 BITS - ok
21:33:47.0627 5836 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:33:47.0640 5836 blbdrive - ok
21:33:47.0665 5836 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:33:47.0716 5836 bowser - ok
21:33:47.0732 5836 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:33:47.0785 5836 BrFiltLo - ok
21:33:47.0809 5836 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:33:47.0839 5836 BrFiltUp - ok
21:33:47.0863 5836 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
21:33:47.0904 5836 Browser - ok
21:33:47.0919 5836 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:33:47.0973 5836 Brserid - ok
21:33:47.0988 5836 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:33:48.0023 5836 BrSerWdm - ok
21:33:48.0027 5836 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:33:48.0047 5836 BrUsbMdm - ok
21:33:48.0059 5836 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:33:48.0081 5836 BrUsbSer - ok
21:33:48.0191 5836 [ 0271B8667BCDE590A6F6205209359EEF ] BsBackup C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll
21:33:48.0207 5836 BsBackup - ok
21:33:48.0250 5836 [ FB283DFF8DB224359AC43BE70BB8902B ] BsBhvScan C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
21:33:48.0271 5836 BsBhvScan - ok
21:33:48.0332 5836 [ A1FB74B2CBBF373AFCFB647894341F73 ] BsFileScan C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll
21:33:48.0357 5836 BsFileScan - ok
21:33:48.0419 5836 [ 0E643E31DA025BDB793515312E8A4B60 ] BsMailProxy C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll
21:33:48.0450 5836 BsMailProxy - ok
21:33:48.0484 5836 [ C32DD6470CF0C877DBC424C4A0D355A3 ] BsMain C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll
21:33:48.0538 5836 BsMain - ok
21:33:48.0549 5836 [ 69D38B2E736F8E8BC97D4638B682DEEF ] BsScanner C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
21:33:48.0571 5836 BsScanner - ok
21:33:48.0609 5836 [ 0AEC20CDC63860592ACAFA886B01599A ] BsUpdate C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
21:33:48.0633 5836 BsUpdate - ok
21:33:48.0654 5836 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:33:48.0687 5836 BTHMODEM - ok
21:33:48.0718 5836 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
21:33:48.0773 5836 bthserv - ok
21:33:48.0798 5836 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:33:48.0839 5836 cdfs - ok
21:33:48.0879 5836 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
21:33:48.0902 5836 cdrom - ok
21:33:48.0935 5836 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
21:33:48.0963 5836 CertPropSvc - ok
21:33:48.0992 5836 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:33:49.0028 5836 circlass - ok
21:33:49.0048 5836 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
21:33:49.0063 5836 CLFS - ok
21:33:49.0134 5836 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:33:49.0155 5836 clr_optimization_v2.0.50727_32 - ok
21:33:49.0203 5836 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:33:49.0239 5836 clr_optimization_v4.0.30319_32 - ok
21:33:49.0245 5836 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:33:49.0275 5836 CmBatt - ok
21:33:49.0297 5836 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:33:49.0310 5836 cmdide - ok
21:33:49.0338 5836 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
21:33:49.0370 5836 CNG - ok
21:33:49.0395 5836 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:33:49.0406 5836 Compbatt - ok
21:33:49.0551 5836 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:33:49.0579 5836 CompositeBus - ok
21:33:49.0583 5836 COMSysApp - ok
21:33:49.0602 5836 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:33:49.0617 5836 crcdisk - ok
21:33:49.0655 5836 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:33:49.0685 5836 CryptSvc - ok
21:33:49.0724 5836 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
21:33:49.0783 5836 DcomLaunch - ok
21:33:49.0804 5836 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
21:33:49.0853 5836 defragsvc - ok
21:33:49.0863 5836 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:33:49.0920 5836 DfsC - ok
21:33:49.0940 5836 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:33:49.0974 5836 Dhcp - ok
21:33:49.0991 5836 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
21:33:50.0038 5836 discache - ok
21:33:50.0054 5836 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:33:50.0068 5836 Disk - ok
21:33:50.0098 5836 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:33:50.0147 5836 Dnscache - ok
21:33:50.0169 5836 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
21:33:50.0212 5836 dot3svc - ok
21:33:50.0231 5836 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
21:33:50.0280 5836 DPS - ok
21:33:50.0309 5836 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:33:50.0334 5836 drmkaud - ok
21:33:50.0365 5836 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:33:50.0393 5836 DXGKrnl - ok
21:33:50.0410 5836 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
21:33:50.0451 5836 EapHost - ok
21:33:50.0515 5836 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
21:33:50.0611 5836 ebdrv - ok
21:33:50.0633 5836 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
21:33:50.0657 5836 EFS - ok
21:33:50.0698 5836 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:33:50.0752 5836 ehRecvr - ok
21:33:50.0776 5836 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
21:33:50.0812 5836 ehSched - ok
21:33:50.0847 5836 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:33:50.0874 5836 elxstor - ok
21:33:50.0887 5836 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:33:50.0902 5836 ErrDev - ok
21:33:50.0937 5836 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
21:33:50.0980 5836 EventSystem - ok
21:33:50.0997 5836 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
21:33:51.0024 5836 exfat - ok
21:33:51.0034 5836 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:33:51.0075 5836 fastfat - ok
21:33:51.0116 5836 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
21:33:51.0174 5836 Fax - ok
21:33:51.0211 5836 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:33:51.0233 5836 fdc - ok
21:33:51.0239 5836 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
21:33:51.0328 5836 fdPHost - ok
21:33:51.0331 5836 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
21:33:51.0358 5836 FDResPub - ok
21:33:51.0391 5836 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:33:51.0402 5836 FileInfo - ok
21:33:51.0413 5836 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:33:51.0452 5836 Filetrace - ok
21:33:51.0483 5836 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:33:51.0521 5836 flpydisk - ok
21:33:51.0539 5836 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:33:51.0558 5836 FltMgr - ok
21:33:51.0602 5836 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
21:33:51.0677 5836 FontCache - ok
21:33:51.0717 5836 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:33:51.0734 5836 FontCache3.0.0.0 - ok
21:33:51.0752 5836 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:33:51.0766 5836 FsDepends - ok
21:33:51.0784 5836 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:33:51.0797 5836 Fs_Rec - ok
21:33:51.0816 5836 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:33:51.0835 5836 fvevol - ok
21:33:51.0850 5836 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:33:51.0865 5836 gagp30kx - ok
21:33:51.0887 5836 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
21:33:51.0925 5836 gpsvc - ok
21:33:51.0963 5836 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:33:51.0972 5836 gupdate - ok
21:33:51.0986 5836 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:33:51.0994 5836 gupdatem - ok
21:33:51.0997 5836 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:33:52.0037 5836 hcw85cir - ok
21:33:52.0067 5836 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:33:52.0096 5836 HdAudAddService - ok
21:33:52.0127 5836 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:33:52.0165 5836 HDAudBus - ok
21:33:52.0184 5836 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:33:52.0218 5836 HidBatt - ok
21:33:52.0248 5836 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:33:52.0279 5836 HidBth - ok
21:33:52.0297 5836 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:33:52.0319 5836 HidIr - ok
21:33:52.0336 5836 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
21:33:52.0384 5836 hidserv - ok
21:33:52.0398 5836 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:33:52.0412 5836 HidUsb - ok
21:33:52.0430 5836 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:33:52.0461 5836 hkmsvc - ok
21:33:52.0480 5836 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:33:52.0513 5836 HomeGroupListener - ok
21:33:52.0535 5836 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:33:52.0576 5836 HomeGroupProvider - ok
21:33:52.0589 5836 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:33:52.0604 5836 HpSAMD - ok
21:33:52.0623 5836 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:33:52.0651 5836 HTTP - ok
21:33:52.0669 5836 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:33:52.0681 5836 hwpolicy - ok
21:33:52.0718 5836 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:33:52.0746 5836 i8042prt - ok
21:33:52.0770 5836 [ 26541A068572F650A2FA490726FE81BE ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:33:52.0786 5836 iaStor - ok
21:33:52.0849 5836 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:33:52.0865 5836 IAStorDataMgrSvc - ok
21:33:52.0887 5836 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:33:52.0909 5836 iaStorV - ok
21:33:52.0955 5836 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:33:52.0990 5836 idsvc - ok
21:33:53.0004 5836 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:33:53.0015 5836 iirsp - ok
21:33:53.0039 5836 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
21:33:53.0076 5836 IKEEXT - ok
21:33:53.0178 5836 [ B35F19AFF279E08B567B281FB2E94291 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:33:53.0296 5836 IntcAzAudAddService - ok
21:33:53.0299 5836 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
