| |
| |||||||
Log-Analyse und Auswertung: Trojan.AgentWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.12.2012, 07:34
| #1 |
 |  Trojan.Agent Guten Morgen. Ich habe gestern abend einen Scann durchgeführt mit dem programm Malwarebytes-Anti Malware der dann leider auch was gefunden hatte und zwar dies hier: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.12.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Ronny :: RONNY-PC [Administrator] 12.12.2012 15:49:05 mbam-log-2012-12-12 (15-49-05).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 371640 Laufzeit: 34 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Ronny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAQCFPL7\509aebfb14d21[1].exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Meine frage nun wie muss ich jetzt weider vorgehen bzw was muss ich nun noch machen. Gruss Blue Balu. |
|
13.12.2012, 16:47
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojan.Agent Hallo und
__________________ Hast du noch weitere Logs von Malwarebytes oder anderen Virenscannern? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten! Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
14.12.2012, 09:06
| #3 |
| | Trojan.Agent Guten Morgen.
__________________Nein ich habe keine weiteren log einträge mehr nur diesen und avira hat nix gefunden gehabt. |
|
14.12.2012, 10:29
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Agent Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.12.2012, 18:10
| #5 |
| | Trojan.AgentCode:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-15 17:53:02
-----------------------------
17:53:02.371 OS Version: Windows x64 6.1.7601 Service Pack 1
17:53:02.371 Number of processors: 6 586 0x102
17:53:02.371 ComputerName: RONNY-PC UserName: Ronny
17:53:03.900 Initialize success
17:53:10.639 AVAST engine defs: 12121501
17:53:15.584 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-4
17:53:15.584 Disk 0 Vendor: Hitachi_HDS721050DLE630 MS1OA650 Size: 476940MB BusType: 3
17:53:15.693 Disk 0 MBR read successfully
17:53:15.693 Disk 0 MBR scan
17:53:15.693 Disk 0 Windows 7 default MBR code
17:53:15.709 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:53:15.725 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
17:53:15.756 Disk 0 scanning C:\Windows\system32\drivers
17:53:23.540 Service scanning
17:53:42.728 Modules scanning
17:53:42.728 Disk 0 trace - called modules:
17:53:42.744 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:53:42.760 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80071be060]
17:53:42.760 3 CLASSPNP.SYS[fffff880019bb43f] -> nt!IofCallDriver -> [0xfffffa8006216520]
17:53:42.775 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-4[0xfffffa8006217060]
17:53:44.132 AVAST engine scan C:\Windows
17:53:49.468 AVAST engine scan C:\Windows\system32
17:55:52.692 AVAST engine scan C:\Windows\system32\drivers
17:56:06.061 AVAST engine scan C:\Users\Ronny
18:03:55.764 Disk 0 MBR has been saved successfully to "C:\Users\Ronny\Desktop\MBR.dat"
18:03:55.764 The log file has been saved successfully to "C:\Users\Ronny\Desktop\aswMBR.txt"
Danke schonmal für die bisherige hilfe. Code:
ATTFilter 18:15:41.0173 3396 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:15:41.0532 3396 ============================================================
18:15:41.0532 3396 Current date / time: 2012/12/15 18:15:41.0532
18:15:41.0532 3396 SystemInfo:
18:15:41.0532 3396
18:15:41.0532 3396 OS Version: 6.1.7601 ServicePack: 1.0
18:15:41.0532 3396 Product type: Workstation
18:15:41.0532 3396 ComputerName: RONNY-PC
18:15:41.0532 3396 UserName: Ronny
18:15:41.0532 3396 Windows directory: C:\Windows
18:15:41.0532 3396 System windows directory: C:\Windows
18:15:41.0532 3396 Running under WOW64
18:15:41.0532 3396 Processor architecture: Intel x64
18:15:41.0532 3396 Number of processors: 6
18:15:41.0532 3396 Page size: 0x1000
18:15:41.0532 3396 Boot type: Normal boot
18:15:41.0532 3396 ============================================================
18:15:42.0281 3396 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:15:42.0297 3396 ============================================================
18:15:42.0297 3396 \Device\Harddisk0\DR0:
18:15:42.0297 3396 MBR partitions:
18:15:42.0297 3396 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:15:42.0297 3396 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
18:15:42.0297 3396 ============================================================
18:15:42.0312 3396 C: <-> \Device\Harddisk0\DR0\Partition2
18:15:42.0312 3396 ============================================================
18:15:42.0312 3396 Initialize success
18:15:42.0312 3396 ============================================================
18:17:11.0826 3408 ============================================================
18:17:11.0826 3408 Scan started
18:17:11.0826 3408 Mode: Manual; SigCheck; TDLFS;
18:17:11.0826 3408 ============================================================
18:17:12.0403 3408 ================ Scan system memory ========================
18:17:12.0403 3408 System memory - ok
18:17:12.0403 3408 ================ Scan services =============================
18:17:12.0715 3408 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:17:12.0840 3408 1394ohci - ok
18:17:12.0871 3408 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:17:12.0903 3408 ACPI - ok
18:17:12.0934 3408 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:17:13.0012 3408 AcpiPmi - ok
18:17:13.0183 3408 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:17:13.0215 3408 AdobeARMservice - ok
18:17:13.0246 3408 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:17:13.0261 3408 adp94xx - ok
18:17:13.0277 3408 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:17:13.0293 3408 adpahci - ok
18:17:13.0293 3408 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:17:13.0308 3408 adpu320 - ok
18:17:13.0324 3408 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:17:13.0449 3408 AeLookupSvc - ok
18:17:13.0480 3408 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:17:13.0542 3408 AFD - ok
18:17:13.0573 3408 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:17:13.0605 3408 agp440 - ok
18:17:13.0636 3408 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:17:13.0683 3408 ALG - ok
18:17:13.0714 3408 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:17:13.0729 3408 aliide - ok
18:17:13.0745 3408 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:17:13.0761 3408 amdide - ok
18:17:13.0776 3408 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:17:13.0839 3408 AmdK8 - ok
18:17:13.0854 3408 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:17:13.0885 3408 AmdPPM - ok
18:17:13.0901 3408 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:17:13.0917 3408 amdsata - ok
18:17:13.0932 3408 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:17:13.0963 3408 amdsbs - ok
18:17:13.0979 3408 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:17:13.0995 3408 amdxata - ok
18:17:14.0119 3408 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:17:14.0135 3408 AntiVirSchedulerService - ok
18:17:14.0182 3408 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:17:14.0197 3408 AntiVirService - ok
18:17:14.0244 3408 [ 255527AB98293EA390352A8C53B0042A ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
18:17:14.0291 3408 AntiVirWebService - ok
18:17:14.0322 3408 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:17:14.0400 3408 AppID - ok
18:17:14.0431 3408 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:17:14.0509 3408 AppIDSvc - ok
18:17:14.0525 3408 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:17:14.0572 3408 Appinfo - ok
18:17:14.0587 3408 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:17:14.0603 3408 arc - ok
18:17:14.0603 3408 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:17:14.0619 3408 arcsas - ok
18:17:14.0775 3408 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
18:17:14.0806 3408 AsIO - ok
18:17:14.0821 3408 [ 22842362DF890F5492F85AA60916A697 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
18:17:14.0868 3408 asmthub3 - ok
18:17:14.0899 3408 [ 08E2D77766CC05E75A0707207D9FC684 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
18:17:14.0931 3408 asmtxhci - ok
18:17:14.0962 3408 [ 798A87B2D7AD73B16B7CD968C5D1F18F ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
18:17:14.0993 3408 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - warning
18:17:14.0993 3408 AsSysCtrlService - detected UnsignedFile.Multi.Generic (1)
18:17:14.0993 3408 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
18:17:15.0009 3408 AsUpIO - ok
18:17:15.0024 3408 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:17:15.0071 3408 AsyncMac - ok
18:17:15.0087 3408 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:17:15.0087 3408 atapi - ok
18:17:15.0133 3408 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:17:15.0243 3408 AudioEndpointBuilder - ok
18:17:15.0243 3408 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:17:15.0274 3408 AudioSrv - ok
18:17:15.0321 3408 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:17:15.0336 3408 avgntflt - ok
18:17:15.0399 3408 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:17:15.0430 3408 avipbb - ok
18:17:15.0430 3408 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:17:15.0445 3408 avkmgr - ok
18:17:15.0523 3408 [ C6F4C466B654C1BE98AF31418BB5AC30 ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
18:17:15.0555 3408 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
18:17:15.0555 3408 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
18:17:15.0586 3408 [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject C:\Windows\system32\drivers\avmeject.sys
18:17:15.0601 3408 avmeject - ok
18:17:15.0648 3408 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:17:15.0742 3408 AxInstSV - ok
18:17:15.0773 3408 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:17:15.0804 3408 b06bdrv - ok
18:17:15.0835 3408 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:17:15.0867 3408 b57nd60a - ok
18:17:15.0913 3408 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:17:15.0945 3408 BDESVC - ok
18:17:15.0945 3408 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:17:16.0007 3408 Beep - ok
18:17:16.0054 3408 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:17:16.0132 3408 BFE - ok
18:17:16.0163 3408 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:17:16.0210 3408 BITS - ok
18:17:16.0241 3408 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:17:16.0257 3408 blbdrive - ok
18:17:16.0303 3408 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:17:16.0366 3408 bowser - ok
18:17:16.0397 3408 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:17:16.0459 3408 BrFiltLo - ok
18:17:16.0459 3408 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:17:16.0506 3408 BrFiltUp - ok
18:17:16.0537 3408 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:17:16.0600 3408 Browser - ok
18:17:16.0631 3408 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:17:16.0678 3408 Brserid - ok
18:17:16.0709 3408 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:17:16.0740 3408 BrSerWdm - ok
18:17:16.0740 3408 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:17:16.0787 3408 BrUsbMdm - ok
18:17:16.0803 3408 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:17:16.0834 3408 BrUsbSer - ok
