|
Plagegeister aller Art und deren Bekämpfung: E-Mail Konto (Trojaner oder Hacker) ?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.12.2012, 23:42 | #1 |
| E-Mail Konto (Trojaner oder Hacker) ? Hallo liebe Community: hab schon verwandte Themen gefunden aber keine Antwort auf meine Frage ! Folgendes Problem: Von meiner Email aus wurden emails mit einem dubiosen Link an meine Kontakte geschickt und an mich selber. Bei den Kontoaktivitäten konnte ich Logins von Japan aus erkennen . Hab GDATA und Malwarebytes schon durchlaufen lassen jedoch ohne Fund eines Trojaner bzw. anderen Schadsoftwares. Ist es nun möglich ,dass ich immernoch ein Trojaner auf dem PC habe und er nicht erkannt wurde ODER konnten sich fremde Zugriff auf mein Email Konto verschaffen ohne Zugriff zu meinem PC zu haben ? Das ist die eigentliche Frage weil mir ein Trojaner nicht so lieb wäre ! Bitte antwortet ! |
14.12.2012, 13:20 | #2 |
/// Malware-holic | E-Mail Konto (Trojaner oder Hacker) ? hi
__________________Passwort sicherheit. Passwörter sollten mindestens 2-stellig sein, im idial fall etwas an die 20 Ziffern. Es sollte bestehen aus: - sonderzeichen - groß bzw klein Buchstaben - Zahlen - Umlaute. Jeder Dienst muss ein eigenes Passwort haben. Da solche Passwörter für viele schwer zu merken sind, gibts Passwort manager. ich werd dir am Ende, wenn wir einen Schädlingsbefall ausgeschlossen haben, noch einiges empfehlen. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
14.12.2012, 18:27 | #3 |
| E-Mail Konto (Trojaner oder Hacker) ? OTL.txtOTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 14.12.2012 15:13:49 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Basti\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,58 Gb Available Physical Memory | 82,37% Memory free 15,97 Gb Paging File | 13,03 Gb Available in Paging File | 81,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 672,29 Gb Free Space | 72,18% Space Free | Partition Type: NTFS Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.14 15:12:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe PRC - [2012.12.04 20:01:29 | 000,541,168 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2012.12.04 20:00:59 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Steam\Steam.exe PRC - [2012.12.03 16:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.11.30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.11.02 06:01:26 | 000,527,216 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe PRC - [2012.11.01 19:12:16 | 000,389,488 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.17 04:24:09 | 000,995,352 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe PRC - [2012.09.10 16:22:32 | 000,872,048 | ---- | M] (ROCCAT GmbH) -- C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe PRC - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2012.04.10 15:05:18 | 000,334,840 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVK.exe PRC - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe PRC - [2012.01.27 05:13:00 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe PRC - [2012.01.27 04:43:33 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe PRC - [2011.04.26 10:20:48 | 001,101,440 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe PRC - [2011.04.11 20:15:12 | 001,188,992 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe PRC - [2011.02.15 12:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe PRC - [2010.12.20 10:18:48 | 001,425,536 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe PRC - [2010.12.02 03:15:14 | 000,915,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe PRC - [2010.11.26 20:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe PRC - [2010.10.21 10:52:26 | 000,586,880 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe PRC - [2010.09.24 20:29:32 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe ========== Modules (No Company Name) ========== MOD - [2012.12.04 20:01:45 | 000,835,072 | ---- | M] () -- C:\Steam\sdl.dll MOD - [2012.12.04 20:01:29 | 020,319,568 | ---- | M] () -- C:\Steam\bin\libcef.dll MOD - [2012.12.04 20:01:28 | 001,099,616 | ---- | M] () -- C:\Steam\bin\avcodec-53.dll MOD - [2012.12.04 20:01:28 | 000,965,616 | ---- | M] () -- C:\Steam\bin\chromehtml.dll MOD - [2012.12.04 20:01:28 | 000,190,816 | ---- | M] () -- C:\Steam\bin\avformat-53.dll MOD - [2012.12.04 20:01:28 | 000,123,232 | ---- | M] () -- C:\Steam\bin\avutil-51.dll MOD - [2011.11.01 22:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.01 22:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.09 13:55:24 | 001,036,800 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll MOD - [2011.03.04 09:33:44 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll MOD - [2011.02.15 12:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe MOD - [2011.02.15 12:20:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll MOD - [2011.02.15 12:20:02 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll MOD - [2011.02.15 12:19:44 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll MOD - [2011.02.15 12:19:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll MOD - [2011.02.15 12:19:20 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll MOD - [2011.01.20 11:09:34 | 000,964,096 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll MOD - [2011.01.13 15:47:34 | 000,881,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll MOD - [2011.01.12 09:53:30 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll MOD - [2011.01.07 15:39:36 | 001,246,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll MOD - [2011.01.06 09:38:48 | 001,027,072 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll MOD - [2010.12.01 11:33:32 | 001,244,672 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll MOD - [2010.09.27 19:51:16 | 001,607,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll MOD - [2010.08.23 03:17:40 | 000,662,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll MOD - [2010.08.06 17:13:48 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll MOD - [2010.08.06 17:11:20 | 000,850,944 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll MOD - [2010.07.27 05:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll MOD - [2010.06.21 14:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll MOD - [2010.06.21 14:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll MOD - [2009.08.12 19:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll MOD - [2009.05.21 09:14:14 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.07.14 02:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ) SRV - [2012.12.12 23:17:16 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.05 21:18:34 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.04 20:01:29 | 000,541,168 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.12.03 16:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.11.30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.11.14 12:00:10 | 000,678,416 | ---- | M] () [Auto | Running] -- C:\Programme\EslWire\service\WireHelperSvc.exe -- (EslWireHelper) SRV - [2012.11.02 06:01:26 | 000,527,216 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld) SRV - [2012.11.01 19:35:02 | 000,078,072 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService) SRV - [2012.11.01 19:13:10 | 000,418,672 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2012.11.01 19:12:16 | 000,389,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.08.30 04:06:18 | 002,011,568 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl) SRV - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2012.06.04 10:50:20 | 001,766,464 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc) SRV - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2012.02.10 02:30:02 | 000,136,616 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService) SRV - [2012.01.27 04:43:33 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService) SRV - [2010.12.02 03:15:14 | 000,915,584 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe -- (asHmComSvc) SRV - [2010.10.21 10:52:26 | 000,586,880 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.08 14:37:55 | 000,060,320 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt) DRV:64bit: - [2012.12.08 14:33:13 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2012.12.08 14:33:13 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2012.12.08 14:33:13 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:64bit: - [2012.11.14 11:59:58 | 000,160,784 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC) DRV:64bit: - [2012.11.01 19:31:08 | 000,040,712 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6) DRV:64bit: - [2012.10.12 14:37:54 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD) DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.05.20 15:49:49 | 000,064,376 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2012.05.02 17:50:33 | 000,031,448 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon) DRV:64bit: - [2012.04.11 16:40:28 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv) DRV:64bit: - [2012.04.06 19:15:10 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.06.02 09:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.06.02 09:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.01.14 13:27:46 | 000,032,544 | R--- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60) DRV:64bit: - [2010.01.14 13:27:30 | 000,048,416 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM) DRV:64bit: - [2010.01.14 13:27:30 | 000,048,416 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) DRV:64bit: - [2010.01.14 13:27:18 | 000,029,472 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT) DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.02.10 02:28:14 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys -- (AODDriver4.1.0) DRV - [2010.05.27 01:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.02.15 15:30:48 | 000,015,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys -- (FLASHSYS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7A 04 A4 1B D9 26 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: afurladvisor%40anchorfree.com:1.0 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Basti\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 21:18:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 21:18:34 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.30 15:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Extensions [2012.12.13 08:35:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\2b2qgayn.default\extensions [2012.12.13 08:35:23 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\2b2qgayn.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.11.25 00:55:18 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\firefox\profiles\2b2qgayn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.05 21:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.08 14:33:11 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2012.12.05 21:18:30 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com [2012.12.05 21:18:30 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2012.12.05 21:18:31 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak2 [2012.12.05 21:18:34 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.10 01:15:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.10 13:48:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.10 01:15:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.10 01:15:31 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.10 01:15:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.10 01:15:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.08 22:52:00 | 000,000,054 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (BHO) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [ROCCAT Savu Gaming Mouse] C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe (ROCCAT GmbH) O4 - HKCU..\Run: [ESL Wire] C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH) O4 - HKCU..