![]() |
|
Plagegeister aller Art und deren Bekämpfung: GVU-TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() |
![]() | #1 |
| ![]() GVU-Trojaner Liebe Leute hallo, ich habe mir einen Trojaner eingefangen. Während des Surfens war mein Rechner plötzlich gesperrt, mit der Aussage ich hätte irgendwelche schlimmen Sachen gemacht und ich solle hundert Euro zahlen, um mich von meinen Sünden rein zu waschen. Also....was habe ich bis jetzt getan... Ich habe den Rechner neu gestartet und im Abgesicherten Modus wieder neu hoch gefahren. Anschließend habe ich den letzte Wiederherstellungspunkt von Windows wiederhergestellt. Dann habe ich ein bischen gegoogelt und erfahren dass ich wahrscheinlich einen GVU Trojaner mit Webcam habe und das Problem -obwohl der Rechner jetzt symptomfrei- noch nicht gelöst ist. Anschließend Malewarebytes runtergeladen und Rechner vollständig gescannt. An dieser Stelle die Log Datei Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2012.12.29.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Orangutanklaus :: MOPEDTOBIAS [Administrator] 29/12/2012 14:33:52 MBAM-log-2012-12-29 (15-29-24).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 359417 Laufzeit: 49 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Orangutanklaus\AppData\Local\Temp\tdu.tmp (Packer.ModifiedUPX) -> Keine Aktion durchgeführt. C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Keine Aktion durchgeführt. (Ende) Dann hab ich noch einen Scan nach eurer Anleitung mit OTL laufen lassen. Dabei kam folgendes raus: Code:
ATTFilter OTL logfile created on: 29/12/2012 16:26:55 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Orangutanklaus\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: Großbritannien | Language: ENG | Date Format: dd/MM/yyyy 3.97 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 62.28% Memory free 7.93 Gb Paging File | 6.34 Gb Available in Paging File | 79.94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116.44 Gb Total Space | 41.02 Gb Free Space | 35.23% Space Free | Partition Type: NTFS Drive D: | 334.67 Gb Total Space | 186.34 Gb Free Space | 55.68% Space Free | Partition Type: NTFS Drive F: | 6.69 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: MOPEDTOBIAS | User Name: Orangutanklaus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Orangutanklaus\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.) PRC - C:\Users\Orangutanklaus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe () PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe () PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Users\Orangutanklaus\AppData\Roaming\Mozilla\Firefox\Profiles\b0n1ylj2.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () MOD - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe () MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () ========== Services (SafeList) ========== SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1893243862-1216117510-140533761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-1893243862-1216117510-140533761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-1893243862-1216117510-140533761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKU\S-1-5-21-1893243862-1216117510-140533761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKU\S-1-5-21-1893243862-1216117510-140533761-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1893243862-1216117510-140533761-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1893243862-1216117510-140533761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1893243862-1216117510-140533761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20120328-0404: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/08 19:07:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/08 19:07:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/12/06 11:40:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/08 19:07:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/08 19:07:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/12/06 11:40:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/10/14 22:33:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Orangutanklaus\AppData\Roaming\mozilla\Extensions [2012/11/16 12:25:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Orangutanklaus\AppData\Roaming\mozilla\Firefox\Profiles\b0n1ylj2.default\extensions [2012/11/16 12:25:16 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Orangutanklaus\AppData\Roaming\mozilla\Firefox\Profiles\b0n1ylj2.default\extensions\support@lastpass.com [2012/12/08 19:07:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/12/08 19:07:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012/12/08 19:07:33 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010/06/30 18:03:44 | 000,535,912 | ---- | M] (iLinc Communications, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPCltInstall.dll [2012/10/11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/10/11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/10/11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/10/11 03:10:31 | 000,003,581 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml [2012/10/11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/10/11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/10/11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1893243862-1216117510-140533761-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1893243862-1216117510-140533761-1000..