18:17:16.0849 3408 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:17:16.0865 3408 BTHMODEM - ok
18:17:16.0896 3408 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:17:16.0943 3408 bthserv - ok
18:17:16.0959 3408 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:17:17.0021 3408 cdfs - ok
18:17:17.0052 3408 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
18:17:17.0083 3408 cdrom - ok
18:17:17.0115 3408 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:17:17.0177 3408 CertPropSvc - ok
18:17:17.0193 3408 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:17:17.0208 3408 circlass - ok
18:17:17.0224 3408 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:17:17.0239 3408 CLFS - ok
18:17:17.0349 3408 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:17:17.0380 3408 clr_optimization_v2.0.50727_32 - ok
18:17:17.0551 3408 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:17:17.0614 3408 clr_optimization_v2.0.50727_64 - ok
18:17:17.0848 3408 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:17:17.0879 3408 clr_optimization_v4.0.30319_32 - ok
18:17:17.0957 3408 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:17:17.0988 3408 clr_optimization_v4.0.30319_64 - ok
18:17:18.0004 3408 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:17:18.0051 3408 CmBatt - ok
18:17:18.0082 3408 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:17:18.0097 3408 cmdide - ok
18:17:18.0129 3408 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:17:18.0175 3408 CNG - ok
18:17:18.0207 3408 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:17:18.0222 3408 Compbatt - ok
18:17:18.0238 3408 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:17:18.0269 3408 CompositeBus - ok
18:17:18.0285 3408 COMSysApp - ok
18:17:18.0285 3408 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:17:18.0300 3408 crcdisk - ok
18:17:18.0347 3408 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:17:18.0425 3408 CryptSvc - ok
18:17:18.0487 3408 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:17:18.0550 3408 DcomLaunch - ok
18:17:18.0581 3408 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:17:18.0628 3408 defragsvc - ok
18:17:18.0659 3408 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:17:18.0721 3408 DfsC - ok
18:17:18.0753 3408 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:17:18.0784 3408 Dhcp - ok
18:17:18.0815 3408 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:17:18.0862 3408 discache - ok
18:17:18.0893 3408 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:17:18.0893 3408 Disk - ok
18:17:18.0940 3408 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:17:19.0018 3408 Dnscache - ok
18:17:19.0049 3408 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:17:19.0127 3408 dot3svc - ok
18:17:19.0158 3408 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:17:19.0205 3408 DPS - ok
18:17:19.0221 3408 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:17:19.0252 3408 drmkaud - ok
18:17:19.0267 3408 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:17:19.0299 3408 DXGKrnl - ok
18:17:19.0314 3408 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:17:19.0345 3408 EapHost - ok
18:17:19.0439 3408 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:17:19.0501 3408 ebdrv - ok
18:17:19.0533 3408 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:17:19.0579 3408 EFS - ok
18:17:19.0673 3408 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:17:19.0735 3408 ehRecvr - ok
18:17:19.0767 3408 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:17:19.0813 3408 ehSched - ok
18:17:19.0860 3408 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:17:19.0876 3408 elxstor - ok
18:17:19.0907 3408 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:17:19.0938 3408 ErrDev - ok
18:17:19.0969 3408 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:17:20.0016 3408 EventSystem - ok
18:17:20.0032 3408 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:17:20.0063 3408 exfat - ok
18:17:20.0079 3408 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:17:20.0110 3408 fastfat - ok
18:17:20.0157 3408 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:17:20.0219 3408 Fax - ok
18:17:20.0235 3408 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:17:20.0266 3408 fdc - ok
18:17:20.0297 3408 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:17:20.0359 3408 fdPHost - ok
18:17:20.0359 3408 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:17:20.0391 3408 FDResPub - ok
18:17:20.0391 3408 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:17:20.0406 3408 FileInfo - ok
18:17:20.0406 3408 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:17:20.0453 3408 Filetrace - ok
18:17:20.0453 3408 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:17:20.0453 3408 flpydisk - ok
18:17:20.0484 3408 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:17:20.0500 3408 FltMgr - ok
18:17:20.0547 3408 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:17:20.0609 3408 FontCache - ok
18:17:20.0640 3408 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:17:20.0640 3408 FontCache3.0.0.0 - ok
18:17:20.0656 3408 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:17:20.0671 3408 FsDepends - ok
18:17:20.0718 3408 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:17:20.0734 3408 Fs_Rec - ok
18:17:20.0781 3408 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:17:20.0812 3408 fvevol - ok
18:17:20.0843 3408 [ 15585492E45E2F30768B2D5B57929D99 ] fwlanusbn C:\Windows\system32\DRIVERS\fwlanusbn.sys
18:17:20.0890 3408 fwlanusbn - ok
18:17:20.0921 3408 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:17:20.0937 3408 gagp30kx - ok
18:17:20.0983 3408 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:17:21.0030 3408 gpsvc - ok
18:17:21.0046 3408 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:17:21.0093 3408 hcw85cir - ok
18:17:21.0139 3408 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:17:21.0202 3408 HdAudAddService - ok
18:17:21.0264 3408 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:17:21.0327 3408 HDAudBus - ok
18:17:21.0358 3408 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:17:21.0373 3408 HidBatt - ok
18:17:21.0373 3408 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:17:21.0389 3408 HidBth - ok
18:17:21.0389 3408 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:17:21.0405 3408 HidIr - ok
18:17:21.0451 3408 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:17:21.0498 3408 hidserv - ok
18:17:21.0529 3408 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
18:17:21.0545 3408 HidUsb - ok
18:17:21.0576 3408 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:17:21.0623 3408 hkmsvc - ok
18:17:21.0639 3408 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:17:21.0670 3408 HomeGroupListener - ok
18:17:21.0701 3408 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:17:21.0717 3408 HomeGroupProvider - ok
18:17:21.0748 3408 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:17:21.0779 3408 HpSAMD - ok
18:17:21.0826 3408 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:17:21.0888 3408 HTTP - ok
18:17:21.0904 3408 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:17:21.0904 3408 hwpolicy - ok
18:17:21.0935 3408 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:17:21.0966 3408 i8042prt - ok
18:17:21.0997 3408 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:17:22.0029 3408 iaStorV - ok
18:17:22.0075 3408 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:17:22.0091 3408 idsvc - ok
18:17:22.0122 3408 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:17:22.0138 3408 iirsp - ok
18:17:22.0169 3408 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:17:22.0231 3408 IKEEXT - ok
18:17:22.0247 3408 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:17:22.0263 3408 intelide - ok
18:17:22.0263 3408 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:17:22.0294 3408 intelppm - ok
18:17:22.0309 3408 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:17:22.0341 3408 IPBusEnum - ok
18:17:22.0356 3408 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:17:22.0403 3408 IpFilterDriver - ok
18:17:22.0450 3408 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:17:22.0497 3408 iphlpsvc - ok
18:17:22.0543 3408 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:17:22.0590 3408 IPMIDRV - ok
18:17:22.0606 3408 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:17:22.0653 3408 IPNAT - ok
18:17:22.0668 3408 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:17:22.0762 3408 IRENUM - ok
18:17:22.0793 3408 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:17:22.0809 3408 isapnp - ok
18:17:22.0824 3408 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:17:22.0840 3408 iScsiPrt - ok
18:17:22.0871 3408 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
18:17:22.0887 3408 kbdclass - ok
18:17:22.0918 3408 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:17:22.0949 3408 kbdhid - ok
18:17:22.0980 3408 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:17:22.0996 3408 KeyIso - ok
18:17:23.0027 3408 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:17:23.0043 3408 KSecDD - ok
18:17:23.0058 3408 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:17:23.0074 3408 KSecPkg - ok
18:17:23.0105 3408 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:17:23.0183 3408 ksthunk - ok
18:17:23.0214 3408 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:17:23.0277 3408 KtmRm - ok
18:17:23.0308 3408 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:17:23.0339 3408 LanmanServer - ok
18:17:23.0355 3408 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:17:23.0401 3408 LanmanWorkstation - ok
18:17:23.0433 3408 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:17:23.0479 3408 lltdio - ok
18:17:23.0495 3408 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:17:23.0526 3408 lltdsvc - ok
18:17:23.0542 3408 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:17:23.0557 3408 lmhosts - ok
18:17:23.0573 3408 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:17:23.0589 3408 LSI_FC - ok
18:17:23.0589 3408 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:17:23.0604 3408 LSI_SAS - ok
18:17:23.0620 3408 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:17:23.0620 3408 LSI_SAS2 - ok
18:17:23.0635 3408 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:17:23.0635 3408 LSI_SCSI - ok
18:17:23.0651 3408 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:17:23.0682 3408 luafv - ok
18:17:23.0698 3408 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:17:23.0729 3408 Mcx2Svc - ok
18:17:23.0729 3408 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:17:23.0729 3408 megasas - ok
18:17:23.0745 3408 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:17:23.0760 3408 MegaSR - ok
18:17:23.0776 3408 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:17:23.0823 3408 MMCSS - ok
18:17:23.0823 3408 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:17:23.0869 3408 Modem - ok
18:17:23.0885 3408 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:17:23.0901 3408 monitor - ok
18:17:23.0947 3408 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
18:17:23.0979 3408 mouclass - ok
18:17:23.0994 3408 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:17:24.0010 3408 mouhid - ok