21:33:53.0309 5836 intelide - ok
21:33:53.0336 5836 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:33:53.0372 5836 intelppm - ok
21:33:53.0385 5836 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:33:53.0431 5836 IPBusEnum - ok
21:33:53.0450 5836 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:33:53.0483 5836 IpFilterDriver - ok
21:33:53.0546 5836 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:33:53.0594 5836 iphlpsvc - ok
21:33:53.0605 5836 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:33:53.0620 5836 IPMIDRV - ok
21:33:53.0632 5836 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:33:53.0675 5836 IPNAT - ok
21:33:53.0697 5836 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:33:53.0737 5836 IRENUM - ok
21:33:53.0757 5836 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:33:53.0770 5836 isapnp - ok
21:33:53.0784 5836 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:33:53.0801 5836 iScsiPrt - ok
21:33:53.0826 5836 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:33:53.0838 5836 kbdclass - ok
21:33:53.0866 5836 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:33:53.0894 5836 kbdhid - ok
21:33:53.0909 5836 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
21:33:53.0923 5836 KeyIso - ok
21:33:53.0949 5836 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:33:53.0964 5836 KSecDD - ok
21:33:53.0980 5836 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:33:53.0996 5836 KSecPkg - ok
21:33:54.0014 5836 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
21:33:54.0069 5836 KtmRm - ok
21:33:54.0088 5836 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
21:33:54.0115 5836 LanmanServer - ok
21:33:54.0133 5836 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:33:54.0170 5836 LanmanWorkstation - ok
21:33:54.0209 5836 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:33:54.0267 5836 lltdio - ok
21:33:54.0287 5836 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:33:54.0316 5836 lltdsvc - ok
21:33:54.0328 5836 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
21:33:54.0384 5836 lmhosts - ok
21:33:54.0412 5836 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:33:54.0424 5836 LSI_FC - ok
21:33:54.0445 5836 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:33:54.0457 5836 LSI_SAS - ok
21:33:54.0475 5836 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:33:54.0487 5836 LSI_SAS2 - ok
21:33:54.0507 5836 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:33:54.0520 5836 LSI_SCSI - ok
21:33:54.0535 5836 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
21:33:54.0563 5836 luafv - ok
21:33:54.0601 5836 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:33:54.0614 5836 Mcx2Svc - ok
21:33:54.0629 5836 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:33:54.0641 5836 megasas - ok
21:33:54.0660 5836 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:33:54.0675 5836 MegaSR - ok
21:33:54.0687 5836 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
21:33:54.0715 5836 MMCSS - ok
21:33:54.0750 5836 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
21:33:54.0803 5836 Modem - ok
21:33:54.0842 5836 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:33:54.0857 5836 monitor - ok
21:33:54.0878 5836 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
21:33:54.0889 5836 mouclass - ok
21:33:54.0910 5836 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:33:54.0937 5836 mouhid - ok
21:33:54.0956 5836 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:33:54.0971 5836 mountmgr - ok
21:33:54.0983 5836 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
21:33:54.0998 5836 mpio - ok
21:33:55.0009 5836 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:33:55.0044 5836 mpsdrv - ok
21:33:55.0052 5836 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:33:55.0096 5836 MpsSvc - ok
21:33:55.0105 5836 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:33:55.0133 5836 MRxDAV - ok
21:33:55.0157 5836 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:33:55.0207 5836 mrxsmb - ok
21:33:55.0238 5836 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:33:55.0261 5836 mrxsmb10 - ok
21:33:55.0284 5836 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:33:55.0313 5836 mrxsmb20 - ok
21:33:55.0336 5836 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
21:33:55.0353 5836 msahci - ok
21:33:55.0373 5836 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:33:55.0392 5836 msdsm - ok
21:33:55.0405 5836 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
21:33:55.0428 5836 MSDTC - ok
21:33:55.0441 5836 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:33:55.0482 5836 Msfs - ok
21:33:55.0497 5836 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:33:55.0531 5836 mshidkmdf - ok
21:33:55.0541 5836 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:33:55.0551 5836 msisadrv - ok
21:33:55.0582 5836 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:33:55.0615 5836 MSiSCSI - ok
21:33:55.0617 5836 msiserver - ok
21:33:55.0638 5836 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:33:55.0681 5836 MSKSSRV - ok
21:33:55.0706 5836 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:33:55.0748 5836 MSPCLOCK - ok
21:33:55.0757 5836 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:33:55.0781 5836 MSPQM - ok
21:33:55.0790 5836 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:33:55.0802 5836 MsRPC - ok
21:33:55.0806 5836 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:33:55.0816 5836 mssmbios - ok
21:33:55.0819 5836 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:33:55.0842 5836 MSTEE - ok
21:33:55.0863 5836 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:33:55.0881 5836 MTConfig - ok
21:33:55.0900 5836 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
21:33:55.0911 5836 Mup - ok
21:33:55.0927 5836 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
21:33:55.0966 5836 napagent - ok
21:33:56.0003 5836 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:33:56.0036 5836 NativeWifiP - ok
21:33:56.0083 5836 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:33:56.0112 5836 NDIS - ok
21:33:56.0122 5836 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:33:56.0147 5836 NdisCap - ok
21:33:56.0157 5836 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:33:56.0193 5836 NdisTapi - ok
21:33:56.0223 5836 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:33:56.0247 5836 Ndisuio - ok
21:33:56.0263 5836 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:33:56.0289 5836 NdisWan - ok
21:33:56.0313 5836 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:33:56.0347 5836 NDProxy - ok
21:33:56.0350 5836 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:33:56.0424 5836 NetBIOS - ok
21:33:56.0429 5836 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:33:56.0470 5836 NetBT - ok
21:33:56.0477 5836 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
21:33:56.0488 5836 Netlogon - ok
21:33:56.0524 5836 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
21:33:56.0555 5836 Netman - ok
21:33:56.0576 5836 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
21:33:56.0613 5836 netprofm - ok
21:33:56.0629 5836 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:33:56.0640 5836 NetTcpPortSharing - ok
21:33:56.0673 5836 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:33:56.0685 5836 nfrd960 - ok
21:33:56.0714 5836 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
21:33:56.0745 5836 NlaSvc - ok
21:33:56.0798 5836 [ 180CFA1E54449869D9DCF2C29F8FEE85 ] NovaShieldFilterDriver C:\Windows\system32\DRIVERS\NSKernel.sys
21:33:56.0822 5836 NovaShieldFilterDriver - ok
21:33:56.0841 5836 [ 987F64C7989324B2353B4EB1D20D2DFD ] NovaShieldTDIDriver C:\Windows\system32\DRIVERS\NSNetmon.sys
21:33:56.0852 5836 NovaShieldTDIDriver - ok
21:33:56.0860 5836 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:33:56.0894 5836 Npfs - ok
21:33:56.0902 5836 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
21:33:56.0927 5836 nsi - ok
21:33:56.0930 5836 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:33:56.0952 5836 nsiproxy - ok
21:33:56.0997 5836 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:33:57.0058 5836 Ntfs - ok
21:33:57.0076 5836 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
21:33:57.0118 5836 Null - ok
21:33:57.0136 5836 [ 03AD379554B50FA1802BE4EC2E291E92 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
21:33:57.0147 5836 nusb3hub - ok
21:33:57.0179 5836 [ 06FE87C9D181AF5F04D192E604E10E6C ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:33:57.0192 5836 nusb3xhc - ok
21:33:57.0220 5836 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:33:57.0235 5836 nvraid - ok
21:33:57.0256 5836 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:33:57.0272 5836 nvstor - ok
21:33:57.0276 5836 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:33:57.0291 5836 nv_agp - ok
21:33:57.0306 5836 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:33:57.0334 5836 ohci1394 - ok
21:33:57.0347 5836 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:33:57.0380 5836 p2pimsvc - ok
21:33:57.0394 5836 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
21:33:57.0414 5836 p2psvc - ok
21:33:57.0430 5836 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:33:57.0447 5836 Parport - ok
21:33:57.0455 5836 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:33:57.0469 5836 partmgr - ok
21:33:57.0475 5836 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
21:33:57.0487 5836 Parvdm - ok
21:33:57.0506 5836 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:33:57.0524 5836 PcaSvc - ok
21:33:57.0531 5836 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
21:33:57.0545 5836 pci - ok
21:33:57.0553 5836 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
21:33:57.0573 5836 pciide - ok
21:33:57.0620 5836 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:33:57.0648 5836 pcmcia - ok
21:33:57.0660 5836 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
21:33:57.0673 5836 pcw - ok
