| |
| |||||||
Log-Analyse und Auswertung: Werbungstrojaner bei google sucheWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.12.2012, 15:54
| #1 |
| |  Werbungstrojaner bei google suche Hallo.. mein Problem Wenn man bei google einen Suchbegriff eingibt (egal welchen)erscheinen auf der ERSTEN gefundenen Seite immer Links von performersoft.com/,driverperformer.com/,worddictionary.com.au/ ,planet49.de,etc. Teilweise werden meine suchbegriffe in falschem deutsch unter dem Link von z.b.(performersoft.com/) imitiert. Die Performerlinks locken beispielsweise mit (Jetzt Spyware bereinigen) oder (Neue Treiberupdates) |
|
21.12.2012, 15:57
| #2 |
| /// Malware-holic   | Werbungstrojaner bei google suche Hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
21.12.2012, 16:23
| #3 |
| | Werbungstrojaner bei google suche Als Erstes, danke für die schnelle Antwort....
__________________OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.12.2012 16:11:29 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MotoGP\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,55 Gb Available Physical Memory | 69,57% Memory free 55,02 Gb Paging File | 52,39 Gb Available in Paging File | 95,22% Paging File free Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 40000 40000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 73,14 Gb Total Space | 21,21 Gb Free Space | 29,00% Space Free | Partition Type: NTFS Drive D: | 1789,77 Gb Total Space | 1411,30 Gb Free Space | 78,85% Space Free | Partition Type: NTFS Drive E: | 479,58 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 97,66 Gb Total Space | 97,57 Gb Free Space | 99,91% Space Free | Partition Type: NTFS Drive G: | 368,10 Gb Total Space | 181,50 Gb Free Space | 49,31% Space Free | Partition Type: NTFS Computer Name: MOTOGP-PC | User Name: MotoGP | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.21 16:05:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MotoGP\Desktop\OTL.exe PRC - [2012.12.07 16:40:22 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.08.09 13:16:12 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.06.04 23:29:14 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.05.14 12:26:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.14 12:26:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.01.12 11:23:20 | 000,018,432 | ---- | M] () -- C:\Users\MotoGP\AppData\LocalLow\WOT\IE\WOTUpdater.exe PRC - [2011.07.11 22:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2011.05.20 06:30:00 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe ========== Modules (No Company Name) ========== MOD - [2012.12.07 16:40:22 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.06.17 08:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:64bit: - [2010.04.07 22:04:24 | 000,127,800 | R--- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2007.05.18 20:53:45 | 000,754,288 | ---- | M] (CODEMASTERS) [Auto | Stopped] -- C:\Windows\SysNative\pr2ah4nc.exe -- (pr2ah4nc) SRV - [2012.12.07 16:40:22 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.06.04 23:29:14 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.05.14 12:26:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.14 12:26:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.01.12 11:23:20 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\MotoGP\AppData\LocalLow\WOT\IE\WOTUpdater.exe -- (WOTUpdater) SRV - [2010.10.27 16:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.05.14 12:26:06 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.14 12:26:06 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.16 18:08:53 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.20 06:30:01 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.05.20 06:30:01 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.04.30 12:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.04.30 12:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.15 10:24:18 | 000,058,448 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PWFilterUsb.sys -- (PorscheWheelFilterUsb) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.10.27 15:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2010.10.27 15:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2010.10.27 15:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2010.10.27 15:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2010.10.27 15:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2010.10.27 15:50:28 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU) DRV:64bit: - [2010.10.27 15:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2010.10.27 15:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2010.10.19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.09.13 18:24:26 | 000,437,272 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.09.07 07:27:24 | 000,038,912 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PcaSp60.sys -- (PcaSp60) DRV:64bit: - [2010.08.27 18:53:22 | 000,297,000 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx) DRV:64bit: - [2010.03.23 02:17:06 | 002,061,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64) DRV:64bit: - [2010.03.06 08:41:05 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews) DRV:64bit: - [2009.12.01 15:49:52 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc) DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.10.12 01:00:22 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64) DRV:64bit: - [2007.10.12 00:56:34 | 000,582,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV561V64.sys -- (PID_0928) DRV:64bit: - [2007.05.18 20:53:12 | 000,072,560 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pe3ah4nc.sys -- (pe3ah4nc) DRV:64bit: - [2007.05.18 20:52:49 | 000,077,176 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ps6ah4nc.sys -- (ps6ah4nc) DRV:64bit: - [2007.04.19 11:03:18 | 000,023,040 | ---- | M] (Immersion Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\imhidusb.sys -- (imhidusb) DRV - [2010.09.07 07:27:24 | 000,038,912 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PcaSp60.sys -- (PcaSp60) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6B 26 99 99 61 BE CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: info%40quick-search.org:2.3 FF - prefs.js..extensions.enabledAddons: undoclosedtabsbutton%40supernova00.biz:3.7.1 FF - prefs.js..extensions.enabledAddons: %7B6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3%7D:1.4.15 FF - prefs.js..extensions.enabledAddons: %7B987311C6-B504-4aa2-90BF-60CC49808D42%7D:2.2 FF - prefs.js..extensions.enabledAddons: %7B9fb7d178-155a-4318-9173-1a8eaaea7fe4%7D:2.1.14 FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7Bc50ca3c4-5656-43c2-a061-13e717f73fc8%7D:4.2.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: undoclosedtabsbutton@supernova00.biz:3.6.2 FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.14 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3 FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2 FF - prefs.js..extensions.enabledItems: {9fb7d178-155a-4318-9173-1a8eaaea7fe4}:2.1.10 FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {84b24861-62f6-364b-eba5-2e5e2061d7e6}:0.9.3 FF - prefs.js..extensions.enabledItems: info@quick-search.org:2.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.07 16:40:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.07 16:40:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.07 14:05:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.03.09 15:36:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MotoGP\AppData\Roaming\mozilla\Extensions [2011.03.09 15:36:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MotoGP\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.12.20 00:00:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MotoGP\AppData\Roaming\mozilla\Firefox\Profiles\3ahd28vt.default\extensions [2012.11.01 17:27:55 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\MotoGP\AppData\Roaming\mozilla\Firefox\Profiles\3ahd28vt.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3} [2011.02.27 05:25:20 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\MotoGP\AppData\Roaming\mozilla\Firefox\Profiles\3ahd28vt.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42} [2012.10.13 20:27:34 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\MotoGP\AppData\Roaming\mozilla\Firefox\Profiles\3ahd28vt.default\extensions\de-DE@dictionaries.addons.mozilla.org [2011.04.23 01:54:57 | 000,000,000 | ---D | M] (QuickSearchBar) -- C:\Users\MotoGP\AppData\Roaming\mozilla\Firefox\Profiles\3ahd28vt.default\extensions\info@quick-search.org [2011.05.08 15:21:35 | 000,040,179 | ---- | M] () (No name found) -- C:\Users\MotoGP\AppData\Roaming\mozilla\firefox\profiles\3ahd28vt.default\extensions\undoclosedtabsbutton@supernova00.biz.xpi [2012.12.20 00:00:26 | 000,532,971 | ---- | M] () (No name found) -- C:\Users\MotoGP\AppData\Roaming\mozilla\firefox\profiles\3ahd28vt.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.09.11 14:15:14 | 000,358,547 | ---- | M] () (No name found) -- C:\Users\MotoGP\AppData\Roaming\mozilla\firefox\profiles\3ahd28vt.default\extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4}.xpi [2012.12.15 17:37:45 | 000,316,317 | ---- | M] () (No name found) -- C:\Users\MotoGP\AppData\Roaming\mozilla\firefox\profiles\3ahd28vt.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [2012.11.24 18:55:15 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\MotoGP\AppData\Roaming\mozilla\firefox\profiles\3ahd28vt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.11.05 08:38:50 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\MotoGP\AppData\Roaming\mozilla\firefox\profiles\3ahd28vt.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2012.12.07 16:40:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.07 16:40:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.12.07 16:40:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.12.07 16:40:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.12.07 16:40:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.12.07 16:40:22 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.18 18:42:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.02 17:26:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.18 18:42:59 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.18 18:42:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.18 18:42:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.18 18:42:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (WOT) - {9E571C81-21E7-496B-9E6B-127E60263022} - C:\Users\MotoGP\AppData\LocalLow\WOT\IE\WOT.dll (WOT Services Oy) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FB0819A-8FAC-41C9-A48A-83E5FE96C977}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DFA88B1-CB33-4832-8C62-61F7BCE887C7}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{56a44307-41f7-11e0-bcbf-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{56a44307-41f7-11e0-bcbf-806e6f6e6963}\Shell\AutoRun\command - "" = E:\MLLaunch.exe O33 - MountPoints2\{b6bf5b4b-41f2-11e0-9802-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b6bf5b4b-41f2-11e0-9802-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe O33 - MountPoints2\{dd9289d1-421c-11e0-9c53-002683112e41}\Shell - "" = AutoRun O33 - MountPoints2\{dd9289d1-421c-11e0-9c53-002683112e41}\Shell\AutoRun\command - "" = M:\SISetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.21 16:05:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MotoGP\Desktop\OTL.exe [2012.12.21 15:29:32 | 000,000,000 | ---D | C] -- C:\Users\MotoGP\AppData\Roaming\Malwarebytes [2012.12.21 15:29:15 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.21 15:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.21 15:29:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.21 15:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.21 15:28:43 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\MotoGP\Desktop\mbam-setup-1.65.1.1000.exe [2012.12.21 15:24:29 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\MotoGP\Desktop\dds.com [2012.12.18 21:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.12.18 21:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.12.18 21:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.12.18 21:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012.12.14 20:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.12.14 20:26:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.12.08 14:15:05 | 000,000,000 | ---D | C] -- C:\Users\MotoGP\AppData\Local\SWTOR [2012.12.08 14:15:05 | 000,000,000 | ---D | C] -- C:\Users\MotoGP\Documents\HeroBlade Logs [2012.12.08 06:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA [2012.12.08 06:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare [2012.12.07 16:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.07 14:05:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2012.12.03 11:30:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.12.03 11:30:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.21 16:05:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MotoGP\Desktop\OTL.exe [2012.12.21 15:29:15 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.21 15:28:48 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\MotoGP\Desktop\mbam-setup-1.65.1.1000.exe [2012.12.21 15:28:48 | 000,016,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.21 15:28:48 | 000,016,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.21 15:26:02 | 000,898,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.21 15:26:02 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.21 15:26:02 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.21 15:26:02 | 000,044,584 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.21 15:26:02 | 000,020,746 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.21 15:24:32 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\MotoGP\Desktop\dds.com [2012.12.21 15:21:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.21 15:21:21 | 2129,231,871 | -HS- | M] () -- C:\hiberfil.sys [2012.12.21 15:18:10 | 000,547,175 | ---- | M] () -- C:\Users\MotoGP\Desktop\adwcleaner.exe [2012.12.20 06:07:26 | 