18:17:24.0041 3408 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:17:24.0041 3408 mountmgr - ok
18:17:24.0072 3408 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:17:24.0088 3408 MozillaMaintenance - ok
18:17:24.0103 3408 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:17:24.0119 3408 mpio - ok
18:17:24.0135 3408 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:17:24.0166 3408 mpsdrv - ok
18:17:24.0197 3408 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:17:24.0228 3408 MpsSvc - ok
18:17:24.0259 3408 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:17:24.0291 3408 MRxDAV - ok
18:17:24.0306 3408 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:17:24.0337 3408 mrxsmb - ok
18:17:24.0353 3408 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:17:24.0384 3408 mrxsmb10 - ok
18:17:24.0400 3408 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:17:24.0415 3408 mrxsmb20 - ok
18:17:24.0447 3408 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:17:24.0447 3408 msahci - ok
18:17:24.0462 3408 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:17:24.0478 3408 msdsm - ok
18:17:24.0493 3408 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:17:24.0509 3408 MSDTC - ok
18:17:24.0540 3408 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:17:24.0556 3408 Msfs - ok
18:17:24.0556 3408 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:17:24.0603 3408 mshidkmdf - ok
18:17:24.0634 3408 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:17:24.0634 3408 msisadrv - ok
18:17:24.0665 3408 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:17:24.0727 3408 MSiSCSI - ok
18:17:24.0743 3408 msiserver - ok
18:17:24.0743 3408 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:17:24.0774 3408 MSKSSRV - ok
18:17:24.0790 3408 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:17:24.0837 3408 MSPCLOCK - ok
18:17:24.0837 3408 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:17:24.0868 3408 MSPQM - ok
18:17:24.0899 3408 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:17:24.0899 3408 MsRPC - ok
18:17:24.0930 3408 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:17:24.0946 3408 mssmbios - ok
18:17:24.0961 3408 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:17:25.0008 3408 MSTEE - ok
18:17:25.0024 3408 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:17:25.0024 3408 MTConfig - ok
18:17:25.0055 3408 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
18:17:25.0071 3408 MTsensor - ok
18:17:25.0071 3408 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:17:25.0086 3408 Mup - ok
18:17:25.0102 3408 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:17:25.0133 3408 napagent - ok
18:17:25.0164 3408 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:17:25.0195 3408 NativeWifiP - ok
18:17:25.0227 3408 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:17:25.0273 3408 NDIS - ok
18:17:25.0289 3408 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:17:25.0320 3408 NdisCap - ok
18:17:25.0336 3408 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:17:25.0367 3408 NdisTapi - ok
18:17:25.0398 3408 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:17:25.0429 3408 Ndisuio - ok
18:17:25.0445 3408 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:17:25.0492 3408 NdisWan - ok
18:17:25.0507 3408 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:17:25.0539 3408 NDProxy - ok
18:17:25.0570 3408 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:17:25.0601 3408 NetBIOS - ok
18:17:25.0617 3408 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:17:25.0663 3408 NetBT - ok
18:17:25.0679 3408 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:17:25.0695 3408 Netlogon - ok
18:17:25.0726 3408 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:17:25.0788 3408 Netman - ok
18:17:25.0819 3408 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:17:25.0851 3408 netprofm - ok
18:17:25.0866 3408 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:17:25.0882 3408 NetTcpPortSharing - ok
18:17:25.0897 3408 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:17:25.0913 3408 nfrd960 - ok
18:17:25.0929 3408 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:17:25.0944 3408 NlaSvc - ok
18:17:25.0944 3408 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:17:25.0991 3408 Npfs - ok
18:17:26.0007 3408 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:17:26.0038 3408 nsi - ok
18:17:26.0053 3408 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:17:26.0085 3408 nsiproxy - ok
18:17:26.0116 3408 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:17:26.0147 3408 Ntfs - ok
18:17:26.0163 3408 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:17:26.0194 3408 Null - ok
18:17:26.0256 3408 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
18:17:26.0272 3408 NVHDA - ok
18:17:26.0506 3408 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:17:26.0677 3408 nvlddmkm - ok
18:17:26.0709 3408 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:17:26.0724 3408 nvraid - ok
18:17:26.0740 3408 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:17:26.0755 3408 nvstor - ok
18:17:26.0802 3408 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
18:17:26.0833 3408 nvsvc - ok
18:17:26.0927 3408 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:17:26.0974 3408 nvUpdatusService - ok
18:17:27.0005 3408 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:17:27.0021 3408 nv_agp - ok
18:17:27.0067 3408 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:17:27.0099 3408 ohci1394 - ok
18:17:27.0114 3408 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:17:27.0161 3408 p2pimsvc - ok
18:17:27.0177 3408 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:17:27.0208 3408 p2psvc - ok
18:17:27.0239 3408 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:17:27.0255 3408 Parport - ok
18:17:27.0270 3408 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:17:27.0286 3408 partmgr - ok
18:17:27.0301 3408 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:17:27.0317 3408 PcaSvc - ok
18:17:27.0333 3408 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:17:27.0348 3408 pci - ok
18:17:27.0379 3408 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:17:27.0379 3408 pciide - ok
18:17:27.0395 3408 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:17:27.0411 3408 pcmcia - ok
18:17:27.0426 3408 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:17:27.0426 3408 pcw - ok
18:17:27.0442 3408 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:17:27.0473 3408 PEAUTH - ok
18:17:27.0629 3408 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:17:27.0676 3408 PerfHost - ok
18:17:27.0723 3408 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:17:27.0847 3408 pla - ok
18:17:27.0972 3408 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:17:28.0081 3408 PlugPlay - ok
18:17:28.0113 3408 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:17:28.0144 3408 PNRPAutoReg - ok
18:17:28.0144 3408 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:17:28.0159 3408 PNRPsvc - ok
18:17:28.0191 3408 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:17:28.0237 3408 PolicyAgent - ok
18:17:28.0269 3408 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:17:28.0300 3408 Power - ok
18:17:28.0331 3408 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:17:28.0362 3408 PptpMiniport - ok
18:17:28.0378 3408 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:17:28.0393 3408 Processor - ok
18:17:28.0425 3408 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:17:28.0471 3408 ProfSvc - ok
18:17:28.0471 3408 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:17:28.0487 3408 ProtectedStorage - ok
18:17:28.0534 3408 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:17:28.0549 3408 Psched - ok
18:17:28.0581 3408 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:17:28.0612 3408 ql2300 - ok
18:17:28.0627 3408 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:17:28.0643 3408 ql40xx - ok
18:17:28.0659 3408 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:17:28.0674 3408 QWAVE - ok
18:17:28.0674 3408 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:17:28.0690 3408 QWAVEdrv - ok
18:17:28.0690 3408 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:17:28.0737 3408 RasAcd - ok
18:17:28.0752 3408 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:17:28.0783 3408 RasAgileVpn - ok
18:17:28.0783 3408 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:17:28.0830 3408 RasAuto - ok
18:17:28.0846 3408 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:17:28.0877 3408 Rasl2tp - ok
18:17:28.0908 3408 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:17:28.0955 3408 RasMan - ok
18:17:28.0971 3408 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:17:29.0002 3408 RasPppoe - ok
18:17:29.0002 3408 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:17:29.0049 3408 RasSstp - ok
18:17:29.0064 3408 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:17:29.0111 3408 rdbss - ok
18:17:29.0111 3408 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:17:29.0127 3408 rdpbus - ok
18:17:29.0127 3408 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:17:29.0158 3408 RDPCDD - ok
18:17:29.0158 3408 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:17:29.0205 3408 RDPENCDD - ok
18:17:29.0205 3408 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:17:29.0236 3408 RDPREFMP - ok
18:17:29.0267 3408 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:17:29.0314 3408 RDPWD - ok
18:17:29.0361 3408 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:17:29.0392 3408 rdyboost - ok
18:17:29.0407 3408 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:17:29.0454 3408 RemoteAccess - ok
18:17:29.0485 3408 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:17:29.0517 3408 RemoteRegistry - ok
18:17:29.0532 3408 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:17:29.0563 3408 RpcEptMapper - ok
18:17:29.0563 3408 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:17:29.0595 3408 RpcLocator - ok
18:17:29.0610 3408 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:17:29.0641 3408 RpcSs - ok
18:17:29.0673 3408 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:17:29.0719 3408 rspndr - ok
18:17:29.0766 3408 [ 8181B5E7BFC040E0B26349C73E719335 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:17:29.0782 3408 RTL8167 - ok
18:17:29.0797 3408 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:17:29.0797 3408 SamSs - ok
18:17:29.0844 3408 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:17:29.0844 3408 sbp2port - ok
18:17:29.0860 3408 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:17:29.0907 3408 SCardSvr - ok
18:17:29.0922 3408 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:17:29.0969 3408 scfilter - ok
18:17:30.0000 3408 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:17:30.0047 3408 Schedule - ok
18:17:30.0078 3408 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:17:30.0109 3408 SCPolicySvc - ok
18:17:30.0125 3408 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:17:30.0156 3408 SDRSVC - ok
18:17:30.0172 3408 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:17:30.0219 3408 secdrv - ok
18:17:30.0234 3408 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:17:30.0265 3408 seclogon - ok
