| |
| |||||||
Log-Analyse und Auswertung: GVU Trojaner mit Webcam aktivierungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.12.2012, 20:31
| #1 |
| |  GVU Trojaner mit Webcam aktivierung Ich habe mir bereits Malwarebytes heruntergeladen. Und einmal durchlaufen lassen. Das Logfile Lege ich anbei. Schoneinmal vielen vielen dank für die Hilfe ! Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.19.06 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Virus Killer :: WINDWOWSSUPPORT [Administrator] 19.12.2012 19:42:04 mbam-log-2012-12-19 (19-42-04).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 243621 Laufzeit: 2 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\Chris\AppData\Local\Temp\FSG.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\ktd32.atm (Backdoor.ProRat) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
19.12.2012, 20:32
| #2 |
| /// Malware-holic   | GVU Trojaner mit Webcam aktivierung Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
19.12.2012, 20:56
| #3 |
| | GVU Trojaner mit Webcam aktivierung Ich habe den Scan jetzt abgeschlossen es sind zwei Logs erstellt worden welchen der beiden soll ich Uppen ?
__________________ |
|
19.12.2012, 20:58
| #4 | |
| | GVU Trojaner mit Webcam aktivierungZitat:
OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.12.2012 20:37:53 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Virus Killer\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 59,28% Memory free 8,22 Gb Paging File | 6,55 Gb Available in Paging File | 79,65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 396,20 Gb Total Space | 288,20 Gb Free Space | 72,74% Space Free | Partition Type: NTFS Drive D: | 199,97 Gb Total Space | 198,39 Gb Free Space | 99,21% Space Free | Partition Type: NTFS Computer Name: WINDWOWSSUPPORT | User Name: Virus Killer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.19 20:35:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Virus Killer\Desktop\OTL.exe PRC - [2012.12.04 15:38:05 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.12.04 15:36:48 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.10.29 17:33:28 | 001,573,584 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.09.29 16:32:21 | 007,244,800 | ---- | M] () -- C:\Program Files (x86)\Freetec\SystemStore\Freemium.SystemStore.exe PRC - [2012.09.24 23:15:50 | 000,046,568 | ---- | M] (Oracle Corporation) -- C:\PROGRA~2\Java\jre7\bin\ssvagent.exe PRC - [2012.09.11 14:02:05 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe PRC - [2012.03.20 10:16:08 | 000,247,872 | ---- | M] () -- C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE PRC - [2010.10.22 01:00:00 | 002,105,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe PRC - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe PRC - [2008.01.21 03:47:13 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wermgr.exe ========== Modules (No Company Name) ========== MOD - [2012.09.11 14:02:05 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ========== Services (SafeList) ========== SRV:64bit: - [2008.01.21 03:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.12.14 18:41:21 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.05 15:27:11 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.04 15:38:05 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.09.29 16:32:21 | 007,244,800 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Freetec\SystemStore\Freemium.SystemStore.exe -- (FreemiumSystemStoreService) SRV - [2012.09.26 16:59:56 | 005,686,272 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Freetec\SystemStore\Freemium.SelfUpdate.exe -- (FreemiumSelfUpdateService) SRV - [2012.09.11 14:02:05 | 001,564,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru) SRV - [2012.03.20 10:16:08 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE -- (ICQ Service) SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.03.29 20:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.02.29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2010.10.25 01:00:00 | 000,714,368 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\fwlanusbn.sys -- (fwlanusbn) DRV:64bit: - [2010.10.25 01:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3601738123-4207121071-2814191507-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S-1-5-21-3601738123-4207121071-2814191507-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3601738123-4207121071-2814191507-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-3601738123-4207121071-2814191507-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-3601738123-4207121071-2814191507-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3601738123-4207121071-2814191507-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3601738123-4207121071-2814191507-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-3601738123-4207121071-2814191507-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3601738123-4207121071-2814191507-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE IE - HKU\S-1-5-21-3601738123-4207121071-2814191507-1002\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-3601738123-4207121071-2814191507-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 15:27:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.19 19:13:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Virus Killer\AppData\Roaming\mozilla\Extensions [2012.12.19 19:19:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Virus Killer\AppData\Roaming\mozilla\Firefox\Profiles\3z4f6sc1.default\extensions [2012.12.19 19:19:47 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Virus Killer\AppData\Roaming\mozilla\Firefox\Profiles\3z4f6sc1.default\extensions\toolbar@ask.com [2012.12.19 19:19:46 | 000,002,344 | ---- | M] () -- C:\Users\Virus Killer\AppData\Roaming\mozilla\firefox\profiles\3z4f6sc1.default\searchplugins\askcom.xml [2012.12.05 15:27:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.05 15:27:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.12.05 15:27:11 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.08.25 03:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.25 03:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.08.25 03:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.08.25 03:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.25 03:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.25 03:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3601738123-4207121071-2814191507-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-3601738123-4207121071-2814191507-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3601738123-4207121071-2814191507-1001..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3601738123-4207121071-2814191507-1002..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZMatrix.lnk = C:\Program Files (x86)\ZMatrix\matrix.exe (Happy Dude) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D67E5E2B-63DE-42AC-A330-F9EDB86207A6}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - "C:\USERS\CHRIS\APPDATA\LOCAL\TEMP\RAR$EXA0.551\PROCEXP.EXE" File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.12.19 20:35:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Virus Killer\Desktop\OTL.exe [2012.12.19 19:40:25 | 000,000,000 | ---D | C] -- C:\Users\Virus Killer\AppData\Roaming\Malwarebytes [2012.12.19 19:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.19 19:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.19 19:40:10 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.19 19:40:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.19 19:25:19 | 000,000,000 | ---D | C] -- C:\Users\Virus Killer\AppData\Roaming\Avira [2012.12.19 19:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.12.19 19:19:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012.12.19 19:18:40 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.19 19:18:40 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.12.19 19:18:40 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.12.19 19:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.12.19 19:18:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.12.19 19:13:53 | 000,000,000 | ---D | C] -- C:\Users\Virus Killer\AppData\Roaming\Macromedia [2012.12.19 19:13:53 | 000,000,000 | ---D | C] -- C:\Users\Virus Killer\AppData\Local\Macromedia [2012.12.19 19:13:53 | 000,000,000 | ---D | C] -- C:\Users\Virus Killer\AppData\Roaming\Adobe [2012.12.19 19:13:23 | 000,000,000 | ---D | C] -- C:\Users\Virus Killer\AppData\Roaming\Mozilla [2012.12.19 19:13:23 | 000,000,000 | ---D | C] -- C:\Users\Virus Killer\AppData\Local\Mozilla [2012.12.19 19:13:05 | 000,000,000 | R--D | C] -- C:\Users\Virus