\Run: [Akamai NetSession Interface] "C:\Users\Orangutanklaus\AppData\Local\Akamai\netsession_win.exe" File not found O4 - HKU\S-1-5-21-1893243862-1216117510-140533761-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-1893243862-1216117510-140533761-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Orangutanklaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Orangutanklaus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5230F001-2C19-485C-B433-3299806D76A5}: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E35918C3-ACA1-4EAC-898E-45F84DC03CD3}: DhcpNameServer = 192.168.2.2 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/10/09 22:04:47 | 000,000,048 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/12/29 15:59:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Orangutanklaus\Desktop\OTL.exe [2012/12/29 12:11:40 | 000,000,000 | ---D | C] -- C:\Users\Orangutanklaus\AppData\Roaming\Malwarebytes [2012/12/29 12:11:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/12/29 12:11:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/12/29 12:11:28 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/12/29 12:11:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/12/29 12:11:14 | 000,000,000 | ---D | C] -- C:\Users\Orangutanklaus\AppData\Local\Programs [2012/12/28 15:55:45 | 000,000,000 | ---D | C] -- C:\Users\Orangutanklaus\AppData\Local\FLT [2012/12/25 01:29:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2012/12/25 01:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012/12/25 01:29:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2012/12/24 16:06:10 | 000,000,000 | ---D | C] -- C:\Users\Orangutanklaus\AppData\Roaming\Trine2 [2012/12/24 15:05:37 | 000,000,000 | ---D | C] -- C:\Users\Orangutanklaus\Desktop\Matze Festplatte [2012/12/21 23:26:08 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/12/21 23:26:08 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/12/21 23:26:08 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/12/21 23:26:07 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/12/13 00:57:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/12/13 00:57:25 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/12/13 00:57:25 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/12/13 00:57:24 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/12/13 00:57:24 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/12/13 00:57:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/12/13 00:57:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/12/13 00:57:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/12/13 00:57:23 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/12/13 00:57:23 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/12/13 00:57:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/12/13 00:57:23 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/12/13 00:57:21 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/12/13 00:57:21 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/12/13 00:57:21 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/12/12 22:30:12 | 000,000,000 | ---D | C] -- C:\Users\Orangutanklaus\AppData\Local\DOSBox [2012/12/12 16:58:43 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012/12/12 16:58:41 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012/12/12 16:58:41 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012/12/12 16:58:41 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012/12/12 16:58:38 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012/12/12 16:58:38 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012/12/12 16:58:38 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012/12/12 16:58:38 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012/12/12 16:58:38 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012/12/12 16:58:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012/12/12 16:58:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012/12/12 16:58:36 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012/12/12 16:58:36 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012/12/12 16:58:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012/12/12 16:58:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012/12/12 16:58:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012/12/12 16:58:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012/12/12 16:58:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012/12/12 16:58:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012/12/12 16:58:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012/12/12 16:58:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012/12/12 16:58:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012/12/12 16:58:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012/12/12 16:58:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012/12/12 16:58:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012/12/12 16:58:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012/12/12 16:58:35 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012/12/12 16:58:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012/12/12 16:58:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012/12/12 16:58:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012/12/12 16:58:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012/12/12 16:58:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012/12/12 16:58:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012/12/12 16:58:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012/12/12 16:58:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012/12/12 16:58:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012/12/12 16:58:25 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012/12/12 16:58:25 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012/12/10 00:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012/12/08 19:07:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/12/06 11:40:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/12/29 16:19:22 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/29 16:19:22 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/29 16:12:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/12/29 16:12:07 | 3193,716,736 | -HS- | M] () -- C:\hiberfil.sys [2012/12/29 15:59:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Orangutanklaus\Desktop\OTL.exe [2012/12/29 12:11:30 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/12/27 02:07:13 | 000,001,022 | ---- | M] () -- C:\Users\Orangutanklaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012/12/25 13:55:28 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/12/25 13:55:28 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/12/25 13:54:13 | 000,001,197 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2012/12/25 13:54:08 | 000,001,758 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2012/12/24 14:58:00 | 001,526,766 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/12/24 14:58:00 | 000,668,778 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/12/24 14:58:00 | 000,620,290 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/12/24 14:58:00 | 