000,295,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.20 06:03:04 | 000,875,396 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.12.18 21:36:28 | 000,001,793 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.21 15:29:15 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.21 15:18:06 | 000,547,175 | ---- | C] () -- C:\Users\MotoGP\Desktop\adwcleaner.exe [2012.11.30 15:41:07 | 000,875,396 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.11.30 11:35:46 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.30 11:31:57 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.06.04 23:29:36 | 000,214,816 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.06.04 23:29:14 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.02.16 15:15:09 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll [2011.03.12 14:12:57 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.03.04 20:38:46 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.02.27 22:55:38 | 000,007,603 | ---- | C] () -- C:\Users\MotoGP\AppData\Local\Resmon.ResmonCfg [2011.02.26 23:58:56 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.02.26 23:30:19 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2011.02.26 23:04:11 | 000,039,977 | ---- | C] () -- C:\Windows\Ascd_log.ini [2011.02.26 23:03:38 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.02.26 23:03:32 | 000,025,549 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.08.19 02:57:44 | 000,000,000 | ---D | M] -- C:\Users\MotoGP\AppData\Roaming\.minecraft [2012.02.11 00:59:48 | 000,000,000 | ---D | M] -- C:\Users\MotoGP\AppData\Roaming\DAEMON Tools Lite [2011.12.20 13:39:28 | 000,000,000 | ---D | M] -- C:\Users\MotoGP\AppData\Roaming\FreeAudioPack [2011.07.29 16:45:20 | 000,000,000 | ---D | M] -- C:\Users\MotoGP\AppData\Roaming\GetRightToGo [2011.03.08 23:26:07 | 000,000,000 | ---D | M] -- C:\Users\MotoGP\AppData\Roaming\Grand Ages Rome [2011.02.28 18:03:20 | 000,000,000 | ---D | M] -- C:\Users\MotoGP\AppData\Roaming\Leadertech [2012.02.09 02:08:18 | 000,000,000 | ---D | M] -- C:\Users\MotoGP\AppData\Roaming\MobMapUpdater [2011.03.02 20:37:05 | 000,000,000 | ---D | M] -- C:\Users\MotoGP\AppData\Roaming\MysteryStudio [2011.05.05 19:57:34 | 000,000,000 | ---D | M] -- C:\Users\MotoGP\AppData\Roaming\Nemetschek [2011.04.04 05:13:36 | 000,000,000 | ---D | M] -- C:\Users\MotoGP\AppData\Roaming\OpenOffice.org [2012.01.14 06:11:12 | 000,000,000 | ---D | M] -- C:\Users\MotoGP\AppData\Roaming\Screaming Bee [2011.03.09 15:36:22 | 000,000,000 | ---D | M] -- C:\Users\MotoGP\AppData\Roaming\Thunderbird [2012.10.26 21:45:08 | 000,000,000 | ---D | M] -- C:\Users\MotoGP\AppData\Roaming\TS3Client [2012.02.13 16:39:05 | 000,000,000 | ---D | M] -- C:\Users\MotoGP\AppData\Roaming\Ubisoft [2011.04.16 03:26:03 | 000,000,000 | ---D | M] -- C:\Users\MotoGP\AppData\Roaming\uTorrent ========== Purity Check ========== < End of report > EXTRA:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.12.2012 16:11:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MotoGP\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 5,55 Gb Available Physical Memory | 69,57% Memory free
55,02 Gb Paging File | 52,39 Gb Available in Paging File | 95,22% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 40000 40000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 73,14 Gb Total Space | 21,21 Gb Free Space | 29,00% Space Free | Partition Type: NTFS
Drive D: | 1789,77 Gb Total Space | 1411,30 Gb Free Space | 78,85% Space Free | Partition Type: NTFS
Drive E: | 479,58 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 97,66 Gb Total Space | 97,57 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
Drive G: | 368,10 Gb Total Space | 181,50 Gb Free Space | 49,31% Space Free | Partition Type: NTFS
Computer Name: MOTOGP-PC | User Name: MotoGP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "D:\Programme\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "D:\Programme\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{040447E1-0B07-4F82-B843-B87833C98D1E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0C5EBBDD-26AF-4199-858C-140DC1384723}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0CD4AC7D-A0AA-491C-81CF-E39372F2F46D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1614B39F-4AC9-4F98-83D4-F8BB4442E6BA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1943AC39-2212-4D15-A269-52E1F0E48D92}" = rport=445 | protocol=6 | dir=out | app=system |
"{20914122-A0CC-4BCE-BB87-500152D89795}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2198B5F1-E3CC-412B-8189-D1ACF2B95CF5}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{23D7DEB1-8009-4327-B583-DF6D438C4F11}" = lport=2869 | protocol=6 | dir=in | app=system |
"{24378CF8-21E7-4043-BD52-4751EEB8B286}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{35BB9353-58B0-4039-BAB7-FA7C766C8766}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{595C2893-EF84-41F8-8C84-906AD4B6D574}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5B7AF1A5-34B0-46AD-A434-5C0C5A637718}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5BBDD02A-468A-4D51-8EA1-66BF34A10B79}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{623F8C18-01FE-419F-9EDB-73D6EBA6F33B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6872A13C-BF00-4AA9-A669-9936383DAA68}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6889227B-F9B9-438B-94B7-41A9932B8279}" = lport=427 | protocol=6 | dir=in | name=advanced tcp/ip slp port |
"{73445EEF-FD0A-4C35-B0E5-FC2307B1F283}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7BC891D8-6A9C-4F89-A53E-0C2E0C5F1BC3}" = lport=139 | protocol=6 | dir=in | app=system |
"{7CF03BCC-EFEC-41A4-9E80-8C833053DE3A}" = rport=2869 | protocol=6 | dir=out | app=system |
"{81313405-A329-418F-9E35-66CF3380CF47}" = lport=445 | protocol=6 | dir=in | app=system |
"{82100C5B-A28C-45AA-B7D5-52A1FA9FB9F9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{82A86BA0-5082-4E0D-925D-0D15C9EF1FD7}" = rport=139 | protocol=6 | dir=out | app=system |
"{88A2383B-854E-4EB3-9607-21342917DB3B}" = rport=138 | protocol=17 | dir=out | app=system |
"{8D387B22-E260-4AF9-A3CA-7BD7CAAB60DF}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{933C292A-46ED-4C5A-A8D8-9E2F30A182CD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9CA94293-69CA-4EE6-AD32-334F8EDEA146}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9CBCE2B7-676E-4F49-BF2D-62107CA6360D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A197A301-E654-480D-AD3D-63A158949E22}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{A3FBF769-02E3-4955-B913-44887560DB61}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A553E002-DFFA-4160-9BA3-E49967F3F015}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AAFC0833-A336-401F-9C77-BA2B07BB9A7F}" = lport=137 | protocol=17 | dir=in | app=system |
"{BB6A89CD-FA0B-4D00-BA25-387850264850}" = rport=137 | protocol=17 | dir=out | app=system |
"{BC17E842-17C3-4A35-B563-84883B5B0702}" = lport=138 | protocol=17 | dir=in | app=system |
"{D9A9109F-7864-4EF5-820B-D00383DEFE97}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DCE1729E-1296-4425-81D3-BE6A4545EE07}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E1A23E50-6898-4484-8798-2FA6383DE55A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E3B20E0F-35F7-49B1-B870-30AF0A907551}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E5BA2737-6484-4E12-8DC8-5006CB7055C4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EB5A9080-8039-46D3-9D90-4C4CBA4E3593}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F298ED78-BC31-4AFB-95A0-239F5C88C5EF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F4123206-5DF5-406C-BFEC-43F8B8BCC006}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F777D8C2-9F4A-479C-A365-E64DBCB5EF63}" = lport=161 | protocol=6 | dir=in | name=advanced tcp/ip snmp port |
"{FAA489A9-09F4-4893-B541-7C9D05E830F9}" = lport=9100 | protocol=6 | dir=in | name=advanced tcp/ip printer port |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003990FC-5D71-417A-A71A-7E297F659397}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{04AED665-64F2-4754-91AB-450EBF97399E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{05155BC4-AAD3-4A3B-9CF0-52637E0C3059}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{068FCA00-BD25-4E32-A9C2-A4E41FE3103E}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii public test\diablo iii.exe |
"{06B168B9-8BF9-4919-B450-7ACD0C1DE69B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{07691B2C-1334-4A4C-9485-0505B14017FA}" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\launcher.exe |
"{08B7B283-15DA-4C9A-8511-D9D7BE349765}" = protocol=6 | dir=in | app=d:\programme\steam\steam.exe |
"{0B0C7181-A2C3-4C41-B822-EDFCFF05A628}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0CEC1D90-D849-4E65-9A23-4160287CC1C2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{117A269F-5655-4A67-B195-9B6014C888D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{12371E57-F18C-4065-AECB-2EF5E0FD0CFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{18F187E2-455B-42FC-8890-5A5C5002CC0D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{199BE9CD-1C16-4B03-919A-3EDEAEED6A8E}" = protocol=6 | dir=in | app=e:\routersetup\qiswizard.exe |
"{1DB7050A-A9C8-438B-93A9-F85FA2CC59FE}" = protocol=6 | dir=in | app=c:\program files\hp\hp laserjet p1100 series\wificonfig.exe |
"{271737F7-9861-43C6-B335-1019C71767B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{27C180C0-4527-409D-AEB4-D3982DA1B17A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{27EA4641-9BEF-4EDE-B427-06E9F5DA38F6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2931E53D-DCF9-4E49-B971-31188C4518FB}" = protocol=17 | dir=in | app=d:\spiele\swtor\star wars-the old republic\launcher.exe |
"{2D092351-F834-47F4-997F-CA3B2CCF6B2C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{2EA14506-E34D-4DBB-8118-F52E956ECA98}" = protocol=6 | dir=in | app=d:\programme\torrent\utorrent.exe |
"{31094D93-E6C8-497F-B851-74A91F7A1342}" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\launcher.patch.exe |
"{33388357-BF71-4F4A-AEF5-2AADBA25724C}" = protocol=17 | dir=in | app=d:\spiele\2070\autopatcher.exe |
"{36C000BA-123A-4187-93FD-8AE9BD2D1AF6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3D28EA9B-6033-4E87-97BE-56268C3D3E73}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3DBC4BB9-E59B-4C6A-9EF7-E237B78BB656}" = protocol=6 | dir=in | app=d:\spiele\swtor\star wars-the old republic\launcher.exe |
"{3E457F45-EED5-4335-BB30-0D3E71E14388}" = protocol=6 | dir=in | app=d:\spiele\2070\autopatcher.exe |
"{42062AFF-6B33-47F3-A43A-EE5782DD71E5}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |
"{4238A4DD-335B-4298-BBAC-E7EF88B2DC73}" = protocol=17 | dir=in | app=e:\routersetup\qiswizard.exe |
"{4399A44B-5F98-4BB6-80D2-214D7F85EEF8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{457B1122-6030-47E4-826D-E3E76E677C72}" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\starcraft ii\starcraft ii.exe |
"{4A419649-ED35-4CBD-A8CC-FA6331029CD4}" = protocol=17 | dir=in | app=d:\spiele\2070\initengine.exe |
"{4B8AAC18-508A-4398-9879-FECF4A0EF492}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{4C724A96-5884-438B-974A-862E40A00321}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4FC70655-475C-4C27-9314-4E5F405F027F}" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\launcher.exe |
"{513E27E1-2075-422C-9470-9BF373228171}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{52605F6B-30F5-4C41-95BB-6A971272CA9F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{5357EE86-ED16-4158-ADBA-467F708A19F4}" = protocol=17 | dir=in | app=d:\spiele\swtor\star wars-the old republic\launcher.exe |
"{559A69DC-9AEE-4264-B455-4729C2E46077}" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\launcher.patch.exe |
"{5862F855-FAEF-4F48-A02E-49A33DFD826A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5BDC33DE-E075-4F74-8AE9-61F93F023E52}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{6064B167-1B79-47B8-9A68-ED41C0D3DCD8}" = protocol=6 | dir=out | app=system |
"{63D3107A-66B7-4C26-95EA-B4B27BE70387}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{669DBA50-2A0C-4D6F-9EDF-9D0F9234E0EA}" = protocol=17 | dir=in | app=c:\program files\hp\hp laserjet p1100 series\wificonfig.exe |
"{67C0AE3B-F37B-420D-8515-85CCDBAEAACA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6C6DC5F9-DDF5-4973-AA2C-B37063975A9B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{70EBCEF4-0A2F-4386-A443-D4A4065EE96C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{7251AEFC-59E9-4BD8-9D1E-22AB561AB6A9}" = protocol=17 | dir=in | app=d:\programme\steam\steam.exe |
"{7448C7E0-5DD3-47EA-BAC8-7C0607C48FC4}" = protocol=6 | dir=in | app=d:\spiele\2070\anno5.exe |
"{78A89F22-38C8-4A31-B36E-C6E7B7AD156D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{7C59F694-D3B3-4AE0-ABC0-4720DD0A0C05}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D19B946-5D6F-489B-B3F2-DF843DF4C37C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{7F032001-89D0-45D2-9F6C-00052125E01E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{842F8495-043A-471E-9B18-6EB897F221C5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{856FE4F1-2939-4E42-80FC-9A1AD898A63F}" = protocol=6 | dir=in | app=d:\spiele\swtor\star wars-the old republic\launcher.exe |
"{86D34456-2F8E-4971-92F4-D8EB05B1430C}" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\launcher.exe |
"{8A46AB57-3BF5-448C-8748-AC153FE04762}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{8E04B495-E16E-4354-BE0D-9866379D6775}" = protocol=6 | dir=in | app=e:\productinst64.exe |
"{8E879978-FCAE-45CF-BE8D-4E8A5EAB3C0F}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii public test\diablo iii.exe |
"{8EDAF66B-A778-4D65-BE78-D088BF788207}" = protocol=17 | dir=in | app=d:\spiele\grid\grid.exe |
"{94B524F9-9894-4E27-8C0F-E56A6B301779}" = protocol=17 | dir=in | app=e:\productinst64.exe |