Killer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.12.19 19:13:05 | 000,000,000 | R--D | C] -- C:\Users\Virus Killer\Searches [2012.12.19 19:13:05 | 000,000,000 | R--D | C] -- C:\Users\Virus Killer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.12.19 19:12:56 | 000,000,000 | ---D | C] -- C:\Users\Virus Killer\AppData\Roaming\Identities [2012.12.19 19:12:54 | 000,000,000 | R--D | C] -- C:\Users\Virus Killer\Contacts [2012.12.19 19:12:53 | 000,000,000 | ---D | C] -- C:\Users\Virus Killer\AppData\Local\VirtualStore [2012.12.19 19:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Virus Killer\Vorlagen [2012.12.19 19:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Virus Killer\AppData\Local\Verlauf [2012.12.19 19:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Virus Killer\AppData\Local\Temporary Internet Files [2012.12.19 19:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Virus Killer\Startmenü [2012.12.19 19:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Virus Killer\SendTo [2012.12.19 19:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Virus Killer\Recent [2012.12.19 19:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Virus Killer\Netzwerkumgebung [2012.12.19 19:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Virus Killer\Lokale Einstellungen [2012.12.19 19:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Virus Killer\Documents\Eigene Videos [2012.12.19 19:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Virus Killer\Documents\Eigene Musik [2012.12.19 19:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Virus Killer\Eigene Dateien [2012.12.19 19:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Virus Killer\Documents\Eigene Bilder [2012.12.19 19:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Virus Killer\Druckumgebung [2012.12.19 19:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Virus Killer\Cookies [2012.12.19 19:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Virus Killer\AppData\Local\Anwendungsdaten [2012.12.19 19:12:50 | 000,000,000 | -HSD | C] -- C:\Users\Virus Killer\Anwendungsdaten [2012.12.19 19:12:49 | 000,000,000 | --SD | C] -- C:\Users\Virus Killer\AppData\Roaming\Microsoft [2012.12.19 19:12:49 | 000,000,000 | R--D | C] -- C:\Users\Virus Killer\Videos [2012.12.19 19:12:49 | 000,000,000 | R--D | C] -- C:\Users\Virus Killer\Saved Games [2012.12.19 19:12:49 | 000,000,000 | R--D | C] -- C:\Users\Virus Killer\Pictures [2012.12.19 19:12:49 | 000,000,000 | R--D | C] -- C:\Users\Virus Killer\Music [2012.12.19 19:12:49 | 000,000,000 | R--D | C] -- C:\Users\Virus Killer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.12.19 19:12:49 | 000,000,000 | R--D | C] -- C:\Users\Virus Killer\Links [2012.12.19 19:12:49 | 000,000,000 | R--D | C] -- C:\Users\Virus Killer\Favorites [2012.12.19 19:12:49 | 000,000,000 | R--D | C] -- C:\Users\Virus Killer\Downloads [2012.12.19 19:12:49 | 000,000,000 | R--D | C] -- C:\Users\Virus Killer\Documents [2012.12.19 19:12:49 | 000,000,000 | R--D | C] -- C:\Users\Virus Killer\Desktop [2012.12.19 19:12:49 | 000,000,000 | R--D | C] -- C:\Users\Virus Killer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.12.19 19:12:49 | 000,000,000 | -H-D | C] -- C:\Users\Virus Killer\AppData [2012.12.19 19:12:49 | 000,000,000 | ---D | C] -- C:\Users\Virus Killer\AppData\Local\Temp [2012.12.19 19:12:49 | 000,000,000 | ---D | C] -- C:\Users\Virus Killer\AppData\Local\Microsoft [2012.12.19 19:12:49 | 000,000,000 | ---D | C] -- C:\Users\Virus Killer\AppData\Roaming\Media Center Programs [2012.12.05 15:27:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.02 15:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.12.02 15:03:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.11.27 20:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2012.11.21 14:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokemon World Online [2012.11.21 14:21:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pokemon World Online ========== Files - Modified Within 30 Days ========== [2012.12.19 20:41:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.19 20:35:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Virus Killer\Desktop\OTL.exe [2012.12.19 20:02:57 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.19 19:40:11 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.19 19:15:12 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.19 19:15:12 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.19 19:15:12 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.19 19:15:12 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.19 19:15:12 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.19 19:09:22 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.19 19:09:22 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.19 19:09:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.16 13:38:17 | 000,274,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys ========== Files Created - No Company Name ========== [2012.12.19 19:40:11 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.19 19:13:08 | 000,000,949 | ---- | C] () -- C:\Users\Virus Killer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.12.19 19:13:05 | 000,000,979 | ---- | C] () -- C:\Users\Virus Killer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.12.19 19:13:04 | 000,000,974 | ---- | C] () -- C:\Users\Virus Killer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2012.12.19 19:12:54 | 000,000,915 | ---- | C] () -- C:\Users\Virus Killer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2012.12.19 19:05:18 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.14 20:49:43 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.12.14 20:49:43 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.10.31 16:49:42 | 000,000,074 | ---- | C] () -- C:\Windows\ZMatrixSS.ini [2012.09.05 18:42:48 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.09.05 18:42:23 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2012.09.05 18:41:11 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin ========== ZeroAccess Check ========== [2006.11.02 16:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.10 23:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 22:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:01 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.31 16:49:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\.ZMatrix [2012.12.08 17:15:49 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\7road [2012.10.02 09:18:50 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\EATCAM [2012.11.30 17:03:02 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ICQ [2012.09.11 14:02:35 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ICQ Search [2012.10.24 16:36:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\LibreOffice ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.12.19 19:13:10 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.09.05 19:15:11 | 000,000,000 | -HSD | M] -- C:\Boot [2006.11.02 16:41:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.09.05 14:32:57 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.09.05 15:24:29 | 000,000,000 | ---D | M] -- C:\NVIDIA [2008.01.21 04:03:26 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.11.27 20:16:31 | 000,000,000 | R--D | M] -- C:\Program Files [2012.12.19 19:40:10 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.12.19 20:03:14 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.09.05 14:32:57 | 000,000,000 | -HSD | M] -- C:\Programme [2012.12.19 20:39:11 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.12.19 19:12:49 | 000,000,000 | R--D | M] -- C:\Users [2012.12.19 20:20:24 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.04.10 22:27:18 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2006.11.02 16:40:34 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 16:40:34 | 000,019,912 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.09.05 15:18:30 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2008.01.21 03:45:58 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys [2008.01.21 03:45:58 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008.01.21 03:45:58 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys < MD5 for: ATAPI.SYS > [2008.01.21 03:45:58 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2009.04.10 23:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys [2009.04.10 23:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll [2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.12.12 22:58:28 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe [2008.12.12 22:58:27 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe [2008.12.12 22:58:28 