000,134,562 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/12/24 14:58:00 | 000,110,478 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/12/22 14:11:47 | 000,494,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/12/16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/12/16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/12/16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/12/16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/12/29 12:11:30 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/11/16 16:30:40 | 000,001,484 | ---- | C] () -- C:\Users\Orangutanklaus\AppData\Local\recently-used.xbel [2012/10/16 14:32:02 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2012/10/15 14:26:28 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2012/10/15 14:23:25 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\DstZip.dll [2010/02/25 21:35:27 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/10/16 13:57:48 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2012/10/16 13:57:48 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2012/10/15 11:53:15 | 000,000,000 | ---D | M] -- C:\Users\Orangutanklaus\AppData\Roaming\Asus WebStorage [2012/10/15 10:33:42 | 000,000,000 | ---D | M] -- C:\Users\Orangutanklaus\AppData\Roaming\AVG2013 [2012/11/23 20:36:10 | 000,000,000 | ---D | M] -- C:\Users\Orangutanklaus\AppData\Roaming\DAEMON Tools Lite [2012/12/29 16:13:17 | 000,000,000 | ---D | M] -- C:\Users\Orangutanklaus\AppData\Roaming\Dropbox [2012/10/14 21:40:18 | 000,000,000 | ---D | M] -- C:\Users\Orangutanklaus\AppData\Roaming\EeeStorageUploader [2012/10/23 11:24:29 | 000,000,000 | ---D | M] -- C:\Users\Orangutanklaus\AppData\Roaming\Foxit Software [2012/11/05 16:23:04 | 000,000,000 | ---D | M] -- C:\Users\Orangutanklaus\AppData\Roaming\FreePDF [2012/10/16 11:56:39 | 000,000,000 | ---D | M] -- C:\Users\Orangutanklaus\AppData\Roaming\LibreOffice [2012/10/14 21:40:21 | 000,000,000 | ---D | M] -- C:\Users\Orangutanklaus\AppData\Roaming\temp [2012/10/15 12:25:55 | 000,000,000 | ---D | M] -- C:\Users\Orangutanklaus\AppData\Roaming\Thunderbird [2012/12/24 16:15:04 | 000,000,000 | ---D | M] -- C:\Users\Orangutanklaus\AppData\Roaming\Trine2 [2012/10/15 10:32:35 | 000,000,000 | ---D | M] -- C:\Users\Orangutanklaus\AppData\Roaming\TuneUp Software [2012/10/15 14:27:10 | 000,000,000 | ---D | M] -- C:\Users\Orangutanklaus\AppData\Roaming\UFOAI ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:734E442A < End of report > Code:
ATTFilter OTL Extras logfile created on: 29/12/2012 16:26:55 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Orangutanklaus\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: Großbritannien | Language: ENG | Date Format: dd/MM/yyyy 3.97 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 62.28% Memory free 7.93 Gb Paging File | 6.34 Gb Available in Paging File | 79.94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116.44 Gb Total Space | 41.02 Gb Free Space | 35.23% Space Free | Partition Type: NTFS Drive D: | 334.67 Gb Total Space | 186.34 Gb Free Space | 55.68% Space Free | Partition Type: NTFS Drive F: | 6.69 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: MOPEDTOBIAS | User Name: Orangutanklaus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1893243862-1216117510-140533761-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AutoUpdateDisableNotify" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{671CC7D0-2009-4790-99FD-B24954D59351}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | "{82456C17-FD66-40ED-BCD5-0DA6BEAAD098}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{8F400EB8-AB45-4DD9-B6FC-002DA7FDC8FD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{993024F9-9D29-419D-A430-11D4C971790B}" = lport=2869 | protocol=6 | dir=in | app=system | "{BABE473A-C1EF-4C66-A9B3-38CCC02A7733}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{210A12C1-728E-4D77-844C-75589167C3A9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{28C0734B-4A67-4D74-9553-AAAC5E4DE4FD}" = protocol=17 | dir=in | app=c:\users\orangutanklaus\appdata\roaming\dropbox\bin\dropbox.exe | "{3801AEC7-E0FD-4D84-B216-68EB45985E32}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{3B4F98A8-E724-4C6E-97D4-B63AB7369122}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{4387922F-EA3C-4C73-B024-31CA1A507A6B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{45AE64FA-336A-401D-B278-AF0A4B2B7DCC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{4E26026E-E1C0-43BE-84DC-ADBC9538AACB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{504B24A8-7B84-4D30-B6B1-A5E330818C8F}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{5388B13F-CE76-4432-89ED-65C4DBD8040C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{5E372A6E-DD08-4825-85AC-F9BACA3E12C9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{5EBB8B1E-9F14-4A5A-84A3-2B337F6336C5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{A61541D6-EC2E-44ED-B214-2866F035991C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{A6A471CC-9213-4938-9AED-72A549A2527F}" = protocol=6 | dir=in | app=c:\users\orangutanklaus\appdata\roaming\dropbox\bin\dropbox.exe | "{C58D0A67-E407-49C1-9AB8-AE16A7D982D1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{DD16608B-1D0B-4ACE-8548-D49A52090744}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{E071914A-3EC7-4522-84A0-27711A20D43C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{E402688B-2D5D-4A39-AFF1-6C6B5A14C912}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{ECBBAE17-4B9E-44CD-8594-4EE84B850A2A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{FC9B6F9A-A667-458B-9B9A-D3FBDE4422DF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "TCP Query User{013CFA43-0F9F-4148-9A83-BD2666B16F4F}C:\users\orangutanklaus\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\orangutanklaus\appdata\local\akamai\netsession_win.exe | "TCP Query User{083C08EB-006A-40FA-AD94-389E01840E7C}D:\games\xcom enemy unknown\binaries\win32\xcomgame.exe" = protocol=6 | dir=in | app=d:\games\xcom enemy unknown\binaries\win32\xcomgame.exe | "TCP Query User{7B1FC4FA-D907-4F6E-AAC0-EA7CCB4F6D5E}D:\games\borderlands goty edition\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\games\borderlands goty edition\binaries\borderlands.exe | "TCP Query User{C7A7B8F3-D8EB-4FD5-946D-1B5E3E8E4EAD}D:\games\trine2\trine 