21:33:57.0687 5836 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:33:57.0721 5836 PEAUTH - ok
21:33:57.0767 5836 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
21:33:57.0844 5836 pla - ok
21:33:57.0876 5836 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:33:57.0916 5836 PlugPlay - ok
21:33:57.0928 5836 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:33:57.0950 5836 PNRPAutoReg - ok
21:33:57.0956 5836 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:33:57.0973 5836 PNRPsvc - ok
21:33:57.0992 5836 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:33:58.0035 5836 PolicyAgent - ok
21:33:58.0040 5836 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
21:33:58.0071 5836 Power - ok
21:33:58.0091 5836 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:33:58.0118 5836 PptpMiniport - ok
21:33:58.0132 5836 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:33:58.0154 5836 Processor - ok
21:33:58.0187 5836 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
21:33:58.0234 5836 ProfSvc - ok
21:33:58.0253 5836 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:33:58.0268 5836 ProtectedStorage - ok
21:33:58.0292 5836 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:33:58.0338 5836 Psched - ok
21:33:58.0390 5836 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
21:33:58.0412 5836 PSI_SVC_2 - ok
21:33:58.0458 5836 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
21:33:58.0474 5836 PxHelp20 - ok
21:33:58.0511 5836 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:33:58.0554 5836 ql2300 - ok
21:33:58.0587 5836 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:33:58.0599 5836 ql40xx - ok
21:33:58.0611 5836 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
21:33:58.0638 5836 QWAVE - ok
21:33:58.0652 5836 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:33:58.0685 5836 QWAVEdrv - ok
21:33:58.0715 5836 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:33:58.0745 5836 RasAcd - ok
21:33:58.0770 5836 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:33:58.0794 5836 RasAgileVpn - ok
21:33:58.0803 5836 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
21:33:58.0831 5836 RasAuto - ok
21:33:58.0846 5836 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:33:58.0885 5836 Rasl2tp - ok
21:33:58.0899 5836 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
21:33:58.0943 5836 RasMan - ok
21:33:58.0960 5836 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:33:58.0992 5836 RasPppoe - ok
21:33:59.0007 5836 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:33:59.0061 5836 RasSstp - ok
21:33:59.0082 5836 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:33:59.0107 5836 rdbss - ok
21:33:59.0114 5836 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:33:59.0133 5836 rdpbus - ok
21:33:59.0157 5836 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:33:59.0180 5836 RDPCDD - ok
21:33:59.0188 5836 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:33:59.0228 5836 RDPENCDD - ok
21:33:59.0232 5836 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:33:59.0269 5836 RDPREFMP - ok
21:33:59.0292 5836 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:33:59.0314 5836 RDPWD - ok
21:33:59.0350 5836 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:33:59.0364 5836 rdyboost - ok
21:33:59.0390 5836 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
21:33:59.0420 5836 RemoteAccess - ok
21:33:59.0427 5836 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:33:59.0469 5836 RemoteRegistry - ok
21:33:59.0500 5836 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:33:59.0525 5836 RpcEptMapper - ok
21:33:59.0547 5836 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
21:33:59.0560 5836 RpcLocator - ok
21:33:59.0576 5836 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
21:33:59.0602 5836 RpcSs - ok
21:33:59.0611 5836 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:33:59.0635 5836 rspndr - ok
21:33:59.0669 5836 [ 0516998076AD894AE7E362C3110AA071 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
21:33:59.0683 5836 RTL8167 - ok
21:33:59.0712 5836 [ 32E7500CF3CF957ECDA297E594221B9A ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
21:33:59.0758 5836 RTL8192su - ok
21:33:59.0762 5836 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
21:33:59.0777 5836 SamSs - ok
21:33:59.0820 5836 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:33:59.0843 5836 sbp2port - ok
21:33:59.0856 5836 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:33:59.0898 5836 SCardSvr - ok
21:33:59.0917 5836 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:33:59.0941 5836 scfilter - ok
21:33:59.0965 5836 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
21:34:00.0014 5836 Schedule - ok
21:34:00.0023 5836 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:34:00.0046 5836 SCPolicySvc - ok
21:34:00.0065 5836 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:34:00.0098 5836 SDRSVC - ok
21:34:00.0145 5836 [ 4A5809A1D796E2675AC0332BF7B0CB11 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
21:34:00.0172 5836 SeaPort - ok
21:34:00.0201 5836 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:34:00.0229 5836 secdrv - ok
21:34:00.0232 5836 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
21:34:00.0256 5836 seclogon - ok
21:34:00.0266 5836 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
21:34:00.0323 5836 SENS - ok
21:34:00.0340 5836 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:34:00.0383 5836 SensrSvc - ok
21:34:00.0401 5836 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:34:00.0440 5836 Serenum - ok
21:34:00.0452 5836 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:34:00.0475 5836 Serial - ok
21:34:00.0493 5836 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:34:00.0513 5836 sermouse - ok
21:34:00.0549 5836 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
21:34:00.0577 5836 SessionEnv - ok
21:34:00.0586 5836 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:34:00.0633 5836 sffdisk - ok
21:34:00.0644 5836 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:34:00.0670 5836 sffp_mmc - ok
21:34:00.0689 5836 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:34:00.0720 5836 sffp_sd - ok
21:34:00.0737 5836 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:34:00.0762 5836 sfloppy - ok
21:34:00.0798 5836 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:34:00.0845 5836 SharedAccess - ok
21:34:00.0877 5836 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:34:00.0906 5836 ShellHWDetection - ok
21:34:00.0912 5836 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:34:00.0924 5836 sisagp - ok
21:34:00.0946 5836 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:34:00.0958 5836 SiSRaid2 - ok
21:34:00.0970 5836 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:34:00.0983 5836 SiSRaid4 - ok
21:34:01.0036 5836 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:34:01.0058 5836 SkypeUpdate - ok
21:34:01.0075 5836 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:34:01.0110 5836 Smb - ok
21:34:01.0124 5836 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:34:01.0145 5836 SNMPTRAP - ok
21:34:01.0158 5836 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
21:34:01.0169 5836 spldr - ok
21:34:01.0194 5836 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
21:34:01.0229 5836 Spooler - ok
21:34:01.0309 5836 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
21:34:01.0462 5836 sppsvc - ok
21:34:01.0490 5836 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:34:01.0516 5836 sppuinotify - ok
21:34:01.0534 5836 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:34:01.0573 5836 srv - ok
21:34:01.0599 5836 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:34:01.0629 5836 srv2 - ok
21:34:01.0653 5836 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:34:01.0688 5836 srvnet - ok
21:34:01.0706 5836 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:34:01.0744 5836 SSDPSRV - ok
21:34:01.0753 5836 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:34:01.0790 5836 SstpSvc - ok
21:34:01.0808 5836 Steam Client Service - ok
21:34:01.0826 5836 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:34:01.0837 5836 stexstor - ok
21:34:01.0860 5836 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
21:34:01.0899 5836 StiSvc - ok
21:34:01.0926 5836 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
21:34:01.0939 5836 swenum - ok
21:34:01.0960 5836 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
21:34:02.0005 5836 swprv - ok
21:34:02.0037 5836 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
21:34:02.0085 5836 SysMain - ok
21:34:02.0102 5836 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:34:02.0143 5836 TabletInputService - ok
21:34:02.0164 5836 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
21:34:02.0208 5836 TapiSrv - ok
21:34:02.0223 5836 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
21:34:02.0270 5836 TBS - ok
21:34:02.0313 5836 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:34:02.0351 5836 Tcpip - ok
21:34:02.0374 5836 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:34:02.0399 5836 TCPIP6 - ok
21:34:02.0421 5836 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:34:02.0433 5836 tcpipreg - ok
21:34:02.0462 5836 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:34:02.0501 5836 TDPIPE - ok
21:34:02.0510 5836 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:34:02.0531 5836 TDTCP - ok
21:34:02.0553 5836 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:34:02.0597 5836 tdx - ok
21:34:02.0610 5836 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:34:02.0621 5836 TermDD - ok
21:34:02.0656 5836 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
21:34:02.0690 5836 TermService - ok
21:34:02.0696 5836 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
21:34:02.0710 5836 Themes - ok
21:34:02.0719 5836 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
21:34:02.0742 5836 THREADORDER - ok
21:34:02.0762 5836 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
21:34:02.0786 5836 TrkWks - ok