18:17:30.0297 3408 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:17:30.0328 3408 SENS - ok
18:17:30.0328 3408 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:17:30.0359 3408 SensrSvc - ok
18:17:30.0375 3408 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:17:30.0375 3408 Serenum - ok
18:17:30.0390 3408 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:17:30.0390 3408 Serial - ok
18:17:30.0406 3408 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:17:30.0421 3408 sermouse - ok
18:17:30.0468 3408 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:17:30.0531 3408 SessionEnv - ok
18:17:30.0546 3408 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:17:30.0562 3408 sffdisk - ok
18:17:30.0562 3408 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:17:30.0562 3408 sffp_mmc - ok
18:17:30.0577 3408 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:17:30.0593 3408 sffp_sd - ok
18:17:30.0609 3408 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:17:30.0624 3408 sfloppy - ok
18:17:30.0640 3408 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:17:30.0671 3408 SharedAccess - ok
18:17:30.0702 3408 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:17:30.0733 3408 ShellHWDetection - ok
18:17:30.0749 3408 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:17:30.0749 3408 SiSRaid2 - ok
18:17:30.0765 3408 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:17:30.0765 3408 SiSRaid4 - ok
18:17:30.0780 3408 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:17:30.0796 3408 Smb - ok
18:17:30.0827 3408 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:17:30.0843 3408 SNMPTRAP - ok
18:17:30.0843 3408 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:17:30.0858 3408 spldr - ok
18:17:30.0889 3408 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:17:30.0905 3408 Spooler - ok
18:17:30.0999 3408 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:17:31.0077 3408 sppsvc - ok
18:17:31.0108 3408 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:17:31.0155 3408 sppuinotify - ok
18:17:31.0186 3408 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:17:31.0217 3408 srv - ok
18:17:31.0217 3408 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:17:31.0248 3408 srv2 - ok
18:17:31.0279 3408 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:17:31.0311 3408 srvnet - ok
18:17:31.0357 3408 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:17:31.0389 3408 SSDPSRV - ok
18:17:31.0404 3408 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:17:31.0420 3408 SstpSvc - ok
18:17:31.0513 3408 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:17:31.0545 3408 Stereo Service - ok
18:17:31.0560 3408 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:17:31.0576 3408 stexstor - ok
18:17:31.0607 3408 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:17:31.0623 3408 stisvc - ok
18:17:31.0654 3408 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:17:31.0669 3408 swenum - ok
18:17:31.0701 3408 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:17:31.0747 3408 swprv - ok
18:17:31.0794 3408 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:17:31.0841 3408 SysMain - ok
18:17:31.0857 3408 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:17:31.0888 3408 TabletInputService - ok
18:17:31.0919 3408 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:17:31.0950 3408 TapiSrv - ok
18:17:31.0966 3408 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:17:31.0997 3408 TBS - ok
18:17:32.0059 3408 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:17:32.0091 3408 Tcpip - ok
18:17:32.0137 3408 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:17:32.0169 3408 TCPIP6 - ok
18:17:32.0200 3408 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:17:32.0215 3408 tcpipreg - ok
18:17:32.0231 3408 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:17:32.0278 3408 TDPIPE - ok
18:17:32.0325 3408 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:17:32.0356 3408 TDTCP - ok
18:17:32.0403 3408 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:17:32.0449 3408 tdx - ok
18:17:32.0481 3408 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:17:32.0481 3408 TermDD - ok
18:17:32.0512 3408 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:17:32.0559 3408 TermService - ok
18:17:32.0574 3408 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:17:32.0590 3408 Themes - ok
18:17:32.0605 3408 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:17:32.0621 3408 THREADORDER - ok
18:17:32.0637 3408 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:17:32.0683 3408 TrkWks - ok
18:17:32.0699 3408 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:17:32.0761 3408 TrustedInstaller - ok
18:17:32.0793 3408 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:17:32.0808 3408 tssecsrv - ok
18:17:32.0902 3408 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:17:32.0964 3408 TsUsbFlt - ok
18:17:33.0011 3408 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:17:33.0089 3408 tunnel - ok
18:17:33.0105 3408 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:17:33.0105 3408 uagp35 - ok
18:17:33.0136 3408 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:17:33.0183 3408 udfs - ok
18:17:33.0214 3408 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:17:33.0214 3408 UI0Detect - ok
18:17:33.0245 3408 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:17:33.0245 3408 uliagpkx - ok
18:17:33.0276 3408 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
18:17:33.0276 3408 umbus - ok
18:17:33.0307 3408 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:17:33.0323 3408 UmPass - ok
18:17:33.0339 3408 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:17:33.0370 3408 upnphost - ok
18:17:33.0385 3408 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:17:33.0417 3408 usbccgp - ok
18:17:33.0432 3408 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:17:33.0448 3408 usbcir - ok
18:17:33.0463 3408 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:17:33.0479 3408 usbehci - ok
18:17:33.0510 3408 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:17:33.0526 3408 usbhub - ok
18:17:33.0541 3408 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:17:33.0557 3408 usbohci - ok
18:17:33.0588 3408 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:17:33.0604 3408 usbprint - ok
18:17:33.0619 3408 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:17:33.0635 3408 USBSTOR - ok
18:17:33.0666 3408 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:17:33.0697 3408 usbuhci - ok
18:17:33.0713 3408 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:17:33.0760 3408 UxSms - ok
18:17:33.0775 3408 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:17:33.0791 3408 VaultSvc - ok
18:17:33.0807 3408 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:17:33.0807 3408 vdrvroot - ok
18:17:33.0838 3408 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:17:33.0900 3408 vds - ok
18:17:33.0900 3408 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:17:33.0916 3408 vga - ok
18:17:33.0916 3408 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:17:33.0947 3408 VgaSave - ok
18:17:33.0978 3408 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:17:33.0994 3408 vhdmp - ok
18:17:34.0072 3408 [ EECF5B7210D773F3501CEDA848D53D31 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
18:17:34.0119 3408 VIAHdAudAddService - ok
18:17:34.0134 3408 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:17:34.0150 3408 viaide - ok
18:17:34.0165 3408 [ 43412F74D9516EF87988F2397A9B8E78 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
18:17:34.0181 3408 VIAKaraokeService - ok
18:17:34.0197 3408 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:17:34.0197 3408 volmgr - ok
18:17:34.0243 3408 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:17:34.0275 3408 volmgrx - ok
18:17:34.0306 3408 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:17:34.0337 3408 volsnap - ok
18:17:34.0368 3408 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:17:34.0399 3408 vsmraid - ok
18:17:34.0446 3408 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:17:34.0509 3408 VSS - ok
18:17:34.0509 3408 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:17:34.0540 3408 vwifibus - ok
18:17:34.0555 3408 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:17:34.0587 3408 W32Time - ok
18:17:34.0618 3408 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:17:34.0649 3408 WacomPen - ok
18:17:34.0680 3408 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:17:34.0727 3408 WANARP - ok
18:17:34.0727 3408 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:17:34.0758 3408 Wanarpv6 - ok
18:17:34.0805 3408 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:17:34.0867 3408 wbengine - ok
18:17:34.0883 3408 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:17:34.0914 3408 WbioSrvc - ok
18:17:34.0930 3408 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:17:34.0961 3408 wcncsvc - ok
18:17:34.0977 3408 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:17:34.0992 3408 WcsPlugInService - ok
18:17:34.0992 3408 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:17:35.0008 3408 Wd - ok
18:17:35.0039 3408 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:17:35.0070 3408 Wdf01000 - ok
18:17:35.0086 3408 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:17:35.0148 3408 WdiServiceHost - ok
18:17:35.0148 3408 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:17:35.0164 3408 WdiSystemHost - ok
18:17:35.0195 3408 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:17:35.0226 3408 WebClient - ok
18:17:35.0242 3408 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:17:35.0273 3408 Wecsvc - ok
18:17:35.0273 3408 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:17:35.0304 3408 wercplsupport - ok
18:17:35.0320 3408 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:17:35.0351 3408 WerSvc - ok
18:17:35.0382 3408 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:17:35.0413 3408 WfpLwf - ok
18:17:35.0413 3408 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:17:35.0413 3408 WIMMount - ok
18:17:35.0429 3408 WinDefend - ok
18:17:35.0429 3408 WinHttpAutoProxySvc - ok
18:17:35.0523 3408 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:17:35.0601 3408 Winmgmt - ok
18:17:35.0632 3408 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:17:35.0694 3408 WinRM - ok
18:17:35.0741 3408 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:17:35.0757 3408 Wlansvc - ok
18:17:35.0788 3408 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:17:35.0803 3408 WmiAcpi - ok
18:17:35.0835 3408 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:17:35.0866 3408 wmiApSrv - ok
18:17:35.0881 3408 WMPNetworkSvc - ok
18:17:35.0881 3408 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:17:35.0913 3408 WPCSvc - ok
18:17:35.0928 3408 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:17:35.0944 3408 WPDBusEnum - ok
18:17:35.0959 3408 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:17:36.0006 3408 ws2ifsl - ok
18:17:36.0022 3408 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:17:36.0037 3408 wscsvc - ok
18:17:36.0037 3408 WSearch - ok
18:17:36.0131 3408 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:17:36.0178 3408 wuauserv - ok
18:17:36.0209 3408 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:17:36.0240 3408 WudfPf - ok