2\trine2_32bit.exe" = protocol=6 | dir=in | app=d:\games\trine2\trine 2\trine2_32bit.exe | "TCP Query User{DCC5D44A-4D71-4B7E-87D8-2DBC88D02396}D:\games\trine 2\trine2_32bit.exe" = protocol=6 | dir=in | app=d:\games\trine 2\trine2_32bit.exe | "UDP Query User{0C50696C-14FC-4127-A41B-4BFBD6A29F8A}D:\games\trine2\trine 2\trine2_32bit.exe" = protocol=17 | dir=in | app=d:\games\trine2\trine 2\trine2_32bit.exe | "UDP Query User{7B5F7345-52E1-4F12-ABC0-FD1D324FB8D5}C:\users\orangutanklaus\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\orangutanklaus\appdata\local\akamai\netsession_win.exe | "UDP Query User{96623EE5-47DB-4914-A5F0-007FACAADE19}D:\games\borderlands goty edition\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\games\borderlands goty edition\binaries\borderlands.exe | "UDP Query User{A62810C5-20E2-48C4-BB46-68761B22D53B}D:\games\xcom enemy unknown\binaries\win32\xcomgame.exe" = protocol=17 | dir=in | app=d:\games\xcom enemy unknown\binaries\win32\xcomgame.exe | "UDP Query User{A65857ED-19B7-4DD9-ADE1-F4F50B5EC785}D:\games\trine 2\trine2_32bit.exe" = protocol=17 | dir=in | app=d:\games\trine 2\trine2_32bit.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{3768263E-8BE8-4CEF-9463-6D36F731824B}" = Windows Live Family Safety "{73105254-4936-47AC-ACDE-08D11D25E3DB}" = AVG 2013 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B9D80BD8-C6F4-467C-9717-0ABA9684DA29}" = AVG 2013 "{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "AVG" = AVG 2013 "CCleaner" = CCleaner "Defraggler" = Defraggler "Elantech" = ETDWare PS/2-x64 7.0.5.7_WHQL "GIMP-2_is1" = GIMP 2.8.2 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NVIDIA Drivers" = NVIDIA Drivers "Redirection Port Monitor" = RedMon - Redirection Port Monitor "USB 2.0 UVC 0.3M WebCam" = USB 2.0 UVC 0.3M WebCam "VLC media player" = VLC media player 2.1.0-git-20120328-0404 "WinRAR archiver" = WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery "{1E85458A-9B00-443F-A187-2E06DBB15E43}" = LibreOffice 3.6 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2 "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie "{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{95120000-0120-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch "{B5A5627C-0173-4DB2-ADA8-740479370F67}" = Express Gate "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media "{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{DFC7C972-62E8-11D4-8210-0060085A2ADC}" = PRIMER 5 "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ASUS_UL_Series_Screensaver" = ASUS_UL_Series_Screensaver "Borderlands-u-GOTY_is1" = Borderlands "CrystalDiskInfo_is1" = CrystalDiskInfo 5.0.5 "DAEMON Tools Lite" = DAEMON Tools Lite "Distance 6.0" = Distance 6.0 "ENTERPRISE" = Microsoft Office Enterprise 2007 "EstimateS Win 8.20" = EstimateS Win 8.20 "Foxit Reader_is1" = Foxit Reader "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de) "Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "uninstall.exe" = iLinc Client "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials "XCOM: Enemy Unknown_is1" = XCOM: Enemy Unknown ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1893243862-1216117510-140533761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 05/11/2012 09:55:36 | Computer Name = Mopedtobias | Source = acvpninstall | ID = 67108866 Description = Error - 05/11/2012 09:55:36 | Computer Name = Mopedtobias | Source = acvpninstall | ID = 67108866 Description = Error - 05/11/2012 10:01:10 | Computer Name = Mopedtobias | Source = RasClient | ID = 20227 Description = Error - 05/11/2012 10:04:52 | Computer Name = Mopedtobias | Source = RasClient | ID = 20227 Description = Error - 05/11/2012 11:07:06 | Computer Name = Mopedtobias | Source = Application Hang | ID = 1002 Description = Programm soffice.bin, Version 3.6.2.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c9c Startzeit: 01cdbb67142185f1 Endzeit: 10 Anwendungspfad: C:\Program Files (x86)\LibreOffice 3.6\program\soffice.bin Berichts-ID: Error - 05/11/2012 11:22:47 | Computer Name = Mopedtobias | Source = Application Hang | ID = 1002 Description = Programm fpsetup.exe, Version 4.0.0.44 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: a78 Startzeit: 01cdbb6957481f71 Endzeit: 31 Anwendungspfad: C:\Users\Orangutanklaus\AppData\Local\Temp\IXP000.TMP\fpsetup.exe Berichts-ID: a5594456-275c-11e2-b737-485b390af144 Error - 17/11/2012 19:05:06 | Computer Name = Mopedtobias | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: smartlogon.exe, Version: 1.0.7.5, Zeitstempel: 0x4a111446 Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7601.17932, Zeitstempel: 0x50327671 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001160c ID des fehlerhaften Prozesses: 0xef8 Startzeit der fehlerhaften Anwendung: 0x01cdc4ee030a78ec Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe Pfad des fehlerhaften Moduls: C:\Windows\syswow64\kernel32.dll Berichtskennung: 39650e4b-310b-11e2-ab06-485b390af144 Error - 26/11/2012 09:13:41 | Computer Name = Mopedtobias | Source = Application Hang | ID = 1002 Description = Programm Distance.exe, Version 6.0.0.56 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 74c Startzeit: 01cdcbd764c4e5bd Endzeit: 10 Anwendungspfad: C:\Program Files (x86)\Distance 6\Distance.exe Berichts-ID: 13703cfd-37cb-11e2-9ba0-485b390af144 Error - 26/11/2012 09:16:30 | Computer Name = Mopedtobias | Source = Application Hang | ID = 1002 Description = Programm Distance.exe, Version 6.0.0.56 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 10ec Startzeit: 01cdcbd7dbff188e Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\Distance 6\Distance.exe Berichts-ID: 7b697799-37cb-11e2-9ba0-485b390af144 Error - 26/11/2012 09:37:33 | Computer Name = Mopedtobias | Source = Application Hang | ID = 1002 Description = Programm Distance.exe, Version 6.0.0.56 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e10 Startzeit: 01cdcbd9ea2d755a Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\Distance 6\Distance.exe Berichts-ID: 6bea2b74-37ce-11e2-87e8-485b390af144 [ Cisco AnyConnect Secure Mobility Client Events ] Error - 05/11/2012 09:56:34 | Computer Name = Mopedtobias | Source = acvpnagent | ID = 67108866 Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp Line: 