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe [2008.12.12 22:58:27 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe [2009.04.10 23:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe [2009.04.10 23:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe [2008.12.12 22:58:28 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe [2008.12.12 22:58:27 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe [2008.12.12 22:58:27 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe [2008.12.12 22:58:28 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe [2008.01.21 03:47:50 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe [2008.01.21 03:48:30 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.21 03:46:07 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys [2008.01.21 03:46:07 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008.01.21 03:50:06 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009.04.10 23:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll [2009.04.10 23:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2008.01.21 03:47:35 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll < MD5 for: NVSTOR.SYS > [2008.01.21 03:46:02 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys [2008.01.21 03:46:02 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:49:34 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008.01.21 03:48:56 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009.04.10 23:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll [2009.04.10 23:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:47:35 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll [2008.01.21 03:48:20 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll [2009.04.10 22:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll [2009.04.10 22:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll [2009.04.10 23:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll [2009.04.10 23:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:49:40 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.21 03:49:40 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.21 03:48:49 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008.01.21 03:48:49 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.10 23:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe [2009.04.10 23:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008.01.21 03:48:54 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe [2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:49:41 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:48:44 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2008.01.21 03:48:44 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.12.19 20:53:33 | 000,524,288 | -HS- | M] () -- C:\Users\Virus Killer\NTUSER.DAT [2012.12.19 20:53:32 | 000,262,144 | -H-- | M] () -- C:\Users\Virus Killer\ntuser.dat.LOG1 [2012.12.19 19:12:49 | 000,000,000 | -H-- | M] () -- C:\Users\Virus Killer\ntuser.dat.LOG2 [2012.12.19 19:12:49 | 000,065,536 | -HS- | M] () -- C:\Users\Virus Killer\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf [2012.12.19 19:12:49 | 000,524,288 | -HS- | M] () -- C:\Users\Virus Killer\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms [2012.12.19 19:12:49 | 000,524,288 | -HS- | M] () -- C:\Users\Virus Killer\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000002.regtrans-ms [2012.12.19 19:12:50 | 000,000,020 | -HS- | M] () -- C:\Users\Virus Killer\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > < End of report > |
|
19.12.2012, 21:02
| #5 |
| /// Malware-holic | GVU Trojaner mit Webcam aktivierung hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2012.12.19 20:02:57 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.12.2012, 21:12
| #6 |
| | GVU Trojaner mit Webcam aktivierung All processes killed ========== OTL ========== C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Chris ->Flash cache emptied: 175874059 bytes User: Default User: Default User User: Public User: UpdatusUser User: Virus Killer ->Flash cache emptied: 877 bytes Total Flash Files Cleaned = 168,00 mb [EMPTYTEMP] User: All Users User: Chris ->Temp folder emptied: 105395200 bytes ->Temporary Internet Files folder emptied: 597482198 bytes ->Java cache emptied: 13607347 bytes ->FireFox cache emptied: 446272658 bytes ->Flash cache emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Virus Killer ->Temp folder emptied: 1489158 bytes ->Temporary Internet Files folder emptied: 531585 bytes ->FireFox cache emptied: 76040992 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 160907133 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 59041588 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1.393,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 12192012_210347 Files\Folders moved on Reboot... C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Virus Killer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
|
20.12.2012, 13:08
| #7 |
| /// Malware-holic | GVU Trojaner mit Webcam aktivierung Hi, download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
24.12.2012, 15:19
| #8 |
| | GVU Trojaner mit Webcam aktivierung Es tut mir wirklich leid das ich jetzt erst antworte , aber da ich Arbeite hatte ich vorher leider keine Zeit. 15:15:47.0075 4068 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 15:15:47.0184 4068 ============================================================ 15:15:47.0184 4068 Current date / time: 2012/12/24 15:15:47.0184 15:15:47.0184 4068 SystemInfo: 15:15:47.0184 4068 15:15:47.0184 4068 OS Version: 6.0.6002 ServicePack: 2.0 15:15:47.0184 4068 Product type: Workstation 15:15:47.0184 4068 ComputerName: WINDWOWSSUPPORT 15:15:47.0199 4068 UserName: Virus Killer 15:15:47.0199 4068 Windows directory: C:\Windows 15:15:47.0199 4068 System windows directory: C:\Windows 15:15:47.0199 4068 Running under WOW64 15:15:47.0199 4068 Processor architecture: Intel x64 15:15:47.0199 4068 Number of processors: 2 15:15:47.0199 4068 Page size: 0x1000 15:15:47.0199 4068 Boot type: Normal boot 15:15:47.0199 4068 ============================================================ 15:15:48.0338 4068 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:15:48.0338 4068 ============================================================ 15:15:48.0338 4068 \Device\Harddisk0\DR0: 15:15:48.0338 4068 MBR partitions: 15:15:48.0338 4068 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x31866800 15:15:48.0338 4068 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x31867000, BlocksNum 0x18FF0800 15:15:48.0338 4068 ============================================================ 15:15:48.0385 4068 C: <-> \Device\Harddisk0\DR0\Partition1 15:15:48.0432 4068 D: <-> \Device\Harddisk0\DR0\Partition2 15:15:48.0432 4068 ============================================================ 15:15:48.0432 4068 Initialize success 15:15:48.0432 4068 ============================================================ 15:15:59.0461 1956 ============================================================ 15:15:59.0461 1956 Scan started 15:15:59.0461 1956 Mode: Manual; SigCheck; TDLFS; 15:15:59.0461 1956 ============================================================ 15:16:00.0257 1956 ================ Scan system memory ======================== 15:16:00.0257 1956 System memory - ok 15:16:00.0257 1956 ================ Scan services ============================= 15:16:00.0366 1956 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys 15:16:00.0459 1956 ACPI - ok 15:16:00.0553 1956 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 15:16:00.0569 1956 AdobeFlashPlayerUpdateSvc - ok 15:16:00.0600 1956 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 15:16:00.0647 1956 adp94xx - ok 15:16:00.0678 1956 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys 15:16:00.0709 1956 adpahci - ok 15:16:00.0740 1956 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 15:16:00.0756 1956 adpu160m - ok 15:16:00.0771 1956 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 15:16:00.0803 1956 adpu320 - ok 15:16:00.0834 1956 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 15:16:00.0896 1956 AeLookupSvc - ok 15:16:00.0927 1956 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys 15:16:01.0037 1956 AFD - ok 15:16:01.0068 1956 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys 15:16:01.0083 1956 agp440 - ok 15:16:01.0083 1956 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys 15:16:01.0115 1956 aic78xx - ok 15:16:01.0130 1956 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe 15:16:01.0177 1956 ALG - ok 15:16:01.0193 1956 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys 15:16:01.0208 1956 aliide - ok 15:16:01.0224 1956 