"{978E1CF1-2053-4204-9BE8-822B2FF99997}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9A66292B-1FFC-412F-B8A1-59C45DE140E0}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9BE2738A-130D-41AC-8398-BF1AFDD77835}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A18FF56B-DCBA-4271-B361-45C14BA2BC2A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{A346317E-2962-4CC2-8B3A-13F1B16EDE4C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{A42ECAC0-9E3F-400C-B05F-A867BEC86913}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A6542B18-81EF-4813-B1B4-C2EFCD5DB80E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{A7D532B6-B106-4218-B042-15BBB586622D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ADEA22B3-227C-4730-B38A-D3EF70D810A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AE1B221B-5D08-4C12-8DBE-28C7E6D2303D}" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\launcher.patch.exe |
"{B2225D25-2DAE-4C4C-8527-43A1046EF3D7}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{B229B67C-2B58-42A7-8EBA-3F2A8223D5AF}" = protocol=6 | dir=in | app=d:\spiele\grid\grid.exe |
"{B9BBCECA-8E49-48F0-9FAF-7B7D88E6E781}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BAB9AB06-6D9A-499E-AFAC-ABC4903678EF}" = protocol=17 | dir=in | app=d:\spiele\2070\anno5.exe |
"{BB682D80-EE12-43AB-B57D-33F6B41C2994}" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\launcher.patch.exe |
"{BC6FA55B-49D2-4EC2-98E9-64CEE39EE7F0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BFA23F2C-7CC4-443A-BCEE-BD73DD99B3A1}" = protocol=6 | dir=in | app=d:\spiele\2070\initengine.exe |
"{C00110C8-2F76-4A23-9004-7EEF0EF8F409}" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{C31EB62F-7EDA-4B73-9B9F-7B9A86DAF0A3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C3EAD35B-DF91-4641-BE2F-57899A239824}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C607A38E-349A-4A20-B5C0-1E8BE11A1F43}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{CA016B79-FC9D-4B91-A3D1-519DDE9EA23B}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{CE4FABA5-3D6B-4693-9430-0BCA522373BB}" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\launcher.exe |
"{D2030CC7-254B-42AB-947B-C52A8812ACD7}" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{D482D09E-8603-4EC2-A4A3-609C387DAD8C}" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\starcraft ii\starcraft ii.exe |
"{D4EBB585-E20A-441C-A88B-6BE7140D7798}" = protocol=17 | dir=in | app=d:\programme\torrent\utorrent.exe |
"{D69461DE-022B-4F7E-9145-53CBCAA22E67}" = protocol=17 | dir=in | app=d:\spiele\diablo3\diablo iii\diablo iii.exe |
"{D7727018-0F2A-4B0C-ABF0-A808ACE481AD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{DD11DA09-A3FE-463C-B43E-34242B2C002C}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |
"{E1EA0CD9-BADF-4AC8-943D-CE96C07CE307}" = protocol=6 | dir=in | app=d:\spiele\diablo3\diablo iii\diablo iii.exe |
"{E8112FF0-F35A-4234-B7ED-74FD4B8A630A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{EA94EC54-419E-4681-B114-A83F7CD68BDD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{ED969290-CB14-425D-B5DE-123A4056E65F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F075D04C-C65F-4B8F-9FBE-0D2F0C0E12E4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{F15E50A0-D224-4E26-A33C-5A50D5C5408E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F5AD94F8-91E3-48C0-B03C-22937EAA7262}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FD5F6B55-3AD6-4543-B6EC-903C0D67CB84}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{03E3F1E7-1792-4B6E-80F0-B9E5D2DD86D7}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"TCP Query User{17FC3233-911C-4200-BE58-B7786DCADFBD}D:\spiele\witcher2\bin\witcher2.exe" = protocol=6 | dir=in | app=d:\spiele\witcher2\bin\witcher2.exe |
"TCP Query User{25229DC8-B764-4749-8B3B-954F085553A8}D:\spiele\diablo3\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=d:\spiele\diablo3\diablo iii\diablo iii.exe |
"TCP Query User{280EF841-4A45-4207-A72D-189FB8F1A0BC}D:\spiele\dc\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=d:\spiele\dc\unreal3\binaries\win32\dcgame.exe |
"TCP Query User{474E35F6-09A9-410C-A525-14F27C13D5B7}D:\spiele\witcher2\bin\witcher2.exe" = protocol=6 | dir=in | app=d:\spiele\witcher2\bin\witcher2.exe |
"TCP Query User{576CCA6D-211A-4957-84A8-5B5C6A2AB247}D:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{581C454E-0149-4E4D-A294-814C47275EE5}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{647B7A35-33DB-4798-8BB4-C22B89A5CB76}D:\spiele\need for speed the run\need for speed the run.exe" = protocol=6 | dir=in | app=d:\spiele\need for speed the run\need for speed the run.exe |
"TCP Query User{7DEADE2F-9AE0-4E4B-B87F-30E38A35EBC2}C:\users\motogp\desktop\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\motogp\desktop\diablo-iii-8370-dede-installer-downloader.exe |
"TCP Query User{83AD7ECF-4AC1-4869-B905-DB18F7E0076F}D:\spiele\dirt\dirt.exe" = protocol=6 | dir=in | app=d:\spiele\dirt\dirt.exe |
"TCP Query User{8703ED5E-AA7E-49EE-A89E-A3F8135A083F}D:\spiele\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{A66B834D-B355-42C4-AA18-50747B6A6116}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{AB050873-7D88-44D1-A114-47B5807B9446}D:\spiele\dutycalls\binaries\win32\dutycalls.exe" = protocol=6 | dir=in | app=d:\spiele\dutycalls\binaries\win32\dutycalls.exe |
"TCP Query User{ABBCBDFF-BD65-496F-A3FA-E0A9FB95EAFB}D:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\backgrounddownloader.exe |
"TCP Query User{B52112C5-304B-4766-B11E-D6FCC15E5B5D}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{C22A3C4A-7F24-41A3-9E34-75E2C61BDD23}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{D5ADAF01-AE8B-4C86-B6F5-C4B9038CDA0A}D:\spiele\gtr2\gtr2.exe" = protocol=6 | dir=in | app=d:\spiele\gtr2\gtr2.exe |
"TCP Query User{DAEA99DB-624F-4287-B32F-249D60969C7C}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{FC904048-0D3A-409C-8BAE-DC433D639736}G:\spiele\wolfenstein\et.exe" = protocol=6 | dir=in | app=g:\spiele\wolfenstein\et.exe |
"UDP Query User{02E02DB0-36F7-4C3D-9915-5607A24D9779}D:\spiele\diablo3\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=d:\spiele\diablo3\diablo iii\diablo iii.exe |
"UDP Query User{0D356BE4-8DCD-4943-A44A-1AE75D15DB10}D:\spiele\need for speed the run\need for speed the run.exe" = protocol=17 | dir=in | app=d:\spiele\need for speed the run\need for speed the run.exe |
"UDP Query User{148907AB-638F-4D92-838C-43E920C6DDFA}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{336BAD7A-8A16-4D5C-867D-264507D05E18}C:\users\motogp\desktop\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\motogp\desktop\diablo-iii-8370-dede-installer-downloader.exe |
"UDP Query User{3390A82C-1D89-45FE-A87E-A466953CB419}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{3BB5104B-BD07-473E-A21E-7DC5009A3350}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{4E03728E-83BC-413D-AAAA-9DBFE8AAE695}D:\spiele\gtr2\gtr2.exe" = protocol=17 | dir=in | app=d:\spiele\gtr2\gtr2.exe |
"UDP Query User{50B4A27E-FACE-4F31-BF0F-A7054251E4BB}D:\spiele\witcher2\bin\witcher2.exe" = protocol=17 | dir=in | app=d:\spiele\witcher2\bin\witcher2.exe |
"UDP Query User{70F87CFF-FB04-4DE5-91CF-4D3C17535B98}D:\spiele\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{731016A7-4C17-47A6-87BF-3E284D12F0C0}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"UDP Query User{88F2A177-0C8B-4EF9-B401-719C747D0321}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{91E87D32-5507-436C-84A4-2A7460C9BAC9}D:\spiele\dutycalls\binaries\win32\dutycalls.exe" = protocol=17 | dir=in | app=d:\spiele\dutycalls\binaries\win32\dutycalls.exe |
"UDP Query User{A556A371-C688-4D9F-975E-A568EEBD2165}D:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\backgrounddownloader.exe |
"UDP Query User{A6F149D8-E954-49B8-965F-28E3765E278F}D:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{AC6DAE4B-2469-42C0-B829-DA522441167B}D:\spiele\dc\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=d:\spiele\dc\unreal3\binaries\win32\dcgame.exe |
"UDP Query User{D2026963-E7E6-43F7-8456-1008BC34F459}D:\spiele\witcher2\bin\witcher2.exe" = protocol=17 | dir=in | app=d:\spiele\witcher2\bin\witcher2.exe |
"UDP Query User{E7AF19AF-2A10-49A8-B6AB-19992D9AFA10}G:\spiele\wolfenstein\et.exe" = protocol=17 | dir=in | app=g:\spiele\wolfenstein\et.exe |
"UDP Query User{E9036E52-3775-4441-A64F-552991F0E1C8}D:\spiele\dirt\dirt.exe" = protocol=17 | dir=in | app=d:\spiele\dirt\dirt.exe |
"UDP Query User{F4E874E2-1A88-48EB-8BEA-40ECBB8BAF17}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417006FF}" = Java 7 Update 6 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{AF5020D9-116A-46AC-A922-087592F37EC9}" = MobileMe Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C88ED293-4EC7-4C6C-B105-B8DE4199AFAB}" = Porsche Wheel
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"sp6" = Logitech SetPoint 6.30
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 37
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C850287-4CD5-4FAD-BE39-A4AF7851A7C6}" = GRID Demo
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F5F2909-4983-4E76-A3AF-B55ABB5E8BF7}_is1" = GTR2 Online Functionality Patch
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}" = DiRT
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF2A8E58-DBC6-36D3-A145-7252029F6F48}" = Microsoft Report Viewer Redistributable 2008 SP1
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D560A981-FEB3-42F0-A61A-13E9528E0C51}_is1" = GTR 2 1.0.0.0
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Civitas3" = Grand Ages Rome 1.11
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"Diablo III Public Test" = Diablo III Public Test
"Dime City_is1" = Dime City
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"IrfanView" = IrfanView (remove only)
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft Report Viewer Redistributable 2008 SP1" = Microsoft Report Viewer Redistributable 2008 SP1
"MobMap_is1" = MobMap 4.31
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"StarCraft II" = StarCraft II
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SOE-DC Universe Online Live" = DC Universe Online Live
"SOE-DC Universe Online Live PSG" = DC Universe Online Live
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07.11.2012 19:30:34 | Computer Name = MotoGP-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Diablo III.exe, Version: 1.0.5.12811,
Zeitstempel: 0x5081c7b2 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x000222b2 ID des fehlerhaften
Prozesses: 0x12bc Startzeit der fehlerhaften Anwendung: 0x01cdbd148a71cad5 Pfad der
fehlerhaften Anwendung: D:\Spiele\Diablo3\Diablo III\Diablo III.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 206666a8-2933-11e2-9d30-bcaec592c19c
Error - 11.11.2012 14:00:01 | Computer Name = MotoGP-PC | Source = Windows Backup | ID = 4103
Description =
Error - 19.11.2012 07:23:40 | Computer Name = MotoGP-PC | Source = Windows Backup | ID = 4103
Description =
Error - 25.11.2012 14:00:08 | Computer Name = MotoGP-PC | Source = Windows Backup | ID = 4103
Description =
Error - 03.12.2012 06:16:54 | Computer Name = MotoGP-PC | Source = Windows Backup | ID = 4103
Description =
Error - 09.12.2012 11:50:34 | Computer Name = MotoGP-PC | Source = Application Hang | ID = 1002
Description = Programm launcher.exe, Version 3.2.3.4 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d4c Startzeit:
01cdd6243d9d6f18 Endzeit: 3 Anwendungspfad: D:\Spiele\SWTOR\Star Wars-The Old Republic\launcher.exe
Berichts-ID:
29853250-4218-11e2-8364-bcaec592c19c
Error - 09.12.2012 14:00:08 | Computer Name = MotoGP-PC | Source = Windows Backup | ID = 4103
Description =
Error - 10.12.2012 12:58:48 | Computer Name = MotoGP-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: swtor.exe, Version: 1.0.0.0, Zeitstempel:
0x50b67b2a Name des fehlerhaften Moduls: MemoryMan.dll, Version: 0.0.0.0, Zeitstempel:
0x50b676e6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00005883 ID des fehlerhaften Prozesses:
0xebc Startzeit der fehlerhaften Anwendung: 0x01cdd6e37a8d8250 Pfad der fehlerhaften
Anwendung: D:\Spiele\SWTOR\Star Wars-The Old Republic\swtor\RetailClient\swtor.exe
Pfad
des fehlerhaften Moduls: D:\Spiele\SWTOR\Star Wars-The Old Republic\swtor\RetailClient\MemoryMan.dll
Berichtskennung:
dce2ea4d-42ea-11e2-8a23-bcaec592c19c
Error - 16.12.2012 18:08:47 | Computer Name = MotoGP-PC | Source = Windows Backup | ID = 4103
Description =
Error - 21.12.2012 11:11:20 | Computer Name = MotoGP-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 53c Startzeit:
01cddf8ca9c3bbb6 Endzeit: 0 Anwendungspfad: C:\Users\MotoGP\Desktop\OTL.exe Berichts-ID:
[ Media Center Events ]
Error - 12.03.2011 09:13:49 | Computer Name = MotoGP-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description =
Error - 12.03.2011 09:15:02 | Computer Name = MotoGP-PC | Source = Microsoft-Windows-Media Center Extender | ID = 543
Description =
Error - 12.03.2011 09:16:45 | Computer Name = MotoGP-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description =
Error - 12.03.2011 09:16:54 | Computer Name = MotoGP-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description =
Error - 12.03.2011 09:17:48 | Computer Name = MotoGP-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description =
Error - 12.03.2011 09:18:42 | Computer Name = MotoGP-PC | Source = Microsoft-Windows-Media Center Extender | ID = 543
Description =
Error - 12.03.2011 09:20:46 | Computer Name = MotoGP-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description =
Error - 12.03.2011 09:22:43 | Computer Name = MotoGP-PC | Source = Microsoft-Windows-Media Center Extender | ID = 543
Description =
Error - 12.03.2011 09:27:03 | Computer Name = MotoGP-PC | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description =
Error - 12.03.2011 09:28:32 | Computer Name = MotoGP-PC | Source = Microsoft-Windows-Media Center Extender | ID = 543
Description =
[ System Events ]
Error - 21.12.2012 01:01:26 | Computer Name = MotoGP-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 21.12.2012 01:04:14 | Computer Name = MotoGP-PC | Source = ipnathlp | ID = 31004
Description =
Error - 21.12.2012 08:41:06 | Computer Name = MotoGP-PC | Source = ps6ah4nc | ID = 262145
Description = Protection Synchronization Driver detected an internal error, contact
the customer support service.