\Run: [Facebook Update] C:\Users\Basti\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Basti\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Basti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Basti\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Basti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E6B5396-6994-4C4F-B7E1-111F16862744}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D59130BF-C96F-4C97-A168-E6F4D02457C9}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^Users^Basti^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk - C:\Programme\Rainmeter\Rainmeter.exe - () MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.12.14 15:12:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe [2012.12.13 15:38:47 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\Malwarebytes [2012.12.13 15:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.13 15:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.13 15:38:35 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.13 15:38:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.12 23:23:12 | 000,016,504 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys [2012.12.11 15:59:02 | 000,000,000 | ---D | C] -- C:\Users\Basti\dwhelper [2012.12.05 21:18:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.04 19:42:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2012.11.30 21:05:14 | 000,000,000 | ---D | C] -- C:\Users\Basti\Documents\ROCCAT Savu [2012.11.30 21:01:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roccat [2012.11.30 21:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ROCCAT [2012.11.25 18:17:57 | 000,000,000 | ---D | C] -- C:\Users\Basti\Desktop\background [2012.11.19 21:36:25 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\Audacity [2012.11.19 21:36:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2012.11.15 23:18:04 | 000,000,000 | ---D | C] -- C:\Users\Basti\Windows Designs [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.14 15:14:46 | 000,912,953 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2012.12.14 15:14:46 | 000,050,001 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2012.12.14 15:12:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe [2012.12.14 15:09:34 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1023630594-4199829681-851610359-1000UA.job [2012.12.14 15:09:33 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.14 15:09:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.13 22:41:24 | 000,051,720 | ---- | M] () -- C:\Users\Basti\Desktop\560738_10151833273445287_670882201_n.jpg [2012.12.13 22:41:03 | 000,067,175 | ---- | M] () -- C:\Users\Basti\Desktop\318957_10152320786925287_2122659783_n.jpg [2012.12.13 21:58:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1023630594-4199829681-851610359-1000Core.job [2012.12.13 15:38:36 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.13 07:33:30 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.13 07:33:30 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.13 07:26:11 | 000,416,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.13 07:25:45 | 2134,200,319 | -HS- | M] () -- C:\hiberfil.sys [2012.12.13 00:41:05 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.13 00:41:05 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.13 00:41:05 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.13 00:41:05 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.13 00:41:05 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.13 00:32:20 | 000,005,638 | ---- | M] () -- C:\Users\Basti\Desktop\wuetend.png [2012.12.13 00:23:45 | 000,040,198 | ---- | M] () -- C:\Users\Basti\Desktop\homersimpson.png [2012.12.13 00:12:10 | 000,078,726 | ---- | M] () -- C:\Users\Basti\Desktop\Aliencartoony.png [2012.12.13 00:11:35 | 000,008,963 | ---- | M] () -- C:\Users\Basti\Desktop\images.jpg [2012.12.12 23:51:15 | 000,049,697 | ---- | M] () -- C:\Users\Basti\Desktop\Homer Simpson And Donut.png [2012.12.12 23:23:12 | 000,016,504 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys [2012.12.08 15:06:55 | 000,000,779 | ---- | M] () -- C:\Users\Public\Desktop\ESL Wire.lnk [2012.12.08 14:37:55 | 000,060,320 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys [2012.12.08 14:33:13 | 000,126,880 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys [2012.12.08 14:33:13 | 000,064,416 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys [2012.12.08 14:33:13 | 000,054,176 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys [2012.12.03 16:47:14 | 000,014,446 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.12.01 06:49:26 | 003,663,213 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.13 22:41:23 | 000,051,720 | ---- | C] () -- C:\Users\Basti\Desktop\560738_10151833273445287_670882201_n.jpg [2012.12.13 22:41:00 | 000,067,175 | ---- | C] () -- C:\Users\Basti\Desktop\318957_10152320786925287_2122659783_n.jpg [2012.12.13 15:38:36 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.13 00:32:19 | 000,005,638 | ---- | C] () -- C:\Users\Basti\Desktop\wuetend.png [2012.12.13 00:23:44 | 000,040,198 | ---- | C] () -- C:\Users\Basti\Desktop\homersimpson.png [2012.12.13 00:12:09 | 000,078,726 | ---- | C] () -- C:\Users\Basti\Desktop\Aliencartoony.png [2012.12.13 00:11:33 | 000,008,963 | ---- | C] () -- C:\Users\Basti\Desktop\images.jpg [2012.12.12 23:51:06 | 000,049,697 | ---- | C] () -- C:\Users\Basti\Desktop\Homer Simpson And Donut.png [2012.11.19 21:36:22 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2012.11.04 14:21:41 | 000,000,600 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\winscp.rnd [2012.07.14 14:37:41 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2012.05.03 15:01:05 | 000,912,953 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2012.04.30 16:33:36 | 000,017,408 | ---- | C] () -- C:\Users\Basti\AppData\Local\WebpageIcons.db [2012.04.30 14:50:20 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012.04.30 14:50:18 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2012.04.30 14:45:29 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.04.30 14:45:23 | 000,027,128 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.05.21 14:53:55 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\.minecraft [2012.11.19 22:03:01 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Audacity [2012.05.19 14:33:26 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Canneverbe Limited [2012.10.11 18:26:40 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\DiskAid [2012.11.06 09:44:35 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\DVDVideoSoft [2012.11.06 09:44:30 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\DVDVideoSoftIEHelpers [2012.07.15 18:49:17 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Foxit Software [2012.07.28 10:37:15 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\FreeAudioPack [2012.05.23 00:10:22 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Need for Speed World [2012.05.09 21:22:25 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\OpenCandy [2012.04.30 15:42:41 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Rainmeter [2012.11.09 17:41:42 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\redsn0w [2012.10.10 19:15:49 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Software4u [2012.12.06 20:44:25 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\TS3Client [2012.05.09 21:24:15 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\TuneUp Software [2012.11.07 22:48:29 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\WindSolutions [2012.07.28 10:34:35 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\XMedia Recode ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.06.19 16:44:33 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.04.29 20:31:39 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.06.10 01:59:12 | 000,000,000 | ---D | M] -- C:\Filme [2012.04.29 22:43:38 | 000,000,000 | ---D | M] -- C:\Fraps [2012.06.18 22:02:00 | 000,000,000 | ---D | M] -- C:\Hotspot Shield [2012.05.01 19:23:52 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012.05.18 16:04:09 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.11.07 23:07:09 | 000,000,000 | R--D | M] -- C:\Program Files [2012.12.13 15:38:35 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.12.13 15:38:36 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.04.29 20:31:39 | 000,000,000 | -HSD | M] -- C:\Programme [2012.04.30 14:42:53 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.09.30 21:16:44 | 000,000,000 | ---D | M] -- C:\Spiele [2012.12.13 21:55:37 | 000,000,000 | ---D | M] -- C:\Steam [2012.12.14 15:15:19 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.05.18 16:05:30 | 000,000,000 | R--D | M] -- C:\Users [2012.12.08 15:05:10 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.04.30 15:27:37 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2012.11.10 21:53:51 | 000,000,906 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1023630594-4199829681-851610359-1000Core.job [2012.11.10 21:53:53 | 000,000,928 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1023630594-4199829681-851610359-1000UA.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.12.14 15:30:05 | 002,621,440 | -HS- | M] () -- C:\Users\Basti\NTUSER.DAT [2012.12.14 15:30:05 | 000,262,144 | -HS- | M] () -- C:\Users\Basti\ntuser.dat.LOG1 [2012.04.30 14:42:58 | 000,000,000 | -HS- | M] () -- C:\Users\Basti\ntuser.dat.LOG2 [2012.04.30 14:51:46 | 000,065,536 | -HS- | M] () -- C:\Users\Basti\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.04.30 14:51:46 | 000,524,288 | -HS- | M] () -- C:\Users\Basti\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.04.30 14:51:46 | 000,524,288 | -HS- | M] () -- C:\Users\Basti\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.04.30 14:42:58 | 000,000,020 | -HS- | M] () -- C:\Users\Basti\ntuser.ini [2012.11.08 21:26:15 | 000,046,062 | ---- | M] () -- C:\Users\Basti\umbrella0.log < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > Extra.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.12.2012 15:13:49 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Basti\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,58 Gb Available Physical Memory | 82,37% Memory free 15,97 Gb Paging File | 13,03 Gb Available in Paging File | 81,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 672,29 Gb Free Space | 72,18% Space Free | Partition Type: NTFS Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{090A047C-E469-4E72-BA1E-AB6282B1B8F5}" = rport=445 | protocol=6 | dir=out | app=system | "{201FCBAA-E170-48C3-9122-60FCC88E4D08}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{29A2E2AC-00E8-4735-8D39-E90294AD91EF}" = lport=445 | protocol=6 | dir=in | app=system | "{3BC6A953-FC9E-4E84-8808-BD1E89D0C7F8}" = lport=138 | protocol=17 | dir=in | app=system | "{52E41E0C-692F-43BF-A223-B5C3CAA41FF6}" = rport=137 | protocol=17 | dir=out | app=system | "{599E4721-A9CE-4BE5-9A2A-C8703151EB1C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5B824182-7C83-4AFE-A7B5-871D522A435B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9CE962E2-DA1F-481A-BD29-2C740774A8A5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B026081C-8C15-4454-9C1E-768FC02E37B6}" = lport=139 | protocol=6 | dir=in | app=system | "{B337981E-BA05-4625-B075-9D09D3019C3D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C2689CCE-D301-474D-878B-C09991A76C10}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C6007EA8-A745-4C1C-9897-7F7A921FF0DF}" = rport=138 | protocol=17 | dir=out | app=system | "{D1A73EA0-678A-4113-B7D5-9A07DBA014A2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{D35B9913-14B8-4AD6-8738-6EE876A75FA9}" = rport=139 | protocol=6 | dir=out | app=system | "{D9838CA4-F4B8-483E-9E8C-A3FC5A1BDA65}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{FFB5C007-6D5E-41DE-86B3-E567FF02BCB8}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{018FA303-AE72-4294-9763-C4F0B88F3DBB}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{05B7C2FB-BA69-4DE4-B5FD-4B50D2D4866D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{06855BC9-7DD0-4FFE-BB5E-58C1F8445D1A}" = dir=out | app=c:\program files\eslwire\wire.exe | "{0B001EB5-D267-4DEA-B085-170C086CD4EB}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\portal 2\portal2.exe | "{0B768484-B5DC-412D-8467-234B67592295}" = dir=in | app=c:\users\basti\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{13584840-BBF2-4185-966F-290246F62E30}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{2079D1EE-ED6C-4884-90D7-CCA36F39CD4F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{271CE46F-0BA6-4665-99A2-D7E8AE84D9DC}" = dir=in | app=c:\program files\eslwire\wire.exe | "{297612DE-DE9E-499B-87C8-32DFBE7999A2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{2ED6B855-F84C-4FFA-93D3-FE294C95A1B0}" = protocol=6 | dir=in | app=c:\steam\steam.exe | "{35008892-E639-4091-9677-152EDF4E8C73}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{418C8815-10EE-4EC6-8CC1-98BCBD271F2E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{5697DC31-6B80-4080-A7D6-E55902B4A16F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{591C1328-FFC7-4FAA-9F45-B16235459D06}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5EA3DE45-1780-4EC3-8B53-3133AEA9232C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{6B3CDE5A-6920-4336-A743-FEB36BD9ABF3}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{6E5BA00A-CDE5-47DD-94CC-2C15A5C03ADD}" = protocol=17 | dir=in | app=c:\program files (x86)\software4u\iphone explorer\software4u.iphoneexplorer.exe | "{7B08796A-0C5F-4EB4-B41C-757460B202AB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{87DD02A0-25D8-4C3F-9697-FE26E5F98ADF}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\sniper elite\sniperelite.exe | "{A0F0710F-2FF7-490C-B4D3-E8C1E50A3DA9}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\sniper elite\sniperelite.exe | "{AE5FD291-F9FA-4C88-92E2-C345BE0DF58B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C4302E3E-2B4E-42DC-A68E-96B643843524}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{CDC6EC98-79E9-4C3A-AD2B-C22B2E05C63F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D4780078-1CC4-4094-9C47-9830968E1F1F}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{D792DECC-9FB0-4F40-AB1D-7B34A38F554F}" = protocol=6 | dir=in | app=c:\steam\steamapps\basti96css\counter-strike source\hl2.exe | "{D9FCE3CB-EDE6-4FFC-AAEC-17E8EF60010E}" = protocol=17 | dir=in | app=c:\steam\steamapps\basti96css\counter-strike source\hl2.exe | "{E5B434FF-26D8-4A92-9A91-6696BE934D1A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{F256B16B-8EC4-4C97-B01B-B8B81BBDB644}" = protocol=6 | dir=in | app=c:\program files (x86)\software4u\iphone explorer\software4u.iphoneexplorer.exe | "{F2F45390-C51E-47D2-A43D-A850F102A8F2}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\portal 2\portal2.exe | "{F622D02C-A204-4EF2-8935-C61AD4126316}" = protocol=17 | dir=in | app=c:\steam\steam.exe | "{F8D1029C-DEDF-4102-9A18-650090F15903}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "TCP Query User{7718E9D6-75B3-4DB7-8E4F-8ED7AB343B3A}E:\steam\steamapps\basti96css\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=e:\steam\steamapps\basti96css\counter-strike source\hl2.exe | "UDP Query User{4AAD48B0-7E6C-4C9B-A544-22D3739FF0A3}E:\steam\steamapps\basti96css\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=e:\steam\steamapps\basti96css\counter-strike source\hl2.