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys 15:16:01.0239 1956 amdide - ok 15:16:01.0255 1956 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 15:16:01.0317 1956 AmdK8 - ok 15:16:01.0380 1956 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 15:16:01.0395 1956 AntiVirSchedulerService - ok 15:16:01.0427 1956 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 15:16:01.0442 1956 AntiVirService - ok 15:16:01.0489 1956 [ 255527AB98293EA390352A8C53B0042A ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE 15:16:01.0536 1956 AntiVirWebService - ok 15:16:01.0567 1956 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll 15:16:01.0598 1956 Appinfo - ok 15:16:01.0645 1956 [ 3DA98C07B18A676180FE7EED924D1673 ] AppMgmt C:\Windows\System32\appmgmts.dll 15:16:01.0676 1956 AppMgmt - ok 15:16:01.0692 1956 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys 15:16:01.0707 1956 arc - ok 15:16:01.0739 1956 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys 15:16:01.0770 1956 arcsas - ok 15:16:01.0801 1956 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 15:16:01.0863 1956 AsyncMac - ok 15:16:01.0879 1956 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys 15:16:01.0895 1956 atapi - ok 15:16:01.0941 1956 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 15:16:02.0019 1956 AudioEndpointBuilder - ok 15:16:02.0019 1956 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll 15:16:02.0066 1956 AudioSrv - ok 15:16:02.0113 1956 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 15:16:02.0144 1956 avgntflt - ok 15:16:02.0175 1956 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 15:16:02.0207 1956 avipbb - ok 15:16:02.0222 1956 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 15:16:02.0238 1956 avkmgr - ok 15:16:02.0285 1956 [ C6F4C466B654C1BE98AF31418BB5AC30 ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe 15:16:02.0331 1956 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning 15:16:02.0331 1956 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1) 15:16:02.0378 1956 [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject C:\Windows\system32\drivers\avmeject.sys 15:16:02.0394 1956 avmeject - ok 15:16:02.0441 1956 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll 15:16:02.0503 1956 BFE - ok 15:16:02.0550 1956 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll 15:16:02.0643 1956 BITS - ok 15:16:02.0675 1956 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 15:16:02.0737 1956 blbdrive - ok 15:16:02.0753 1956 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 15:16:02.0784 1956 bowser - ok 15:16:02.0815 1956 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 15:16:02.0846 1956 BrFiltLo - ok 15:16:02.0862 1956 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 15:16:02.0909 1956 BrFiltUp - ok 15:16:02.0940 1956 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll 15:16:03.0002 1956 Browser - ok 15:16:03.0049 1956 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys 15:16:03.0111 1956 Brserid - ok 15:16:03.0143 1956 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 15:16:03.0205 1956 BrSerWdm - ok 15:16:03.0221 1956 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 15:16:03.0283 1956 BrUsbMdm - ok 15:16:03.0299 1956 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 15:16:03.0377 1956 BrUsbSer - ok 15:16:03.0392 1956 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 15:16:03.0439 1956 BTHMODEM - ok 15:16:03.0470 1956 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 15:16:03.0501 1956 cdfs - ok 15:16:03.0533 1956 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 15:16:03.0564 1956 cdrom - ok 15:16:03.0611 1956 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll 15:16:03.0642 1956 CertPropSvc - ok 15:16:03.0657 1956 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys 15:16:03.0720 1956 circlass - ok 15:16:03.0751 1956 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys 15:16:03.0798 1956 CLFS - ok 15:16:03.0829 1956 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:16:03.0845 1956 clr_optimization_v2.0.50727_32 - ok 15:16:03.0876 1956 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 15:16:03.0876 1956 clr_optimization_v2.0.50727_64 - ok 15:16:03.0923 1956 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:16:03.0938 1956 clr_optimization_v4.0.30319_32 - ok 15:16:03.0969 1956 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 15:16:03.0985 1956 clr_optimization_v4.0.30319_64 - ok 15:16:04.0001 1956 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys 15:16:04.0016 1956 cmdide - ok 15:16:04.0032 1956 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 15:16:04.0047 1956 Compbatt - ok 15:16:04.0047 1956 COMSysApp - ok 15:16:04.0063 1956 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 15:16:04.0079 1956 crcdisk - ok 15:16:04.0125 1956 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll 15:16:04.0141 1956 CryptSvc - ok 15:16:04.0172 1956 [ F60F50C8ED3FCBE358430B95FE27D09C ] CSC C:\Windows\system32\drivers\csc.sys 15:16:04.0219 1956 CSC - ok 15:16:04.0281 1956 [ 1B5F256D31836ED2BA60B3A6C800200C ] CscService C:\Windows\System32\cscsvc.dll 15:16:04.0578 1956 CscService - ok 15:16:04.0640 1956 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll 15:16:04.0687 1956 DcomLaunch - ok 15:16:04.0703 1956 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 15:16:04.0734 1956 DfsC - ok 15:16:04.0796 1956 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe 15:16:05.0061 1956 DFSR - ok 15:16:05.0093 1956 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll 15:16:05.0155 1956 Dhcp - ok 15:16:05.0171 1956 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys 15:16:05.0186 1956 disk - ok 15:16:05.0202 1956 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 15:16:05.0249 1956 Dnscache - ok 15:16:05.0264 1956 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll 15:16:05.0311 1956 dot3svc - ok 15:16:05.0342 1956 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll 15:16:05.0373 1956 DPS - ok 15:16:05.0420 1956 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 15:16:05.0451 1956 drmkaud - ok 15:16:05.0529 1956 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 15:16:05.0576 1956 DXGKrnl - ok 15:16:05.0607 1956 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys 15:16:05.0639 1956 E1G60 - ok 15:16:05.0701 1956 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll 15:16:05.0732 1956 EapHost - ok 15:16:05.0763 1956 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys 15:16:05.0795 1956 Ecache - ok 15:16:05.0966 1956 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe 15:16:06.0013 1956 ehRecvr - ok 15:16:06.0029 1956 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe 15:16:06.0029 1956 ehSched - ok 15:16:06.0044 1956 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll 15:16:06.0060 1956 ehstart - ok 15:16:06.0107 1956 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys 15:16:06.0153 1956 elxstor - ok 15:16:06.0200 1956 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll 15:16:06.0263 1956 EMDMgmt - ok 15:16:06.0309 1956 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys 15:16:06.0372 1956 ErrDev - ok 15:16:06.0403 1956 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll 15:16:06.0450 1956 EventSystem - ok 15:16:06.0465 1956 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys 15:16:06.0481 1956 exfat - ok 15:16:06.0512 1956 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys 15:16:06.0559 1956 fastfat - ok 15:16:06.0590 1956 [ 989A776A2FF32A148FCF15C44058B129 ] Fax C:\Windows\system32\fxssvc.exe 15:16:06.0653 1956 Fax - ok 15:16:06.0684 1956 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 15:16:06.0746 1956 fdc - ok 15:16:06.0762 1956 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll 15:16:06.0793 1956 fdPHost - ok 15:16:06.0809 1956 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll 15:16:06.0855 1956 FDResPub - ok 15:16:06.0871 1956 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 15:16:06.0887 1956 FileInfo - ok 15:16:06.0918 1956 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys 15:16:06.0965 1956 Filetrace - ok 15:16:06.0980 1956 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 15:16:07.0027 1956 flpydisk - ok 15:16:07.0043 1956 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 15:16:07.0058 1956 FltMgr - ok 15:16:07.0136 1956 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll 15:16:07.0214 1956 FontCache - ok 15:16:07.0261 1956 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 15:16:07.0261 1956 FontCache3.0.0.0 - ok 15:16:07.0386 1956 [ 701C9023D8B5B18C9E08C27D4D1B5617 ] FreemiumSelfUpdateService C:\Program Files (x86)\Freetec\SystemStore\Freemium.SelfUpdate.exe 15:16:07.0604 1956 FreemiumSelfUpdateService ( UnsignedFile.Multi.Generic ) - warning 15:16:07.0604 1956 FreemiumSelfUpdateService - detected UnsignedFile.Multi.Generic (1) 15:16:07.0745 1956 [ EAE9B4318A46C08037BDB5CFE3053CF2 ] FreemiumSystemStoreService C:\Program Files (x86)\Freetec\SystemStore\Freemium.SystemStore.exe 15:16:08.0010 1956 FreemiumSystemStoreService ( UnsignedFile.Multi.Generic ) - warning 15:16:08.0010 1956 FreemiumSystemStoreService - detected UnsignedFile.Multi.Generic (1) 15:16:08.0057 1956 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 15:16:08.0072 1956 Fs_Rec - ok 15:16:08.0103 1956 [ 849E38DB7D829962D0233A0A252B60C3 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 15:16:08.0119 1956 fvevol - ok 15:16:08.0150 1956 [ 15585492E45E2F30768B2D5B57929D99 ] fwlanusbn C:\Windows\system32\DRIVERS\fwlanusbn.sys 15:16:08.0197 1956 fwlanusbn - ok 15:16:08.0228 1956 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 15:16:08.0244 1956 gagp30kx - ok 15:16:08.0275 1956 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll 15:16:08.0353 1956 gpsvc - ok 15:16:08.0415 1956 [ E859CA020ED61899F3C74A8D0032D05C ] Guard.Mail.ru C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe 15:16:08.0493 1956 Guard.Mail.ru - ok 15:16:08.0540 1956 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 15:16:08.0556 1956 HdAudAddService - ok 15:16:08.0587 1956 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 15:16:08.0665 1956 HDAudBus - ok 15:16:08.0681 1956 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys 15:16:08.0743 1956 HidBth - ok 15:16:08.0759 1956 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys 15:16:08.0821 1956 HidIr - ok 15:16:08.0852 1956 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll 15:16:08.0868 1956 hidserv - ok 15:16:08.0899 1956 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 15:16:08.0930 1956 HidUsb - ok 15:16:08.0961 1956 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll 15:16:09.0008 1956 hkmsvc - ok 15:16:09.0039 1956 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 15:16:09.0055 1956 HpCISSs - ok 15:16:09.0086 1956 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys 15:16:09.0149 1956 HTTP - ok 15:16:09.0149 1956 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys 15:16:09.0180 1956 i2omp - ok 15:16:09.0211 1956 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 15:16:09.0242 1956 i8042prt - ok 15:16:09.0320 1956 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 15:16:09.0367 1956 iaStorV - ok 15:16:09.0414 1956 [ 9AC1E19D77BA038F24E2FAB5D95F70D3 ] ICQ Service C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE 15:16:09.0429 1956 ICQ Service - ok 15:16:09.0585 1956 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 15:16:09.0648 1956 idsvc - ok 15:16:09.0695 1956 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys 15:16:09.0710 1956 iirsp - ok 15:16:09.0741 1956 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll 15:16:09.0804 1956 IKEEXT - ok 15:16:09.0835 1956 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys 15:16:09.0851 1956 intelide - ok 15:16:09.0866 1956 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 15:16:09.0897 1956 intelppm - ok 15:16:09.0929 1956 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 15:16:09.0960 1956 IPBusEnum - ok 15:16:09.0991 1956 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:16:10.0022 1956 IpFilterDriver - ok 15:16:10.0053 1956 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 15:16:10.0069 1956 iphlpsvc - ok 15:16:10.0069 1956 IpInIp - ok 15:16:10.0100 1956 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 15:16:10.0131 1956 IPMIDRV - ok 15:16:10.0147 1956 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 15:16:10.0209 1956 IPNAT - ok 15:16:10.0225 1956 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys 15:16:10.0256 1956 IRENUM - ok 15:16:10.0287 1956 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys 15:16:10.0303 1956 isapnp - ok 15:16:10.0334 1956 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 15:16:10.0350 1956 iScsiPrt - ok 15:16:10.0365 1956 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 15:16:10.0381 1956 iteatapi - ok 15:16:10.0412 1956 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys 15:16:10.0428 1956 iteraid - ok 15:16:10.0443 1956 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 15:16:10.0459 1956 kbdclass - ok 15:16:10.0490 1956 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 15:16:10.0521 1956 kbdhid - ok 15:16:10.0553 1956 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe 15:16:10.0568 1956 KeyIso - ok 15:16:10.0631 1956 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 15:16:10.0662 1956 KSecDD - ok 15:16:10.0677 1956 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 15:16:10.0709 1956 ksthunk - ok 15:16:10.0740 1956 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll 15:16:10.0802 1956 KtmRm - ok 15:16:10.0849 1956 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll 15:16:10.0865 1956 LanmanServer - ok 15:16:10.0896 1956 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 15:16:10.0927 1956 LanmanWorkstation - ok 15:16:10.0958 1956 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 15:16:10.0989 1956 lltdio - ok 15:16:11.0021 1956 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll 15:16:11.0052 1956 lltdsvc - ok 15:16:11.0067 1956 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll 15:16:11.0099 1956 lmhosts - ok 15:16:11.0130 1956 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 15:16:11.0145 1956 LSI_FC - ok 15:16:11.0161 1956 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 15:16:11.0177 1956 LSI_SAS - ok 15:16:11.0208 1956 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 15:16:11.0223 1956 LSI_SCSI - ok 15:16:11.0255 1956 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys 15:16:11.0301 1956 luafv - ok 15:16:11.0317 1956 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 15:16:11.0348 1956 Mcx2Svc - ok 15:16:11.0379 1956 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys 15:16:11.0395 1956 megasas - ok 15:16:11.0411 1956 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys 15:16:11.0457 1956 MegaSR - ok 15:16:11.0473 1956 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll 15:16:11.0535 1956 MMCSS - ok 15:16:11.0551 1956 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys 15:16:11.0598 1956 Modem - ok 15:16:11.0613 1956 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 15:16:11.0660 1956 monitor - ok 15:16:11.0660 1956 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 15:16:11.0676 1956 mouclass - ok 15:16:11.0691 1956 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 15:16:11.0738 1956 mouhid - ok 15:16:11.0754 1956 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 15:16:11.0769 1956 MountMgr - ok 15:16:11.0801 1956 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 15:16:11.0816 1956 MozillaMaintenance - ok 15:16:11.0847 1956 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys 15:16:11.0863 1956 mpio - ok 15:16:11.0894 1956 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 15:16:11.0925 1956 mpsdrv - ok 15:16:11.0957 1956 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll 15:16:12.0003 1956 MpsSvc - ok 15:16:12.0019 1956 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 15:16:12.0035 1956 Mraid35x - ok 15:16:12.0050 1956 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 15:16:12.0081 1956 MRxDAV - ok 15:16:12.0097 1956 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 15:16:12.0113 1956 mrxsmb - ok 15:16:12.0128 1956 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:16:12.0159 1956 mrxsmb10 - ok 15:16:12.0159 1956 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:16:12.0175 1956 mrxsmb20 - ok 15:16:12.0191 1956 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys 15:16:12.0206 1956 msahci - ok 15:16:12.0237 1956 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys 15:16:12.0253 1956 msdsm - ok 15:16:12.0300 1956 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe 15:16:12.0362 1956 MSDTC - ok 15:16:12.0393 1956 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys 15:16:12.0440 1956 Msfs - ok 15:16:12.0456 1956 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 15:16:12.0471 1956 msisadrv - ok 15:16:12.0503 1956 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 15:16:12.0549 1956 MSiSCSI - ok 15:16:12.0549 1956 msiserver - ok 15:16:12.0565 1956 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 15:16:12.0596 1956 MSKSSRV - ok 15:16:12.0627 1956 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 