Error - 21.12.2012 08:41:06 | Computer Name = MotoGP-PC | Source = ps6ah4nc | ID = 262145
Description = Protection Synchronization Driver detected an internal error, contact
the customer support service.
Error - 21.12.2012 08:43:26 | Computer Name = MotoGP-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 21.12.2012 08:43:26 | Computer Name = MotoGP-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 21.12.2012 10:21:20 | Computer Name = MotoGP-PC | Source = ps6ah4nc | ID = 262145
Description = Protection Synchronization Driver detected an internal error, contact
the customer support service.
Error - 21.12.2012 10:21:20 | Computer Name = MotoGP-PC | Source = ps6ah4nc | ID = 262145
Description = Protection Synchronization Driver detected an internal error, contact
the customer support service.
Error - 21.12.2012 10:23:43 | Computer Name = MotoGP-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 21.12.2012 10:23:43 | Computer Name = MotoGP-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
|
|
21.12.2012, 16:28
| #4 |
| /// Malware-holic | Werbungstrojaner bei google suche Hi öffne Malwarebytes, Logdaten, poste Berichte mit Funden. Öffne Avira, Verwaltung, Quarantäne, poste die Fundmeldungen mit Pfadangaben.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.12.2012, 16:37
| #5 |
| | Werbungstrojaner bei google suche Malwarebytes Anti-Malware 1.65.1.1000 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.12.21.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 MotoGP :: MOTOGP-PC [Administrator] 21.12.2012 16:35:01 mbam-log-2012-12-21 (16-35-01).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 261840 Laufzeit: 2 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) avira Quarantäne is leer.... |
|
21.12.2012, 17:35
| #6 |
| /// Malware-holic | Werbungstrojaner bei google suche Hab ich was von einem neuen Log geschrieben, bitte lies noch mal, was da steht.
__________________ --> Werbungstrojaner bei google suche |
|
21.12.2012, 20:51
| #7 |
| | Werbungstrojaner bei google suche ältere Logs oder ähnliches hab ich nicht.. Anti-Malware hatte ich gerade erst installiert und Avira is halt leer..?! da hilft auch lesen nix oder steh ich aufm Schlauch? okey hab gerade gesehn das ich EBEN nicht das zeug in die [Scan/Fixes] kopiert habe... al Geändert von DonCaToni (21.12.2012 um 21:51 Uhr) |
|
27.12.2012, 18:52
| #8 |
| /// Malware-holic | Werbungstrojaner bei google suche Hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
31.12.2012, 05:56
| #9 |
| | Werbungstrojaner bei google suche Hi und ein gesundes neues Jahr! hier der TDSS Report: 05:52:07.0813 2432 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 05:52:07.0954 2432 ============================================================ 05:52:07.0954 2432 Current date / time: 2012/12/31 05:52:07.0954 05:52:07.0954 2432 SystemInfo: 05:52:07.0954 2432 05:52:07.0954 2432 OS Version: 6.1.7601 ServicePack: 1.0 05:52:07.0954 2432 Product type: Workstation 05:52:07.0954 2432 ComputerName: MOTOGP-PC 05:52:07.0954 2432 UserName: MotoGP 05:52:07.0954 2432 Windows directory: C:\Windows 05:52:07.0954 2432 System windows directory: C:\Windows 05:52:07.0954 2432 Running under WOW64 05:52:07.0954 2432 Processor architecture: Intel x64 05:52:07.0954 2432 Number of processors: 4 05:52:07.0954 2432 Page size: 0x1000 05:52:07.0954 2432 Boot type: Normal boot 05:52:07.0954 2432 ============================================================ 05:52:10.0684 2432 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 05:52:10.0684 2432 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 05:52:10.0699 2432 ============================================================ 05:52:10.0699 2432 \Device\Harddisk1\DR1: 05:52:10.0699 2432 MBR partitions: 05:52:10.0699 2432 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 05:52:10.0699 2432 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x924A000 05:52:10.0699 2432 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x927C800, BlocksNum 0xDFB8B800 05:52:10.0699 2432 \Device\Harddisk0\DR0: 05:52:10.0699 2432 MBR partitions: 05:52:10.0699 2432 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC350000 05:52:10.0699 2432 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x2E035000 05:52:10.0699 2432 ============================================================ 05:52:10.0715 2432 C: <-> \Device\Harddisk1\DR1\Partition2 05:52:10.0730 2432 D: <-> \Device\Harddisk1\DR1\Partition3 05:52:10.0746 2432 F: <-> \Device\Harddisk0\DR0\Partition1 05:52:10.0777 2432 G: <-> \Device\Harddisk0\DR0\Partition2 05:52:10.0777 2432 ============================================================ 05:52:10.0777 2432 Initialize success 05:52:10.0777 2432 ============================================================ 05:52:50.0370 3964 ============================================================ 05:52:50.0370 3964 Scan started 05:52:50.0370 3964 Mode: Manual; SigCheck; TDLFS; 05:52:50.0370 3964 ============================================================ 05:52:51.0072 3964 ================ Scan system memory ======================== 05:52:51.0072 3964 System memory - ok 05:52:51.0072 3964 ================ Scan services ============================= 05:52:51.0166 3964 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 05:52:51.0353 3964 1394ohci - ok 05:52:51.0415 3964 A2DDA - ok 05:52:51.0431 3964 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 05:52:51.0447 3964 ACPI - ok 05:52:51.0447 3964 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 05:52:51.0509 3964 AcpiPmi - ok 05:52:51.0571 3964 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 05:52:51.0571 3964 AdobeARMservice - ok 05:52:51.0603 3964 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 05:52:51.0634 3964 adp94xx - ok 05:52:51.0634 3964 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 05:52:51.0649 3964 adpahci - ok 05:52:51.0649 3964 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 05:52:51.0665 3964 adpu320 - ok 05:52:51.0681 3964 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 05:52:51.0759 3964 AeLookupSvc - ok 05:52:51.0790 3964 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 05:52:51.0821 3964 AFD - ok 05:52:51.0837 3964 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 05:52:51.0852 3964 agp440 - ok 05:52:51.0852 3964 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 05:52:51.0883 3964 ALG - ok 05:52:51.0899 3964 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 05:52:51.0915 3964 aliide - ok 05:52:51.0915 3964 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 05:52:51.0930 3964 amdide - ok 05:52:51.0930 3964 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 05:52:51.0961 3964 AmdK8 - ok 05:52:51.0961 3964 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 05:52:51.0993 3964 AmdPPM - ok 05:52:52.0008 3964 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 05:52:52.0024 3964 amdsata - ok 05:52:52.0024 3964 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 05:52:52.0055 3964 amdsbs - ok 05:52:52.0055 3964 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 05:52:52.0071 3964 amdxata - ok 05:52:52.0117 3964 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 05:52:52.0133 3964 AntiVirSchedulerService - ok 05:52:52.0149 3964 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 05:52:52.0149 3964 AntiVirService - ok 05:52:52.0180 3964 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 05:52:52.0289 3964 AppID - ok 05:52:52.0305 3964 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 05:52:52.0336 3964 AppIDSvc - ok 05:52:52.0351 3964 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 05:52:52.0383 3964 Appinfo - ok 05:52:52.0461 3964 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 05:52:52.0476 3964 Apple Mobile Device - ok 05:52:52.0476 3964 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 05:52:52.0476 3964 arc - ok 05:52:52.0476 3964 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 05:52:52.0492 3964 arcsas - ok 05:52:52.0570 3964 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 05:52:52.0617 3964 aspnet_state - ok 05:52:52.0632 3964 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 05:52:52.0679 3964 AsyncMac - ok 05:52:52.0695 3964 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 05:52:52.0710 3964 atapi - ok 05:52:52.0710 3964 [ AAAE03F8EDA817EC28C5445193EA8BF3 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys 05:52:52.0726 3964 AthBTPort - ok 05:52:52.0741 3964 [ 4ECC791539F23982411864037D1AC8FC ] ATHDFU C:\Windows\system32\Drivers\AthDfu.sys 05:52:52.0773 3964 ATHDFU - ok 05:52:52.0788 3964 [ C34B28D6285EAD94B3A2FABA84E90DA5 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe 05:52:52.0804 3964 AtherosSvc - ok 05:52:52.0835 3964 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 05:52:52.0882 3964 AudioEndpointBuilder - ok 05:52:52.0882 3964 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 05:52:52.0913 3964 AudioSrv - ok 05:52:52.0929 3964 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 05:52:52.0929 3964 avgntflt - ok 05:52:52.0944 3964 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 05:52:52.0960 3964 avipbb - ok 05:52:52.0960 3964 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 05:52:52.0975 3964 avkmgr - ok 05:52:52.0991 3964 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 05:52:53.0053 3964 AxInstSV - ok 05:52:53.0069 3964 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 05:52:53.0116 3964 b06bdrv - ok 05:52:53.0131 3964 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 05:52:53.0178 3964 b57nd60a - ok 05:52:53.0194 3964 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 05:52:53.0225 3964 BDESVC - ok 05:52:53.0241 3964 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 05:52:53.0287 3964 Beep - ok 05:52:53.0319 3964 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 05:52:53.0365 3964 BFE - ok 05:52:53.0381 3964 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 05:52:53.0412 3964 BITS - ok 05:52:53.0428 3964 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 05:52:53.0443 3964 blbdrive - ok 05:52:53.0521 3964 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 05:52:53.0537 3964 Bonjour Service - ok 05:52:53.0553 3964 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 05:52:53.0568 3964 bowser - ok 05:52:53.0584 3964 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 05:52:53.0631 3964 BrFiltLo - ok 05:52:53.0631 3964 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 05:52:53.0662 3964 BrFiltUp - ok 05:52:53.0677 3964 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 05:52:53.0693 3964 Browser - ok 05:52:53.0709 3964 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 05:52:53.0755 3964 Brserid - ok 05:52:53.0771 3964 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 05:52:53.0802 3964 BrSerWdm - ok 05:52:53.0802 3964 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 05:52:53.0833 3964 BrUsbMdm - ok 05:52:53.0833 3964 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 05:52:53.0849 3964 BrUsbSer - ok 05:52:53.0880 3964 [ 3B1B573371B206D1D5F25E0EF5FCD6D6 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys 05:52:53.0896 3964 BTATH_A2DP - ok 05:52:53.0911 3964 [ 2D0446336D9DB55A742B999EC16ADF15 ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys 05:52:53.0911 3964 BTATH_BUS - ok 05:52:53.0927 3964 [ 9A9694BBEB2849EAF95DFFCAE5DF02AD ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys 05:52:53.0927 3964 BTATH_HCRP - ok 05:52:53.0958 3964 [ FC0A8075DDF2E9C66267AEC91E0676F9 ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys 05:52:53.0958 3964 BTATH_LWFLT - ok 05:52:53.0974 3964 [ 5EB4815CBDDBA4541F2380DAE6E269AB ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys 05:52:53.0989 3964 BTATH_RCP - ok 05:52:54.0005 3964 [ 0ECEDE7B33CFD9A52A61220ABBD09A50 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys 05:52:54.0005 3964 BtFilter - ok 05:52:54.0021 3964 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 05:52:54.0083 3964 BthEnum - ok 05:52:54.0083 3964 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 05:52:54.0099 3964 BTHMODEM - ok 05:52:54.0114 3964 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 05:52:54.0114 3964 BthPan - ok 05:52:54.0130 3964 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 05:52:54.0177 3964 BTHPORT - ok 05:52:54.0208 3964 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 05:52:54.0239 3964 bthserv - ok 05:52:54.0255 3964 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 05:52:54.0270 3964 BTHUSB - ok 05:52:54.0286 3964 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 05:52:54.0317 3964 cdfs - ok 05:52:54.0333 3964 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 05:52:54.0348 3964 cdrom - ok 05:52:54.0364 3964 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 05:52:54.0426 3964 CertPropSvc - ok 05:52:54.0426 3964 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 05:52:54.0442 3964 circlass - ok 05:52:54.0457 3964 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 05:52:54.0457 3964 CLFS - ok 05:52:54.0504 3964 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 05:52:54.0520 3964 clr_optimization_v2.0.50727_32 - ok 05:52:54.0535 3964 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 05:52:54.0551 3964 clr_optimization_v2.0.50727_64 - ok 05:52:54.0613 3964 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 05:52:54.0676 3964 clr_optimization_v4.0.30319_32 - ok 05:52:54.0691 3964 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 05:52:54.0707 3964 clr_optimization_v4.0.30319_64 - ok 05:52:54.0723 3964 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 05:52:54.0738 3964 CmBatt - ok 05:52:54.0754 3964 