254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT Error - 05/11/2012 09:56:34 | Computer Name = Mopedtobias | Source = acvpnagent | ID = 67108866 Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp Line: 1194 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT Error - 05/11/2012 09:56:34 | Computer Name = Mopedtobias | Source = acvpnagent | ID = 67108866 Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp Line: 1024 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363 (0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target Error - 05/11/2012 09:56:34 | Computer Name = Mopedtobias | Source = acvpnagent | ID = 67108866 Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line: 860 Invoked Function: CNetEnvironment::TestAccessToSG Return Code: -28901363 (0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target Error - 05/11/2012 09:57:04 | Computer Name = Mopedtobias | Source = acvpnagent | ID = 67108866 Description = Function: URL::URL File: .\Utility\URL.cpp Line: 46 Invoked Function: URL::setURL Return Code: -28508150 (0xFE4D000A) Description: URL_ERROR_BAD_URL parameter= Error - 05/11/2012 09:57:12 | Computer Name = Mopedtobias | Source = acvpnagent | ID = 67108866 Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp Line: 254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT Error - 05/11/2012 09:57:12 | Computer Name = Mopedtobias | Source = acvpnagent | ID = 67108866 Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp Line: 1194 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT Error - 05/11/2012 09:57:12 | Computer Name = Mopedtobias | Source = acvpnagent | ID = 67108866 Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp Line: 1024 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363 (0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target Error - 05/11/2012 09:57:12 | Computer Name = Mopedtobias | Source = acvpnagent | ID = 67108866 Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line: 860 Invoked Function: CNetEnvironment::TestAccessToSG Return Code: -28901363 (0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target Error - 05/11/2012 09:57:24 | Computer Name = Mopedtobias | Source = acvpnagent | ID = 67110873 Description = Termination reason code 7: The agent has been stopped. [ System Events ] Error - 25/12/2012 00:45:42 | Computer Name = Mopedtobias | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 25/12/2012 08:53:41 | Computer Name = Mopedtobias | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 25/12/2012 08:53:49 | Computer Name = Mopedtobias | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 25/12/2012 11:17:15 | Computer Name = Mopedtobias | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 25/12/2012 13:37:11 | Computer Name = Mopedtobias | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 25/12/2012 13:37:17 | Computer Name = Mopedtobias | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 25/12/2012 15:22:02 | Computer Name = Mopedtobias | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 26/12/2012 21:05:01 | Computer Name = Mopedtobias | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 26/12/2012 21:05:05 | Computer Name = Mopedtobias | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 27/12/2012 00:17:08 | Computer Name = Mopedtobias | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 < End of report > ![]() Geändert von Mopedtobias! (29.12.2012 um 16:37 Uhr) |
![]() | #2 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() GVU-Trojaner Hi
__________________finger weg von der Systemwiederherstellung bei Malware befall, dass kan Probleme verursachen! download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ |
![]() | #3 |
| ![]() GVU-Trojaner Danke für die schnelle Antwort!!!
__________________Hier der Log vom TDSSKiller Code:
ATTFilter 19:15:08.0171 3740 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 19:15:08.0431 3740 ============================================================ 19:15:08.0431 3740 Current date / time: 2012/12/29 19:15:08.0431 19:15:08.0431 3740 SystemInfo: 19:15:08.0431 3740 19:15:08.0431 3740 OS Version: 6.1.7601 ServicePack: 1.0 19:15:08.0431 3740 Product type: Workstation 19:15:08.0431 3740 ComputerName: MOPEDTOBIAS 19:15:08.0431 3740 UserName: Orangutanklaus 19:15:08.0431 3740 Windows directory: C:\Windows 19:15:08.0431 3740 System windows directory: C:\Windows 19:15:08.0431 3740 Running under WOW64 19:15:08.0431 3740 Processor architecture: Intel x64 19:15:08.0431 3740 Number of processors: 2 19:15:08.0431 3740 Page size: 0x1000 19:15:08.0431 3740 Boot type: Normal boot 19:15:08.0431 3740 ============================================================ 19:15:08.0981 3740 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:15:08.0991 3740 ============================================================ 19:15:08.0991 3740 \Device\Harddisk0\DR0: 19:15:08.0991 3740 MBR partitions: 19:15:08.0991 3740 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4B178, BlocksNum 0xE8E0360 19:15:09.0011 3740 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1062B517, BlocksNum 0x29D5972A 19:15:09.0011 3740 ============================================================ 19:15:09.0041 3740 C: <-> \Device\Harddisk0\DR0\Partition1 19:15:09.0081 3740 D: <-> \Device\Harddisk0\DR0\Partition2 19:15:09.0081 3740 ============================================================ 19:15:09.0081 3740 Initialize success 19:15:09.0081 3740 ============================================================ 19:16:07.0354 3212 ============================================================ 19:16:07.0354 3212 Scan started 19:16:07.0354 3212 Mode: Manual; SigCheck; TDLFS; 19:16:07.0354 3212 ============================================================ 19:16:08.0742 3212 ================ Scan system memory ======================== 19:16:08.0742 3212 System memory - ok 19:16:08.0742 3212 ================ Scan services ============================= 19:16:08.0945 3212 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 19:16:09.0335 3212 1394ohci - ok 19:16:09.0382 3212 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 19:16:09.0398 3212 ACPI - ok 19:16:09.0444 3212 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 19:16:09.0491 3212 AcpiPmi - ok 19:16:09.0600 3212 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 