15:16:12.0659 1956 MSPCLOCK - ok 15:16:12.0674 1956 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 15:16:12.0705 1956 MSPQM - ok 15:16:12.0737 1956 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 15:16:12.0752 1956 MsRPC - ok 15:16:12.0768 1956 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 15:16:12.0783 1956 mssmbios - ok 15:16:12.0799 1956 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 15:16:12.0846 1956 MSTEE - ok 15:16:12.0861 1956 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys 15:16:12.0877 1956 Mup - ok 15:16:12.0893 1956 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll 15:16:12.0986 1956 napagent - ok 15:16:13.0033 1956 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 15:16:13.0064 1956 NativeWifiP - ok 15:16:13.0111 1956 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys 15:16:13.0158 1956 NDIS - ok 15:16:13.0173 1956 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 15:16:13.0205 1956 NdisTapi - ok 15:16:13.0220 1956 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 15:16:13.0267 1956 Ndisuio - ok 15:16:13.0283 1956 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 15:16:13.0314 1956 NdisWan - ok 15:16:13.0345 1956 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 15:16:13.0376 1956 NDProxy - ok 15:16:13.0392 1956 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 15:16:13.0454 1956 NetBIOS - ok 15:16:13.0454 1956 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 15:16:13.0501 1956 netbt - ok 15:16:13.0501 1956 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe 15:16:13.0517 1956 Netlogon - ok 15:16:13.0548 1956 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll 15:16:13.0641 1956 Netman - ok 15:16:13.0657 1956 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll 15:16:13.0704 1956 netprofm - ok 15:16:13.0735 1956 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:16:13.0735 1956 NetTcpPortSharing - ok 15:16:13.0797 1956 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 15:16:13.0813 1956 nfrd960 - ok 15:16:13.0829 1956 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll 15:16:13.0875 1956 NlaSvc - ok 15:16:13.0907 1956 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys 15:16:13.0953 1956 Npfs - ok 15:16:13.0985 1956 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll 15:16:14.0016 1956 nsi - ok 15:16:14.0063 1956 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 15:16:14.0125 1956 nsiproxy - ok 15:16:14.0172 1956 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 15:16:14.0250 1956 Ntfs - ok 15:16:14.0281 1956 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys 15:16:14.0312 1956 Null - ok 15:16:14.0359 1956 [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 15:16:14.0375 1956 NVHDA - ok 15:16:14.0640 1956 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 15:16:15.0326 1956 nvlddmkm - ok 15:16:15.0373 1956 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys 15:16:15.0404 1956 nvraid - ok 15:16:15.0420 1956 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys 15:16:15.0435 1956 nvstor - ok 15:16:15.0482 1956 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe 15:16:15.0529 1956 nvsvc - ok 15:16:15.0607 1956 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 15:16:15.0685 1956 nvUpdatusService - ok 15:16:15.0716 1956 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 15:16:15.0732 1956 nv_agp - ok 15:16:15.0732 1956 NwlnkFlt - ok 15:16:15.0747 1956 NwlnkFwd - ok 15:16:15.0763 1956 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 15:16:15.0810 1956 ohci1394 - ok 15:16:15.0950 1956 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:16:15.0966 1956 ose - ok 15:16:15.0997 1956 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll 15:16:16.0059 1956 p2pimsvc - ok 15:16:16.0075 1956 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll 15:16:16.0137 1956 p2psvc - ok 15:16:16.0153 1956 [ 4C6A7FD04DDF4DB88791048382E3EDB1 ] Parport C:\Windows\system32\DRIVERS\parport.sys 15:16:16.0215 1956 Parport - ok 15:16:16.0247 1956 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys 15:16:16.0262 1956 partmgr - ok 15:16:16.0278 1956 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll 15:16:16.0325 1956 PcaSvc - ok 15:16:16.0356 1956 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys 15:16:16.0371 1956 pci - ok 15:16:16.0387 1956 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys 15:16:16.0403 1956 pciide - ok 15:16:16.0434 1956 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 15:16:16.0434 1956 pcmcia - ok 15:16:16.0465 1956 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys 15:16:16.0590 1956 PEAUTH - ok 15:16:16.0668 1956 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe 15:16:16.0699 1956 PerfHost - ok 15:16:16.0746 1956 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll 15:16:16.0824 1956 pla - ok 15:16:16.0871 1956 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 15:16:16.0917 1956 PlugPlay - ok 15:16:16.0949 1956 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 15:16:16.0980 1956 PNRPAutoReg - ok 15:16:16.0995 1956 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll 15:16:17.0042 1956 PNRPsvc - ok 15:16:17.0089 1956 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 15:16:17.0136 1956 PolicyAgent - ok 15:16:17.0167 1956 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 15:16:17.0198 1956 PptpMiniport - ok 15:16:17.0214 1956 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys 15:16:17.0261 1956 Processor - ok 15:16:17.0276 1956 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll 15:16:17.0307 1956 ProfSvc - ok 15:16:17.0339 1956 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe 15:16:17.0339 1956 ProtectedStorage - ok 15:16:17.0370 1956 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys 15:16:17.0401 1956 PSched - ok 15:16:17.0432 1956 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys 15:16:17.0510 1956 ql2300 - ok 15:16:17.0526 1956 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 15:16:17.0541 1956 ql40xx - ok 15:16:17.0573 1956 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll 15:16:17.0619 1956 QWAVE - ok 15:16:17.0635 1956 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 15:16:17.0666 1956 QWAVEdrv - ok 15:16:17.0697 1956 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 15:16:17.0744 1956 RasAcd - ok 15:16:17.0760 1956 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll 15:16:17.0791 1956 RasAuto - ok 15:16:17.0822 1956 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 15:16:17.0853 1956 Rasl2tp - ok 15:16:17.0869 1956 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll 15:16:17.0900 1956 RasMan - ok 15:16:17.0931 1956 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 15:16:17.0978 1956 RasPppoe - ok 15:16:17.0994 1956 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 15:16:18.0025 1956 RasSstp - ok 15:16:18.0056 1956 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 15:16:18.0119 1956 rdbss - ok 15:16:18.0119 1956 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 15:16:18.0165 1956 RDPCDD - ok 15:16:18.0181 1956 [ AE23E79B13FEB62939E2CA1189E71735 ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys 15:16:18.0228 1956 rdpdr - ok 15:16:18.0243 1956 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 15:16:18.0290 1956 RDPENCDD - ok 15:16:18.0337 1956 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 15:16:18.0368 1956 RDPWD - ok 15:16:18.0399 1956 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll 15:16:18.0446 1956 RemoteAccess - ok 15:16:18.0462 1956 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll 15:16:18.0493 1956 RemoteRegistry - ok 15:16:18.0509 1956 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe 15:16:18.0540 1956 RpcLocator - ok 15:16:18.0555 1956 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll 15:16:18.0602 1956 RpcSs - ok 15:16:18.0602 1956 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 15:16:18.0649 1956 rspndr - ok 15:16:18.0665 1956 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe 15:16:18.0680 1956 SamSs - ok 15:16:18.0696 1956 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 15:16:18.0711 1956 sbp2port - ok 15:16:18.0727 1956 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll 15:16:18.0774 1956 SCardSvr - ok 15:16:18.0805 1956 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll 15:16:18.0867 1956 Schedule - ok 15:16:18.0899 1956 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll 15:16:18.0930 1956 SCPolicySvc - ok 15:16:18.0961 1956 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll 15:16:18.0992 1956 SDRSVC - ok 15:16:19.0008 1956 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 