18:17:36.0287 3408 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:17:36.0303 3408 WUDFRd - ok
18:17:36.0318 3408 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:17:36.0334 3408 wudfsvc - ok
18:17:36.0365 3408 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:17:36.0396 3408 WwanSvc - ok
18:17:36.0412 3408 ================ Scan global ===============================
18:17:36.0427 3408 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:17:36.0474 3408 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
18:17:36.0490 3408 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
18:17:36.0521 3408 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:17:36.0552 3408 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:17:36.0568 3408 [Global] - ok
18:17:36.0568 3408 ================ Scan MBR ==================================
18:17:36.0568 3408 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:17:36.0927 3408 \Device\Harddisk0\DR0 - ok
18:17:36.0927 3408 ================ Scan VBR ==================================
18:17:36.0942 3408 [ D0D6C8D799BD98D8BECC19040AFCE69F ] \Device\Harddisk0\DR0\Partition1
18:17:36.0942 3408 \Device\Harddisk0\DR0\Partition1 - ok
18:17:36.0973 3408 [ A0B5E3A7B6524F3D035B13237632A255 ] \Device\Harddisk0\DR0\Partition2
18:17:36.0973 3408 \Device\Harddisk0\DR0\Partition2 - ok
18:17:36.0973 3408 ============================================================
18:17:36.0973 3408 Scan finished
18:17:36.0973 3408 ============================================================
18:17:36.0989 0140 Detected object count: 2
18:17:36.0989 0140 Actual detected object count: 2
18:18:04.0008 0140 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - skipped by user
18:18:04.0008 0140 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:18:04.0008 0140 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:18:04.0008 0140 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
16.12.2012, 15:03
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Agent Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ --> Trojan.Agent |
|
17.12.2012, 16:47
| #7 |
| | Trojan.AgentCode:
ATTFilter ComboFix 12-12-17.02 - Ronny 17.12.2012 16:35:55.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.7678.6231 [GMT 1:00]
ausgeführt von:: c:\users\Ronny\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Download and Sa
c:\programdata\Download and Sa\509aebfaf262a.ocx
c:\programdata\Download and Sa\509aebfaf2663.html
c:\programdata\Download and Sa\509aebfaf269c.js
c:\programdata\Download and Sa\bnmjpkipgnbhfcgoejkhpoejdilkjaei.crx
c:\programdata\Download and Sa\settings.ini
c:\users\Ronny\WINDOWS
c:\users\Ronny\WINDOWS\system32\d3dx9_32.dll
c:\users\Ronny\WINDOWS\system32\readme.txt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-17 bis 2012-12-17 ))))))))))))))))))))))))))))))
.
.
2012-12-17 15:40 . 2012-12-17 15:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-17 15:40 . 2012-12-17 15:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-12 14:48 . 2012-12-12 14:48 -------- d-----w- c:\users\Ronny\AppData\Roaming\Malwarebytes
2012-12-12 14:47 . 2012-12-12 14:47 -------- d-----w- c:\programdata\Malwarebytes
2012-12-12 14:47 . 2012-12-12 14:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-12 14:47 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-12 12:57 . 2012-12-12 12:57 -------- d-----w- C:\Graphics
2012-12-12 12:57 . 2008-09-29 09:03 188928 ------w- c:\windows\SysWow64\mwgfx.dll
2012-12-12 12:57 . 2008-09-05 08:32 104960 ------w- c:\windows\SysWow64\mwdds.dll
2012-12-12 12:57 . 2007-08-19 09:37 28672 ------w- c:\windows\SysWow64\mwgfxcopy.exe
2012-12-12 12:57 . 2005-11-13 01:28 238080 ------w- c:\windows\SysWow64\mwgfx24.dll
2012-12-12 12:57 . 2004-05-14 11:13 56832 ------w- c:\windows\SysWow64\mwace.dll
2012-12-04 13:35 . 2012-12-04 13:35 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-11-25 14:07 . 2012-11-25 14:07 -------- d-----w- c:\users\Ronny\AppData\Roaming\Subversion
2012-11-25 14:05 . 2012-11-25 14:05 -------- d-----w- c:\users\Ronny\AppData\Roaming\fltk.org
2012-11-25 14:05 . 2012-11-25 14:05 -------- d-----w- c:\programdata\fltk.org
2012-11-25 14:05 . 2012-11-25 14:08 -------- d-----w- c:\users\Ronny\AppData\Roaming\flightgear.org
2012-11-25 14:05 . 2012-11-25 14:05 -------- d-----w- c:\programdata\flightgear.org
2012-11-25 14:05 . 2012-11-25 14:05 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-11-25 14:05 . 2012-11-25 14:05 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-11-25 14:05 . 2012-11-25 14:05 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-11-25 14:05 . 2012-11-25 14:05 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-11-25 14:05 . 2012-11-25 14:05 -------- d-----w- c:\program files (x86)\OpenAL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 06:19 . 2012-11-15 02:54 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-13 06:19 . 2012-11-15 02:54 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-12 04:19 . 2012-11-03 21:12 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-11-27 11:18 . 2012-11-05 04:01 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-27 11:18 . 2012-11-05 04:01 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-05 04:11 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-11-05 04:11 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-10-17 01:31 . 2012-11-03 02:32 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F3D5F3C8-269D-40C8-A9D4-3342B2B7DA18}\mpengine.dll
2012-10-16 08:38 . 2012-11-28 15:13 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 15:13 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 15:13 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-14 23:31 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-14 23:31 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 23:31 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 23:31 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-12 02:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-14 23:31 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-14 23:31 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-14 23:31 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-14 23:31 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-14 23:31 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-14 23:31 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-14 23:31 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-14 23:31 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-14 23:31 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 23:31 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-14 23:31 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 22:21 . 2012-11-11 16:46 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-02 22:21 . 2012-11-11 16:46 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-10-02 22:21 . 2012-11-11 16:46 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-02 22:21 . 2012-11-11 16:46 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-02 22:21 . 2012-11-11 16:46 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-02 22:21 . 2012-11-11 16:46 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-02 22:21 . 2012-11-11 16:46 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-02 22:21 . 2012-11-11 16:46 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-02 22:21 . 2012-11-11 16:46 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-02 22:21 . 2012-11-11 16:46 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-10-02 22:21 . 2012-11-11 16:46 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-02 22:21 . 2012-11-11 16:46 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-02 22:21 . 2012-11-11 16:46 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-10-02 22:21 . 2012-11-11 16:46 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-02 22:21 . 2012-11-11 16:46 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-02 22:21 . 2012-11-11 16:46 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-02 22:21 . 2012-11-11 16:46 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-02 22:21 . 2012-11-11 16:46 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-02 22:21 . 2012-11-11 16:46 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-02 22:21 . 2012-11-11 16:46 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-02 22:21 . 2012-11-03 01:42 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-10-02 22:21 . 2012-11-03 01:42 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-02 22:21 . 2012-11-03 01:42 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-02 22:21 . 2012-11-03 01:42 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-02 22:21 . 2012-11-03 01:42 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-02 19:51 . 2012-11-03 01:43 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
2012-10-02 19:51 . 2012-11-03 01:43 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2012-11-03 01:43 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2012-11-03 01:43 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2012-11-03 01:43 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2012-11-03 01:43 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2012-11-03 01:43 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-25 22:47 . 2012-11-14 23:30 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-14 23:30 95744 ----a-w- c:\windows\system32\synceng.dll
2012-09-24 07:58 . 2012-11-15 02:54 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-29 1521872]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-10-29 16:33 1521872 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-29 1521872]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-02-09 5015040]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Turbo Key"="c:\program files (x86)\ASUS\Turbo Key\TurboKey.exe" [2009-11-24 1874432]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-10-29 1573584]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-13 384800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\MocaFlix\sprotector.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-25 14120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-13 85280]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-12-13 565024]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2011-11-11 27760]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]
S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [2010-10-25 714368]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-03 677480]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-11-11 2182768]
.
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Ronny\AppData\Roaming\Mozilla\Firefox\Profiles\zjxcxg8z.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=f8efbdf1-4c80-4c9c-a099-fa8be55e2295&apn_ptnrs=%5EAGS&apn_sauid=484CD543-5340-473E-B604-1FB0A517C489&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF - ExtSQL: 2012-11-15 03:55; toolbar@ask.com; c:\users\Ronny\AppData\Roaming\Mozilla\Firefox\Profiles\zjxcxg8z.default\extensions\toolbar@ask.com
FF - ExtSQL: 2012-12-12 14:02; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\users\Ronny\AppData\Roaming\Mozilla\Firefox\Profiles\zjxcxg8z.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-17 16:42:34
ComboFix-quarantined-files.txt 2012-12-17 15:42
.