19:16:09.0632 3212 AdobeARMservice - ok 19:16:09.0678 3212 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 19:16:09.0710 3212 adp94xx - ok 19:16:09.0741 3212 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 19:16:09.0772 3212 adpahci - ok 19:16:09.0819 3212 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 19:16:09.0834 3212 adpu320 - ok 19:16:09.0866 3212 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 19:16:09.0959 3212 AeLookupSvc - ok 19:16:10.0022 3212 [ FB2BE0BAE9B3F248080CDBF91EF16C7F ] AFBAgent C:\Windows\system32\FBAgent.exe 19:16:10.0084 3212 AFBAgent - ok 19:16:10.0146 3212 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 19:16:10.0209 3212 AFD - ok 19:16:10.0256 3212 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 19:16:10.0271 3212 agp440 - ok 19:16:10.0302 3212 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 19:16:10.0349 3212 ALG - ok 19:16:10.0380 3212 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 19:16:10.0396 3212 aliide - ok 19:16:10.0412 3212 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 19:16:10.0427 3212 amdide - ok 19:16:10.0490 3212 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 19:16:10.0536 3212 AmdK8 - ok 19:16:10.0552 3212 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 19:16:10.0599 3212 AmdPPM - ok 19:16:10.0630 3212 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 19:16:10.0661 3212 amdsata - ok 19:16:10.0692 3212 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 19:16:10.0708 3212 amdsbs - ok 19:16:10.0739 3212 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 19:16:10.0755 3212 amdxata - ok 19:16:10.0786 3212 [ 9C7F164B49CADC658D1B3C575782F346 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS 19:16:10.0833 3212 AmUStor - ok 19:16:10.0880 3212 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 19:16:10.0958 3212 AppID - ok 19:16:10.0973 3212 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 19:16:11.0051 3212 AppIDSvc - ok 19:16:11.0145 3212 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 19:16:11.0207 3212 Appinfo - ok 19:16:11.0254 3212 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 19:16:11.0285 3212 arc - ok 19:16:11.0301 3212 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 19:16:11.0316 3212 arcsas - ok 19:16:11.0394 3212 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe 19:16:11.0410 3212 ASLDRService - ok 19:16:11.0472 3212 [ 2DB34EDD17D3A8DA7105A19C95A3DD68 ] ASMMAP64 C:\Program Files\ATKGFNEX\ASMMAP64.sys 19:16:11.0504 3212 ASMMAP64 - ok 19:16:11.0535 3212 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 19:16:11.0613 3212 AsyncMac - ok 19:16:11.0675 3212 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 19:16:11.0691 3212 atapi - ok 19:16:11.0784 3212 [ A5E770426D18F8EF332A593F3289DA91 ] athr C:\Windows\system32\DRIVERS\athrx.sys 19:16:11.0940 3212 athr - ok 19:16:11.0972 3212 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe 19:16:11.0987 3212 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning 19:16:11.0987 3212 ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1) 19:16:12.0050 3212 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 19:16:12.0143 3212 AudioEndpointBuilder - ok 19:16:12.0159 3212 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 19:16:12.0221 3212 AudioSrv - ok 19:16:12.0408 3212 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe 19:16:12.0642 3212 AVGIDSAgent - ok 19:16:12.0689 3212 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys 19:16:12.0705 3212 AVGIDSDriver - ok 19:16:12.0767 3212 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys 19:16:12.0798 3212 AVGIDSHA - ok 19:16:12.0830 3212 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys 19:16:12.0845 3212 Avgldx64 - ok 19:16:12.0876 3212 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys 19:16:12.0892 3212 Avgloga - ok 19:16:12.0923 3212 [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys 19:16:12.0939 3212 Avgmfx64 - ok 19:16:12.0970 3212 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys 19:16:12.0986 3212 Avgrkx64 - ok 19:16:13.0017 3212 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys 19:16:13.0032 3212 Avgtdia - ok 19:16:13.0064 3212 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe 19:16:13.0095 3212 avgwd - ok 19:16:13.0157 3212 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 19:16:13.0220 3212 AxInstSV - ok 19:16:13.0266 3212 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 19:16:13.0313 3212 b06bdrv - ok 19:16:13.0360 3212 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 19:16:13.0407 3212 b57nd60a - ok 19:16:13.0438 3212 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 19:16:13.0469 3212 BDESVC - ok 19:16:13.0485 3212 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 19:16:13.0563 3212 Beep - ok 19:16:13.0625 3212 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 19:16:13.0734 3212 BFE - ok 19:16:13.0766 3212 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 19:16:13.0859 3212 BITS - ok 19:16:13.0906 3212 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 19:16:13.0953 3212 blbdrive - ok 19:16:13.0984 3212 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 19:16:14.0015 3212 bowser - ok 19:16:14.0046 3212 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 19:16:14.0109 3212 BrFiltLo - ok 19:16:14.0156 3212 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 19:16:14.0171 3212 BrFiltUp - ok 19:16:14.0187 3212 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 19:16:14.0234 3212 Browser - ok 19:16:14.0265 3212 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 19:16:14.0312 3212 Brserid - ok 19:16:14.0327 3212 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 19:16:14.0390 3212 BrSerWdm - ok 19:16:14.0405 3212 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 19:16:14.0452 3212 BrUsbMdm - ok 19:16:14.0452 3212 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 19:16:14.0514 3212 BrUsbSer - ok 19:16:14.0546 3212 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 19:16:14.0592 3212 BTHMODEM - ok 19:16:14.0639 3212 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 19:16:14.0717 3212 bthserv - ok 19:16:14.0748 3212 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 19:16:14.0811 3212 cdfs - ok 19:16:14.0858 3212 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 