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.70 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.70 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "ESL Wire_is1" = ESL Wire 1.15.1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "WinRAR archiver" = WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II "{4835750F-F8A7-4D3C-A6A9-123E31C12AF8}" = AMD OverDrive "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{6006059E-013D-4B77-BC5C-4DD5E4A6570D}" = G Data InternetSecurity 2012 "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{6F4B8EA6-4546-4160-A05F-0706F7DC1EFF}" = Savu Mouse "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{35355EBA-4636-40B2-A995-FEB4CDBD92B3}" = "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{DADC7AB0-E554-4705-9F6A-83EA82ED708E}" = Realtek Ethernet Diagnostic Utility "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Afterburner" = MSI Afterburner 2.1.0 "Audacity_is1" = Audacity 2.0.2 "Cheat Engine 6.2_is1" = Cheat Engine 6.2 "ENTERPRISE" = Microsoft Office Enterprise 2007 "FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer "Foxit Reader_is1" = Foxit Reader "Free YouTube Download_is1" = Free YouTube Download version 3.1.40.1031 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031 "HotspotShield" = Hotspot Shield 2.76 "LibUSB-Win32_is1" = LibUSB-Win32-0.1.12.2 "Liveupdate4_is1" = Liveupdate4 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Rainmeter" = Rainmeter "Steam App 3700" = Sniper Elite "Steam App 620" = Portal 2 "Steam App 730" = Counter-Strike: Global Offensive "TeamSpeak 3 Client" = TeamSpeak 3 Client ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 13.12.2012 19:07:20 | Computer Name = Basti-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 13.12.2012 19:07:20 | Computer Name = Basti-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5024 Error - 13.12.2012 19:07:20 | Computer Name = Basti-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5024 Error - 13.12.2012 19:07:21 | Computer Name = Basti-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 13.12.2012 19:07:21 | Computer Name = Basti-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6022 Error - 13.12.2012 19:07:21 | Computer Name = Basti-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6022 Error - 13.12.2012 19:07:22 | Computer Name = Basti-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 13.12.2012 19:07:22 | Computer Name = Basti-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 7021 Error - 13.12.2012 19:07:22 | Computer Name = Basti-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 7021 Error - 13.12.2012 19:07:23 | Computer Name = Basti-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 13.12.2012 19:07:23 | Computer Name = Basti-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 8019 Error - 13.12.2012 19:07:23 | Computer Name = Basti-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 8019 [ OSession Events ] Error - 02.10.2012 10:56:41 | Computer Name = Basti-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 507 seconds with 180 seconds of active time. This session ended with a crash. [ System Events ] Error - 20.11.2012 16:30:52 | Computer Name = Basti-PC | Source = WMPNetworkSvc | ID = 866300 Description = Error - 21.11.2012 14:15:31 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7030 Description = Der Dienst "ESL Wire Helper Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 30.11.2012 15:47:43 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht. Error - 01.12.2012 19:47:11 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht. Error - 04.12.2012 15:01:50 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 04.12.2012 15:01:50 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 08.12.2012 09:33:27 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "G Data AntiVirus Proxy" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error - 08.12.2012 09:34:27 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7032 Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "G Data AntiVirus Proxy" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1058 Error - 08.12.2012 10:07:00 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7030 Description = Der Dienst "ESL Wire Helper Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error - 09.12.2012 10:47:31 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Schedule erreicht. < End of report > |
14.12.2012, 18:34 | #4 |
/// Malware-holic | E-Mail Konto (Trojaner oder Hacker) ? Aloa, download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
14.12.2012, 18:49 | #5 |
| E-Mail Konto (Trojaner oder Hacker) ? 18:47:45.0584 55604 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 18:47:46.0882 55604 ============================================================ 18:47:46.0882 55604 Current date / time: 2012/12/14 18:47:46.0882 18:47:46.0882 55604 SystemInfo: 18:47:46.0882 55604 18:47:46.0882 55604 OS Version: 6.1.7601 ServicePack: 1.0 18:47:46.0882 55604 Product type: Workstation 18:47:46.0883 55604 ComputerName: BASTI-PC 18:47:46.0883 55604 UserName: Basti 18:47:46.0883 55604 Windows directory: C:\Windows 18:47:46.0883 55604 System windows directory: C:\Windows 18:47:46.0883 55604 Running under WOW64 18:47:46.0883 55604 Processor architecture: Intel x64 18:47:46.0883 55604 Number of processors: 6 18:47:46.0883 55604 Page size: 0x1000 18:47:46.0883 55604 Boot type: Normal boot 18:47:46.0883 55604 ============================================================ 18:47:47.0832 55604 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:47:47.0839 55604 ============================================================ 18:47:47.0839 55604 \Device\Harddisk0\DR0: 18:47:47.0839 55604 MBR partitions: 18:47:47.0839 55604 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 18:47:47.0839 55604 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800 18:47:47.0839 55604 ============================================================ 18:47:47.0852 55604 C: <-> \Device\Harddisk0\DR0\Partition2 18:47:47.0877 55604 ============================================================ 18:47:47.0877 55604 Initialize success 18:47:47.0877 55604 ============================================================ 18:47:55.0160 61900 ============================================================ 18:47:55.0160 61900 Scan started 18:47:55.0160 61900 Mode: Manual; SigCheck; TDLFS; 18:47:55.0160 61900 ============================================================ 18:47:55.0903 61900 ================ Scan system memory ======================== 18:47:55.0903 61900 System memory - ok 18:47:55.0904 61900 ================ Scan services ============================= 18:47:56.0026 61900 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 18:47:56.0144 61900 1394ohci - ok 18:47:56.0173 61900 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 18:47:56.0191 61900 ACPI - ok 18:47:56.0204 61900 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 18:47:56.0268 61900 AcpiPmi - ok 18:47:56.0344 61900 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 18:47:56.0370 61900 AdobeFlashPlayerUpdateSvc - ok 18:47:56.0392 61900 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 18:47:56.0412 61900 adp94xx - ok 18:47:56.0419 61900 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 18:47:56.0436 61900 adpahci - ok 18:47:56.0448 61900 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 18:47:56.0462 61900 adpu320 - ok 18:47:56.0483 61900 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 18:47:56.0610 61900 AeLookupSvc - ok 18:47:56.0679 61900 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 18:47:56.0747 61900 AFD - ok 18:47:56.0774 61900 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 18:47:56.0800 61900 agp440 - ok 18:47:56.0828 61900 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 18:47:56.0865 61900 ALG - ok 18:47:56.0873 61900 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 18:47:56.0885 61900 aliide - ok 18:47:56.0890 61900 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 18:47:56.0902 61900 amdide - ok 18:47:56.0911 61900 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 18:47:56.0933 61900 AmdK8 - ok 18:47:56.0949 61900 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 18:47:56.0976 61900 AmdPPM - ok 18:47:56.0993 61900 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 18:47:57.0007 61900 amdsata - ok 18:47:57.0024 61900 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 18:47:57.0039 61900 amdsbs - ok 18:47:57.0052 61900 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 18:47:57.0064 61900 amdxata - ok 18:47:57.0146 61900 [ C992356EC945728C5D973CD02C6C0406 ] AODDriver4.1.0 C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys 18:47:57.0198 61900 AODDriver4.1.0 - ok 18:47:57.0214 61900 [ 36677EB30D6FA41E085530A8362B7C5E ] AODService C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe 18:47:57.0226 61900 AODService - ok 18:47:57.0241 61900 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 18:47:57.0332 61900 AppID - ok 18:47:57.0353 61900 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 18:47:57.0386 61900 AppIDSvc - ok 18:47:57.0400 61900 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 18:47:57.0440 61900 Appinfo - ok 18:47:57.0507 61900 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 18:47:57.0530 61900 Apple Mobile Device - ok 18:47:57.0557 61900 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 18:47:57.0597 61900 AppMgmt - ok 18:47:57.0611 61900 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 18:47:57.0630 61900 arc - ok 18:47:57.0640 61900 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 18:47:57.0655 61900 arcsas - ok 18:47:57.0698 61900 [ A63173897EA1A73A75D0E65036DE5B15 ] asHmComSvc C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe 18:47:57.0723 61900 asHmComSvc - ok 18:47:57.0757 61900 [ FEF9DD9EA587F8886ADE43C1BEFBDAFE ] AsIO C:\Windows\syswow64\drivers\AsIO.sys 18:47:57.0767 61900 AsIO - ok 18:47:57.0785 61900 [ 0AA7A996792FB0287B33A57A8093AE44 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys 18:47:57.0813 61900 asmthub3 - ok 18:47:57.0851 61900 [ 125DC3ABF5BFCCFE82AD17D078E0B9EC ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys 18:47:57.0883 61900 asmtxhci - ok 18:47:57.0934 61900 [ 5C31DFB196CB3A488A041881634D86D2 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe 18:47:57.0975 61900 AsSysCtrlService - ok 18:47:57.0988 61900 [ 1392B92179B07B672720763D9B1028A5 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys 18:47:57.0998 61900 AsUpIO - ok 18:47:58.0007 61900 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 18:47:58.0050 61900 AsyncMac - ok 18:47:58.0065 61900 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 18:47:58.0077 61900 atapi - ok 18:47:58.0092 61900 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 18:47:58.0151 61900 AudioEndpointBuilder - ok 18:47:58.0161 61900 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 18:47:58.0201 61900 AudioSrv - ok 18:47:58.0270 61900 [ C48176DA44D0298A7075D3C5CF8C3D8D ] AVKProxy C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe 18:47:58.0333 61900 AVKProxy - ok 18:47:58.0358 61900 [ 29DA2D5958B352022A1BB5CE6FDB427C ] AVKService C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe 18:47:58.0376 61900 AVKService - ok 18:47:58.0415 61900 [ 22F1444896844B0462359825EF628507 ] AVKWCtl C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe 18:47:58.0459 61900 AVKWCtl - ok 18:47:58.0474 61900 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 18:47:58.0506 61900 AxInstSV - ok 18:47:58.0532 61900 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 18:47:58.0560 61900 b06bdrv - ok 18:47:58.0580 61900 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 18:47:58.0612 61900 b57nd60a - ok 18:47:58.0629 61900 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 18:47:58.0688 61900 BDESVC - ok 18:47:58.0711 61900 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 18:47:58.0758 61900 Beep - ok 18:47:58.0790 61900 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 18:47:58.0843 61900 BFE - ok 18:47:58.0900 61900 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 18:47:58.0987 61900 BITS - ok 18:47:59.0003 61900 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 18:47:59.0027 61900 blbdrive - ok 18:47:59.0083 61900 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 18:47:59.0117 61900 Bonjour Service - ok 18:47:59.0142 61900 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 18:47:59.0175 61900 bowser - ok 18:47:59.0194 61900 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 18:47:59.0225 61900 BrFiltLo - ok 18:47:59.0245 61900 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 18:47:59.0261 61900 BrFiltUp - ok 18:47:59.0286 61900 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 18:47:59.0305 61900 Browser - ok 18:47:59.0324 61900 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 18:47:59.0359 61900 Brserid - ok 18:47:59.0372 61900 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 18:47:59.0398 61900 BrSerWdm - ok 18:47:59.0412 61900 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 18:47:59.0430 61900 BrUsbMdm - ok 18:47:59.0440 61900 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 18:47:59.0455 61900 BrUsbSer - ok 18:47:59.0469 61900 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 18:47:59.0495 61900 BTHMODEM - ok 18:47:59.0519 61900 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 18:47:59.0553 61900 bthserv - ok 18:47:59.0572 61900 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 18:47:59.0623 61900 cdfs - ok 18:47:59.0635 61900 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 18:47:59.0651 61900 cdrom - ok 18:47:59.0683 61900 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 18:47:59.0762 61900 CertPropSvc - ok 18:47:59.0808 61900 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 18:47:59.0863 61900 circlass - ok 18:47:59.0899 61900 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 18:47:59.0940 61900 CLFS - ok 18:48:00.0000 61900 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:48:00.0029 61900 clr_optimization_v2.0.50727_32 - ok 18:48:00.0077 61900 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 18:48:00.0106 61900 clr_optimization_v2.0.50727_64 - ok 18:48:00.0147 61900 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:48:00.0163 61900 clr_optimization_v4.0.30319_32 - ok 18:48:00.0197 61900 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 18:48:00.0226 61900 clr_optimization_v4.0.30319_64 - ok 18:48:00.0233 61900 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 18:48:00.0264 61900 CmBatt - ok 18:48:00.0280 61900 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 18:48:00.0292 61900 cmdide - ok 18:48:00.0323 61900 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 18:48:00.0366 61900 CNG - ok 18:48:00.0380 61900 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 18:48:00.0392 61900 Compbatt - ok 18:48:00.0407 61900 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 18:48:00.0436 61900 CompositeBus - ok 18:48:00.0439 61900 COMSysApp - ok 18:48:00.0449 61900 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 18:48:00.0461 61900 crcdisk - ok 18:48:00.0488 61900 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 18:48:00.0528 61900 CryptSvc - ok 18:48:00.0567 61900 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 18:48:00.0610 61900 CSC - ok 18:48:00.0634 61900 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 18:48:00.0669 61900 CscService - ok 18:48:00.0691 61900 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 18:48:00.0740 61900 DcomLaunch - ok 18:48:00.0769 61900 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 18:48:00.0806 61900 defragsvc - ok 18:48:00.0827 61900 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 18:48:00.0867 61900 DfsC - ok 18:48:00.0884 61900 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 18:48:00.0942 61900 Dhcp - ok 18:48:00.0960 61900 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 18:48:01.0001 61900 discache - ok 18:48:01.0020 61900 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 18:48:01.0033 61900 Disk - ok 18:48:01.0056 61900 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 18:48:01.0087 61900 dmvsc - ok 18:48:01.0121 61900 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 18:48:01.0193 61900 Dnscache - ok 18:48:01.0215 61900 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 18:48:01.0280 61900 dot3svc - ok 18:48:01.0290 61900 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 18:48:01.0335 61900 DPS - ok 18:48:01.0364 61900 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 18:48:01.0386 61900 drmkaud - ok 18:48:01.0417 61900 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 18:48:01.0450 61900 DXGKrnl - ok 18:48:01.0463 61900 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 18:48:01.0506 61900 EapHost - ok 18:48:01.0593 61900 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 18:48:01.0689 61900 ebdrv - ok 18:48:01.0713 61900 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 18:48:01.0763 61900 EFS - ok 18:48:01.0809 61900 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 18:48:01.0854 61900 ehRecvr - ok 18:48:01.0868 61900 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 18:48:01.0894 61900 ehSched - ok 18:48:01.0918 61900 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 18:48:01.0938 61900 elxstor - ok 18:48:01.0956 61900 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 18:48:01.0975 61900 ErrDev - ok 18:48:02.0018 61900 [ 62F261F12862EBD65B4E568E2660E221 ] ESLWireAC C:\Windows\system32\drivers\ESLWireACD.sys 18:48:02.0032 61900 ESLWireAC - ok 18:48:02.0105 61900 [ 4FC6545A22D348E1B6DA15A27748B7FE ] EslWireHelper C:\Program Files\EslWire\service\WireHelperSvc.exe 18:48:02.0141 61900 EslWireHelper - ok 18:48:02.0171 61900 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 18:48:02.0220 61900 EventSystem - ok 18:48:02.0234 61900 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 18:48:02.0269 61900 exfat - ok 18:48:02.0287 61900 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 18:48:02.0328 61900 fastfat - ok 18:48:02.0354 61900 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 18:48:02.0401 61900 Fax - ok 18:48:02.0412 61900 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 18:48:02.0429 61900 fdc - ok 18:48:02.0443 61900 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 18:48:02.0477 61900 fdPHost - ok 18:48:02.0484 61900 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 18:48:02.0528 61900 FDResPub - ok 18:48:02.0552 61900 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 18:48:02.0565 61900 FileInfo - ok 18:48:02.0588 61900 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 18:48:02.0628 61900 Filetrace - ok 18:48:02.0664 61900 [ 5B314CC7640D091DE8F3BC822490DA28 ] FLASHSYS C:\Program Files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys 18:48:02.0679 61900 FLASHSYS - ok 18:48:02.0691 61900 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 18:48:02.0709 61900 flpydisk - ok 18:48:02.0767 61900 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 18:48:02.0810 61900 FltMgr - ok 18:48:02.0867 61900 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 18:48:02.0935 61900 FontCache - ok 18:48:02.0984 61900 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 18:48:03.0028 61900 FontCache3.0.0.0 - ok 18:48:03.0045 61900 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 18:48:03.0076 61900 FsDepends - ok 18:48:03.0101 61900 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 18:48:03.0117 61900 Fs_Rec - ok 18:48:03.0142 61900 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 18:48:03.0165 61900 fvevol - ok 18:48:03.0174 61900 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 18:48:03.0188 61900 gagp30kx - ok 18:48:03.0210 61900 [ D201C1F6B0F5E4F202CBCB75D6352E63 ] GDBehave C:\Windows\system32\drivers\GDBehave.sys 18:48:03.0223 61900 GDBehave - ok 18:48:03.0319 61900 [ 2922B4D0AA4095797E66D87F08CA4D72 ] GDFwSvc C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe 18:48:03.0377 61900 GDFwSvc - ok 18:48:03.0389 61900 [ E1558301938B6CF92F7677224D3FB6F7 ] GDMnIcpt C:\Windows\system32\drivers\MiniIcpt.sys 18:48:03.0402 61900 GDMnIcpt - ok 18:48:03.0415 61900 [ F8DBC999A18C49F9BD444BA02C467000 ] GdNetMon C:\Windows\system32\drivers\GdNetMon64.sys 18:48:03.0427 61900 GdNetMon - ok 18:48:03.0441 61900 [ 5F1E5EAE8F08B6E2FABE8345E0BDFE48 ] GDPkIcpt C:\Windows\system32\drivers\PktIcpt.sys 18:48:03.0453 61900 GDPkIcpt - ok 18:48:03.0489 61900 [ 110C6DC36EA9F5DA664A584756B1B297 ] GDScan C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe 18:48:03.0528 61900 GDScan - ok 18:48:03.0539 61900 [ 4ECBCAD43B7FED6F135BF108BB71434D ] gdwfpcd C:\Windows\system32\drivers\gdwfpcd64.sys 18:48:03.0551 61900 gdwfpcd - ok 18:48:03.0574 61900 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 18:48:03.0585 61900 GEARAspiWDM - ok 18:48:03.0620 61900 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 18:48:03.0676 61900 gpsvc - ok 18:48:03.0707 61900 [ 9580CBF03D2EE08BD1C0D701AAE4092A ] GRD C:\Windows\system32\drivers\GRD.sys 18:48:03.0720 61900 GRD - ok 18:48:03.0733 61900 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 18:48:03.0756 61900 hcw85cir - ok 18:48:03.0785 61900 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 18:48:03.0815 61900 HdAudAddService - ok 18:48:03.0840 61900 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 18:48:03.0863 61900 HDAudBus - ok 18:48:03.0875 61900 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 18:48:03.0889 61900 HidBatt - ok 18:48:03.0899 61900 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 18:48:03.0917 61900 HidBth - ok 18:48:03.0925 61900 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 18:48:03.0941 61900 HidIr - ok 18:48:03.0956 61900 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 18:48:03.0994 61900 hidserv - ok 18:48:04.0005 61900 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 18:48:04.0019 61900 HidUsb - ok 18:48:04.0033 61900 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 18:48:04.0077 61900 hkmsvc - ok 18:48:04.0094 61900 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 18:48:04.0121 61900 HomeGroupListener - ok 18:48:04.0147 61900 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 18:48:04.0174 61900 HomeGroupProvider - ok 18:48:04.0193 61900 [ 3CD18F0B3681FB267E67763CC3152D4E ] HookCentre C:\Windows\system32\drivers\HookCentre.sys 18:48:04.0206 61900 HookCentre - ok 18:48:04.0216 61900 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 18:48:04.0229 61900 HpSAMD - ok 18:48:04.0297 61900 [ 747D9A43CCA2C84EB87B158B8782B93D ] hshld C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe 18:48:04.0338 61900 hshld - ok 18:48:04.0373 61900 [ A60C877E1CD3AA2E4E5CCD8AF305C0F1 ] HssDrv C:\Windows\system32\DRIVERS\HssDrv.sys 18:48:04.0385 61900 HssDrv - ok 18:48:04.0416 61900 [ 16C460DFFC3F246685D8D9924BF6A8B5 ] HssSrv C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe 18:48:04.0432 61900 HssSrv - ok 18:48:04.0443 61900 [ BA253D27A065324065090FA55214D097 ] HssTrayService C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE 18:48:04.0454 61900 HssTrayService - ok 18:48:04.0470 61900 [ E39C35D884F8175B8786F34EAFCA9FDE ] HssWd C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe 18:48:04.0489 61900 HssWd - ok 18:48:04.0508 61900 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 18:48:04.0565 61900 HTTP - ok 18:48:04.0577 61900 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 18:48:04.0589 61900 hwpolicy - ok 18:48:04.0599 61900 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 18:48:04.0615 61900 i8042prt - ok 18:48:04.0646 61900 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 18:48:04.0664 61900 iaStorV - ok 18:48:04.0711 61900 