15:16:19.0070 1956 secdrv - ok 15:16:19.0086 1956 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll 15:16:19.0117 1956 seclogon - ok 15:16:19.0133 1956 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll 15:16:19.0179 1956 SENS - ok 15:16:19.0211 1956 [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 15:16:19.0242 1956 Serenum - ok 15:16:19.0257 1956 [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial C:\Windows\system32\DRIVERS\serial.sys 15:16:19.0304 1956 Serial - ok 15:16:19.0320 1956 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys 15:16:19.0367 1956 sermouse - ok 15:16:19.0398 1956 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll 15:16:19.0445 1956 SessionEnv - ok 15:16:19.0460 1956 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 15:16:19.0491 1956 sffdisk - ok 15:16:19.0507 1956 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 15:16:19.0554 1956 sffp_mmc - ok 15:16:19.0569 1956 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 15:16:19.0616 1956 sffp_sd - ok 15:16:19.0632 1956 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 15:16:19.0679 1956 sfloppy - ok 15:16:19.0710 1956 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll 15:16:19.0772 1956 SharedAccess - ok 15:16:19.0803 1956 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 15:16:19.0835 1956 ShellHWDetection - ok 15:16:19.0850 1956 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 15:16:19.0866 1956 SiSRaid2 - ok 15:16:19.0928 1956 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 15:16:19.0944 1956 SiSRaid4 - ok 15:16:20.0053 1956 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe 15:16:20.0178 1956 Skype C2C Service - ok 15:16:20.0240 1956 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 15:16:20.0256 1956 SkypeUpdate - ok 15:16:20.0318 1956 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe 15:16:20.0443 1956 slsvc - ok 15:16:20.0459 1956 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll 15:16:20.0490 1956 SLUINotify - ok 15:16:20.0521 1956 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys 15:16:20.0552 1956 Smb - ok 15:16:20.0583 1956 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe 15:16:20.0599 1956 SNMPTRAP - ok 15:16:20.0630 1956 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys 15:16:20.0646 1956 spldr - ok 15:16:20.0693 1956 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe 15:16:20.0724 1956 Spooler - ok 15:16:20.0755 1956 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys 15:16:20.0833 1956 srv - ok 15:16:20.0849 1956 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 15:16:20.0880 1956 srv2 - ok 15:16:20.0895 1956 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 15:16:20.0927 1956 srvnet - ok 15:16:20.0942 1956 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 15:16:20.0973 1956 SSDPSRV - ok 15:16:21.0036 1956 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll 15:16:21.0051 1956 SstpSvc - ok 15:16:21.0098 1956 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 15:16:21.0129 1956 Stereo Service - ok 15:16:21.0161 1956 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll 15:16:21.0192 1956 stisvc - ok 15:16:21.0207 1956 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys 15:16:21.0223 1956 swenum - ok 15:16:21.0348 1956 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll 15:16:21.0395 1956 swprv - ok 15:16:21.0410 1956 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 15:16:21.0426 1956 Symc8xx - ok 15:16:21.0441 1956 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 15:16:21.0457 1956 Sym_hi - ok 15:16:21.0488 1956 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 15:16:21.0504 1956 Sym_u3 - ok 15:16:21.0551 1956 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll 15:16:21.0644 1956 SysMain - ok 15:16:21.0675 1956 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll 15:16:21.0707 1956 TabletInputService - ok 15:16:21.0738 1956 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll 15:16:21.0785 1956 TapiSrv - ok 15:16:21.0785 1956 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll 15:16:21.0831 1956 TBS - ok 15:16:21.0878 1956 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys 15:16:21.0972 1956 Tcpip - ok 15:16:21.0987 1956 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 15:16:22.0034 1956 Tcpip6 - ok 15:16:22.0065 1956 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 15:16:22.0081 1956 tcpipreg - ok 15:16:22.0112 1956 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 15:16:22.0159 1956 TDPIPE - ok 15:16:22.0175 1956 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 15:16:22.0206 1956 TDTCP - ok 15:16:22.0221 1956 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 15:16:22.0253 1956 tdx - ok 15:16:22.0284 1956 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 15:16:22.0299 1956 TermDD - ok 15:16:22.0331 1956 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll 15:16:22.0393 1956 TermService - ok 15:16:22.0409 1956 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll 15:16:22.0424 1956 Themes - ok 15:16:22.0455 1956 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll 15:16:22.0487 1956 THREADORDER - ok 15:16:22.0502 1956 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll 15:16:22.0549 1956 TrkWks - ok 15:16:22.0580 1956 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 15:16:22.0611 1956 TrustedInstaller - ok 15:16:22.0643 1956 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 15:16:22.0674 1956 tssecsrv - ok 15:16:22.0689 1956 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 15:16:22.0705 1956 tunmp - ok 15:16:22.0736 1956 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 15:16:22.0752 1956 tunnel - ok 15:16:22.0783 1956 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 15:16:22.0799 1956 uagp35 - ok 15:16:22.0814 1956 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 15:16:22.0845 1956 udfs - ok 15:16:22.0861 1956 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe 15:16:22.0923 1956 UI0Detect - ok 15:16:22.0939 1956 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 15:16:22.0970 1956 uliagpkx - ok 15:16:23.0001 1956 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys 15:16:23.0033 1956 uliahci - ok 15:16:23.0048 1956 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys 15:16:23.0064 1956 UlSata - ok 15:16:23.0079 1956 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 15:16:23.0095 1956 ulsata2 - ok 15:16:23.0126 1956 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 15:16:23.0157 1956 umbus - ok 15:16:23.0189 1956 [ DC5E34F189B827199B9CC8481C648269 ] UmRdpService C:\Windows\System32\umrdp.dll 15:16:23.0220 1956 UmRdpService - ok 15:16:23.0235 1956 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll 15:16:23.0298 1956 upnphost - ok 15:16:23.0313 1956 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 15:16:23.0345 1956 usbccgp - ok 15:16:23.0376 1956 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys 15:16:23.0438 1956 usbcir - ok 15:16:23.0454 1956 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 15:16:23.0485 1956 usbehci - ok 15:16:23.0516 1956 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 15:16:23.0547 1956 usbhub - ok 15:16:23.0579 1956 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 15:16:23.0610 1956 usbohci - ok 15:16:23.0625 1956 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys 15:16:23.0672 1956 usbprint - ok 15:16:23.0688 1956 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:16:23.0735 1956 USBSTOR - ok 15:16:23.0750 1956 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 15:16:23.0766 1956 usbuhci - ok 15:16:23.0781 1956 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll 15:16:23.0828 1956 UxSms - ok 15:16:23.0844 1956 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe 15:16:23.0891 1956 vds - ok 15:16:23.0906 1956 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 15:16:23.0953 1956 vga - ok 15:16:23.0969 1956 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys 15:16:24.0015 1956 VgaSave - ok 15:16:24.0031 1956 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys 15:16:24.0047 1956 viaide - ok 15:16:24.0078 1956 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys 15:16:24.0078 1956 volmgr - ok 15:16:24.0125 1956 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 15:16:24.0156 1956 volmgrx - ok 15:16:24.0187 1956 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys 15:16:24.0203 1956 volsnap - ok 15:16:24.0234 1956 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 15:16:24.0249 1956 vsmraid - ok 15:16:24.0296 1956 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe 15:16:24.0390 1956 