19:16:14.0873 3212 cdrom - ok 19:16:14.0904 3212 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 19:16:14.0982 3212 CertPropSvc - ok 19:16:15.0029 3212 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 19:16:15.0060 3212 circlass - ok 19:16:15.0092 3212 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 19:16:15.0123 3212 CLFS - ok 19:16:15.0170 3212 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:16:15.0185 3212 clr_optimization_v2.0.50727_32 - ok 19:16:15.0232 3212 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 19:16:15.0248 3212 clr_optimization_v2.0.50727_64 - ok 19:16:15.0341 3212 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 19:16:15.0372 3212 clr_optimization_v4.0.30319_32 - ok 19:16:15.0404 3212 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 19:16:15.0419 3212 clr_optimization_v4.0.30319_64 - ok 19:16:15.0466 3212 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 19:16:15.0497 3212 CmBatt - ok 19:16:15.0544 3212 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 19:16:15.0560 3212 cmdide - ok 19:16:15.0591 3212 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys 19:16:15.0653 3212 CNG - ok 19:16:15.0684 3212 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 19:16:15.0700 3212 Compbatt - ok 19:16:15.0731 3212 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 19:16:15.0762 3212 CompositeBus - ok 19:16:15.0794 3212 COMSysApp - ok 19:16:15.0809 3212 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 19:16:15.0825 3212 crcdisk - ok 19:16:15.0872 3212 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 19:16:15.0903 3212 CryptSvc - ok 19:16:15.0950 3212 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 19:16:16.0043 3212 DcomLaunch - ok 19:16:16.0074 3212 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 19:16:16.0152 3212 defragsvc - ok 19:16:16.0199 3212 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 19:16:16.0293 3212 DfsC - ok 19:16:16.0355 3212 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 19:16:16.0402 3212 Dhcp - ok 19:16:16.0433 3212 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 19:16:16.0496 3212 discache - ok 19:16:16.0527 3212 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 19:16:16.0542 3212 Disk - ok 19:16:16.0574 3212 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 19:16:16.0605 3212 Dnscache - ok 19:16:16.0652 3212 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 19:16:16.0714 3212 dot3svc - ok 19:16:16.0761 3212 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 19:16:16.0839 3212 DPS - ok 19:16:16.0870 3212 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 19:16:16.0886 3212 drmkaud - ok 19:16:16.0932 3212 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 19:16:16.0948 3212 dtsoftbus01 - ok 19:16:16.0995 3212 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 19:16:17.0042 3212 DXGKrnl - ok 19:16:17.0088 3212 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 19:16:17.0182 3212 EapHost - ok 19:16:17.0291 3212 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 19:16:17.0416 3212 ebdrv - ok 19:16:17.0447 3212 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 19:16:17.0510 3212 EFS - ok 19:16:17.0556 3212 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 19:16:17.0634 3212 ehRecvr - ok 19:16:17.0666 3212 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 19:16:17.0712 3212 ehSched - ok 19:16:17.0775 3212 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 19:16:17.0806 3212 elxstor - ok 19:16:17.0822 3212 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 19:16:17.0868 3212 ErrDev - ok 19:16:17.0900 3212 [ 1299D1EA00B7A4BF69C5869DCA31E0F6 ] ETD C:\Windows\system32\DRIVERS\ETD.sys 19:16:17.0946 3212 ETD - ok 19:16:17.0978 3212 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 19:16:18.0056 3212 EventSystem - ok 19:16:18.0087 3212 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 19:16:18.0165 3212 exfat - ok 19:16:18.0180 3212 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 19:16:18.0258 3212 fastfat - ok 19:16:18.0321 3212 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 19:16:18.0383 3212 Fax - ok 19:16:18.0414 3212 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 19:16:18.0461 3212 fdc - ok 19:16:18.0492 3212 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 19:16:18.0570 3212 fdPHost - ok 19:16:18.0586 3212 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 19:16:18.0648 3212 FDResPub - ok 19:16:18.0664 3212 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 19:16:18.0695 3212 FileInfo - ok 19:16:18.0711 3212 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 19:16:18.0773 3212 Filetrace - ok 19:16:18.0820 3212 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 19:16:18.0851 3212 flpydisk - ok 19:16:18.0898 3212 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 19:16:18.0945 3212 FltMgr - ok 19:16:18.0992 3212 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 19:16:19.0070 3212 FontCache - ok 19:16:19.0132 3212 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 19:16:19.0148 3212 FontCache3.0.0.0 - ok 19:16:19.0163 3212 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 19:16:19.0179 3212 FsDepends - ok 19:16:19.0241 3212 [ 5814011B2F6E088E29D689B5FCD49B8F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 19:16:19.0257 3212 fssfltr - ok 19:16:19.0319 3212 [ F6717211C1EC2CDDAA81B97B0727C2E9 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 19:16:19.0366 3212 fsssvc - ok 19:16:19.0397 3212 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 19:16:19.0413 3212 Fs_Rec - ok 19:16:19.0460 3212 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 19:16:19.0491 3212 fvevol - ok 19:16:19.0506 3212 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 19:16:19.0522 3212 gagp30kx - ok 19:16:19.0569 3212 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 19:16:19.0662 3212 gpsvc - ok 19:16:19.0694 3212 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 19:16:19.0725 3212 hcw85cir - ok 19:16:19.0772 3212 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 19:16:19.0818 3212 HdAudAddService - ok 19:16:19.0850 3212 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 19:16:19.0881 3212 HDAudBus - ok 19:16:19.0928 3212 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 