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 18:48:04.0749 61900 idsvc - ok 18:48:04.0765 61900 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 18:48:04.0777 61900 iirsp - ok 18:48:04.0812 61900 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 18:48:04.0868 61900 IKEEXT - ok 18:48:04.0958 61900 [ EB5FA493A4B6EA290200AE39EBA2FBC6 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 18:48:05.0018 61900 IntcAzAudAddService - ok 18:48:05.0033 61900 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 18:48:05.0045 61900 intelide - ok 18:48:05.0065 61900 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys 18:48:05.0087 61900 intelppm - ok 18:48:05.0100 61900 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 18:48:05.0145 61900 IPBusEnum - ok 18:48:05.0161 61900 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:48:05.0206 61900 IpFilterDriver - ok 18:48:05.0222 61900 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 18:48:05.0278 61900 iphlpsvc - ok 18:48:05.0294 61900 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 18:48:05.0314 61900 IPMIDRV - ok 18:48:05.0342 61900 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 18:48:05.0401 61900 IPNAT - ok 18:48:05.0465 61900 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 18:48:05.0515 61900 iPod Service - ok 18:48:05.0527 61900 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 18:48:05.0555 61900 IRENUM - ok 18:48:05.0570 61900 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 18:48:05.0582 61900 isapnp - ok 18:48:05.0602 61900 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 18:48:05.0617 61900 iScsiPrt - ok 18:48:05.0633 61900 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 18:48:05.0645 61900 kbdclass - ok 18:48:05.0665 61900 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 18:48:05.0679 61900 kbdhid - ok 18:48:05.0683 61900 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 18:48:05.0697 61900 KeyIso - ok 18:48:05.0725 61900 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 18:48:05.0739 61900 KSecDD - ok 18:48:05.0754 61900 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 18:48:05.0769 61900 KSecPkg - ok 18:48:05.0785 61900 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 18:48:05.0830 61900 ksthunk - ok 18:48:05.0862 61900 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 18:48:05.0942 61900 KtmRm - ok 18:48:05.0974 61900 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 18:48:06.0018 61900 LanmanServer - ok 18:48:06.0039 61900 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 18:48:06.0082 61900 LanmanWorkstation - ok 18:48:06.0094 61900 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 18:48:06.0140 61900 lltdio - ok 18:48:06.0153 61900 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 18:48:06.0202 61900 lltdsvc - ok 18:48:06.0206 61900 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 18:48:06.0250 61900 lmhosts - ok 18:48:06.0266 61900 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 18:48:06.0280 61900 LSI_FC - ok 18:48:06.0284 61900 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 18:48:06.0297 61900 LSI_SAS - ok 18:48:06.0307 61900 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 18:48:06.0320 61900 LSI_SAS2 - ok 18:48:06.0328 61900 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 18:48:06.0342 61900 LSI_SCSI - ok 18:48:06.0364 61900 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 18:48:06.0405 61900 luafv - ok 18:48:06.0431 61900 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 18:48:06.0443 61900 MBAMProtector - ok 18:48:06.0484 61900 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 18:48:06.0501 61900 MBAMScheduler - ok 18:48:06.0517 61900 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 18:48:06.0538 61900 MBAMService - ok 18:48:06.0561 61900 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 18:48:06.0585 61900 Mcx2Svc - ok 18:48:06.0609 61900 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 18:48:06.0621 61900 megasas - ok 18:48:06.0642 61900 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 18:48:06.0658 61900 MegaSR - ok 18:48:06.0710 61900 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 18:48:06.0739 61900 Microsoft Office Groove Audit Service - ok 18:48:06.0761 61900 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 18:48:06.0816 61900 MMCSS - ok 18:48:06.0830 61900 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 18:48:06.0876 61900 Modem - ok 18:48:06.0896 61900 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 18:48:06.0924 61900 monitor - ok 18:48:06.0936 61900 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 18:48:06.0949 61900 mouclass - ok 18:48:06.0954 61900 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 18:48:06.0968 61900 mouhid - ok 18:48:06.0992 61900 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 18:48:07.0006 61900 mountmgr - ok 18:48:07.0042 61900 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 18:48:07.0068 61900 MozillaMaintenance - ok 18:48:07.0080 61900 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 18:48:07.0094 61900 mpio - ok 18:48:07.0108 61900 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 18:48:07.0141 61900 mpsdrv - ok 18:48:07.0168 61900 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 18:48:07.0215 61900 MpsSvc - ok 18:48:07.0242 61900 [ CD22D2563039DDA6793F7624719363A7 ] MQAC C:\Windows\system32\drivers\mqac.sys 18:48:07.0275 61900 MQAC - ok 18:48:07.0289 61900 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 18:48:07.0316 61900 MRxDAV - ok 18:48:07.0337 61900 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 18:48:07.0388 61900 mrxsmb - ok 18:48:07.0416 61900 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:48:07.0434 61900 mrxsmb10 - ok 18:48:07.0442 61900 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:48:07.0457 61900 mrxsmb20 - ok 18:48:07.0473 61900 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 18:48:07.0485 61900 msahci - ok 18:48:07.0501 61900 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 18:48:07.0515 61900 msdsm - ok 18:48:07.0534 61900 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 18:48:07.0561 61900 MSDTC - ok 18:48:07.0587 61900 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 18:48:07.0630 61900 Msfs - ok 18:48:07.0640 61900 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 18:48:07.0681 61900 mshidkmdf - ok 18:48:07.0687 61900 MSICDSetup - ok 18:48:07.0701 61900 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 18:48:07.0713 61900 msisadrv - ok 18:48:07.0734 61900 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 18:48:07.0771 61900 MSiSCSI - ok 18:48:07.0774 61900 msiserver - ok 18:48:07.0790 61900 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 18:48:07.0829 61900 MSKSSRV - ok 18:48:07.0837 61900 [ FAAEAEF99E53561BEEE58F946CA56F0D ] MSMQ C:\Windows\system32\mqsvc.exe 18:48:07.0859 61900 MSMQ - ok 18:48:07.0874 61900 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 18:48:07.0912 61900 MSPCLOCK - ok 18:48:07.0920 61900 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 18:48:07.0963 61900 MSPQM - ok 18:48:07.0981 61900 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 18:48:08.0001 61900 MsRPC - ok 18:48:08.0009 61900 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 18:48:08.0021 61900 mssmbios - ok 18:48:08.0029 61900 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 18:48:08.0062 61900 MSTEE - ok 18:48:08.0069 61900 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 18:48:08.0083 61900 MTConfig - ok 18:48:08.0103 61900 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys 18:48:08.0115 61900 MTsensor - ok 18:48:08.0127 61900 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 18:48:08.0140 61900 Mup - ok 18:48:08.0166 61900 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 18:48:08.0214 61900 napagent - ok 18:48:08.0235 61900 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 18:48:08.0259 61900 NativeWifiP - ok 18:48:08.0290 61900 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys 18:48:08.0339 61900 NDIS - ok 18:48:08.0348 61900 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 18:48:08.0392 61900 NdisCap - ok 18:48:08.0407 61900 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 18:48:08.0441 61900 NdisTapi - ok 18:48:08.0456 61900 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 18:48:08.0501 61900 Ndisuio - ok 18:48:08.0513 61900 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 18:48:08.0556 61900 NdisWan - ok 18:48:08.0584 61900 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 18:48:08.0618 61900 NDProxy - ok 18:48:08.0628 61900 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 18:48:08.0670 61900 NetBIOS - ok 18:48:08.0698 61900 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 18:48:08.0735 61900 NetBT - ok 18:48:08.0745 61900 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 18:48:08.0759 61900 Netlogon - ok 18:48:08.0784 61900 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 18:48:08.0829 61900 Netman - ok 18:48:08.0849 61900 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 18:48:08.0897 61900 netprofm - ok 18:48:08.0913 61900 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:48:08.0926 61900 NetTcpPortSharing - ok 18:48:08.0943 61900 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 18:48:08.0956 61900 nfrd960 - ok 18:48:08.0980 61900 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 18:48:09.0023 61900 NlaSvc - ok 18:48:09.0059 61900 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 18:48:09.0093 61900 Npfs - ok 18:48:09.0105 61900 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 18:48:09.0138 61900 nsi - ok 18:48:09.0148 61900 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 18:48:09.0193 61900 nsiproxy - ok 18:48:09.0251 61900 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 18:48:09.0305 61900 Ntfs - ok 18:48:09.0313 61900 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 18:48:09.0351 61900 Null - ok 18:48:09.0375 61900 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 18:48:09.0390 61900 NVHDA - ok 18:48:09.0622 61900 [ FE2909F7DFB12B9A20AD207FE23B7E96 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 18:48:09.0917 61900 nvlddmkm - ok 18:48:09.0954 61900 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 18:48:09.0968 61900 nvraid - ok 18:48:10.0051 61900 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 18:48:10.0082 61900 nvstor - ok 18:48:10.0133 61900 [ 3341D2C91989BC87C3C0BAA97C27253B ] NVSvc C:\Windows\system32\nvvsvc.exe 18:48:10.0172 61900 NVSvc - ok 18:48:10.0216 61900 [ 551CE34DAD2DFF0A480781E68B286E4D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 18:48:10.0254 61900 nvUpdatusService - ok 18:48:10.0271 61900 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 18:48:10.0285 61900 nv_agp - ok 18:48:10.0330 61900 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 18:48:10.0348 61900 odserv - ok 18:48:10.0363 61900 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 18:48:10.0390 61900 ohci1394 - ok 18:48:10.0410 61900 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 18:48:10.0423 61900 ose - ok 18:48:10.0454 61900 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 18:48:10.0492 61900 p2pimsvc - ok 18:48:10.0515 61900 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 18:48:10.0537 61900 p2psvc - ok 18:48:10.0553 61900 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 18:48:10.0573 61900 Parport - ok 18:48:10.0597 61900 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 18:48:10.0613 61900 partmgr - ok 18:48:10.0622 61900 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 18:48:10.0653 61900 PcaSvc - ok 18:48:10.0670 61900 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 18:48:10.0685 61900 pci - ok 18:48:10.0688 61900 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 18:48:10.0700 61900 pciide - ok 18:48:10.0716 61900 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 18:48:10.0731 61900 pcmcia - ok 18:48:10.0746 61900 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 18:48:10.0759 61900 pcw - ok 18:48:10.0776 61900 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 18:48:10.0827 61900 PEAUTH - ok 18:48:10.0890 61900 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 18:48:10.0963 61900 PeerDistSvc - ok 18:48:11.0020 61900 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 18:48:11.0048 61900 PerfHost - ok 18:48:11.0090 61900 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 18:48:11.0157 61900 pla - ok 18:48:11.0180 61900 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 18:48:11.0218 61900 PlugPlay - ok 18:48:11.0231 61900 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 18:48:11.0245 61900 PNRPAutoReg - ok 18:48:11.0262 61900 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 