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 05:52:54.0769 3964 cmdide - ok 05:52:54.0785 3964 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys 05:52:54.0816 3964 CNG - ok 05:52:54.0832 3964 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 05:52:54.0832 3964 Compbatt - ok 05:52:54.0847 3964 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 05:52:54.0879 3964 CompositeBus - ok 05:52:54.0879 3964 COMSysApp - ok 05:52:54.0879 3964 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 05:52:54.0879 3964 crcdisk - ok 05:52:54.0894 3964 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 05:52:54.0910 3964 CryptSvc - ok 05:52:54.0941 3964 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 05:52:54.0988 3964 DcomLaunch - ok 05:52:55.0019 3964 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 05:52:55.0050 3964 defragsvc - ok 05:52:55.0066 3964 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 05:52:55.0097 3964 DfsC - ok 05:52:55.0128 3964 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 05:52:55.0175 3964 Dhcp - ok 05:52:55.0175 3964 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 05:52:55.0191 3964 discache - ok 05:52:55.0206 3964 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 05:52:55.0222 3964 Disk - ok 05:52:55.0253 3964 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 05:52:55.0284 3964 Dnscache - ok 05:52:55.0300 3964 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 05:52:55.0331 3964 dot3svc - ok 05:52:55.0362 3964 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 05:52:55.0409 3964 DPS - ok 05:52:55.0425 3964 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 05:52:55.0440 3964 drmkaud - ok 05:52:55.0471 3964 [ 400582B09E0BB557D0EC28A945150EEB ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 05:52:55.0487 3964 dtsoftbus01 - ok 05:52:55.0503 3964 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 05:52:55.0518 3964 DXGKrnl - ok 05:52:55.0534 3964 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 05:52:55.0549 3964 EapHost - ok 05:52:55.0612 3964 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 05:52:55.0674 3964 ebdrv - ok 05:52:55.0705 3964 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 05:52:55.0737 3964 EFS - ok 05:52:55.0752 3964 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 05:52:55.0799 3964 ehRecvr - ok 05:52:55.0830 3964 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 05:52:55.0877 3964 ehSched - ok 05:52:55.0893 3964 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 05:52:55.0924 3964 elxstor - ok 05:52:55.0955 3964 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 05:52:55.0986 3964 ErrDev - ok 05:52:56.0002 3964 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 05:52:56.0033 3964 EventSystem - ok 05:52:56.0033 3964 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 05:52:56.0064 3964 exfat - ok 05:52:56.0064 3964 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 05:52:56.0095 3964 fastfat - ok 05:52:56.0127 3964 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 05:52:56.0173 3964 Fax - ok 05:52:56.0173 3964 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 05:52:56.0189 3964 fdc - ok 05:52:56.0205 3964 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 05:52:56.0236 3964 fdPHost - ok 05:52:56.0236 3964 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 05:52:56.0267 3964 FDResPub - ok 05:52:56.0283 3964 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 05:52:56.0283 3964 FileInfo - ok 05:52:56.0283 3964 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 05:52:56.0329 3964 Filetrace - ok 05:52:56.0329 3964 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 05:52:56.0329 3964 flpydisk - ok 05:52:56.0361 3964 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 05:52:56.0376 3964 FltMgr - ok 05:52:56.0407 3964 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 05:52:56.0454 3964 FontCache - ok 05:52:56.0485 3964 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 05:52:56.0517 3964 FontCache3.0.0.0 - ok 05:52:56.0517 3964 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 05:52:56.0517 3964 FsDepends - ok 05:52:56.0548 3964 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 05:52:56.0563 3964 Fs_Rec - ok 05:52:56.0563 3964 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 05:52:56.0579 3964 fvevol - ok 05:52:56.0595 3964 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 05:52:56.0610 3964 gagp30kx - ok 05:52:56.0610 3964 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 05:52:56.0626 3964 GEARAspiWDM - ok 05:52:56.0641 3964 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 05:52:56.0688 3964 gpsvc - ok 05:52:56.0688 3964 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 05:52:56.0704 3964 hcw85cir - ok 05:52:56.0735 3964 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 05:52:56.0766 3964 HdAudAddService - ok 05:52:56.0766 3964 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 05:52:56.0782 3964 HDAudBus - ok 05:52:56.0782 3964 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 05:52:56.0797 3964 HidBatt - ok 05:52:56.0797 3964 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 05:52:56.0813 3964 HidBth - ok 05:52:56.0813 3964 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 05:52:56.0829 3964 HidIr - ok 05:52:56.0844 3964 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 05:52:56.0875 3964 hidserv - ok 05:52:56.0891 3964 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 05:52:56.0907 3964 HidUsb - ok 05:52:56.0922 3964 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 05:52:56.0969 3964 hkmsvc - ok 05:52:57.0000 3964 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 05:52:57.0031 3964 HomeGroupListener - ok 05:52:57.0047 3964 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 05:52:57.0063 3964 HomeGroupProvider - ok 05:52:57.0063 3964 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 05:52:57.0078 3964 HpSAMD - ok 05:52:57.0094 3964 [ 5A539A3CBD6EC1609D5333B486D5F74C ] HPSIService C:\Windows\system32\HPSIsvc.exe 05:52:57.0094 3964 HPSIService - ok 05:52:57.0109 3964 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 05:52:57.0156 3964 HTTP - ok 05:52:57.0172 3964 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 05:52:57.0172 3964 hwpolicy - ok 05:52:57.0187 3964 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 05:52:57.0203 3964 i8042prt - ok 05:52:57.0219 3964 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 05:52:57.0234 3964 Suspicious file (Forged): C:\Windows\system32\DRIVERS\iaStor.sys. Real md5: F7CE9BE72EDAC499B713ECA6DAE5D26F, Fake md5: B13F7ACF3A2A20C0349AA004110FF6FA 05:52:57.0234 3964 iaStor ( ForgedFile.Multi.Generic ) - warning 05:52:57.0234 3964 iaStor - detected ForgedFile.Multi.Generic (1) 05:52:57.0234 3964 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 05:52:57.0250 3964 iaStorV - ok 05:52:57.0281 3964 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 05:52:57.0297 3964 IDriverT ( UnsignedFile.Multi.Generic ) - warning 05:52:57.0297 3964 IDriverT - detected UnsignedFile.Multi.Generic (1) 05:52:57.0328 3964 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 05:52:57.0375 3964 idsvc - ok 05:52:57.0375 3964 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 05:52:57.0390 3964 iirsp - ok 05:52:57.0406 3964 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 05:52:57.0437 3964 IKEEXT - ok 05:52:57.0468 3964 [ 7F7313E8BC26BA77440ED1370B613870 ] imhidusb C:\Windows\system32\DRIVERS\imhidusb.sys 05:52:57.0484 3964 imhidusb - ok 05:52:57.0546 3964 [ DAB7318CCFA8081200D5B7B486793F74 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 05:52:57.0562 3964 IntcAzAudAddService - ok 05:52:57.0577 3964 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 05:52:57.0577 3964 intelide - ok 05:52:57.0593 3964 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 05:52:57.0609 3964 intelppm - ok 05:52:57.0624 3964 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 05:52:57.0640 3964 IPBusEnum - ok 05:52:57.0655 3964 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 05:52:57.0671 3964 IpFilterDriver - ok 05:52:57.0702 3964 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 05:52:57.0733 3964 iphlpsvc - ok 05:52:57.0749 3964 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 05:52:57.0780 3964 IPMIDRV - ok 05:52:57.0796 3964 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 05:52:57.0811 3964 IPNAT - ok 05:52:57.0843 3964 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 05:52:57.0858 3964 iPod Service - ok 05:52:57.0874 3964 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 05:52:57.0889 3964 IRENUM - ok 05:52:57.0889 3964 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 05:52:57.0905 3964 isapnp - ok 05:52:57.0905 3964 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 05:52:57.0921 3964 iScsiPrt - ok 05:52:57.0921 3964 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 05:52:57.0936 3964 kbdclass - ok 05:52:57.0936 3964 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 05:52:57.0952 3964 kbdhid - ok 05:52:57.0952 3964 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 05:52:57.0967 3964 KeyIso - ok 05:52:57.0983 3964 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 05:52:57.0999 3964 KSecDD - ok 05:52:58.0030 3964 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 05:52:58.0045 3964 KSecPkg - ok 05:52:58.0045 3964 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 05:52:58.0077 3964 ksthunk - ok 05:52:58.0092 3964 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 05:52:58.0123 3964 KtmRm - ok 05:52:58.0155 3964 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 05:52:58.0186 3964 LanmanServer - ok 05:52:58.0201 3964 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 05:52:58.0233 3964 LanmanWorkstation - ok 05:52:58.0279 3964 [ 19EFF704CD16DD0429E128431F1DD631 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe 05:52:58.0311 3964 LBTServ - ok 05:52:58.0342 3964 [ 1074C77A47835E03C15BF92452F9A750 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys 05:52:58.0342 3964 LHidFilt - ok 05:52:58.0357 3964 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 05:52:58.0373 3964 lltdio - ok 05:52:58.0389 3964 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 05:52:58.0435 3964 lltdsvc - ok 05:52:58.0435 3964 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 05:52:58.0467 3964 lmhosts - ok 05:52:58.0467 3964 [ 96999C364C649E2866A268F7420A304A ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys 05:52:58.0482 3964 LMouFilt - ok 05:52:58.0482 3964 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 05:52:58.0498 3964 LSI_FC - ok 05:52:58.0498 3964 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 05:52:58.0513 3964 LSI_SAS - ok 05:52:58.0513 3964 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 05:52:58.0529 3964 LSI_SAS2 - ok 05:52:58.0529 3964 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 05:52:58.0545 3964 LSI_SCSI - ok 05:52:58.0545 3964 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 05:52:58.0576 3964 luafv - ok 05:52:58.0638 3964 [ 6562FCEE704F14C05F5338B147D67A16 ] LVUSBS64 C:\Windows\system32\DRIVERS\LVUSBS64.sys 05:52:58.0654 3964 LVUSBS64 - ok 05:52:58.0669 3964 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 05:52:58.0701 3964 Mcx2Svc - ok 05:52:58.0716 3964 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 05:52:58.0732 3964 megasas - ok 05:52:58.0747 3964 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 05:52:58.0763 3964 MegaSR - ok 05:52:58.0779 3964 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 05:52:58.0794 3964 MEIx64 - ok 05:52:58.0794 3964 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 05:52:58.0841 3964 MMCSS - ok 05:52:58.0841 3964 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 05:52:58.0872 3964 Modem - ok 05:52:58.0888 3964 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 05:52:58.0903 3964 monitor - ok 05:52:58.0903 3964 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 05:52:58.0919 3964 mouclass - ok 05:52:58.0919 3964 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 05:52:58.0935 3964 mouhid - ok 05:52:58.0950 3964 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 05:52:58.0966 3964 mountmgr - ok 05:52:59.0013 3964 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 05:52:59.0028 3964 MozillaMaintenance - ok 05:52:59.0044 3964 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 05:52:59.0059 3964 mpio - ok 05:52:59.0059 3964 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 05:52:59.0075 3964 mpsdrv - ok 05:52:59.0106 3964 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 05:52:59.0153 3964 MpsSvc - ok 05:52:59.0169 3964 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 05:52:59.0184 3964 MRxDAV - ok 05:52:59.0215 3964 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 05:52:59.0247 3964 mrxsmb - ok 05:52:59.0262 3964 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 05:52:59.0278 3964 mrxsmb10 - ok 05:52:59.0278 3964 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 05:52:59.0293 3964 mrxsmb20 - ok 05:52:59.0325 3964 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 05:52:59.0325 3964 msahci - ok 05:52:59.0340 3964 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 05:52:59.0356 3964 msdsm - ok 05:52:59.0356 3964 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 05:52:59.0387 3964 MSDTC - ok 05:52:59.0403 3964 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 05:52:59.0418 3964 Msfs - ok 05:52:59.0418 3964 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 05:52:59.0449 3964 mshidkmdf - ok 05:52:59.0465 3964 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 05:52:59.0465 3964 msisadrv - ok 05:52:59.0481 3964 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 05:52:59.0527 3964 MSiSCSI - ok 05:52:59.0527 3964 msiserver - ok 05:52:59.0527 3964 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 05:52:59.0559 3964 MSKSSRV - ok 05:52:59.0559 3964 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 05:52:59.0590 3964 MSPCLOCK - ok 05:52:59.0605 3964 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 05:52:59.0637 3964 MSPQM - ok 05:52:59.0652 3964 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 05:52:59.0652 3964 MsRPC - ok 05:52:59.0668 3964 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 05:52:59.0668 3964 mssmbios - ok 05:52:59.0683 3964 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 05:52:59.0715 3964 MSTEE - ok 05:52:59.0730 3964 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 05:52:59.0746 3964 MTConfig - ok 05:52:59.0746 3964 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 05:52:59.0761 3964 Mup - ok 05:52:59.0777 3964 [ 34D08C9C64F657D194961E96C47E9C69 ] mv91xx C:\Windows\system32\DRIVERS\mv91xx.sys 05:52:59.0793 3964 mv91xx - ok 05:52:59.0808 3964 [ 8FA52B6049596FE2FDBC8A5E8B14EBFC ] mvusbews C:\Windows\system32\Drivers\mvusbews.sys 05:52:59.0839 3964 mvusbews - ok 05:52:59.0871 3964 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 05:52:59.0917 3964 napagent - ok 05:52:59.0933 3964 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 05:52:59.0964 3964 NativeWifiP - ok 05:52:59.0995 3964 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 05:53:00.0011 3964 NDIS - ok 05:53:00.0011 3964 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 05:53:00.0042 3964 NdisCap - ok 05:53:00.0042 3964 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 05:53:00.0073 3964 NdisTapi - ok 05:53:00.0089 3964 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 05:53:00.0120 3964 Ndisuio - ok 05:53:00.0136 3964 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 05:53:00.0167 3964 NdisWan - ok 05:53:00.0183 3964 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 05:53:00.0214 3964 NDProxy - ok 05:53:00.0229 3964 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 05:53:00.0261 3964 NetBIOS - ok 05:53:00.0292 3964 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 05:53:00.0323 3964 NetBT - ok 05:53:00.0339 3964 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 05:53:00.0339 3964 Netlogon - ok 05:53:00.0354 3964 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 05:53:00.0385 3964 Netman - ok 05:53:00.0432 3964 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 05:53:00.0463 3964 NetMsmqActivator - ok 05:53:00.0479 3964 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 05:53:00.0479 3964 NetPipeActivator - ok 05:53:00.0510 3964 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 05:53:00.0573 3964 netprofm - ok 05:53:00.0573 3964 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 05:53:00.0573 3964 NetTcpActivator - ok 05:53:00.0573 3964 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 05:53:00.0588 3964 NetTcpPortSharing - ok 05:53:00.0588 3964 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 05:53:00.0588 3964 nfrd960 - ok 05:53:00.0619 3964 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 05:53:00.0651 3964 NlaSvc - ok 05:53:00.0666 3964 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 05:53:00.0697 3964 Npfs - ok 05:53:00.0713 3964 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 05:53:00.0744 3964 nsi - ok 05:53:00.0744 3964 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 05:53:00.0775 3964 nsiproxy - ok 05:53:00.0853 3964 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 05:53:00.0931 3964 Ntfs - ok 05:53:00.0931 3964 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 05:53:00.0963 3964 Null - ok 05:53:00.0978 3964 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys 05:53:00.0994 3964 nusb3hub - ok 05:53:01.0009 3964 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys 05:53:01.0025 3964 nusb3xhc - ok 05:53:01.0197 3964 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 05:53:01.0321 3964 nvlddmkm - ok 05:53:01.0353 3964 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 05:53:01.0353 3964 nvraid - ok 05:53:01.0368 3964 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 05:53:01.0384 3964 nvstor - ok 05:53:01.0446 3964 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe 05:53:01.0477 3964 nvsvc - ok 05:53:01.0524 3964 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 05:53:01.0587 3964 nvUpdatusService - ok 05:53:01.0618 3964 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 05:53:01.0633 3964 nv_agp - ok 05:53:01.0649 3964 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 05:53:01.0680 3964 ohci1394 - ok 05:53:01.0696 3964 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 05:53:01.0711 3964 p2pimsvc - ok 05:53:01.0727 3964 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 05:53:01.0743 3964 p2psvc - ok 05:53:01.0758 3964 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 05:53:01.0774 3964 Parport - ok 05:53:01.0789 3964 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 05:53:01.0789 3964 partmgr - ok 05:53:01.0836 3964 [ 5EACB8A19CAD7057806FBBF9550165E1 ] PcaSp60 C:\Windows\system32\DRIVERS\PcaSp60.sys 05:53:01.0867 3964 PcaSp60 - ok 05:53:01.0899 3964 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 05:53:01.0930 3964 PcaSvc - ok 05:53:01.0945 3964 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 05:53:01.0961 3964 pci - ok 05:53:01.0977 3964 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 05:53:01.0977 3964 pciide - ok 05:53:01.0992 3964 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 05:53:02.0008 3964 pcmcia - ok 05:53:02.0023 3964 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 05:53:02.0023 3964 pcw - ok 05:53:02.0055 3964 [ 958754A37C85E18EB53FA2139787113C ] pe3ah4nc C:\Windows\system32\drivers\pe3ah4nc.sys 05:53:02.0055 3964 pe3ah4nc - ok 05:53:02.0070 3964 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 05:53:02.0133 3964 PEAUTH - ok 05:53:02.0195 3964 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 05:53:02.0226 3964 PerfHost - ok 05:53:02.0257 3964 [ DB5C32A4130E6B36CD6ED7A5A6C7751E ] PID_0928 C:\Windows\system32\DRIVERS\LV561V64.SYS 05:53:02.0273 3964 PID_0928 - ok 05:53:02.0304 3964 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 05:53:02.0367 3964 pla - ok 05:53:02.0398 3964 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 05:53:02.0429 3964 PlugPlay - ok 05:53:02.0460 3964 PnkBstrA - ok 05:53:02.0476 3964 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 05:53:02.0507 3964 PNRPAutoReg - ok 05:53:02.0507 3964 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 05:53:02.0538 3964 PNRPsvc - ok 05:53:02.0554 3964 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 05:53:02.0601 3964 PolicyAgent - ok 05:53:02.0616 3964 [ 767E44393C838BB4393FE8DCCBD90827 ] PorscheWheelFilterUsb C:\Windows\system32\DRIVERS\PWFilterUsb.sys 05:53:02.0616 3964 PorscheWheelFilterUsb - ok 05:53:02.0632 3964 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 05:53:02.0663 3964 Power - ok 05:53:02.0679 3964 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 05:53:02.0741 3964 PptpMiniport - ok 05:53:02.0741 3964 pr2ah4nc - ok 05:53:02.0757 3964 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 05:53:02.0772 3964 Processor - ok 05:53:02.0788 3964 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 05:53:02.0819 3964 ProfSvc - ok 05:53:02.0835 3964 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 05:53:02.0850 3964 ProtectedStorage - ok 05:53:02.0881 3964 [ 0E998144E0C05AFFBB6CC66B5999958C ] ps6ah4nc C:\Windows\system32\drivers\ps6ah4nc.sys 05:53:02.0897 3964 ps6ah4nc - ok 05:53:02.0928 3964 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 05:53:02.0975 3964 Psched - ok 05:53:02.0991 3964 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 05:53:03.0037 3964 ql2300 - ok 05:53:03.0037 3964 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 05:53:03.0053 3964 ql40xx - ok 05:53:03.0069 3964 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 05:53:03.0100 3964 QWAVE - ok 05:53:03.0100 3964 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 05:53:03.0115 3964 QWAVEdrv - ok 05:53:03.0115 3964 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 05:53:03.0147 3964 RasAcd - ok 05:53:03.0162 3964 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 05:53:03.0193 3964 RasAgileVpn - ok 05:53:03.0193 3964 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 05:53:03.0225 3964 RasAuto - ok 05:53:03.0240 3964 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 05:53:03.0271 3964 Rasl2tp - ok 05:53:03.0303 3964 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 05:53:03.0334 3964 RasMan - ok 05:53:03.0349 3964 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 05:53:03.0381 3964 RasPppoe - ok 05:53:03.0396 3964 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 05:53:03.0427 3964 RasSstp - ok 05:53:03.0443 3964 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 05:53:03.0505 3964 rdbss - ok 05:53:03.0505 3964 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 05:53:03.0521 3964 rdpbus - ok 05:53:03.0537 3964 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 05:53:03.0552 3964 RDPCDD - ok 05:53:03.0552 3964 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 05:53:03.0583 3964 RDPENCDD - ok 05:53:03.0599 3964 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 05:53:03.0615 3964 RDPREFMP - ok 05:53:03.0661 3964 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 05:53:03.0708 3964 RdpVideoMiniport - ok 05:53:03.0724 3964 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 05:53:03.0771 3964 RDPWD - ok 05:53:03.0786 3964 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 05:53:03.0817 3964 rdyboost - ok 05:53:03.0833 3964 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 05:53:03.0895 3964 RemoteAccess - ok 05:53:03.0911 3964 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 05:53:03.0942 3964 RemoteRegistry - ok 05:53:03.0958 3964 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 05:53:03.0989 3964 RFCOMM - ok 05:53:04.0005 3964 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 05:53:04.0051 3964 RpcEptMapper - ok 05:53:04.0067 3964 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 05:53:04.0098 3964 RpcLocator - ok 05:53:04.0114 3964 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 05:53:04.0145 3964 RpcSs - ok 05:53:04.0161 3964 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 05:53:04.0176 3964 rspndr - ok 05:53:04.0207 3964 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 05:53:04.0223 3964 RTL8167 - ok 05:53:04.0270 3964 [ CFBABCC8E8B72F9D1693FF583A09C79B ] RTL85n64 C:\Windows\system32\DRIVERS\RTL85n64.sys 05:53:04.0332 3964 RTL85n64 - ok 05:53:04.0332 3964 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 05:53:04.0348 3964 SamSs - ok 05:53:04.0379 3964 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 05:53:04.0395 3964 sbp2port - ok 05:53:04.0410 3964 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 05:53:04.0457 3964 SCardSvr - ok 05:53:04.0473 3964 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 05:53:04.0504 3964 scfilter - ok 05:53:04.0519 3964 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 05:53:04.0566 3964 Schedule - ok 05:53:04.0597 3964 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 05:53:04.0613 3964 SCPolicySvc - ok 05:53:04.0644 3964 [ 490B0B68BB938D5C628EC4A67277BE75 ] ScreamBAudioSvc C:\Windows\system32\drivers\ScreamingBAudio64.sys 05:53:04.0660 3964 ScreamBAudioSvc - ok 05:53:04.0675 3964 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 05:53:04.0722 3964 SDRSVC - ok 05:53:04.0738 3964 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 05:53:04.0785 3964 secdrv - ok 05:53:04.0800 3964 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 05:53:04.0831 3964 seclogon - ok 05:53:04.0847 3964 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 05:53:04.0878 3964 SENS - ok 05:53:04.0894 3964 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 05:53:04.0925 3964 SensrSvc - ok 05:53:04.0941 3964 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 05:53:04.0956 3964 Serenum - ok 05:53:04.0972 3964 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 05:53:05.0003 3964 Serial - ok 05:53:05.0019 3964 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 05:53:05.0034 3964 sermouse - ok 05:53:05.0065 3964 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 05:53:05.0128 3964 SessionEnv - ok 05:53:05.0128 3964 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 05:53:05.0175 3964 sffdisk - ok 05:53:05.0175 3964 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 05:53:05.0190 3964 sffp_mmc - ok 05:53:05.0206 3964 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 05:53:05.0221 3964 sffp_sd - ok 05:53:05.0237 3964 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 05:53:05.0237 3964 sfloppy - ok 05:53:05.0299 3964 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 05:53:05.0331 3964 SharedAccess - ok 05:53:05.0346 3964 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 05:53:05.0377 3964 ShellHWDetection - ok 05:53:05.0377 3964 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 05:53:05.0393 3964 SiSRaid2 - ok 05:53:05.0393 3964 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 05:53:05.0409 3964 SiSRaid4 - ok 05:53:05.0440 3964 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 05:53:05.0487 3964 SkypeUpdate - ok 05:53:05.0487 3964 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 05:53:05.0518 3964 Smb - ok 05:53:05.0549 3964 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 