Vor Suchlauf: 8 Verzeichnis(se), 436.411.142.144 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 437.217.157.120 Bytes frei
.
- - End Of File - - BA52C9C0A3364E561F6D0A6B280571E6
Danke für die hilfe bis jetzt. |
|
17.12.2012, 18:32
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Agent adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.12.2012, 11:50
| #9 |
| | Trojan.AgentCode:
ATTFilter # AdwCleaner v2.101 - Datei am 18/12/2012 um 11:46:00 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Ronny - RONNY-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ronny\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\Ronny\AppData\Roaming\Mozilla\Firefox\Profiles\zjxcxg8z.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gefunden : C:\Users\Ronny\AppData\Roaming\Mozilla\Firefox\Profiles\zjxcxg8z.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\Ronny\AppData\Roaming\Mozilla\Firefox\Profiles\zjxcxg8z.default\searchplugins\SweetIm.xml
Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\Program Files (x86)\MocaFlix
Ordner Gefunden : C:\ProgramData\InstallMate
Ordner Gefunden : C:\ProgramData\Premium
Ordner Gefunden : C:\Users\Ronny\AppData\Local\AskToolbar
Ordner Gefunden : C:\Users\Ronny\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Ronny\AppData\Roaming\Mozilla\Firefox\Profiles\zjxcxg8z.default\extensions\toolbar@ask.com
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\SweetIM
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gefunden : HKLM\Software\SweetIM
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SP_8e4eb48d
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Profilname : default
Datei : C:\Users\Ronny\AppData\Roaming\Mozilla\Firefox\Profiles\zjxcxg8z.default\prefs.js
Gefunden : user_pref("aol_toolbar.default.homepage.check", false);
Gefunden : user_pref("aol_toolbar.default.search.check", false);
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("extensions.509aebfaf2546.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Gefunden : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Gefunden : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Gefunden : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&loc[...]
Gefunden : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Gefunden : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Gefunden : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Gefunden : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Gefunden : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Gefunden : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Gefunden : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Gefunden : user_pref("sweetim.toolbar.searchguard.enable", "");
*************************
AdwCleaner[R1].txt - [5890 octets] - [18/12/2012 11:46:00]
########## EOF - C:\AdwCleaner[R1].txt - [5950 octets] ##########
|
|
18.12.2012, 22:21
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Agent adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.12.2012, 12:15
| #11 |
| | Trojan.AgentCode:
ATTFilter # AdwCleaner v2.101 - Datei am 19/12/2012 um 12:11:08 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Ronny - RONNY-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ronny\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Ronny\AppData\Roaming\Mozilla\Firefox\Profiles\zjxcxg8z.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\Users\Ronny\AppData\Roaming\Mozilla\Firefox\Profiles\zjxcxg8z.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Ronny\AppData\Roaming\Mozilla\Firefox\Profiles\zjxcxg8z.default\searchplugins\SweetIm.xml
Gelöscht mit Neustart : C:\Program Files (x86)\MocaFlix
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\Users\Ronny\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Ronny\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Ronny\AppData\Roaming\Mozilla\Firefox\Profiles\zjxcxg8z.default\extensions\toolbar@ask.com
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\Software\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SP_8e4eb48d
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Profilname : default
Datei : C:\Users\Ronny\AppData\Roaming\Mozilla\Firefox\Profiles\zjxcxg8z.default\prefs.js
Gelöscht : user_pref("aol_toolbar.default.homepage.check", false);
Gelöscht : user_pref("aol_toolbar.default.search.check", false);
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.509aebfaf2546.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&loc[...]
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "");
*************************
AdwCleaner[R1].txt - [6011 octets] - [18/12/2012 11:46:00]
AdwCleaner[S1].txt - [5958 octets] - [19/12/2012 12:11:08]
########## EOF - C:\AdwCleaner[S1].txt - [6018 octets] ##########
Code:
ATTFilter OTL logfile created on: 19.12.2012 12:20:02 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ronny\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,50 Gb Total Physical Memory | 6,27 Gb Available Physical Memory | 83,68% Memory free 14,99 Gb Paging File | 13,67 Gb Available in Paging File | 91,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 405,97 Gb Free Space | 87,18% Space Free | Partition Type: NTFS Computer Name: RONNY-PC | User Name: Ronny | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Ronny\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) PRC - C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\ASUS\Turbo Key\pngio.dll () MOD - C:\Program Files (x86)\ASUS\Turbo Key\AiNap.dll () MOD - C:\Program Files (x86)\ASUS\Turbo Key\vvc.dll () ========== Services (SafeList) ========== SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\drivers\fwlanusbn.sys (AVM GmbH) DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-771116149-4193558194-1132221159-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-771116149-4193558194-1132221159-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-771116149-4193558194-1132221159-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FF 0B 0B 3A 6A B9 CD 01 [binary data] IE - HKU\S-1-5-21-771116149-4193558194-1132221159-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-771116149-4193558194-1132221159-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-771116149-4193558194-1132221159-1000\..\SearchScopes\{87597CA4-0B43-4A85-96F4-5E29EDA77F66}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=f8efbdf1-4c80-4c9c-a099-fa8be55e2295&apn_sauid=484CD543-5340-473E-B604-1FB0A517C489 IE - HKU\S-1-5-21-771116149-4193558194-1132221159-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-771116149-4193558194-1132221159-1001\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename,S: S", "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1,S: S", "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.selectedEngine,S: S", "" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 00:53:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 00:53:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.03 04:42:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronny\AppData\Roaming\mozilla\Extensions [2012.12.19 12:11:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronny\AppData\Roaming\mozilla\Firefox\Profiles\zjxcxg8z.default\extensions [2012.12.06 00:53:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.06 00:53:17 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.12.17 16:40:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [Turbo Key] C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe (ASUSTeK Computer Inc.) O4 - HKU\S-1-5-21-771116149-4193558194-1132221159-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-771116149-4193558194-1132221159-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-771116149-4193558194-1132221159-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-771116149-4193558194-1132221159-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-771116149-4193558194-1132221159-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79BBAED0-11D6-4289-BC38-71537426A608}: DhcpNameServer = 192.168.178.1 O20 - AppInit_DLLs: (c:\PROGRA~2\MocaFlix\sprotector.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.19 12:09:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2012.12.19 12:07:07 | 026,811,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012.12.19 12:07:07 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012.12.19 12:07:07 | 020,335,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012.12.19 12:07:07 | 018,045,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2012.12.19 12:07:07 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012.12.19 12:07:07 | 012,603,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2012.12.19 12:07:07 | 009,271,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012.12.19 12:07:07 | 007,819,016 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012.12.19 12:07:07 | 007,446,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2012.12.19 12:07:07 | 006,149,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2012.12.19 12:07:07 | 002,784,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012.12.19 12:07:07 | 002,606,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012.12.19 12:07:07 | 002,496,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2012.12.19 12:07:07 | 002,226,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012.12.19 12:07:07 | 001,874,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012.12.19 12:07:07 | 000,841,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2012.12.19 12:07:07 | 000,245,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2012.12.19 12:07:07 | 000,201,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2012.12.19 12:02:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ronny\Desktop\OTL.exe [2012.12.17 19:53:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.12.17 16:42:36 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.12.17 16:32:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.12.17 16:32:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.12.17 16:32:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.12.17 16:32:40 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.12.17 16:32:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.12.17 16:29:21 | 005,012,571 | R--- | C] (Swearware) -- C:\Users\Ronny\Desktop\ComboFix.exe [2012.12.15 18:13:14 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ronny\Desktop\tdsskiller.exe [2012.12.15 17:38:10 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Ronny\Desktop\aswMBR.exe [2012.12.13 12:12:43 | 000,000,000 | ---D | C] -- C:\Users\Ronny\Desktop\4fach_leer_10Fruechte [2012.12.12 15:48:08 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Roaming\Malwarebytes [2012.12.12 15:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.12 15:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.12 15:47:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.12 15:47:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.12 13:57:38 | 000,238,080 | ---- | C] (MW Publishing) -- C:\Windows\SysWow64\mwgfx24.dll [2012.12.12 13:57:38 | 000,188,928 | ---- | C] (MW Graphics) -- C:\Windows\SysWow64\mwgfx.dll [2012.12.12 13:57:38 | 000,104,960 | ---- | C] (MW Graphics) -- C:\Windows\SysWow64\mwdds.dll [2012.12.12 13:57:38 | 000,056,832 | ---- | C] (MW Graphics) -- C:\Windows\SysWow64\mwace.dll [2012.12.12 13:57:38 | 000,028,672 | ---- | C] (MW Graphics) -- C:\Windows\SysWow64\mwgfxcopy.exe [2012.12.12 13:57:38 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MW Graphics [2012.12.12 13:57:38 | 000,000,000 | ---D | C] -- C:\Graphics [2012.12.12 03:29:42 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.12.12 03:29:42 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.12.12 03:29:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.12.12 03:29:41 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.12.12 03:29:41 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.12.12 03:29:41 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.12.12 03:29:41 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.12.12 03:29:38 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.12 03:29:38 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.12 03:29:38 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.12 03:29:38 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.12 03:29:34 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.12.12 03:29:33 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.12.12 