18:48:11.0280 61900 PNRPsvc - ok 18:48:11.0305 61900 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 18:48:11.0357 61900 PolicyAgent - ok 18:48:11.0385 61900 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 18:48:11.0429 61900 Power - ok 18:48:11.0447 61900 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 18:48:11.0491 61900 PptpMiniport - ok 18:48:11.0503 61900 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 18:48:11.0526 61900 Processor - ok 18:48:11.0546 61900 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll 18:48:11.0593 61900 ProfSvc - ok 18:48:11.0604 61900 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 18:48:11.0618 61900 ProtectedStorage - ok 18:48:11.0627 61900 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 18:48:11.0671 61900 Psched - ok 18:48:11.0709 61900 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 18:48:11.0746 61900 ql2300 - ok 18:48:11.0751 61900 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 18:48:11.0765 61900 ql40xx - ok 18:48:11.0781 61900 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 18:48:11.0804 61900 QWAVE - ok 18:48:11.0815 61900 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 18:48:11.0834 61900 QWAVEdrv - ok 18:48:11.0840 61900 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 18:48:11.0874 61900 RasAcd - ok 18:48:11.0906 61900 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 18:48:11.0941 61900 RasAgileVpn - ok 18:48:11.0948 61900 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 18:48:11.0985 61900 RasAuto - ok 18:48:11.0994 61900 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 18:48:12.0033 61900 Rasl2tp - ok 18:48:12.0051 61900 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 18:48:12.0090 61900 RasMan - ok 18:48:12.0101 61900 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 18:48:12.0141 61900 RasPppoe - ok 18:48:12.0154 61900 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 18:48:12.0190 61900 RasSstp - ok 18:48:12.0213 61900 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 18:48:12.0258 61900 rdbss - ok 18:48:12.0269 61900 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 18:48:12.0297 61900 rdpbus - ok 18:48:12.0314 61900 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 18:48:12.0348 61900 RDPCDD - ok 18:48:12.0367 61900 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 18:48:12.0396 61900 RDPDR - ok 18:48:12.0408 61900 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 18:48:12.0448 61900 RDPENCDD - ok 18:48:12.0452 61900 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 18:48:12.0486 61900 RDPREFMP - ok 18:48:12.0509 61900 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 18:48:12.0538 61900 RDPWD - ok 18:48:12.0553 61900 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 18:48:12.0569 61900 rdyboost - ok 18:48:12.0582 61900 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 18:48:12.0621 61900 RemoteAccess - ok 18:48:12.0633 61900 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 18:48:12.0679 61900 RemoteRegistry - ok 18:48:12.0694 61900 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 18:48:12.0730 61900 RpcEptMapper - ok 18:48:12.0741 61900 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 18:48:12.0764 61900 RpcLocator - ok 18:48:12.0782 61900 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 18:48:12.0820 61900 RpcSs - ok 18:48:12.0832 61900 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 18:48:12.0867 61900 rspndr - ok 18:48:12.0893 61900 [ 2E887E52E45BBA3C47CCD0E75FC5266F ] RTCore64 C:\Program Files (x86)\MSI Afterburner\RTCore64.sys 18:48:12.0905 61900 RTCore64 - ok 18:48:12.0944 61900 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 18:48:12.0963 61900 RTL8167 - ok 18:48:12.0997 61900 [ E16B7C030A05EF649B18FAB0A93D871F ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys 18:48:13.0008 61900 RtNdPt60 - ok 18:48:13.0037 61900 [ 1DE78F5008120CD79B34C12394DCD493 ] RTTEAMPT C:\Windows\system32\DRIVERS\RtTeam60.sys 18:48:13.0062 61900 RTTEAMPT - ok 18:48:13.0088 61900 [ B1018AA1B5735F5FA89FD4DADF4BEA7A ] RTVLANPT C:\Windows\system32\DRIVERS\RtVlan60.sys 18:48:13.0098 61900 RTVLANPT - ok 18:48:13.0114 61900 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 18:48:13.0134 61900 s3cap - ok 18:48:13.0145 61900 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 18:48:13.0159 61900 SamSs - ok 18:48:13.0180 61900 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 18:48:13.0194 61900 sbp2port - ok 18:48:13.0213 61900 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 18:48:13.0251 61900 SCardSvr - ok 18:48:13.0262 61900 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 18:48:13.0303 61900 scfilter - ok 18:48:13.0329 61900 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 18:48:13.0382 61900 Schedule - ok 18:48:13.0406 61900 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 18:48:13.0439 61900 SCPolicySvc - ok 18:48:13.0448 61900 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 18:48:13.0466 61900 SDRSVC - ok 18:48:13.0483 61900 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 18:48:13.0525 61900 secdrv - ok 18:48:13.0539 61900 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 18:48:13.0574 61900 seclogon - ok 18:48:13.0581 61900 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 18:48:13.0627 61900 SENS - ok 18:48:13.0652 61900 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 18:48:13.0684 61900 SensrSvc - ok 18:48:13.0696 61900 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 18:48:13.0720 61900 Serenum - ok 18:48:13.0728 61900 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 18:48:13.0750 61900 Serial - ok 18:48:13.0758 61900 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 18:48:13.0776 61900 sermouse - ok 18:48:13.0797 61900 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 18:48:13.0842 61900 SessionEnv - ok 18:48:13.0850 61900 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 18:48:13.0866 61900 sffdisk - ok 18:48:13.0870 61900 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 18:48:13.0892 61900 sffp_mmc - ok 18:48:13.0909 61900 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 18:48:13.0931 61900 sffp_sd - ok 18:48:13.0943 61900 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 18:48:13.0965 61900 sfloppy - ok 18:48:13.0985 61900 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 18:48:14.0032 61900 SharedAccess - ok 18:48:14.0062 61900 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 18:48:14.0103 61900 ShellHWDetection - ok 18:48:14.0117 61900 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 18:48:14.0130 61900 SiSRaid2 - ok 18:48:14.0140 61900 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 18:48:14.0153 61900 SiSRaid4 - ok 18:48:14.0168 61900 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 18:48:14.0212 61900 Smb - ok 18:48:14.0237 61900 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 18:48:14.0254 61900 SNMPTRAP - ok 18:48:14.0262 61900 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 18:48:14.0274 61900 spldr - ok 18:48:14.0289 61900 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe 18:48:14.0329 61900 Spooler - ok 18:48:14.0416 61900 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 18:48:14.0492 61900 sppsvc - ok 18:48:14.0508 61900 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 18:48:14.0544 61900 sppuinotify - ok 18:48:14.0561 61900 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 18:48:14.0593 61900 srv - ok 18:48:14.0624 61900 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 18:48:14.0670 61900 srv2 - ok 18:48:14.0683 61900 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 18:48:14.0705 61900 srvnet - ok 18:48:14.0721 61900 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 18:48:14.0759 61900 SSDPSRV - ok 18:48:14.0779 61900 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 18:48:14.0815 61900 SstpSvc - ok 18:48:14.0823 61900 Steam Client Service - ok 18:48:14.0892 61900 [ 0632004181860960CF6E10DE8DDEF78B ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 18:48:14.0925 61900 Stereo Service - ok 18:48:14.0934 61900 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 18:48:14.0947 61900 stexstor - ok 18:48:14.0973 61900 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 18:48:15.0010 61900 stisvc - ok 18:48:15.0028 61900 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 18:48:15.0040 61900 storflt - ok 18:48:15.0081 61900 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll 18:48:15.0134 61900 StorSvc - ok 18:48:15.0145 61900 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 18:48:15.0167 61900 storvsc - ok 18:48:15.0170 61900 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 18:48:15.0182 61900 swenum - ok 18:48:15.0200 61900 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 18:48:15.0254 61900 swprv - ok 18:48:15.0308 61900 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 18:48:15.0380 61900 SysMain - ok 18:48:15.0395 61900 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 18:48:15.0429 61900 TabletInputService - ok 18:48:15.0454 61900 [ B70DF208E97536CA9F29289E609F5B16 ] taphss C:\Windows\system32\DRIVERS\taphss.sys 18:48:15.0465 61900 taphss - ok 18:48:15.0483 61900 [ E12E9D992DC2FB5BCB1616936BD03E1C ] taphss6 C:\Windows\system32\DRIVERS\taphss6.sys 18:48:15.0494 61900 taphss6 - ok 18:48:15.0508 61900 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 18:48:15.0556 61900 TapiSrv - ok 18:48:15.0571 61900 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 18:48:15.0606 61900 TBS - ok 18:48:15.0693 61900 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys 18:48:15.0752 61900 Tcpip - ok 18:48:15.0775 61900 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 18:48:15.0818 61900 TCPIP6 - ok 18:48:15.0845 61900 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 18:48:15.0902 61900 tcpipreg - ok 18:48:15.0916 61900 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 18:48:15.0943 61900 TDPIPE - ok 18:48:15.0963 61900 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 18:48:15.0981 61900 TDTCP - ok 18:48:15.0993 61900 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 18:48:16.0027 61900 tdx - ok 18:48:16.0036 61900 [ 1DE78F5008120CD79B34C12394DCD493 ] TEAM C:\Windows\system32\DRIVERS\RtTeam60.sys 18:48:16.0047 61900 TEAM - ok 18:48:16.0056 61900 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 18:48:16.0069 61900 TermDD - ok 18:48:16.0090 61900 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 18:48:16.0131 61900 TermService - ok 18:48:16.0140 61900 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 18:48:16.0160 61900 Themes - ok 18:48:16.0169 61900 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 18:48:16.0203 61900 THREADORDER - ok 18:48:16.0213 61900 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 18:48:16.0257 61900 TrkWks - ok 18:48:16.0299 61900 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 18:48:16.0333 61900 TrustedInstaller - ok 18:48:16.0342 61900 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 18:48:16.0383 61900 tssecsrv - ok 18:48:16.0393 61900 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 18:48:16.0421 61900 TsUsbFlt - ok 18:48:16.0425 61900 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 18:48:16.0448 61900 TsUsbGD - ok 18:48:16.0473 61900 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 18:48:16.0513 61900 tunnel - ok 18:48:16.0529 61900 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 18:48:16.0542 61900 uagp35 - ok 18:48:16.0568 61900 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 18:48:16.0618 61900 udfs - ok 18:48:16.0642 61900 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 18:48:16.0670 61900 UI0Detect - ok 18:48:16.0686 61900 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 18:48:16.0699 61900 uliagpkx - ok 18:48:16.0708 61900 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 18:48:16.0731 61900 umbus - ok 18:48:16.0743 61900 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 18:48:16.0769 61900 UmPass - ok 18:48:16.0795 61900 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 18:48:16.0824 61900 UmRdpService - ok 18:48:16.0841 61900 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 18:48:16.0889 61900 upnphost - ok 18:48:16.0912 61900 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 18:48:16.0942 61900 USBAAPL64 - ok 18:48:16.0970 61900 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 18:48:16.0993 61900 usbaudio - ok 18:48:17.0014 61900 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 18:48:17.0032 61900 usbccgp - ok 18:48:17.0049 61900 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 18:48:17.0066 61900 usbcir - ok 18:48:17.0074 61900 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 18:48:17.0088 61900 usbehci - ok 18:48:17.0111 