VSS - ok 15:16:24.0421 1956 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll 15:16:24.0452 1956 W32Time - ok 15:16:24.0468 1956 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 15:16:24.0530 1956 WacomPen - ok 15:16:24.0546 1956 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 15:16:24.0593 1956 Wanarp - ok 15:16:24.0593 1956 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 15:16:24.0624 1956 Wanarpv6 - ok 15:16:24.0655 1956 [ 48EEE289DF9E4989128B2283F3EEACC6 ] wbengine C:\Windows\system32\wbengine.exe 15:16:24.0733 1956 wbengine - ok 15:16:24.0780 1956 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll 15:16:24.0858 1956 wcncsvc - ok 15:16:24.0905 1956 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 15:16:24.0920 1956 WcsPlugInService - ok 15:16:24.0998 1956 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys 15:16:25.0014 1956 Wd - ok 15:16:25.0185 1956 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 15:16:25.0263 1956 Wdf01000 - ok 15:16:25.0295 1956 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll 15:16:25.0326 1956 WdiServiceHost - ok 15:16:25.0357 1956 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll 15:16:25.0404 1956 WdiSystemHost - ok 15:16:25.0482 1956 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll 15:16:25.0513 1956 WebClient - ok 15:16:25.0544 1956 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll 15:16:25.0575 1956 Wecsvc - ok 15:16:25.0607 1956 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll 15:16:25.0638 1956 wercplsupport - ok 15:16:25.0669 1956 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll 15:16:25.0700 1956 WerSvc - ok 15:16:25.0716 1956 WinDefend - ok 15:16:25.0716 1956 WinHttpAutoProxySvc - ok 15:16:25.0763 1956 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 15:16:25.0778 1956 Winmgmt - ok 15:16:25.0841 1956 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll 15:16:25.0981 1956 WinRM - ok 15:16:26.0075 1956 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll 15:16:26.0153 1956 Wlansvc - ok 15:16:26.0262 1956 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 15:16:26.0277 1956 wlcrasvc - ok 15:16:26.0355 1956 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 15:16:26.0449 1956 wlidsvc - ok 15:16:26.0480 1956 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 15:16:26.0496 1956 WmiAcpi - ok 15:16:26.0527 1956 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 15:16:26.0558 1956 wmiApSrv - ok 15:16:26.0558 1956 WMPNetworkSvc - ok 15:16:26.0589 1956 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll 15:16:26.0621 1956 WPCSvc - ok 15:16:26.0667 1956 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 15:16:26.0699 1956 WPDBusEnum - ok 15:16:26.0777 1956 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe 15:16:26.0808 1956 WPFFontCache_v0400 - ok 15:16:26.0839 1956 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 15:16:26.0870 1956 ws2ifsl - ok 15:16:26.0901 1956 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll 15:16:26.0917 1956 wscsvc - ok 15:16:26.0917 1956 WSearch - ok 15:16:26.0995 1956 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 15:16:27.0167 1956 wuauserv - ok 15:16:27.0213 1956 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 15:16:27.0260 1956 WudfPf - ok 15:16:27.0276 1956 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 15:16:27.0307 1956 WUDFRd - ok 15:16:27.0323 1956 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 15:16:27.0338 1956 wudfsvc - ok 15:16:27.0354 1956 ================ Scan global =============================== 15:16:27.0369 1956 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll 15:16:27.0416 1956 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll 15:16:27.0447 1956 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll 15:16:27.0494 1956 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe 15:16:27.0494 1956 [Global] - ok 15:16:27.0494 1956 ================ Scan MBR ================================== 15:16:27.0525 1956 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 15:16:27.0713 1956 \Device\Harddisk0\DR0 - ok 15:16:27.0713 1956 ================ Scan VBR ================================== 15:16:27.0713 1956 [ 7083B622D50CA72571663C777B423096 ] \Device\Harddisk0\DR0\Partition1 15:16:27.0713 1956 \Device\Harddisk0\DR0\Partition1 - ok 15:16:27.0744 1956 [ 36FBA23F7ABC1E1D25EC4B89B3FB712B ] \Device\Harddisk0\DR0\Partition2 15:16:27.0744 1956 \Device\Harddisk0\DR0\Partition2 - ok 15:16:27.0744 1956 ============================================================ 15:16:27.0744 1956 Scan finished 15:16:27.0744 1956 ============================================================ 15:16:27.0759 3488 Detected object count: 3 15:16:27.0759 3488 Actual detected object count: 3 15:16:39.0818 3488 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user 15:16:39.0818 3488 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:16:39.0818 3488 FreemiumSelfUpdateService ( UnsignedFile.Multi.Generic ) - skipped by user 15:16:39.0818 3488 FreemiumSelfUpdateService ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:16:39.0818 3488 FreemiumSystemStoreService ( UnsignedFile.Multi.Generic ) - skipped by user 15:16:39.0818 3488 FreemiumSystemStoreService ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
27.12.2012, 16:59
| #9 | |
| /// Malware-holic | GVU Trojaner mit Webcam aktivierung Hi hatte Urlaub combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.12.2012, 17:16
| #10 |
| | GVU Trojaner mit Webcam aktivierung Hier ist die Logdatei von Combofix |
|
28.12.2012, 17:46
| #11 |
| /// Malware-holic | GVU Trojaner mit Webcam aktivierung lade den CCleaner standard: CCleaner Download - CCleaner 3.26.1888 falls der CCleaner bereits instaliert, überspringen. öffnen, Tools,uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.12.2012, 18:21
| #12 |
| | GVU Trojaner mit Webcam aktivierung Die Liste |
|
03.01.2013, 17:25
| #13 |
| /// Malware-holic | GVU Trojaner mit Webcam aktivierung deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren deinstaliere: Avira SearchFree : beide Guard.ICQ ICQ Sparberater ICQ Toolbar Java : beide downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Malwarebytes Pokemon PS3 Windows Live : alle von dir nicht benötigten ZMatrix öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.01.2013, 17:33
| #14 |
| | GVU Trojaner mit Webcam aktivierung Die Textdatei von ADWCleaner # AdwCleaner v2.104 - Datei am 05/01/2013 um 17:33:12 erstellt # Aktualisiert am 29/12/2012 von Xplode # Betriebssystem : Windows (TM) Vista Ultimate Service Pack 2 (64 bits) # Benutzer : Virus Killer - WINDWOWSSUPPORT # Bootmodus : Normal # Ausgeführt unter : C:\Users\Virus Killer\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** Gefunden : ICQ Service ***** [Dateien / Ordner] ***** Datei Gefunden : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2gyyw7aj.default\searchplugins\icqplugin.xml Datei Gefunden : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2gyyw7aj.default\searchplugins\icqplugin-1.xml Datei Gefunden : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2gyyw7aj.default\searchplugins\icqplugin-2.xml Datei Gefunden : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2gyyw7aj.default\searchplugins\icqplugin-3.xml Datei Gefunden : C:\Users\Virus Killer\AppData\Roaming\Mozilla\Firefox\Profiles\3z4f6sc1.default\searchplugins\Askcom.xml Ordner Gefunden : C:\Program Files (x86)\ICQ6Toolbar Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE -\\ Mozilla Firefox v17.0.1 (de) Datei : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2gyyw7aj.default\prefs.js Gefunden : user_pref("browser.startup.homepage", "hxxp://start.icq.com/"); Gefunden : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q="); Datei : C:\Users\Virus Killer\AppData\Roaming\Mozilla\Firefox\Profiles\3z4f6sc1.default\prefs.js Gefunden : user_pref("browser.search.order.1", "Ask.com"); Gefunden : user_pref("browser.startup.homepage", "hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale[...] ************************* AdwCleaner[R1].txt - [4404 octets] - [05/01/2013 17:33:12] ########## EOF - C:\AdwCleaner[R1].txt - [4464 octets] ########## |
|
05.01.2013, 17:36
| #15 |
| /// Malware-holic | GVU Trojaner mit Webcam aktivierung Hi Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu GVU Trojaner mit Webcam aktivierung |
| administrator, aktivierung, anti-malware, appdata, autostart, backdoor.prorat, dateien, erfolgreich, explorer, gelöscht, malware.gen, malwarebytes, microsoft, quarantäne, roaming, runctf.lnk, service, service pack 2, speicher, startup, temp, trojan.ransom.sugen, trojaner, version, vista, webcam |
Linear-Darstellung