21:34:02.0832 5836 [ B1F9B01F90F08ED91AF5A7D3ED66148C ] Trufos C:\Windows\system32\DRIVERS\Trufos.sys
21:34:02.0845 5836 Trufos - ok
21:34:02.0892 5836 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:34:02.0946 5836 TrustedInstaller - ok
21:34:02.0968 5836 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:34:02.0991 5836 tssecsrv - ok
21:34:03.0047 5836 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:34:03.0084 5836 TsUsbFlt - ok
21:34:03.0110 5836 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:34:03.0173 5836 tunnel - ok
21:34:03.0185 5836 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:34:03.0200 5836 uagp35 - ok
21:34:03.0217 5836 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:34:03.0259 5836 udfs - ok
21:34:03.0279 5836 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:34:03.0294 5836 UI0Detect - ok
21:34:03.0321 5836 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:34:03.0334 5836 uliagpkx - ok
21:34:03.0355 5836 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
21:34:03.0370 5836 umbus - ok
21:34:03.0397 5836 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:34:03.0430 5836 UmPass - ok
21:34:03.0448 5836 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
21:34:03.0488 5836 upnphost - ok
21:34:03.0519 5836 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:34:03.0553 5836 usbccgp - ok
21:34:03.0587 5836 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:34:03.0629 5836 usbcir - ok
21:34:03.0641 5836 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
21:34:03.0657 5836 usbehci - ok
21:34:03.0682 5836 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:34:03.0718 5836 usbhub - ok
21:34:03.0745 5836 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:34:03.0759 5836 usbohci - ok
21:34:03.0765 5836 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:34:03.0778 5836 usbprint - ok
21:34:03.0800 5836 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:34:03.0815 5836 usbscan - ok
21:34:03.0823 5836 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:34:03.0850 5836 USBSTOR - ok
21:34:03.0875 5836 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:34:03.0899 5836 usbuhci - ok
21:34:03.0916 5836 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
21:34:03.0960 5836 UxSms - ok
21:34:03.0977 5836 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
21:34:03.0991 5836 VaultSvc - ok
21:34:04.0009 5836 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:34:04.0023 5836 vdrvroot - ok
21:34:04.0056 5836 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
21:34:04.0101 5836 vds - ok
21:34:04.0116 5836 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:34:04.0130 5836 vga - ok
21:34:04.0140 5836 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:34:04.0163 5836 VgaSave - ok
21:34:04.0176 5836 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:34:04.0189 5836 vhdmp - ok
21:34:04.0211 5836 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:34:04.0223 5836 viaagp - ok
21:34:04.0230 5836 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
21:34:04.0251 5836 ViaC7 - ok
21:34:04.0268 5836 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
21:34:04.0279 5836 viaide - ok
21:34:04.0287 5836 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:34:04.0299 5836 volmgr - ok
21:34:04.0317 5836 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:34:04.0332 5836 volmgrx - ok
21:34:04.0341 5836 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:34:04.0356 5836 volsnap - ok
21:34:04.0368 5836 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:34:04.0381 5836 vsmraid - ok
21:34:04.0407 5836 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
21:34:04.0452 5836 VSS - ok
21:34:04.0464 5836 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:34:04.0477 5836 vwifibus - ok
21:34:04.0493 5836 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:34:04.0507 5836 vwififlt - ok
21:34:04.0524 5836 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:34:04.0538 5836 vwifimp - ok
21:34:04.0556 5836 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
21:34:04.0599 5836 W32Time - ok
21:34:04.0612 5836 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:34:04.0624 5836 WacomPen - ok
21:34:04.0649 5836 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:34:04.0675 5836 WANARP - ok
21:34:04.0677 5836 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:34:04.0699 5836 Wanarpv6 - ok
21:34:04.0752 5836 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:34:04.0788 5836 WatAdminSvc - ok
21:34:04.0815 5836 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
21:34:04.0870 5836 wbengine - ok
21:34:04.0882 5836 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:34:04.0915 5836 WbioSrvc - ok
21:34:04.0944 5836 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:34:04.0983 5836 wcncsvc - ok
21:34:04.0997 5836 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:34:05.0046 5836 WcsPlugInService - ok
21:34:05.0050 5836 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:34:05.0063 5836 Wd - ok
21:34:05.0090 5836 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:34:05.0117 5836 Wdf01000 - ok
21:34:05.0133 5836 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:34:05.0196 5836 WdiServiceHost - ok
21:34:05.0202 5836 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:34:05.0222 5836 WdiSystemHost - ok
21:34:05.0232 5836 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
21:34:05.0264 5836 WebClient - ok
21:34:05.0283 5836 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:34:05.0312 5836 Wecsvc - ok
21:34:05.0324 5836 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:34:05.0356 5836 wercplsupport - ok
21:34:05.0390 5836 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
21:34:05.0438 5836 WerSvc - ok
21:34:05.0469 5836 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:34:05.0514 5836 WfpLwf - ok
21:34:05.0526 5836 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:34:05.0536 5836 WIMMount - ok
21:34:05.0596 5836 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:34:05.0650 5836 WinDefend - ok
21:34:05.0654 5836 WinHttpAutoProxySvc - ok
21:34:05.0706 5836 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:34:05.0774 5836 Winmgmt - ok
21:34:05.0807 5836 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
21:34:05.0866 5836 WinRM - ok
21:34:05.0910 5836 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:34:05.0968 5836 Wlansvc - ok
21:34:05.0997 5836 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:34:06.0030 5836 WmiAcpi - ok
21:34:06.0046 5836 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:34:06.0070 5836 wmiApSrv - ok
21:34:06.0127 5836 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:34:06.0204 5836 WMPNetworkSvc - ok
21:34:06.0222 5836 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:34:06.0262 5836 WPCSvc - ok
21:34:06.0294 5836 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:34:06.0336 5836 WPDBusEnum - ok
21:34:06.0345 5836 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:34:06.0373 5836 ws2ifsl - ok
21:34:06.0384 5836 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
21:34:06.0410 5836 wscsvc - ok
21:34:06.0412 5836 WSearch - ok
21:34:06.0482 5836 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:34:06.0578 5836 wuauserv - ok
21:34:06.0627 5836 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:34:06.0681 5836 WudfPf - ok
21:34:06.0702 5836 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:34:06.0727 5836 WUDFRd - ok
21:34:06.0757 5836 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:34:06.0783 5836 wudfsvc - ok
21:34:06.0798 5836 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
21:34:06.0834 5836 WwanSvc - ok
21:34:06.0852 5836 ================ Scan global ===============================
21:34:06.0876 5836 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:34:06.0902 5836 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
21:34:06.0911 5836 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
21:34:06.0933 5836 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:34:06.0957 5836 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:34:06.0963 5836 [Global] - ok
21:34:06.0963 5836 ================ Scan MBR ==================================
21:34:06.0977 5836 [ 5D949EEA3BEEC2DF38A2D7900AD89A60 ] \Device\Harddisk0\DR0
21:34:08.0818 5836 \Device\Harddisk0\DR0 - ok
21:34:08.0819 5836 ================ Scan VBR ==================================
21:34:08.0822 5836 [ 4BA4FAB1AB1BB0938C5CE8CA9A40EC46 ] \Device\Harddisk0\DR0\Partition1
21:34:08.0824 5836 \Device\Harddisk0\DR0\Partition1 - ok
21:34:08.0851 5836 [ 6906C902F0E51AF117D14BDF3646A777 ] \Device\Harddisk0\DR0\Partition2
21:34:08.0853 5836 \Device\Harddisk0\DR0\Partition2 - ok
21:34:08.0885 5836 [ 4A6508FACEA94B9FCABE01BDC850863E ] \Device\Harddisk0\DR0\Partition3
21:34:08.0887 5836 \Device\Harddisk0\DR0\Partition3 - ok
21:34:08.0887 5836 ============================================================
21:34:08.0887 5836 Scan finished
21:34:08.0887 5836 ============================================================
21:34:08.0900 4612 Detected object count: 0
21:34:08.0900 4612 Actual detected object count: 0
|
|
29.11.2012, 11:02
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizeivirus Österreich Bitte ein Log mit CF machen ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.11.2012, 16:53
| #5 |
| | Polizeivirus Österreich So, hier ist das Logfile: Code:
ATTFilter ComboFix 12-11-30.02 - Monti23-7 30.11.2012 16:24:54.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.3063.1800 [GMT 1:00]
ausgeführt von:: c:\users\Monti23-7\Desktop\ComboFix.exe
AV: BullGuard Antivirus *Disabled/Updated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}
SP: BullGuard Antispyware *Disabled/Updated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Internet Explorer
c:\internet explorer\Custom\eBay.ico
c:\programdata\dsgsdgdsgdsgw.pad
c:\programdata\lsass.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-28 bis 2012-11-30 ))))))))))))))))))))))))))))))
.
.