61900 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 18:48:17.0148 61900 usbhub - ok 18:48:17.0159 61900 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 18:48:17.0180 61900 usbohci - ok 18:48:17.0200 61900 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 18:48:17.0223 61900 usbprint - ok 18:48:17.0248 61900 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:48:17.0277 61900 USBSTOR - ok 18:48:17.0295 61900 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 18:48:17.0317 61900 usbuhci - ok 18:48:17.0348 61900 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 18:48:17.0379 61900 usbvideo - ok 18:48:17.0403 61900 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 18:48:17.0444 61900 UxSms - ok 18:48:17.0453 61900 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 18:48:17.0467 61900 VaultSvc - ok 18:48:17.0482 61900 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 18:48:17.0495 61900 vdrvroot - ok 18:48:17.0510 61900 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 18:48:17.0559 61900 vds - ok 18:48:17.0569 61900 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 18:48:17.0586 61900 vga - ok 18:48:17.0601 61900 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 18:48:17.0637 61900 VgaSave - ok 18:48:17.0649 61900 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 18:48:17.0664 61900 vhdmp - ok 18:48:17.0677 61900 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 18:48:17.0689 61900 viaide - ok 18:48:17.0712 61900 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 18:48:17.0727 61900 vmbus - ok 18:48:17.0739 61900 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 18:48:17.0753 61900 VMBusHID - ok 18:48:17.0766 61900 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 18:48:17.0781 61900 volmgr - ok 18:48:17.0794 61900 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 18:48:17.0820 61900 volmgrx - ok 18:48:17.0834 61900 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 18:48:17.0854 61900 volsnap - ok 18:48:17.0868 61900 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 18:48:17.0884 61900 vsmraid - ok 18:48:17.0934 61900 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 18:48:18.0008 61900 VSS - ok 18:48:18.0019 61900 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 18:48:18.0046 61900 vwifibus - ok 18:48:18.0066 61900 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 18:48:18.0118 61900 W32Time - ok 18:48:18.0143 61900 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 18:48:18.0167 61900 WacomPen - ok 18:48:18.0179 61900 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 18:48:18.0228 61900 WANARP - ok 18:48:18.0237 61900 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 18:48:18.0279 61900 Wanarpv6 - ok 18:48:18.0333 61900 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 18:48:18.0406 61900 wbengine - ok 18:48:18.0428 61900 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 18:48:18.0455 61900 WbioSrvc - ok 18:48:18.0480 61900 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 18:48:18.0520 61900 wcncsvc - ok 18:48:18.0544 61900 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 18:48:18.0581 61900 WcsPlugInService - ok 18:48:18.0597 61900 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 18:48:18.0614 61900 Wd - ok 18:48:18.0633 61900 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 18:48:18.0663 61900 Wdf01000 - ok 18:48:18.0678 61900 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 18:48:18.0748 61900 WdiServiceHost - ok 18:48:18.0752 61900 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 18:48:18.0778 61900 WdiSystemHost - ok 18:48:18.0804 61900 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 18:48:18.0840 61900 WebClient - ok 18:48:18.0855 61900 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 18:48:18.0921 61900 Wecsvc - ok 18:48:18.0944 61900 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 18:48:18.0991 61900 wercplsupport - ok 18:48:19.0010 61900 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 18:48:19.0055 61900 WerSvc - ok 18:48:19.0067 61900 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 18:48:19.0109 61900 WfpLwf - ok 18:48:19.0132 61900 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 18:48:19.0148 61900 WIMMount - ok 18:48:19.0161 61900 WinDefend - ok 18:48:19.0169 61900 WinHttpAutoProxySvc - ok 18:48:19.0214 61900 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 18:48:19.0260 61900 Winmgmt - ok 18:48:19.0303 61900 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 18:48:19.0380 61900 WinRM - ok 18:48:19.0408 61900 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 18:48:19.0430 61900 WinUsb - ok 18:48:19.0458 61900 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 18:48:19.0502 61900 Wlansvc - ok 18:48:19.0524 61900 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 18:48:19.0538 61900 WmiAcpi - ok 18:48:19.0557 61900 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 18:48:19.0580 61900 wmiApSrv - ok 18:48:19.0591 61900 WMPNetworkSvc - ok 18:48:19.0602 61900 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 18:48:19.0653 61900 WPCSvc - ok 18:48:19.0682 61900 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 18:48:19.0714 61900 WPDBusEnum - ok 18:48:19.0728 61900 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 18:48:19.0761 61900 ws2ifsl - ok 18:48:19.0776 61900 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 18:48:19.0805 61900 wscsvc - ok 18:48:19.0809 61900 WSearch - ok 18:48:19.0881 61900 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 18:48:19.0937 61900 wuauserv - ok 18:48:19.0959 61900 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 18:48:20.0000 61900 WudfPf - ok 18:48:20.0024 61900 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 18:48:20.0069 61900 WUDFRd - ok 18:48:20.0079 61900 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 18:48:20.0114 61900 wudfsvc - ok 18:48:20.0127 61900 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 18:48:20.0163 61900 WwanSvc - ok 18:48:20.0178 61900 ================ Scan global =============================== 18:48:20.0201 61900 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 18:48:20.0228 61900 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll 18:48:20.0237 61900 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll 18:48:20.0252 61900 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 18:48:20.0271 61900 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 18:48:20.0274 61900 [Global] - ok 18:48:20.0275 61900 ================ Scan MBR ================================== 18:48:20.0278 61900 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 18:48:20.0459 61900 \Device\Harddisk0\DR0 - ok 18:48:20.0459 61900 ================ Scan VBR ================================== 18:48:20.0462 61900 [ 34D0E4D3DBAF7647191540B0E4084D01 ] \Device\Harddisk0\DR0\Partition1 18:48:20.0463 61900 \Device\Harddisk0\DR0\Partition1 - ok 18:48:20.0488 61900 [ 6CF63BEA31203A9F5E658EF857B138E8 ] \Device\Harddisk0\DR0\Partition2 18:48:20.0489 61900 \Device\Harddisk0\DR0\Partition2 - ok 18:48:20.0490 61900 ============================================================ 18:48:20.0490 61900 Scan finished 18:48:20.0490 61900 ============================================================ 18:48:20.0501 61892 Detected object count: 0 18:48:20.0501 61892 Actual detected object count: 0 Hat nichts gefunden ! Meine Mutter hat den Link geöffnet und wurde nach ein paar sekunden zu Google weitergeleitet! Konnte ein Trojaner gedwonloadet werden weil mein gdata hat den zugriff auf den link wegen einem Trojaner verhindert ! Noch ein Frage : da nun keine Malware gefunden wurde frage ich mich wie diese Leute meine E-mail adresse herausfinden konnten ? ich war nur auf Facebook/youtube/wikipedia ? |
14.12.2012, 18:55 | #6 | |
/// Malware-holic | E-Mail Konto (Trojaner oder Hacker) ? Hi ob keine Malware gefunden wurde, kann ich dir am ände sagen Evtl. hast du eine leicht zu findene Adresse, wie zb vor.nachname@anbieter.de dann könnte man sie per Zufallsgenerator finden. einer deiner Freunde wurde mal gehackt und das Adressbuch wurde ausgelesen. Oder eine der Seiten, wo du die Adresse angegeben hast, wurde gehackt. combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> E-Mail Konto (Trojaner oder Hacker) ? |
14.12.2012, 20:11 | #7 |
| E-Mail Konto (Trojaner oder Hacker) ? ich hab's erstmal beendet weil es nicht weiterging obwohl ich alles richtig gemacht habe ! Es lief zügig bis zur Fertigstellung stufe 4 und danach nichts mehr ! hatte auch während das Programm lief keinen Internetzugang |
14.12.2012, 20:14 | #8 |
/// Malware-holic | E-Mail Konto (Trojaner oder Hacker) ? Das ist normal wie lange lief es, lass es mal so 1,5 h laufen, außer du bekommst ne Fehlermeldung
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
14.12.2012, 20:16 | #9 |
| E-Mail Konto (Trojaner oder Hacker) ? ok werde ich tun ! Ist das der letzte schritt um mir zu sagen ob ich eine Malware habe ? Hier die Combofix logdatei Combofix Logfile: Code:
ATTFilter ComboFix 12-12-14.01 - Basti 14.12.2012 20:53:38.3.6 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8175.6261 [GMT 1:00] ausgeführt von:: c:\users\Basti\Desktop\ComboFix.exe AV: G Data InternetSecurity 2013 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496} FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED} SP: G Data InternetSecurity 2013 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-11-14 bis 2012-12-14 )))))))))))))))))))))))))))))) . . 2012-12-14 21:04 . 2012-12-14 21:04 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-12-14 21:04 . 2012-12-14 21:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-14 14:20 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F646CB5-3F37-47AA-8C5B-A2F109053B29}\mpengine.dll 2012-12-13 14:38 . 2012-12-13 14:38 -------- d-----w- c:\users\Basti\AppData\Roaming\Malwarebytes 2012-12-13 14:38 . 2012-12-13 14:38 -------- d-----w- c:\programdata\Malwarebytes 2012-12-13 14:38 . 2012-12-13 14:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-13 14:38 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-12 22:37 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-12 22:37 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-12 22:37 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-12-12 22:37 . 2012-11-05 21:35 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-12 22:37 . 2012-11-05 20:41 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-12 22:37 . 2012-11-05 20:32 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-12 22:37 . 2012-11-05 20:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-12 22:35 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-12-12 22:35 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-12-12 22:23 . 2012-12-12 22:23 16504 ----a-w- c:\windows\system32\drivers\GdPhyMem.sys 2012-12-11 14:59 . 2012-12-11 14:59 -------- d-----w- c:\users\Basti\dwhelper 2012-12-08 14:11 . 2012-09-24 22:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-12-04 18:42 . 2012-12-04 18:42 -------- d-----w- c:\program files (x86)\AGEIA Technologies 2012-11-30 21:43 . 2012-11-30 21:43 438632 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-11-30 20:00 . 2012-11-30 20:00 -------- d-----w- c:\program files (x86)\ROCCAT 2012-11-30 20:00 . 2004-10-22 01:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll 2012-11-30 20:00 . 2004-10-22 01:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll 2012-11-30 20:00 . 2004-10-22 01:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll 2012-11-30 20:00 . 2004-10-22 01:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll 2012-11-30 20:00 . 2004-10-22 01:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe 2012-11-30 20:00 . 2012-11-30 20:00 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll 2012-11-30 20:00 . 2012-11-30 20:00 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll 2012-11-19 20:36 . 2012-11-19 21:03 -------- d-----w- c:\users\Basti\AppData\Roaming\Audacity 2012-11-19 20:36 . 2012-11-19 20:36 -------- d-----w- c:\program files (x86)\Audacity 2012-11-15 22:18 . 2012-11-15 22:22 -------- d-----w- c:\users\Basti\Windows Designs 2012-11-15 14:22 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-15 14:22 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-14 19:07 . 2012-10-21 19:03 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin 2012-12-13 02:02 . 2012-05-04 21:30 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-12 22:17 . 2012-04-30 14:27 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-12 22:17 . 2012-04-30 14:27 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-08 13:37 . 2012-05-02 16:51 60320 ----a-w- c:\windows\system32\drivers\PktIcpt.sys 2012-12-08 13:33 . 2012-05-02 16:50 126880 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys 2012-12-08 13:33 . 