03:29:33 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.12.12 03:29:33 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.12.12 03:29:32 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.12.12 03:29:32 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.12.12 03:29:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.12.12 03:29:32 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.12.12 03:29:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.12.12 03:29:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.12.12 03:29:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.12.12 03:29:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.12.12 03:29:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.12.12 03:29:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.12.12 03:29:32 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.12.12 03:29:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 03:29:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 03:29:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 03:29:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 03:29:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 03:29:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 03:29:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 03:29:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 03:29:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 03:29:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 03:29:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 03:29:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 03:29:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 03:29:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 03:29:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.12.12 03:29:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.12.12 03:29:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.12.12 03:29:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 03:29:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 03:29:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 03:29:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.12.12 03:29:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 03:29:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 03:29:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 03:29:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 03:29:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 03:29:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 03:29:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 03:29:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 03:29:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 03:29:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 03:29:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 03:29:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 03:29:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 03:29:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 03:29:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.12.12 03:29:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.12.12 03:29:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.12.12 03:29:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 03:29:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 03:29:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 03:29:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 03:29:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 03:29:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 03:29:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 03:29:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 03:29:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 03:29:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 03:29:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 03:29:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 03:29:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 03:29:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.12.12 03:29:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.12.12 03:29:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.12.12 03:29:22 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012.12.12 03:29:22 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012.12.06 00:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.04 14:35:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012.12.04 03:14:29 | 000,000,000 | ---D | C] -- C:\Users\Ronny\Desktop\karte2 [2012.12.01 15:17:41 | 000,000,000 | ---D | C] -- C:\Users\Ronny\Desktop\geditor_035 [2012.11.30 22:43:52 | 000,438,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe [2012.11.27 22:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prototypes SCC v2.41 for GTR2 [2012.11.25 15:07:44 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Roaming\Subversion [2012.11.25 15:05:50 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Roaming\fltk.org [2012.11.25 15:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\fltk.org [2012.11.25 15:05:31 | 000,000,000 | ---D | C] -- C:\Users\Ronny\AppData\Roaming\flightgear.org [2012.11.25 15:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\flightgear.org [2012.11.25 15:05:29 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2012.11.25 15:05:29 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2012.11.25 15:05:29 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2012.11.25 15:05:29 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [2012.11.25 15:05:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL [2012.11.21 02:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimBin ========== Files - Modified Within 30 Days ========== [2012.12.19 12:19:39 | 000,014,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.19 12:19:39 | 000,014,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.19 12:16:42 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.19 12:16:42 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.19 12:16:42 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.19 12:16:42 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.19 12:16:42 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.19 12:12:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.19 12:12:05 | 1743,347,711 | -HS- | M] () -- C:\hiberfil.sys [2012.12.19 12:02:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ronny\Desktop\OTL.exe [2012.12.18 11:43:54 | 000,547,175 | ---- | M] () -- C:\Users\Ronny\Desktop\adwcleaner.exe [2012.12.17 16:40:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.12.17 16:29:53 | 005,012,571 | R--- | M] (Swearware) -- C:\Users\Ronny\Desktop\ComboFix.exe [2012.12.15 18:14:12 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ronny\Desktop\tdsskiller.exe [2012.12.15 17:38:48 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Ronny\Desktop\aswMBR.exe [2012.12.13 07:19:23 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.13 07:19:23 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.12.12 15:47:49 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.12 13:57:56 | 000,001,686 | ---- | M] () -- C:\Users\Ronny\Desktop\DXTBmp.lnk [2012.12.12 05:23:22 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.03 16:47:14 | 026,811,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012.12.03 16:47:14 | 025,256,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012.12.03 16:47:14 | 020,335,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012.12.03 16:47:14 | 018,045,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2012.12.03 16:47:14 | 017,559,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012.12.03 16:47:14 | 015,122,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2012.12.03 16:47:14 | 015,016,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2012.12.03 16:47:14 | 012,603,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2012.12.03 16:47:14 | 009,271,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012.12.03 16:47:14 | 007,819,016 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012.12.03 16:47:14 | 007,446,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2012.12.03 16:47:14 | 006,149,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2012.12.03 16:47:14 | 002,816,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2012.12.03 16:47:14 | 002,784,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012.12.03 16:47:14 | 002,606,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012.12.03 16:47:14 | 002,496,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2012.12.03 16:47:14 | 002,226,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012.12.03 16:47:14 | 001,874,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012.12.03 16:47:14 | 001,805,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll [2012.12.03 16:47:14 | 001,504,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll [2012.12.03 16:47:14 | 000,983,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll [2012.12.03 16:47:14 | 000,841,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2012.12.03 16:47:14 | 000,245,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2012.12.03 16:47:14 | 000,201,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2012.12.03 16:47:14 | 000,014,446 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.12.01 06:49:26 | 003,663,213 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [2012.12.01 06:49:26 | 002,557,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2012.12.01 06:49:25 | 000,118,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2012.12.01 06:49:25 | 000,063,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2012.12.01 06:48:41 | 006,223,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2012.12.01 06:48:37 | 003,311,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2012.11.30 22:43:52 | 000,438,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe [2012.11.27 12:18:40 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.11.27 12:18:40 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.11.25 15:05:29 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2012.11.25 15:05:29 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2012.11.25 15:05:29 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2012.11.25 15:05:29 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [2012.11.21 02:08:51 | 000,001,129 | ---- | M] () -- C:\Users\Ronny\Desktop\GTR 2.lnk ========== Files Created - No Company Name ========== [2012.12.18 11:43:54 | 000,547,175 | ---- | C] () -- C:\Users\Ronny\Desktop\adwcleaner.exe [2012.12.17 16:32:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.12.17 16:32:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.12.17 16:32:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.12.17 16:32:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.12.17 16:32:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.12.12 15:47:49 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.12 13:57:38 | 000,001,686 | ---- | C] () -- C:\Users\Ronny\Desktop\DXTBmp.lnk [2012.11.21 02:08:51 | 000,001,129 | ---- | C] () -- C:\Users\Ronny\Desktop\GTR 2.lnk [2012.11.03 02:37:33 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2012.11.03 02:37:33 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2012.11.03 02:34:59 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2012.11.03 02:34:59 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012.11.03 02:17:08 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.11.03 02:17:04 | 000,037,967 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.11.03 02:15:00 | 000,000,017 | ---- | C] () -- C:\Users\Ronny\AppData\Local\resmon.resmoncfg ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 19.12.2012 12:20:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ronny\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,50 Gb Total Physical Memory | 6,27 Gb Available Physical Memory | 83,68% Memory free
14,99 Gb Paging File | 13,67 Gb Available in Paging File | 91,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 405,97 Gb Free Space | 87,18% Space Free | Partition Type: NTFS