2012-11-30 15:34 . 2012-11-30 15:35 -------- d-----w- c:\users\Monti23-7\AppData\Local\temp
2012-11-30 15:34 . 2012-11-30 15:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-30 15:19 . 2012-11-30 15:19 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC7AB152-13CB-494E-90D7-BE3E66EC4423}\offreg.dll
2012-11-30 14:12 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC7AB152-13CB-494E-90D7-BE3E66EC4423}\mpengine.dll
2012-11-25 22:32 . 2012-11-25 22:30 308296 ----a-w- c:\windows\system32\drivers\Trufos.sys
2012-11-25 22:31 . 2012-11-25 22:31 54624 ----a-w- c:\windows\system32\BGLsp.dll
2012-11-25 22:31 . 2012-11-25 22:31 100216 ----a-w- c:\windows\system32\BgGamingMonitor.dll
2012-11-25 22:26 . 2012-11-25 22:26 -------- d-----w- c:\program files\Common Files\BullGuard Ltd
2012-11-17 02:02 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-17 02:02 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-17 02:02 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-17 02:02 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-17 02:02 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-17 02:02 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-17 02:02 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-17 02:02 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-17 02:02 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-17 02:02 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 23:07 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 23:07 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-16 23:07 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-16 23:07 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-16 23:07 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-16 23:07 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-16 23:07 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-16 23:07 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-16 23:07 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-16 23:06 . 2012-10-18 17:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-16 23:06 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-16 23:06 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-25 22:31 . 2011-05-04 17:57 20040 ----a-w- c:\windows\system32\drivers\NSNetmon.sys
2012-11-25 22:31 . 2011-05-04 17:57 216136 ----a-w- c:\windows\system32\drivers\NSKernel.sys
2012-10-16 07:39 . 2012-11-28 19:11 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-09-14 18:28 . 2012-10-10 18:35 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Steam"="c:\program files\Steam\Steam.exe" [2012-08-04 1353080]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\BullGuard.exe" [2012-11-26 1714528]
"BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" [2010-11-07 286720]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-04-08 273544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2565520]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-03-27 10967656]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-13 343168]
.
c:\users\Monti23-7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ctfmon.lnk - c:\programdata\lsass.exe [N/A]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-6-17 174064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@="Service"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys [x]
S1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\DRIVERS\NSKernel.sys [x]
S1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\DRIVERS\NSNetmon.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BsBackup;BullGuard backup service;c:\windows\System32\SvcHost.exe [x]
S2 BsBhvScan;BullGuard behavioural detection service;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [x]
S2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe [x]
S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe [x]
S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe [x]
S2 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [x]
S2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard_Main REG_MULTI_SZ BsMain
BullGuard REG_MULTI_SZ BsFileScan
BullGuard_LowPriv REG_MULTI_SZ BsBrowser
BullGuard_Backup REG_MULTI_SZ BsBackup
BullGuard_Proxy REG_MULTI_SZ BsMailProxy
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 23:16]
.
2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 18:23]
.
2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-28 18:23]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aldi.com
mStart Page = about:blank
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4
LSP: c:\windows\system32\BGLsp.dll
TCP: DhcpNameServer = 10.0.0.138
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-TaskTray - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-30 16:36:13
ComboFix-quarantined-files.txt 2012-11-30 15:36
.
Vor Suchlauf: 13 Verzeichnis(se), 1.125.879.410.688 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 1.126.646.124.544 Bytes frei
.
- - End Of File - - 366F5E0B269DA44B2DBD937D8BC0B5CE
|
|
30.11.2012, 21:20
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizeivirus Österreich adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ --> Polizeivirus Österreich |
|
02.12.2012, 23:58
| #7 |
| | Polizeivirus Österreich Hier ist das Logfile: Code:
ATTFilter # AdwCleaner v2.011 - Datei am 02/12/2012 um 23:57:59 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Monti23-7 - MONTI23-7-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Monti23-7\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Ordner Gefunden : C:\Program Files\BabylonToolbar
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Ordner Gefunden : C:\Users\Monti23-7\AppData\LocalLow\BabylonToolbar
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\BabylonToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\BabylonToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gefunden : HKU\S-1-5-21-4177358873-602087415-1262994133-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BabylonToolbar]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16455
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v23.0.1271.95
Datei : C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [6065 octets] - [02/12/2012 23:57:59]
########## EOF - C:\AdwCleaner[R1].txt - [6125 octets] ##########
|
|
03.12.2012, 13:30
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizeivirus Österreich Versuch bitte alle im adwCleaner-Log erwähnten Einträge (wie zB BabylonToolbar) über die Systemsteuerung zu deinstallieren, danach ein neues Suchlog mit dem adwCleaner machen. Reste und was sich nicht deinstallieren lassen will machen wir mit dem adwCleaner weg.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.12.2012, 21:10
| #9 |
| | Polizeivirus Österreich Habe jetzt das Toolbar deinstalliert. Im neuen Suchlog zeigt er mir das dennoch weiterhin an. Welche Programme sind es denn noch? Auch jene bei den Schlüsseln? Bekam außerdem eine C++-Fehlermeldung beim Neustart des Systems betreffend dieses Toolbars. Geändert von Montezuma32 (05.12.2012 um 21:39 Uhr) |
|
05.12.2012, 21:42
| #10 |
| | Polizeivirus Österreich So schaut diese Fehlermeldung aus.  Kommt bei jedem Neustart seit ich das deinstalliert habe. |
|
06.12.2012, 12:21
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizeivirus Österreich Diese Fehlermeldung interessiert jetzt erstmal nicht, ich will ein neues adwCleaner Log
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.12.2012, 23:31
| #12 |
| | Polizeivirus Österreich Hier ist das Log: Code:
ATTFilter # AdwCleaner v2.011 - Datei am 06/12/2012 um 23:27:02 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Monti23-7 - MONTI23-7-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Monti23-7\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Ordner Gefunden : C:\Program Files\BabylonToolbar
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Monti23-7\AppData\LocalLow\BabylonToolbar
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gefunden : HKU\S-1-5-21-4177358873-602087415-1262994133-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BabylonToolbar]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16455
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v23.0.1271.95
Datei : C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [6194 octets] - [02/12/2012 23:57:59]
AdwCleaner[R2].txt - [2913 octets] - [05/12/2012 21:07:57]
AdwCleaner[R3].txt - [3099 octets] - [05/12/2012 21:16:52]
AdwCleaner[R4].txt - [2902 octets] - [06/12/2012 23:27:03]
########## EOF - C:\AdwCleaner[R4].txt - [2962 octets] ##########
|
|
07.12.2012, 10:24
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizeivirus Österreich adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.12.2012, 19:25
| #14 |
| | Polizeivirus Österreich Hier die Logs: adwcleaner: Code:
ATTFilter # AdwCleaner v2.011 - Datei am 09/12/2012 um 19:00:50 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Monti23-7 - MONTI23-7-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Monti23-7\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Ordner Gelöscht : C:\Program Files\BabylonToolbar
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Monti23-7\AppData\LocalLow\BabylonToolbar
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BabylonToolbar]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16455
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v23.0.1271.95
Datei : C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [6194 octets] - [02/12/2012 23:57:59]
AdwCleaner[R2].txt - [2913 octets] - [05/12/2012 21:07:57]
AdwCleaner[R3].txt - [3099 octets] - [05/12/2012 21:16:52]
AdwCleaner[R4].txt - [3031 octets] - [06/12/2012 23:27:03]
AdwCleaner[S1].txt - [2803 octets] - [09/12/2012 19:00:50]
########## EOF - C:\AdwCleaner[S1].txt - [2863 octets] ##########
Extras.txt: Code:
ATTFilter OTL Extras logfile created on: 12/9/2012 7:12:09 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Monti23-7\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
2.99 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 56.98% Memory free
5.98 Gb Paging File | 4.38 Gb Available in Paging File | 73.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1356.17 Gb Total Space | 1049.38 Gb Free Space | 77.38% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 21.08 Gb Free Space | 52.71% Space Free | Partition Type: NTFS
Drive E: | 5.41 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: MONTI23-7-PC | User Name: Monti23-7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{095B75BE-6ACE-4E6C-9948-E9CF7C0C9847}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0E5CB5E2-E0A5-4C71-B0F6-3459A8C4498A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1E4CD0BC-C40D-478B-B09C-90DDAF1BD517}" = lport=445 | protocol=6 | dir=in | app=system |