05:53:05.0549 3964 SNMPTRAP - ok 05:53:05.0549 3964 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 05:53:05.0565 3964 spldr - ok 05:53:05.0596 3964 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 05:53:05.0611 3964 Spooler - ok 05:53:05.0689 3964 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 05:53:05.0752 3964 sppsvc - ok 05:53:05.0767 3964 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 05:53:05.0799 3964 sppuinotify - ok 05:53:05.0814 3964 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 05:53:05.0861 3964 srv - ok 05:53:05.0877 3964 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 05:53:05.0923 3964 srv2 - ok 05:53:05.0939 3964 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 05:53:05.0970 3964 srvnet - ok 05:53:05.0986 3964 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 05:53:06.0033 3964 SSDPSRV - ok 05:53:06.0048 3964 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 05:53:06.0079 3964 SstpSvc - ok 05:53:06.0126 3964 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 05:53:06.0142 3964 Stereo Service - ok 05:53:06.0142 3964 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 05:53:06.0157 3964 stexstor - ok 05:53:06.0173 3964 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 05:53:06.0204 3964 stisvc - ok 05:53:06.0235 3964 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 05:53:06.0235 3964 swenum - ok 05:53:06.0251 3964 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 05:53:06.0298 3964 swprv - ok 05:53:06.0329 3964 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 05:53:06.0376 3964 SysMain - ok 05:53:06.0391 3964 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 05:53:06.0407 3964 TabletInputService - ok 05:53:06.0423 3964 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 05:53:06.0454 3964 TapiSrv - ok 05:53:06.0485 3964 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 05:53:06.0516 3964 TBS - ok 05:53:06.0563 3964 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 05:53:06.0641 3964 Tcpip - ok 05:53:06.0672 3964 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 05:53:06.0688 3964 TCPIP6 - ok 05:53:06.0703 3964 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 05:53:06.0719 3964 tcpipreg - ok 05:53:06.0719 3964 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 05:53:06.0750 3964 TDPIPE - ok 05:53:06.0781 3964 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 05:53:06.0781 3964 TDTCP - ok 05:53:06.0813 3964 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 05:53:06.0828 3964 tdx - ok 05:53:06.0844 3964 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 05:53:06.0859 3964 TermDD - ok 05:53:06.0875 3964 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 05:53:06.0906 3964 TermService - ok 05:53:06.0906 3964 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 05:53:06.0937 3964 Themes - ok 05:53:06.0937 3964 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 05:53:06.0953 3964 THREADORDER - ok 05:53:06.0969 3964 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 05:53:07.0000 3964 TrkWks - ok 05:53:07.0031 3964 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 05:53:07.0062 3964 TrustedInstaller - ok 05:53:07.0078 3964 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 05:53:07.0109 3964 tssecsrv - ok 05:53:07.0125 3964 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 05:53:07.0140 3964 TsUsbFlt - ok 05:53:07.0171 3964 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 05:53:07.0203 3964 tunnel - ok 05:53:07.0203 3964 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 05:53:07.0218 3964 uagp35 - ok 05:53:07.0234 3964 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 05:53:07.0265 3964 udfs - ok 05:53:07.0281 3964 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 05:53:07.0296 3964 UI0Detect - ok 05:53:07.0312 3964 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 05:53:07.0327 3964 uliagpkx - ok 05:53:07.0343 3964 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 05:53:07.0374 3964 umbus - ok 05:53:07.0374 3964 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 05:53:07.0390 3964 UmPass - ok 05:53:07.0405 3964 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 05:53:07.0437 3964 upnphost - ok 05:53:07.0452 3964 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 05:53:07.0483 3964 USBAAPL64 - ok 05:53:07.0499 3964 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 05:53:07.0530 3964 usbccgp - ok 05:53:07.0546 3964 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 05:53:07.0561 3964 usbcir - ok 05:53:07.0561 3964 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 05:53:07.0593 3964 usbehci - ok 05:53:07.0608 3964 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 05:53:07.0624 3964 usbhub - ok 05:53:07.0639 3964 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 05:53:07.0639 3964 usbohci - ok 05:53:07.0655 3964 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 05:53:07.0686 3964 usbprint - ok 05:53:07.0702 3964 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 05:53:07.0717 3964 USBSTOR - ok 05:53:07.0717 3964 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 05:53:07.0749 3964 usbuhci - ok 05:53:07.0749 3964 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 05:53:07.0780 3964 UxSms - ok 05:53:07.0795 3964 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 05:53:07.0811 3964 VaultSvc - ok 05:53:07.0811 3964 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 05:53:07.0811 3964 vdrvroot - ok 05:53:07.0842 3964 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 05:53:07.0889 3964 vds - ok 05:53:07.0889 3964 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 05:53:07.0905 3964 vga - ok 05:53:07.0920 3964 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 05:53:07.0951 3964 VgaSave - ok 05:53:07.0951 3964 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 05:53:07.0967 3964 vhdmp - ok 05:53:07.0983 3964 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 05:53:07.0983 3964 viaide - ok 05:53:07.0998 3964 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 05:53:08.0014 3964 volmgr - ok 05:53:08.0029 3964 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 05:53:08.0045 3964 volmgrx - ok 05:53:08.0061 3964 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 05:53:08.0076 3964 volsnap - ok 05:53:08.0076 3964 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 05:53:08.0092 3964 vsmraid - ok 05:53:08.0123 3964 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 05:53:08.0201 3964 VSS - ok 05:53:08.0201 3964 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 05:53:08.0217 3964 vwifibus - ok 05:53:08.0232 3964 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 05:53:08.0263 3964 W32Time - ok 05:53:08.0263 3964 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 05:53:08.0279 3964 WacomPen - ok 05:53:08.0310 3964 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 05:53:08.0341 3964 WANARP - ok 05:53:08.0341 3964 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 05:53:08.0357 3964 Wanarpv6 - ok 05:53:08.0388 3964 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 05:53:08.0419 3964 wbengine - ok 05:53:08.0435 3964 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 05:53:08.0451 3964 WbioSrvc - ok 05:53:08.0482 3964 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 05:53:08.0497 3964 wcncsvc - ok 05:53:08.0513 3964 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 05:53:08.0529 3964 WcsPlugInService - ok 05:53:08.0529 3964 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 05:53:08.0544 3964 Wd - ok 05:53:08.0560 3964 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 05:53:08.0591 3964 Wdf01000 - ok 05:53:08.0591 3964 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 05:53:08.0653 3964 WdiServiceHost - ok 05:53:08.0669 3964 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 05:53:08.0685 3964 WdiSystemHost - ok 05:53:08.0700 3964 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 05:53:08.0716 3964 WebClient - ok 05:53:08.0731 3964 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 05:53:08.0763 3964 Wecsvc - ok 05:53:08.0763 3964 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 05:53:08.0794 3964 wercplsupport - ok 05:53:08.0809 3964 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 05:53:08.0825 3964 WerSvc - ok 05:53:08.0841 3964 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 05:53:08.0856 3964 WfpLwf - ok 05:53:08.0856 3964 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 05:53:08.0872 3964 WIMMount - ok 05:53:08.0872 3964 WinDefend - ok 05:53:08.0887 3964 WinHttpAutoProxySvc - ok 05:53:08.0919 3964 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 05:53:08.0950 3964 Winmgmt - ok 05:53:08.0997 3964 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 05:53:09.0059 3964 WinRM - ok 05:53:09.0075 3964 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 05:53:09.0106 3964 WinUsb - ok 05:53:09.0121 3964 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 05:53:09.0153 3964 Wlansvc - ok 05:53:09.0168 3964 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 05:53:09.0168 3964 WmiAcpi - ok 05:53:09.0184 3964 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 05:53:09.0215 3964 wmiApSrv - ok 05:53:09.0231 3964 WMPNetworkSvc - ok 05:53:09.0293 3964 [ 495284CF894336E9512ED7C9ACB3548E ] WOTUpdater C:\Users\MotoGP\AppData\LocalLow\WOT\IE\WOTUpdater.exe 05:53:09.0309 3964 WOTUpdater ( UnsignedFile.Multi.Generic ) - warning 05:53:09.0309 3964 WOTUpdater - detected UnsignedFile.Multi.Generic (1) 05:53:09.0324 3964 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 05:53:09.0340 3964 WPCSvc - ok 05:53:09.0371 3964 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 05:53:09.0387 3964 WPDBusEnum - ok 05:53:09.0387 3964 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 05:53:09.0433 3964 ws2ifsl - ok 05:53:09.0433 3964 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 05:53:09.0449 3964 wscsvc - ok 05:53:09.0449 3964 WSearch - ok 05:53:09.0496 3964 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 05:53:09.0558 3964 wuauserv - ok 05:53:09.0574 3964 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 05:53:09.0589 3964 WudfPf - ok 05:53:09.0589 3964 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 05:53:09.0621 3964 WUDFRd - ok 05:53:09.0636 3964 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 05:53:09.0652 3964 wudfsvc - ok 05:53:09.0667 3964 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 05:53:09.0683 3964 WwanSvc - ok 05:53:09.0714 3964 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys 05:53:09.0745 3964 xusb21 - ok 05:53:09.0761 3964 ================ Scan global =============================== 05:53:09.0792 3964 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 05:53:09.0823 3964 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll 05:53:09.0839 3964 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll 05:53:09.0855 3964 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 05:53:09.0886 3964 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 05:53:09.0886 3964 [Global] - ok 05:53:09.0886 3964 ================ Scan MBR ================================== 05:53:09.0886 3964 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1 05:53:10.0104 3964 \Device\Harddisk1\DR1 - ok 05:53:10.0120 3964 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 05:53:10.0260 3964 \Device\Harddisk0\DR0 - ok 05:53:10.0260 3964 ================ Scan VBR ================================== 05:53:10.0260 3964 [ 96BEC21CC8481D69893DBE9925F93670 ] \Device\Harddisk1\DR1\Partition1 05:53:10.0260 3964 \Device\Harddisk1\DR1\Partition1 - ok 05:53:10.0291 3964 [ 53AE1C305D16CF7FB8DB424EAA2853D3 ] \Device\Harddisk1\DR1\Partition2 05:53:10.0291 3964 \Device\Harddisk1\DR1\Partition2 - ok 05:53:10.0307 3964 [ BC9A1DE359FF11B23AD786E6D697FF8D ] \Device\Harddisk1\DR1\Partition3 05:53:10.0307 3964 \Device\Harddisk1\DR1\Partition3 - ok 05:53:10.0307 3964 [ 42BF9B3984FC15F67C41A50E353A6934 ] \Device\Harddisk0\DR0\Partition1 05:53:10.0323 3964 \Device\Harddisk0\DR0\Partition1 - ok 05:53:10.0338 3964 [ 0D269027367AD4C1041D6D270C0D3B78 ] \Device\Harddisk0\DR0\Partition2 05:53:10.0354 3964 \Device\Harddisk0\DR0\Partition2 - ok 05:53:10.0354 3964 ============================================================ 05:53:10.0354 3964 Scan finished 05:53:10.0354 3964 ============================================================ 05:53:10.0354 1260 Detected object count: 3 05:53:10.0354 1260 Actual detected object count: 3 05:53:38.0839 1260 iaStor ( ForgedFile.Multi.Generic ) - skipped by user 05:53:38.0839 1260 iaStor ( ForgedFile.Multi.Generic ) - User select action: Skip 05:53:38.0839 1260 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 05:53:38.0839 1260 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:53:38.0839 1260 WOTUpdater ( UnsignedFile.Multi.Generic ) - skipped by user 05:53:38.0839 1260 WOTUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
03.01.2013, 16:38
| #10 | |
| /// Malware-holic | Werbungstrojaner bei google suche Hi, gesundes Neues. combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.01.2013, 23:08
| #11 |
| | Werbungstrojaner bei google suche hi.. hat zwar etwas gedauert aber hier is der CombofixLog Combofix Logfile: Code:
ATTFilter ComboFix 13-01-06.01 - MotoGP 07.01.2013 22:52:47.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8169.6511 [GMT 1:00]
ausgeführt von:: c:\users\MotoGP\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\SysWow64\tmp26E2.tmp
c:\windows\SysWow64\tmp26F3.tmp
c:\windows\SysWow64\tmpE10B.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-07 bis 2013-01-07 ))))))))))))))))))))))))))))))
.