2012-05-02 16:50 54176 ----a-w- c:\windows\system32\drivers\GDBehave.sys 2012-12-08 13:33 . 2012-05-02 16:50 64416 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys 2012-12-03 15:47 . 2012-10-10 20:23 1504104 ----a-w- c:\windows\system32\nvdispgenco64.dll 2012-12-03 15:47 . 2012-10-10 20:23 2816824 ----a-w- c:\windows\system32\nvapi64.dll 2012-12-03 15:47 . 2012-10-10 20:23 983936 ----a-w- c:\windows\system32\nvumdshimx.dll 2012-12-03 15:47 . 2012-10-10 20:23 15016256 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-12-03 15:47 . 2012-10-10 20:23 12603960 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-12-03 15:47 . 2012-10-10 20:22 2496976 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-12-03 15:47 . 2012-05-18 15:02 1805672 ----a-w- c:\windows\system32\nvdispco64.dll 2012-12-01 05:49 . 2012-05-18 15:03 3663213 ----a-w- c:\windows\system32\nvcoproc.bin 2012-12-01 05:49 . 2011-01-20 17:26 2557800 ----a-w- c:\windows\system32\nvsvcr.dll 2012-12-01 05:49 . 2011-01-20 17:26 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-12-01 05:49 . 2011-01-20 17:26 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-12-01 05:49 . 2011-01-20 17:26 890216 ----a-w- c:\windows\system32\nvvsvc.exe 2012-12-01 05:48 . 2011-01-20 17:26 6223208 ----a-w- c:\windows\system32\nvcpl.dll 2012-12-01 05:48 . 2011-01-20 17:25 3311464 ----a-w- c:\windows\system32\nvsvc64.dll 2012-11-14 10:59 . 2012-07-14 13:36 160784 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys 2012-11-01 18:31 . 2012-11-01 18:31 40712 ----a-w- c:\windows\system32\drivers\taphss6.sys 2012-10-12 13:37 . 2012-05-09 20:39 106648 ----a-w- c:\windows\system32\drivers\GRD.sys 2012-10-11 16:01 . 2012-10-11 16:02 655872 ----a-w- c:\windows\system\msvcr90.dll 2012-10-10 18:07 . 2012-10-10 18:07 1299744 ----a-w- c:\windows\SysWow64\itunesmobiledevice.dll 2012-10-04 16:40 . 2012-12-12 22:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-07-03 14:41 . 2012-07-14 13:37 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] 2012-11-01 17:45 233288 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ESL Wire"="c:\program files\EslWire\wire.exe" [2012-12-05 3923968] "Facebook Update"="c:\users\Basti\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-11-10 138096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2012-09-17 995352] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776] "ROCCAT Savu Gaming Mouse"="c:\program files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe" [2012-09-10 872048] "GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2012-01-27 1470968] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 FLASHSYS;FLASHSYS;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [2008-02-15 15192] R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon64.sys [2012-05-02 31448] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x] R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-14 48416] R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2010-01-14 29472] R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-01-14 48416] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2012-02-10 136616] S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2012-12-08 54176] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2012-12-08 126880] S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2012-12-08 64416] S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2012-10-12 106648] S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2012-05-20 64376] S2 AODDriver4.1.0;AODDriver4.1.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2012-02-10 56448] S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880] S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-08-23 1542680] S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2012-01-27 468472] S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2012-08-30 2011568] S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2012-11-14 160784] S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe [2012-11-14 678416] S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-11-02 527216] S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-11-01 389488] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2010-01-14 32544] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896] S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2012-06-04 1766464] S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2012-12-08 60320] S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-03-29 470008] S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2012-11-01 40712] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . Inhalt des "geplante Tasks" Ordners . 2012-12-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 22:17] . 2012-12-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1023630594-4199829681-851610359-1000Core.job - c:\users\Basti\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-10 20:53] . 2012-12-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1023630594-4199829681-851610359-1000UA.job - c:\users\Basti\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-10 20:53] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Free YouTube Download - c:\users\Basti\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - c:\users\Basti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{6E6B5396-6994-4C4F-B7E1-111F16862744}: NameServer = 8.8.8.8 FF - ProfilePath - c:\users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\2b2qgayn.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - ExtSQL: 2012-12-13 08:35; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\2b2qgayn.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - user.js: extensions.autoDisableScopes - 14 . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-12-14 23:56:44 ComboFix-quarantined-files.txt 2012-12-14 22:56 . Vor Suchlauf: 12 Verzeichnis(se), 721.195.323.392 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 719.980.097.536 Bytes frei . - - End Of File - - 52AF188C7EC443F03B810A474E935C5E |
15.12.2012, 19:02 | #10 |
/// Malware-holic | E-Mail Konto (Trojaner oder Hacker) ? hi wir haben noch zu tun. lade den CCleaner standard: CCleaner Download - CCleaner 3.25.1872 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
16.12.2012, 02:20 | #11 |
| E-Mail Konto (Trojaner oder Hacker) ? Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 30.04.2012 10.0.42.34 Notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 12.12.2012 6,00MB 11.5.502.135 Notwendig AI Suite II ASUSTeK Computer Inc. 30.04.2012 1.01.22 Notwendig AMD OverDrive Advanced Micro Devices, Inc. 30.04.2012 21,9MB 4.1.0.0575 Notwendig Apple Application Support Apple Inc. 07.11.2012 65,0MB 2.2.2 Unbekannt Apple Mobile Device Support Apple Inc. 07.11.2012 23,7MB 6.0.0.59 Notwendig Apple Software Update Apple Inc. 11.10.2012 2,38MB 2.1.3.127 Asmedia ASM104x USB 3.0 Host Controller Driver Asmedia Technology 30.04.2012 2,27MB 1.12.5.0 Unbekannt Audacity 2.0.2 Audacity Team 19.11.2012 43,5MB 2.0.2 Unnötig Bonjour Apple Inc. 11.10.2012 2,04MB 3.0.0.10 Unbekannt Canon iP2700 series Printer Driver 01.05.2012 Notwendig CCleaner Piriform 25.11.2012 3.25 Notwendig CDBurnerXP CDBurnerXP 19.05.2012 12,1MB 4.4.1.3099 Notwendig Cheat Engine 6.2 Dark Byte 20.09.2012 27,0MB Unnötig Counter-Strike: Global Offensive 01.10.2012 Notwendig (nicht zwangsläufig) ESL Wire 1.15.1 Turtle Entertainment GmbH 08.12.2012 60,8MB Unnötig Facebook Video Calling 1.2.0.287 Skype Limited 10.11.2012 4,76MB 1.2.287 unnötig Foxit Reader Foxit Corporation 28.06.2012 36,1MB 5.3.1.606 Notwendig Free YouTube Download version 3.1.40.1031 DVDVideoSoft Ltd. 06.11.2012 57,0MB 3.1.40.1031 Notwendig Free YouTube to MP3 Converter version 3.11.35.1031 DVDVideoSoft Ltd. 11.11.2012 61,9MB 3.11.35.1031 Notwendig G Data InternetSecurity 2012 G Data Software AG 02.05.2012 80,6MB 22.0.0.0 Notwendig Hotspot Shield 2.76 AnchorFree Inc. 10.11.2012 2.76 unnötig iPhone Explorer Marx Softwareentwicklung 10.10.2012 6,98MB 0.9.110.0 Notwendig iTunes Apple Inc. 07.11.2012 182MB 10.7.0.21 Unnötig Java 7 Update 9 Oracle 14.09.2012 128MB 7.0.90 Notwendig Java(TM) 7 Update 4 (64-bit) Oracle 18.05.2012 95,0MB 7.0.40 Notwendig JavaFX 2.1.1 Oracle Corporation 31.07.2012 20,8MB 2.1.1 Unbekannt LibUSB-Win32-0.1.12.2 LibUSB-Win32 11.10.2012 0.1.12.2 unnötig Liveupdate4 MSI, Inc. 30.04.2012 Notwendig Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 13.12.2012 19,4MB 1.65.1.1000 Notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 18.05.2012 38,8MB 4.0.30319 Unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 18.05.2012 2,93MB 4.0.30319 Unbekannt Microsoft Office Enterprise 2007 Microsoft Corporation 01.05.2012 12.0.4518.1014 Unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 01.05.2012 426KB 8.0.56336 Notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 Microsoft Corporation 14.07.2012 792KB 9.0.30729 Unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 19.10.2012 788KB 9.0.30729.4148 Unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 11.10.2012 1,41MB 9.0.21022 Unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 30.04.2012 596KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 02.05.2012 596KB 9.0.30729.4148 Unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 30.04.2012 13,8MB 10.0.40219 Unbekannt Mozilla Firefox 17.0.1 (x86 de) Mozilla 05.12.2012 42,0MB 17.0.1 Notwendig Mozilla Maintenance Service Mozilla 05.12.2012 329KB 17.0.1 Unbekannt MSI Afterburner 2.1.0 MSI Co., LTD 30.04.2012 2.1.0 Notwendig Need For Speed™ World Electronic Arts 18.05.2012 12,4MB 1.0.0.857 Notwendig Nur Entfernen der CopyTrans Suite möglich WindSolutions 06.05.2012 2.34 Notwendig NVIDIA 3D Vision Controller-Treiber 310.70 NVIDIA Corporation 04.12.2012 310.70 Notwendig NVIDIA 3D Vision Treiber 310.70 NVIDIA Corporation 04.12.2012 310.70 Notwendig NVIDIA Grafiktreiber 310.70 NVIDIA Corporation 04.12.2012 310.70 Notwendig NVIDIA HD-Audiotreiber 1.3.18.0 NVIDIA Corporation 04.12.2012 1.3.18.0 Notwendig NVIDIA PhysX-Systemsoftware 9.12.1031 NVIDIA Corporation 04.12.2012 Notwendig 9.12.1031 NVIDIA Update 1.11.3 NVIDIA Corporation 04.12.2012 1.11.3 Notwendig Portal 2 Valve 16.08.2012 Notwendig QuickTime Apple Inc. 01.05.2012 73,6MB 7.69.80.9 Unnötig Rainmeter 30.04.2012 2.2 r1116 Unnötig Realtek Ethernet Controller Driver Realtek 12.10.2012 7.46.610.2011 Notwendig Realtek Ethernet Diagnostic Utility Realtek 12.10.2012 1.00.0000 Notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 30.04.2012 6.0.1.6402 Notwendig Savu Mouse ROCCAT GmbH 30.11.2012 1.1.9 Notwendig Sniper Elite Rebellion Developments 16.08.2012 TeamSpeak 3 Client TeamSpeak Systems GmbH 06.11.2012 3.0.9.2 Notwendig WinRAR 4.20 (64-Bit) win.rar GmbH Notwendig |
16.12.2012, 17:41 | #12 |
/// Malware-holic | E-Mail Konto (Trojaner oder Hacker) ? deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden und instalieren. Deinstaliere: Audacity Cheat Engine Counter-Strike: deinstalieren, oder behalten, musst du wissen :-) ESL G Data : wenn man Anitmalware software nutzt, muss die schon aktuell sein :-) Upgrade deine Version auf 2013, das geht kostenlos. Antivirus Download, Antivirus-Software, Bankguard, Mobile Security - G Data Software AG Deinstaliere: Hotspot iTunes Java : alle downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: LibUSB QuickTime Rainmeter Öffne OTL, bereinigen, PC startet neu, löscht Remover. Öffne CCleaner, analysieren, starten, Pc neustarten, testen wie er läuft + Programme, wie Browser.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
21.12.2012, 13:14 | #13 |
| E-Mail Konto (Trojaner oder Hacker) ? was ich komisch fand: nach Combofix oder OTL erschien eine Medlung auf dem Desktop : dass mein Rechner als Server läuft oder so . Anscheinend wurden Netzwerkoptionen geändert ! Wie kriege ich das auf den alten Stand zurück ;( ? |
21.12.2012, 13:31 | #14 |
/// Malware-holic | E-Mail Konto (Trojaner oder Hacker) ? Hi Das fällt dir aber früh ein... Was war die genaue Meldung? Punkte von oben abgearbeitet?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
21.12.2012, 16:22 | #15 |
| E-Mail Konto (Trojaner oder Hacker) ? Ja Punkte hab ich abgearbeitet ! Läuft alles soweit außer das ich bei Spielen auf einmal bis zu 100% Auslastung habe obwohl mein System ziemlich gut ist und davor nichtmal 50% ausgelastet war . Die Meldung weiß ich nicht mehr genau , jedenfalls ging es darum ,dass mein PC als Server läuft oder so ähnlich ;( Die Meldung kam von GDATA aus ! Kann ich die Einstellung rückgängig machen ? |
Themen zu E-Mail Konto (Trojaner oder Hacker) ? |
andere, anderen, antwort, community, e-mail, email, emails, erkannt, erkennen, frage, fremde, gdata, hacker, immernoch, konnte, konto, link, malwarebytes, nicht erkannt, problem, theme, themen, trojaner, worte, zugriff |