"{25C2FAB8-1284-4ED8-A06E-260DFAA11061}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2BBFA712-376C-4E2A-B9E3-1400885F4290}" = rport=445 | protocol=6 | dir=out | app=system |
"{2E34804B-47BD-41AE-B2EC-8DAF769C4B2F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{39DB30C6-E0D1-474C-9F15-2F94F2AFCBEA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4A50A0CB-6264-469B-BEB9-1DD93544D812}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4E322661-92FC-4F95-8CF2-C221E91944FB}" = lport=139 | protocol=6 | dir=in | app=system |
"{529F0FAC-3F59-4568-BB9B-CB32398DE15A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{546A38A2-6D45-41BE-AEC1-D15253706773}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{63B09FFF-8B14-444B-8F5C-074CA5A0D47F}" = lport=138 | protocol=17 | dir=in | app=system |
"{8138EA98-9D0D-4253-B11E-610842B9ACD8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8258FA72-FCC5-4E29-A8BA-DAF0A551EBF1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{844BE915-2940-4548-85EC-14B2642344BC}" = lport=137 | protocol=17 | dir=in | app=system |
"{97B46D87-24CB-4E5E-A548-58DEBC180C17}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9AE8598D-B772-4CE3-9424-2198523F4897}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B1FDE213-EF97-4C8F-A187-B12C8D25A9AD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BC272107-47DE-4D54-AAC5-362F2FFB91DC}" = rport=137 | protocol=17 | dir=out | app=system |
"{D3364243-F036-46A2-8F96-3E27F09542F9}" = rport=139 | protocol=6 | dir=out | app=system |
"{E044B1C3-B4BE-462C-904A-F16F219B5630}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E4CC73DB-C257-4D64-B7F0-AB25145E2ACB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EFDF64DB-86E3-467A-B710-A03D5779E1BB}" = rport=138 | protocol=17 | dir=out | app=system |
"{EFF94207-C59E-4944-9E84-ABE3B5E91567}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1EB9843-B242-45BE-B6AC-E693ABF5751E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01DD296E-AF5B-49D5-BF5D-07CF3818F6DB}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{0B0B996A-04FB-4A2F-A9AD-893F29088ACD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{19B4BEF0-32DE-44D2-85E3-366A229436C7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{216DE15A-C473-4713-94A2-6C17078087ED}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{33AC9147-07CE-4B30-B17E-D4B202CC4A49}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{340D6DD8-A09F-4FC0-92AC-B55AC7058EC3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{37A82748-6D74-4BFB-86D8-E7EBF722FCA6}" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{3D1602B3-BF6E-4EF1-9ECE-31A7930520E3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3FB37BE3-A1B5-438A-9DC5-AF75212DD67F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{42C4FA76-A2D7-4969-822D-2A0604F07BA8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{42D7DADB-1AB6-4387-91CB-1763905E65E2}" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{48F69DD0-3220-4BB9-9510-251DBCCE5865}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{4F22CAF4-B931-4BA5-A47F-99DB3B8FE2CD}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{521C6AE6-B190-44F5-B966-A34361B5F722}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{5A13C1BA-16F7-4D59-BA24-5567A43DC153}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5AD9923C-5C7D-473A-9071-292E0F17AE38}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6185BE2A-C525-4C27-9E65-AF4BEE79823F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\napoleon total war\napoleon.exe |
"{63F0BEEE-56C2-4426-A312-FCE73083ECC7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{6746855D-04DD-420A-8FEE-D99D41E700B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{71FA2C60-79C5-4BB1-A3FA-5B7789505872}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{75636887-8AB0-446A-A112-F735D6434ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7842F221-79E7-41C5-81B7-A54CE885CBE8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{7A8DADB4-E296-4826-AEA9-E2174CFB1F6C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{8619045B-77A7-4BF1-AE70-FA914080A1D4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{88CAC040-C3C4-4CEF-BC7A-03F5D89DC088}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8F6FE7C2-BF70-4448-9084-A79F7A7BA60F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\napoleon total war\napoleon.exe |
"{911E8B36-2F73-426B-89BF-CFDB86FE8875}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9147EA70-957B-4700-8B4D-E47465115878}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{91FD2B5A-43FF-4080-95E0-4699453BF495}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{9B6EEB89-44CA-4DC0-9C85-3D9B3D69B6B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AA1A017F-0042-4C91-AF01-0C92F0AF544C}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{AD9C948E-BBA2-498F-89C8-9BBFE65E179F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{AE68CF6F-E74E-470C-8055-3F0EF8F6A389}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B6FB6951-D6F0-4C85-81CA-9B3743B22D9B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{BA830FE3-1CB5-49AB-9FC3-6FE5F6D61A3E}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{C4D8B5AF-3408-44AB-97D2-FFA1C1C4A00A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe |
"{E21052AD-0178-4FB9-923C-03221392EB6F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{E99CF9A6-AEB6-4C27-AD55-0BDD4BC292B2}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"{EB783370-8426-4A46-8E05-778366B0C274}" = protocol=6 | dir=out | app=system |
"{EEDCF77E-60FA-41D3-BC2E-0AFBC06C2C76}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F3432B0B-F71A-49DD-80DB-02DECA762B72}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F7050563-5F40-43D8-8FB0-61BAEC582FBE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{FB402150-EF8A-443F-8801-B5006EA55BA7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FDC88E28-9BA6-4573-947F-7CA23BCCC670}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\total war shogun 2\shogun2.exe |
"TCP Query User{09BFF196-4E2D-4927-805F-5B545CD592B6}C:\program files\real\realplayer\recordingmanager.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\recordingmanager.exe |
"TCP Query User{10CA4D13-D8C5-4995-AEBF-625BA5000F3C}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{26667692-933D-4AAC-9B5E-CE211BCE5AD1}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{2876C127-EB13-448A-B1B9-84567023697C}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe |
"TCP Query User{32699936-6D66-4CB2-8CAF-1CF533612F85}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"TCP Query User{397F491A-EBC6-49B9-A740-D454880A7F2E}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"TCP Query User{3992AF7D-60AE-4286-9795-81F4FDAFB0BE}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"TCP Query User{437D6135-47F3-4E3E-8B0F-9E4D84E1D41C}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"TCP Query User{5C0E79FC-2FFF-4039-BBCC-E3EC0482A051}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{5DC26BC4-FC4C-403E-8364-A3135AB47658}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
"TCP Query User{5E80089E-68B8-4BA6-8CB4-6B8F649430CB}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"TCP Query User{7D943853-BE9A-46C9-A875-1E1771E47A40}C:\users\monti23-7\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\monti23-7\appdata\local\temp\gw2.exe |
"TCP Query User{831E7277-7A25-46F8-AE98-C00842FE2EC2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{92D4D211-B3F2-43D0-BEB1-11C411EE63B8}C:\program files\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files\guild wars 2\gw2.exe |
"TCP Query User{9B6D7C2A-6575-4E0F-8A27-245427EECD1E}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"TCP Query User{AEC557F3-CE1B-4853-AF14-C07967705536}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"TCP Query User{B6DE7E7B-7720-4D88-BF93-3B8AFD140583}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"TCP Query User{CE51D67F-B543-40F2-82A2-B03100E780B2}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |
"UDP Query User{0315E635-316A-4005-A67E-1F1674010262}C:\users\monti23-7\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\monti23-7\appdata\local\temp\gw2.exe |
"UDP Query User{04372BAC-0A64-4FAD-A865-2D0FE993AF32}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"UDP Query User{09DF77D4-A45F-4333-9797-34C5CAC2C0F4}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"UDP Query User{10B3AD52-09D6-4E2E-B8EE-819D0716BA0C}C:\program files\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files\guild wars 2\gw2.exe |
"UDP Query User{1BEBAF54-4906-4113-90B2-23245E735FE2}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{3886DD9E-D40E-46BD-B949-B598A3EB5AA3}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"UDP Query User{80348BC3-43B9-4C27-99A4-72F2925E3E3E}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"UDP Query User{80C27B4C-C1F4-4FA6-8F62-7DAD985AC28C}C:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
"UDP Query User{A707CFA5-721E-48A3-8432-33CB4AEC12A7}C:\program files\real\realplayer\recordingmanager.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\recordingmanager.exe |
"UDP Query User{AC3FC5D3-D8D6-4274-8AED-226391D0A4D5}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"UDP Query User{D8C60831-D333-42D2-9F19-3AE07EC7E376}C:\users\public\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"UDP Query User{E4AAB933-BA4D-43B2-BE56-7AE7945C75E3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{E91FB76E-EA95-46D3-B8AF-25B17D4277F1}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |
"UDP Query User{ED3339D7-F15E-4BB8-AD63-7CB83B5E5DCC}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"UDP Query User{ED6EA2BD-6C61-405F-9B9F-E4F0D08F1307}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{FD358B09-9CC1-4B46-A040-C412311DBEE3}C:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"UDP Query User{FEA5E445-1C93-4677-A088-093E259ED3BF}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{FF7684B2-19DA-485D-A0D1-41C9B8D5A625}C:\users\public\games\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.2.0.2492-enus-tools-downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{000A90E0-6736-6DCE-141F-01CCE8F54F8B}" = CCC Help Spanish
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{032BDCB5-9B4C-E2CB-43C9-C77C0B7A81CC}" = ccc-utility
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{050E08AE-5A97-99BC-7929-EBF7B0839BFE}" = CCC Help English