.
2013-01-07 21:55 . 2013-01-07 21:55 -------- d-----w- c:\users\UpdatusUser.MotoGP-PC\AppData\Local\temp
2013-01-07 21:55 . 2013-01-07 21:55 -------- d-----w- c:\users\hedev\AppData\Local\temp
2013-01-07 21:55 . 2013-01-07 21:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-07 21:55 . 2013-01-07 21:55 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-07 21:41 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD6AFF77-7E2C-4999-AEBE-EA74D3EC47DF}\mpengine.dll
2012-12-31 04:46 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-31 04:46 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-31 04:46 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-31 04:46 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-25 09:26 . 2012-12-25 09:26 -------- d-----w- c:\users\MotoGP\AppData\Roaming\Amazon
2012-12-25 09:25 . 2012-12-25 09:25 -------- d-----w- c:\program files (x86)\Amazon
2012-12-21 14:29 . 2012-12-21 14:29 -------- d-----w- c:\users\MotoGP\AppData\Roaming\Malwarebytes
2012-12-21 14:29 . 2012-12-21 14:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-21 14:29 . 2012-12-21 14:29 -------- d-----w- c:\programdata\Malwarebytes
2012-12-21 14:29 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-20 04:52 . 2012-10-04 17:46 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-12-20 04:51 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-20 04:51 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-20 04:51 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-20 04:51 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-20 04:51 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-18 20:36 . 2012-12-18 20:36 -------- d-----w- c:\program files\iPod
2012-12-18 20:36 . 2012-12-18 20:36 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-18 20:36 . 2012-12-18 20:36 -------- d-----w- c:\program files\iTunes
2012-12-14 19:26 . 2012-12-14 19:26 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-20 05:00 . 2011-02-27 05:15 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-13 15:27 . 2012-07-17 19:04 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-13 15:27 . 2012-07-17 19:04 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-20 18:12 . 2011-02-28 17:03 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-10-16 08:38 . 2012-11-30 10:30 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-30 10:30 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-30 10:30 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9E571C81-21E7-496B-9E6B-127E60263022}]
2012-01-12 10:23 269312 ----a-w- c:\users\MotoGP\AppData\LocalLow\WOT\IE\WOT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-05-20 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\MOTOGP\DESKTOP\EMSISOFTEMERGENCYKIT3\RUN\a2ddax64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 WOTUpdater;WOT Updater;c:\users\MotoGP\AppData\LocalLow\WOT\IE\WOTUpdater.exe [2012-01-12 18432]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]
R3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\DRIVERS\imhidusb.sys [2007-04-19 23040]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [2007-10-12 50072]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2010-03-06 20480]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys [2010-09-07 38912]
R3 PorscheWheelFilterUsb;PorscheWheelFilterUsb;c:\windows\system32\DRIVERS\PWFilterUsb.sys [2010-12-15 58448]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n64.sys [2010-03-23 2061856]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2009-12-01 38992]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-08-27 297000]
S0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [2007-05-18 72560]
S0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [2007-05-18 77176]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-16 279616]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-14 86224]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-04-07 127800]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-05-20 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-05-20 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\MotoGP\AppData\Roaming\Mozilla\Firefox\Profiles\3ahd28vt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-12 13:21; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3887613072-2014773967-2339604108-1000\Software\SecuROM\License information*]
"datasecu"=hex:6c,91,6c,c7,20,8d,53,e6,7e,d2,cd,49,82,27,88,e9,cd,ee,a6,67,74,
89,a8,a5,aa,3d,e7,df,f0,0a,ff,71,58,2a,bf,b2,79,1d,f3,66,7b,ff,1a,14,72,29,\
"rkeysecu"=hex:19,d9,04,b1,cc,05,eb,fa,39,26,90,32,5e,91,03,f7
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-07 22:56:56
ComboFix-quarantined-files.txt 2013-01-07 21:56
.
Vor Suchlauf: 11 Verzeichnis(se), 23.525.580.800 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 26.227.781.632 Bytes frei
.
- - End Of File - - A383F1E6A5FCEC6DC2B920C349258489
ich hab gerade mal ne google suche gestartet.... mit freude stelle ich fest, dass das problem, fürs erste, nicht mehr erscheint! reichen die Löschungen von Combfix aus? bzw. was sind die nächsten schritte... |
|
08.01.2013, 19:10
| #12 |
| /// Malware-holic | Werbungstrojaner bei google suche N bissel haben wir noch zu tun. lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 14:07
| #13 |
| | Werbungstrojaner bei google suche okey, hab ich mir fast gedacht.. Code:
ATTFilter 7-Zip 9.20 (x64 edition) Igor Pavlov 12.03.2011 4,53MB 9.20.00.0 notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 15.08.2012 6,00MB 11.3.300.271 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 13.12.2012 6,00MB 11.5.502.135 notwendig Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 18.08.2012 121MB 10.1.4 notwendig Amazon MP3-Downloader 1.0.17 Amazon Services LLC 25.12.2012 1.0.17 unnötig ANNO 2070 Ubisoft 13.02.2012 1.0.0.0 notwendig Apple Application Support Apple Inc. 03.12.2012 65,0MB 2.3.2 notwendig Apple Mobile Device Support Apple Inc. 03.12.2012 25,1MB 6.0.1.3 notwendig Apple Software Update Apple Inc. 19.12.2011 2,38MB 2.1.3.127 notwendig Avira Free Antivirus Avira 14.11.2012 104MB 12.1.9.1236 notwendig Bluetooth Win7 Suite (64) Atheros Communications 26.02.2011 59,1MB 7.2.0.40 notwendig Bonjour Apple Inc. 19.12.2011 2,00MB 3.0.0.10 notwendig CCleaner Piriform 19.12.2012 3.26 notwendig Crysis WARHEAD(R) Electronic Arts 02.03.2011 notwendig DAEMON Tools Lite DT Soft Ltd 20.12.2011 4.45.1.0236 unnötig DC Universe Online Live Sony Online Entertainment 11.11.2012 notwendig Diablo III Blizzard Entertainment 14.12.2012 1.0.6.13644 notwendig Diablo III Public Test Blizzard Entertainment 25.09.2012 1.0.5.12166 notwendig Dime City 12.09.2012 notwendig DiRT Codemasters 19.05.2011 1.00.0000 unnötig Google Chrome Google Inc. 09.01.2013 23.0.1271.97 unnötig Grand Ages Rome 1.11 Kalypso Media 02.03.2011 1.11 unnötig GRID Demo Codemasters 23.05.2011 1.00.0000 unnötig GTR 2 1.0.0.0 10tacle Studios Publishing AG 16.07.2011 v1.0.0.0 unnötig GTR2 Online Functionality Patch SimBin Studios 16.07.2011 unnötig HP LaserJet Professional P1100-P1560-P1600 Series 27.02.2011 notwendig Intel(R) Control Center Intel Corporation 26.02.2011 1.2.1.1007 notwendig Intel(R) Management Engine Components Intel Corporation 26.02.2011 7.0.0.1118 notwendig Intel(R) Rapid Storage Technology Intel Corporation 09.01.2013 10.0.0.1046 notwendig IrfanView (remove only) Irfan Skiljan 16.03.2011 1,50MB 4.28 notwendig iTunes Apple Inc. 18.12.2012 189MB 11.0.1.12 notwendig Java 7 Update 6 (64-bit) Oracle 19.08.2012 127MB 7.0.60 notwendig Java(TM) 6 Update 37 Oracle 14.05.2012 95,7MB 6.0.370 notwendig JDownloader 0.9 AppWork GmbH 19.12.2011 0.9 unnötig Logitech SetPoint 6.30 Logitech 16.09.2011 39,0MB 6.30.43 notwendig Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 21.12.2012 19,4MB 1.65.1.1000 notwendig marvell 91xx driver Marvell 26.02.2011 1.0.0.1045 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 27.02.2011 38,8MB 4.0.30319 notwendig Microsoft .NET Framework 4 Extended Microsoft Corporation 30.11.2012 51,9MB 4.0.30319 notwendig Microsoft Report Viewer Redistributable 2008 SP1 Microsoft Corporation 05.05.2011 notwendig Microsoft Silverlight Microsoft Corporation 19.06.2012 60,4MB 4.1.10329.0 notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 02.03.2011 418KB 8.0.56336 notwendig Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 02.03.2011 698KB 8.0.56336 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 28.02.2011 788KB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 04.04.2011 788KB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 28.02.2011 240KB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 26.02.2011 596KB 9.0.30729.4148 notwendig Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 20.10.2011 11,1MB 10.0.40219 notwendig MobileMe Control Panel Apple Inc. 29.03.2012 12,9MB 3.1.8.0 notwendig MobMap 4.31 Slarti on EU-Blackhand 09.02.2012 unnötig Mozilla Firefox 17.0.1 (x86 de) Mozilla 07.12.2012 46,6MB 17.0.1 notwendig Mozilla Maintenance Service Mozilla 07.12.2012 329KB 17.0.1 unbekannt Mozilla Thunderbird 17.0 (x86 de) Mozilla 07.12.2012 43,3MB 17.0 notwendig NVIDIA 3D Vision Controller-Treiber 306.97 NVIDIA Corporation 12.10.2012 306.97 notwendig NVIDIA 3D Vision Treiber 306.97 NVIDIA Corporation 12.10.2012 306.97 notwendig NVIDIA Grafiktreiber 306.97 NVIDIA Corporation 12.10.2012 306.97 notwendig NVIDIA PhysX-Systemsoftware 9.12.0604 NVIDIA Corporation 15.09.2012 9.12.0604 notwendig NVIDIA Update 1.10.8 NVIDIA Corporation 12.10.2012 1.10.8 notwendig OpenOffice.org 3.3 OpenOffice.org 04.04.2011 414MB 3.3.9567 notwendig Porsche Wheel Endor AG 26.05.2011 10,8MB 8.10.7 notwendig QuickTime Apple Inc. 03.12.2012 73,1MB 7.73.80.64 notwendig Realtek Ethernet Controller Driver Realtek 24.10.2012 7.31.1025.2010 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 13.01.2012 6.0.1.6235 notwendig Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 20.05.2011 1,02MB 2.0.32.0 notwendig Skype Click to Call Skype Technologies S.A. 17.05.2012 12,4MB 5.9.9216 notwendig Skype™ 6.0 Skype Technologies S.A. 14.12.2012 20,3MB 6.0.126 notwendig Star Wars: The Old Republic Electronic Arts, Inc. 08.12.2012 27,2MB 1.00 notwendig StarCraft II Blizzard Entertainment 26.03.2012 1.4.3.21029 unnötig TeamSpeak 3 Client TeamSpeak Systems GmbH 27.12.2012 3.0.9.2 notwendig The Witcher 2 CD Projekt Red 17.09.2011 1.00.0000 notwendig Ubisoft Game Launcher UBISOFT 13.02.2012 1.0.0.0 notwendig VLC media player 2.0.1 VideoLAN 11.04.2012 2.0.1 notwendig Winamp Nullsoft, Inc 19.07.2011 5.621 notwendig World of Warcraft Blizzard Entertainment 23.12.2012 5.1.0.16357 unnötig µTorrent 04.03.2011 3.0.0 unnötig |
|
09.01.2013, 16:30
| #14 |
| /// Malware-holic | Werbungstrojaner bei google suche deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Amazon DAEMON DiRT Grand GRID GTR : alle Java : alle downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: JDownloader StarCraft µTorrent Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 17:46
| #15 |
| | Werbungstrojaner bei google sucheCode:
ATTFilter # AdwCleaner v2.105 - Datei am 09/01/2013 um 17:44:58 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : MotoGP - MOTOGP-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\MotoGP\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\MotoGP\AppData\Roaming\Mozilla\Firefox\Profiles\3ahd28vt.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [2422 octets] - [21/12/2012 15:18:31]
AdwCleaner[R2].txt - [939 octets] - [09/01/2013 17:44:58]
AdwCleaner[S1].txt - [2358 octets] - [21/12/2012 15:19:39]
########## EOF - C:\AdwCleaner[R2].txt - [1058 octets] ##########
|
|
| Themen zu Werbungstrojaner bei google suche |
| bereinige, bereinigen, deutsch, erscheine, erscheinen, gefunde, gefundene, gefundenen, google, links, neue, seite, spyware, suchbegriffe, suche |
Linear-Darstellung