Computer Name: RONNY-PC | User Name: Ronny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-771116149-4193558194-1132221159-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2F668B21-146E-4709-9AD1-016C090108C1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5928A37E-4826-463A-BFE7-3A4B99BAE5D5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5931595C-6D29-416D-97E3-C08E3BC00B89}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{74EF6216-7470-4A90-91DB-3E0AE9F8CF96}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7622AE9D-F9F8-4035-9863-FD687D19C81B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{864B6A45-DE8D-451B-947A-B7D8FE2A5139}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{90F224B9-D9EE-423E-98F6-106225E1A897}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9CDCF0A3-28C3-4317-B388-0BF4118F0373}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A1EB21C5-E743-455C-ACB8-AAB81CB6B931}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CE46876-CD9C-4A8B-9454-8DF06547586D}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{15EC2E79-5ABF-41C8-B279-910726914245}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{26863061-2251-4838-AE27-4AF59614B12F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{26FCAB6E-A36E-47D2-B437-065E1A026236}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{301EFD79-429C-4F5D-BAA2-80A321AC4029}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{34D701AA-D45D-4C8F-A492-0EB6B056934D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{36A5F1A3-F174-4EE6-BC65-4A38C3C12B9D}" = protocol=6 | dir=out | app=system |
"{3DFB2CBC-299A-433C-87F3-8F6BA13E7FF7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{468DB53D-4415-4306-B3A5-2442448576BC}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{5FF76C01-B1E2-438B-881E-29C8E7531B8B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6197AE76-9B5C-4537-BC5A-1446EA6918FA}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{6FB3DC42-408F-4F43-BD80-194E2293A082}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A0D7F037-CF44-407F-9CBC-D3F1B79A98C9}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe |
"{A7C8F23E-6539-4F5C-9702-1C693A46CB50}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B1E252F0-659A-430F-9B27-05BA48592937}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BD8B1006-B0CF-4E7D-8FFC-30C8331D22AB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BDC5D7CF-A1AD-4944-8AEE-BB239CDDF6FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D70B9FD5-0998-4934-9A60-20C9B43202A8}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{E58FB7E6-2CEC-4C0B-9F79-2187E1CF9E88}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe |
"{E6E4E2C1-B2BF-4AF9-8C6A-75E55CEE5D2A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FE26E83C-B0F4-4DC8-8EE4-5DDE01044360}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{FFDF6C30-2C88-4E23-BAB0-DA42F7676365}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FFE5481C-5B85-4C9A-9509-171F10EA630B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{6910BDC4-A1CB-4B0D-AA0D-0947D2B2592D}C:\program files (x86)\simbin\gtr 2\gtr2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\simbin\gtr 2\gtr2.exe |
"UDP Query User{A8FA8FA5-A074-420C-9CEA-1AF4F549CEF9}C:\program files (x86)\simbin\gtr 2\gtr2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\simbin\gtr 2\gtr2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{B83F7FA5-3191-4E39-A1F2-8A9038BD0B04}" = Turbo Key
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Euro Truck Simulator" = Euro Truck Simulator 1.1
"FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011
"giants_editor_4.1.9_is1" = GIANTS Editor 4.1.9
"GTR 2_is1" = GTR 2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.12.2012 04:07:48 | Computer Name = Ronny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: game.exe, Version: 1.3.0.0, Zeitstempel:
0x4a16bc51 Name des fehlerhaften Moduls: game.exe, Version: 1.3.0.0, Zeitstempel:
0x4a16bc51 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000142e3 ID des fehlerhaften Prozesses:
0x7ac Startzeit der fehlerhaften Anwendung: 0x01cdd5e3fc0af7d2 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Euro Truck Simulator\game.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Euro Truck Simulator\game.exe Berichtskennung: 8472c341-41d7-11e2-94d2-bc0543073798
Error - 09.12.2012 04:10:41 | Computer Name = Ronny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: game.exe, Version: 1.3.0.0, Zeitstempel:
0x4a16bc51 Name des fehlerhaften Moduls: game.exe, Version: 1.3.0.0, Zeitstempel:
0x4a16bc51 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000142e3 ID des fehlerhaften Prozesses:
0xfe8 Startzeit der fehlerhaften Anwendung: 0x01cdd5e4724b88e4 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Euro Truck Simulator\game.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Euro Truck Simulator\game.exe Berichtskennung: ec0ee944-41d7-11e2-94d2-bc0543073798
Error - 09.12.2012 15:02:53 | Computer Name = Ronny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: game.exe, Version: 1.3.0.0, Zeitstempel:
0x4a16bc51 Name des fehlerhaften Moduls: game.exe, Version: 1.3.0.0, Zeitstempel:
0x4a16bc51 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000cbe1 ID des fehlerhaften Prozesses:
0xda4 Startzeit der fehlerhaften Anwendung: 0x01cdd638573f348c Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Euro Truck Simulator\game.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Euro Truck Simulator\game.exe Berichtskennung: 0844e0e0-4233-11e2-92c5-bc0543073798
Error - 10.12.2012 04:13:05 | Computer Name = Ronny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: game.exe, Version: 1.3.0.0, Zeitstempel:
0x4a16bc51 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0x328 Startzeit der fehlerhaften Anwendung: 0x01cdd69792f0d378 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Euro Truck Simulator\game.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 6bc963f7-42a1-11e2-8337-bc0543073798
Error - 10.12.2012 04:51:48 | Computer Name = Ronny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: game.exe, Version: 1.3.0.0, Zeitstempel:
0x4a16bc51 Name des fehlerhaften Moduls: game.exe, Version: 1.3.0.0, Zeitstempel:
0x4a16bc51 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000a6625 ID des fehlerhaften Prozesses:
0xdfc Startzeit der fehlerhaften Anwendung: 0x01cdd6b383241461 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Euro Truck Simulator\game.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Euro Truck Simulator\game.exe Berichtskennung: d4ecc303-42a6-11e2-8337-bc0543073798
Error - 11.12.2012 00:24:31 | Computer Name = Ronny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: game.exe, Version: 1.3.0.0, Zeitstempel:
0x4a16bc51 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0x17c Startzeit der fehlerhaften Anwendung: 0x01cdd73fb279b8a3 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Euro Truck Simulator\game.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: a8081137-434a-11e2-ab74-bc0543073798
Error - 11.12.2012 08:12:37 | Computer Name = Ronny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: game.exe, Version: 1.3.0.0, Zeitstempel:
0x4a16bc51 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0xcd4 Startzeit der fehlerhaften Anwendung: 0x01cdd77fb48ca315 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Euro Truck Simulator\game.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 0c9a92be-438c-11e2-b032-bc0543073798
Error - 13.12.2012 04:59:43 | Computer Name = Ronny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: game.exe, Version: 1.3.0.0, Zeitstempel:
0x4a16bc51 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0xefc Startzeit der fehlerhaften Anwendung: 0x01cdd90e19f72c20 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Euro Truck Simulator\game.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 6ed165c1-4503-11e2-84ae-bc0543073798
Error - 13.12.2012 10:35:48 | Computer Name = Ronny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GTR2.exe, Version: 1.1.0.0, Zeitstempel:
0x452c9f16 Name des fehlerhaften Moduls: GTR2.exe, Version: 1.1.0.0, Zeitstempel:
0x452c9f16 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001db76b ID des fehlerhaften Prozesses:
0xf94 Startzeit der fehlerhaften Anwendung: 0x01cdd93c118cc9c6 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\SimBin\GTR 2\GTR2.exe Pfad des fehlerhaften Moduls:
C:\Program Files (x86)\SimBin\GTR 2\GTR2.exe Berichtskennung: 620bc358-4532-11e2-b7bb-bc0543073798
Error - 16.12.2012 12:11:35 | Computer Name = Ronny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GTR2.exe, Version: 1.1.0.0, Zeitstempel:
0x452c9f16 Name des fehlerhaften Moduls: GTR2.exe, Version: 1.1.0.0, Zeitstempel:
0x452c9f16 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001db76b ID des fehlerhaften Prozesses:
0x954 Startzeit der fehlerhaften Anwendung: 0x01cddba7dd3e8509 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\SimBin\GTR 2\GTR2.exe Pfad des fehlerhaften Moduls:
C:\Program Files (x86)\SimBin\GTR 2\GTR2.exe Berichtskennung: 42c2ade2-479b-11e2-9770-bc0543073798
[ System Events ]
Error - 02.11.2012 23:53:45 | Computer Name = Ronny-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits
2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 02.11.2012 23:53:45 | Computer Name = Ronny-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist
bereits 3 Mal passiert.
Error - 02.11.2012 23:56:06 | Computer Name = Ronny-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%16405
Error - 05.11.2012 00:12:29 | Computer Name = Ronny-PC | Source = DCOM | ID = 10010
Description =
Error - 05.11.2012 00:35:25 | Computer Name = Ronny-PC | Source = DCOM | ID = 10016
Description =
Error - 12.12.2012 00:21:24 | Computer Name = Ronny-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%32
Error - 12.12.2012 11:32:49 | Computer Name = Ronny-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error - 17.12.2012 11:38:37 | Computer Name = Ronny-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 17.12.2012 11:40:27 | Computer Name = Ronny-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 17.12.2012 11:40:53 | Computer Name = Ronny-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
< End of report >
|
|
19.12.2012, 23:06
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.AgentFixen mit OTL
Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-771116149-4193558194-1132221159-1000\..\SearchScopes\{87597CA4-0B43-4A85-96F4-5E29EDA77F66}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=f8efbdf1-4c80-4c9c-a099-fa8be55e2295&apn_sauid=484CD543-5340-473E-B604-1FB0A517C489
O4 - HKLM..\Run: [] File not found
O20 - AppInit_DLLs: (c:\PROGRA~2\MocaFlix\sprotector.dll) - File not found
:Files
c:\PROGRA~2\MocaFlix
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.12.2012, 12:23
| #13 |
| | Trojan.Agent Hallo. jetzt muss ich zum erstenmal erst nochmal nach fragen bevor ich anfang .wo muss bzw an welcher stelle muss ich da mein namen einätzen ? eventuell da wo die Y's sind ?. |
|
20.12.2012, 15:41
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Agent In diesem Fall musst du da nichts machen, da gibt es keine unkenntlich gemachten Stellen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.12.2012, 17:12
| #15 |
| | Trojan.AgentCode:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-771116149-4193558194-1132221159-1000\Software\Microsoft\Internet Explorer\SearchScopes\{87597CA4-0B43-4A85-96F4-5E29EDA77F66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87597CA4-0B43-4A85-96F4-5E29EDA77F66}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\PROGRA~2\MocaFlix\sprotector.dll deleted successfully.
========== FILES ==========
File\Folder c:\PROGRA~2\MocaFlix not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Ronny\Desktop\cmd.bat deleted successfully.
C:\Users\Ronny\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Ronny
->Temp folder emptied: 1552518 bytes
->Temporary Internet Files folder emptied: 26087176 bytes
->FireFox cache emptied: 424094420 bytes
->Flash cache emptied: 3429 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11712 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 431,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 12212012_170326
Files\Folders moved on Reboot...
C:\Users\Ronny\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
und ein riesen dank für die ganze hilfe bis hier her.  |
|
| Themen zu Trojan.Agent |
| administrator, anti-malware, appdata, autostart, blue, bösartige, dateien, durchgeführt, erfolgreich, explorer, files, frage, gelöscht, guten, microsoft, minute, programm, quarantäne, registrierung, scan, service, speicher, temporary, trojan.agent, version |
Textbox. 
Linear-Darstellung