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBA1F27-DED3-EDF3-6326-834902369DA3}" = CCC Help Japanese
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{44E6F2E0-E52F-A6C4-E314-5978AB46DC81}" = CCC Help Norwegian
"{45D77EDE-0D5B-30EA-E2D7-85DD18E2088A}" = Catalyst Control Center InstallProxy
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{474218AC-4EE2-E8C5-DA15-AB74EA54B926}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EE6ADEE-5770-5D5D-C8D4-83DE1BF7A75D}" = AMD Catalyst Install Manager
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{6597BADF-5C25-00F9-5ED6-809218CCF3A2}" = CCC Help Finnish
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CB2BF2B-EE3E-0E1C-A357-1C628D7E947D}" = CCC Help Dutch
"{6FA6B993-5E5A-49DF-8AA3-A2BD0649F9A7}" = MovieJack 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{7E653036-DE31-4BFD-96BB-421CC72E06FC}" = PHOTOfunSTUDIO 6.1 HD Lite Edition
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{87622654-DDEB-5AA1-581A-48447C740C35}" = CCC Help Swedish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91A0DC22-AAEC-6615-5F6C-2AB3879142C8}" = Catalyst Control Center Localization All
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5D65411-8E73-4C85-AD80-9FE8B7391CF9}" = Rome Total War - patch 1.3
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC589470-884E-4E15-96D8-437780F8185D}" = Super LoiLoScope WebShortcut
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.4 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B5E0CAE3-385B-AA57-9FA5-E4394D22272D}" = AMD Drag and Drop Transcoding
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCD98EDB-A8F7-298C-A934-03AE1C764A40}" = AMD Media Foundation Decoders
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2E41E17-AE7E-7128-1035-D8AF4211A980}" = CCC Help German
"{D4DB5A3E-6474-1EEA-CE26-5384D9261490}" = CCC Help Danish
"{DE801D58-6BD6-4C8A-EFEF-FCAFA69865D6}" = CCC Help Italian
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F3229854-F6D4-55AB-C920-20B5A771DDB8}" = Catalyst Control Center
"{FEF62B76-68B6-1585-A0C5-36665529C2AA}" = AMD AVIVO Codecs
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BullGuard" = BullGuard
"Canon MG5300 series Benutzerregistrierung" = Canon MG5300 series Benutzerregistrierung
"Canon MG5300 series On-screen Manual" = Canon MG5300 series On-screen Manual
"Canon MP630 series Benutzerregistrierung" = Canon MP630 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Diablo III" = Diablo III
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Google Chrome" = Google Chrome
"Guild Wars 2" = Guild Wars 2
"Hardware Helper_is1" = Hardware Helper
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"RealPlayer 12.0" = RealPlayer
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"Steam App 10500" = Empire: Total War
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 34030" = Napoleon: Total War
"Steam App 34330" = Total War: SHOGUN 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 1.1.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
"World of Warcraft" = World of Warcraft
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4177358873-602087415-1262994133-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11/30/2012 7:36:08 PM | Computer Name = Monti23-7-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 11/30/2012 7:37:14 PM | Computer Name = Monti23-7-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Canon\mp
navigator ex 5.0\mpnmlif64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12/2/2012 6:51:51 PM | Computer Name = Monti23-7-PC | Source = Windows Backup | ID = 4103
Description =
Error - 12/4/2012 3:27:34 PM | Computer Name = Monti23-7-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 12/4/2012 3:28:45 PM | Computer Name = Monti23-7-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Canon\mp
navigator ex 5.0\mpnmlif64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12/5/2012 5:22:52 PM | Computer Name = Monti23-7-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 12/5/2012 5:24:01 PM | Computer Name = Monti23-7-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Canon\mp
navigator ex 5.0\mpnmlif64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12/9/2012 1:39:16 PM | Computer Name = Monti23-7-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 12/9/2012 1:40:23 PM | Computer Name = Monti23-7-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Canon\mp
navigator ex 5.0\mpnmlif64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12/9/2012 2:03:49 PM | Computer Name = Monti23-7-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Steam.exe, Version: 1.0.1595.686,
Zeitstempel: 0x50b7ef0d Name des fehlerhaften Moduls: tier0_s.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x50bbc0d4 Ausnahmecode: 0xc0000005 Fehleroffset: 0x026e8240
ID
des fehlerhaften Prozesses: 0xbb8 Startzeit der fehlerhaften Anwendung: 0x01cdd63765ac559c
Pfad
der fehlerhaften Anwendung: C:\Program Files\Steam\Steam.exe Pfad des fehlerhaften
Moduls: tier0_s.dll Berichtskennung: c833d561-422a-11e2-8e1e-6c626d8ae4e1
[ System Events ]
Error - 12/30/2011 11:15:01 AM | Computer Name = Monti23-7-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?30.?12.?2011 um 16:13:40 unerwartet heruntergefahren.
Error - 12/30/2011 11:17:32 AM | Computer Name = Monti23-7-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst BsMailProxy erreicht.
Error - 12/30/2011 11:18:02 AM | Computer Name = Monti23-7-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Winmgmt erreicht.
Error - 12/30/2011 7:11:32 PM | Computer Name = Monti23-7-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?30.?12.?2011 um 19:12:30 unerwartet heruntergefahren.
Error - 1/3/2012 4:42:17 PM | Computer Name = Monti23-7-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?01.?2012 um 03:18:09 unerwartet heruntergefahren.
Error - 1/7/2012 7:53:05 PM | Computer Name = Monti23-7-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?07.?01.?2012 um 12:57:37 unerwartet heruntergefahren.
< End of report >
Code:
ATTFilter OTL logfile created on: 12/9/2012 7:12:09 PM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Monti23-7\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2.99 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 56.98% Memory free 5.98 Gb Paging File | 4.38 Gb Available in Paging File | 73.29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1356.17 Gb Total Space | 1049.38 Gb Free Space | 77.38% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 21.08 Gb Free Space | 52.71% Space Free | Partition Type: NTFS Drive E: | 5.41 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: MONTI23-7-PC | User Name: Monti23-7 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Users\Monti23-7\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.) PRC - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe (BullGuard Ltd.) PRC - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe (BullGuard Ltd.) PRC - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (BullGuard Ltd.) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll () MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\libglesv2.dll () MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\libegl.dll () MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\avutil-51.dll () MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll () MOD - C:\Program Files\Google\Chrome\Application\23.0.1271.95\avformat-54.dll () MOD - C:\Program Files\BullGuard Ltd\BullGuard\res\de\BpInspectorRes.dll () MOD - C:\Program Files\BullGuard Ltd\BullGuard\res\de\BpMainRes.dll () MOD - C:\Program Files\BullGuard Ltd\BullGuard\res\de\BpBackupRes.dll () MOD - C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll () MOD - C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll () MOD - C:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9f7b241c4cff24e6d0b554efb60aa8be\WindowsFormsIntegration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3a7eb7595728baf4078ec5f97b44180c\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4d7a457d9f9adcce4d201119b5179c29\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Program Files\WinRAR\rarext.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () ========== Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (BsMailProxy) -- C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll (BullGuard Ltd.) SRV - (BsMain) -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll (BullGuard Ltd.) SRV - (BsBackup) -- C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll (BullGuard Ltd.) SRV - (BsScanner) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe (BullGuard Ltd.) SRV - (BsFileScan) -- C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll (BullGuard Ltd.) SRV - (BsBhvScan) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe (BullGuard Ltd.) SRV - (BsUpdate) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (BullGuard Ltd.) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\MONTI2~1\AppData\Local\Temp\catchme.sys File not found DRV - (NovaShieldTDIDriver) -- C:\Windows\System32\drivers\NSNetmon.sys (NovaShield, Inc.) DRV - (NovaShieldFilterDriver) -- C:\Windows\System32\drivers\NSKernel.sys (NovaShield, Inc.) DRV - (Trufos) -- C:\Windows\System32\drivers\Trufos.sys (BitDefender S.R.L.) DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (BdSpy) -- C:\Windows\System32\drivers\BdSpy.sys (BullGuard Ltd.) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4177358873-602087415-1262994133-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-4177358873-602087415-1262994133-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com IE - HKU\S-1-5-21-4177358873-602087415-1262994133-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4177358873-602087415-1262994133-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4177358873-602087415-1262994133-1000\..\SearchScopes\{4B90DA04-78FE-41DC-867E-8CD2C5E65D0D}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393 IE - HKU\S-1-5-21-4177358873-602087415-1262994133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/08 15:44:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: c:\program files\bullguard ltd\bullguard\Antiphishing\FF\antiphishing@bullguard\ [2012/11/25 23:37:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\Spamfilter\TbSpamfilter [2012/11/25 23:37:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin [2012/11/25 23:37:48 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.210.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3\ CHR - Extension: Google Mail = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012/11/30 16:35:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-4177358873-602087415-1262994133-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\Monti23-7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = File not found O4 - Startup: C:\Users\Monti23-7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4177358873-602087415-1262994133-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4177358873-602087415-1262994133-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - c:\program files\bullguard ltd\bullguard\Antiphishing\IE\BGAntiphishingIE.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{732048A9-7E8D-428F-9AF3-D5BE1F66BC7A}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A295CD5-A244-421C-A8EF-9E3A343737CB}: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - AppInit_DLLs: (BgGamingMonitor.dll) - C:\Windows\System32\BgGamingMonitor.dll (BullGuard Ltd.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/12/04 20:48:21 | 000,000,000 | ---D | C] -- C:\Users\Monti23-7\Tracing [2012/11/30 16:36:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/11/30 16:36:15 | 000,000,000 | ---D | C] -- C:\Users\Monti23-7\AppData\Local\temp [2012/11/30 16:22:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/11/30 16:22:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/11/30 16:22:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/11/30 16:18:50 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/11/30 16:18:15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/11/30 16:08:35 | 005,009,213 | R--- | C] (Swearware) -- C:\Users\Monti23-7\Desktop\ComboFix.exe [2012/11/28 21:30:02 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Monti23-7\Desktop\tdsskiller.exe [2012/11/28 20:54:14 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Monti23-7\Desktop\aswMBR.exe [2012/11/26 20:58:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Monti23-7\Desktop\OTL.exe [2012/11/25 23:32:19 | 000,308,296 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\Trufos.sys [2012/11/25 23:31:54 | 000,100,216 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\BgGamingMonitor.dll [2012/11/25 23:31:54 | 000,054,624 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll [2012/11/25 23:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BullGuard Ltd [2012/11/17 03:02:44 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2012/11/17 03:02:44 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2012/11/17 03:02:00 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2012/11/17 03:02:00 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2012/11/17 03:02:00 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2012/11/17 03:01:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/11/17 03:01:22 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012/11/17 03:01:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/11/17 03:01:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012/11/17 03:01:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/11/17 03:01:20 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012/11/17 03:01:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/11/17 03:01:19 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012/11/17 00:07:12 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2012/11/17 00:07:09 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll [2012/11/17 00:07:09 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll [2012/11/17 00:07:08 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2012/11/17 00:06:57 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012/11/17 00:06:54 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll [2012/11/17 00:06:54 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll ========== Files - Modified Within 30 Days ========== [2012/12/09 19:09:56 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/09 19:09:56 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/09 19:04:23 | 000,000,512 | ---- | M] () -- C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD [2012/12/09 19:03:44 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/12/09 19:02:24 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/12/09 19:02:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/12/09 19:02:18 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys [2012/12/09 18:20:05 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/12/05 21:37:32 | 000,041,695 | ---- | M] () -- C:\Users\Monti23-7\Desktop\Fehler.JPG [2012/12/04 20:08:15 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/12/04 20:08:15 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/12/04 20:08:15 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/12/04 20:08:15 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/12/02 23:56:33 | 000,540,743 | ---- | M] () -- C:\Users\Monti23-7\Desktop\adwcleaner.exe [2012/12/01 00:21:25 | 000,002,775 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/11/30 16:35:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012/11/30 16:09:03 | 005,009,213 | R--- | M] (Swearware) -- C:\Users\Monti23-7\Desktop\ComboFix.exe [2012/11/28 21:30:10 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Monti23-7\Desktop\tdsskiller.exe [2012/11/28 21:29:08 | 000,000,512 | ---- | M] () -- C:\Users\Monti23-7\Desktop\MBR.dat [2012/11/28 20:54:49 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Monti23-7\Desktop\aswMBR.exe [2012/11/26 21:26:17 | 000,000,000 | ---- | M] () -- C:\Users\Monti23-7\defogger_reenable [2012/11/26 21:19:54 | 000,302,592 | ---- | M] () -- C:\Users\Monti23-7\Desktop\fhguvvlq.exe [2012/11/26 20:58:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Monti23-7\Desktop\OTL.exe [2012/11/26 20:58:24 | 000,050,477 | ---- | M] () -- C:\Users\Monti23-7\Desktop\Defogger.exe [2012/11/25 23:31:47 | 000,020,040 | ---- | M] (NovaShield, Inc.) -- C:\Windows\System32\drivers\NSNetmon.sys [2012/11/25 23:31:37 | 000,054,624 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll [2012/11/25 23:31:33 | 000,100,216 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\BgGamingMonitor.dll [2012/11/25 23:31:16 | 000,216,136 | ---- | M] (NovaShield, Inc.) -- C:\Windows\System32\drivers\NSKernel.sys [2012/11/25 23:30:49 | 000,308,296 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\Trufos.sys [2012/11/25 21:46:19 | 000,000,792 | ---- | M] () -- C:\Users\Monti23-7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012/11/17 03:43:09 | 000,405,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012/12/09 19:04:23 | 000,000,512 | ---- | C] () -- C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD [2012/12/05 21:37:32 | 000,041,695 | ---- | C] () -- C:\Users\Monti23-7\Desktop\Fehler.JPG [2012/12/02 23:56:25 | 000,540,743 | ---- | C] () -- C:\Users\Monti23-7\Desktop\adwcleaner.exe [2012/11/30 16:22:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/11/30 16:22:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/11/30 16:22:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/11/30 16:22:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/11/30 16:22:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/11/28 21:29:08 | 000,000,512 | ---- | C] () -- C:\Users\Monti23-7\Desktop\MBR.dat [2012/11/26 21:26:17 | 000,000,000 | ---- | C] () -- C:\Users\Monti23-7\defogger_reenable [2012/11/26 21:19:52 | 000,302,592 | ---- | C] () -- C:\Users\Monti23-7\Desktop\fhguvvlq.exe [2012/11/26 20:58:22 | 000,050,477 | ---- | C] () -- C:\Users\Monti23-7\Desktop\Defogger.exe [2012/11/25 21:46:19 | 000,000,792 | ---- | C] () -- C:\Users\Monti23-7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012/11/17 03:02:56 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/17 03:02:00 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/06/04 21:35:09 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012/06/04 21:35:09 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012/06/04 21:35:08 | 000,239,869 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2012/06/04 21:35:08 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2012/05/30 17:54:32 | 000,272,629 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2012/02/01 18:33:38 | 000,491,520 | ---- | C] () -- C:\Windows\System32\xvid.dll [2011/10/13 14:53:18 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll [2011/10/13 14:53:02 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll [2011/07/25 23:22:30 | 000,000,900 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011/07/21 14:45:34 | 000,000,000 | ---- | C] () -- C:\Users\Monti23-7\AppData\Local\{5A8C793E-48C2-4D39-A1FC-75CD8ABCBDE9} [2011/06/17 10:57:17 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2011/06/17 10:57:16 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2011/06/17 10:57:16 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2011/06/17 10:57:16 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2011/06/17 10:57:16 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2011/06/17 10:57:16 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2011/06/17 10:57:16 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2011/06/17 10:57:16 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2011/06/17 10:57:16 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2011/06/17 10:57:16 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2011/06/17 10:57:16 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2011/06/17 10:57:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2011/06/17 10:57:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2011/06/17 10:57:16 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2011/06/17 10:57:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2011/06/17 10:57:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2011/06/17 10:57:16 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2011/06/17 10:57:16 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2011/06/17 10:57:16 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2011/03/27 23:42:34 | 000,000,237 | ---- | C] () -- C:\Windows\RomeTW.ini ========== ZeroAccess Check ========== [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > |
|
09.12.2012, 19:26
| #15 |
| | Polizeivirus Österreich Irrtümlich 2mal gepostet |
|
| Themen zu Polizeivirus Österreich |
| adobe, adobe flash player, autorun, babylontoolbar, bho, canon, defender, downloader, euro, explorer, firefox, flash player, format, google, harddisk, home, homepage, logfile, lsass.exe, microsoft, ntdll.dll, object, plug-in, realtek, registry, scan, software, udp, windows |
Linear-Darstellung