19:16:19.0974 3212 HidBatt - ok 19:16:20.0006 3212 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 19:16:20.0052 3212 HidBth - ok 19:16:20.0068 3212 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 19:16:20.0099 3212 HidIr - ok 19:16:20.0130 3212 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 19:16:20.0193 3212 hidserv - ok 19:16:20.0255 3212 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 19:16:20.0286 3212 HidUsb - ok 19:16:20.0302 3212 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 19:16:20.0380 3212 hkmsvc - ok 19:16:20.0411 3212 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 19:16:20.0442 3212 HomeGroupListener - ok 19:16:20.0489 3212 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 19:16:20.0536 3212 HomeGroupProvider - ok 19:16:20.0567 3212 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 19:16:20.0583 3212 HpSAMD - ok 19:16:20.0630 3212 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 19:16:20.0723 3212 HTTP - ok 19:16:20.0754 3212 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 19:16:20.0770 3212 hwpolicy - ok 19:16:20.0801 3212 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 19:16:20.0832 3212 i8042prt - ok 19:16:20.0864 3212 [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 19:16:20.0879 3212 iaStor - ok 19:16:20.0910 3212 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 19:16:20.0942 3212 iaStorV - ok 19:16:21.0020 3212 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 19:16:21.0082 3212 idsvc - ok 19:16:21.0254 3212 [ DFEAF0A1D98D397035012C8E28D1520F ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 19:16:21.0519 3212 igfx - ok 19:16:21.0534 3212 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 19:16:21.0550 3212 iirsp - ok 19:16:21.0597 3212 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 19:16:21.0690 3212 IKEEXT - ok 19:16:21.0768 3212 [ E200F72882C1E4E45FA2C4B66F19F7FB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 19:16:21.0862 3212 IntcAzAudAddService - ok 19:16:21.0878 3212 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 19:16:21.0893 3212 intelide - ok 19:16:21.0924 3212 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 19:16:21.0956 3212 intelppm - ok 19:16:21.0987 3212 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 19:16:22.0065 3212 IPBusEnum - ok 19:16:22.0096 3212 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:16:22.0143 3212 IpFilterDriver - ok 19:16:22.0205 3212 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 19:16:22.0252 3212 iphlpsvc - ok 19:16:22.0299 3212 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 19:16:22.0346 3212 IPMIDRV - ok 19:16:22.0392 3212 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 19:16:22.0455 3212 IPNAT - ok 19:16:22.0470 3212 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 19:16:22.0517 3212 IRENUM - ok 19:16:22.0533 3212 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 19:16:22.0548 3212 isapnp - ok 19:16:22.0580 3212 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 19:16:22.0611 3212 iScsiPrt - ok 19:16:22.0626 3212 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 19:16:22.0642 3212 kbdclass - ok 19:16:22.0673 3212 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 19:16:22.0720 3212 kbdhid - ok 19:16:22.0751 3212 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys 19:16:22.0767 3212 kbfiltr - ok 19:16:22.0782 3212 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 19:16:22.0798 3212 KeyIso - ok 19:16:22.0814 3212 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 19:16:22.0829 3212 KSecDD - ok 19:16:22.0860 3212 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 19:16:22.0876 3212 KSecPkg - ok 19:16:22.0907 3212 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 19:16:22.0970 3212 ksthunk - ok 19:16:23.0001 3212 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 19:16:23.0094 3212 KtmRm - ok 19:16:23.0126 3212 [ 2377EC4CC3E356655B996F39B43486B6 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys 19:16:23.0157 3212 L1C - ok 19:16:23.0204 3212 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 19:16:23.0266 3212 LanmanServer - ok 19:16:23.0313 3212 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 19:16:23.0391 3212 LanmanWorkstation - ok 19:16:23.0422 3212 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 19:16:23.0484 3212 lltdio - ok 19:16:23.0531 3212 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 19:16:23.0594 3212 lltdsvc - ok 19:16:23.0609 3212 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 19:16:23.0656 3212 lmhosts - ok 19:16:23.0687 3212 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 19:16:23.0703 3212 LSI_FC - ok 19:16:23.0718 3212 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 19:16:23.0750 3212 LSI_SAS - ok 19:16:23.0765 3212 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 19:16:23.0781 3212 LSI_SAS2 - ok 19:16:23.0796 3212 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 19:16:23.0812 3212 LSI_SCSI - ok 19:16:23.0828 3212 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 19:16:23.0906 3212 luafv - ok 19:16:23.0937 3212 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 19:16:23.0952 3212 Mcx2Svc - ok 19:16:23.0984 3212 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 19:16:23.0999 3212 megasas - ok 19:16:24.0015 3212 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 19:16:24.0046 3212 MegaSR - ok 19:16:24.0124 3212 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 19:16:24.0140 3212 Microsoft Office Groove Audit Service - ok 19:16:24.0202 3212 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 19:16:24.0280 3212 MMCSS - ok 19:16:24.0296 3212 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 19:16:24.0374 3212 Modem - ok 19:16:24.0420 3212 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 19:16:24.0452 3212 monitor - ok 19:16:24.0483 3212 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 19:16:24.0498 3212 mouclass - ok 19:16:24.0514 3212 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 19:16:24.0576 3212 mouhid - ok 19:16:24.0608 3212 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 19:16:24.0623 3212 mountmgr - ok 19:16:24.0670 3212 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 19:16:24.0701 3212 MozillaMaintenance - ok 19:16:24.0732 3212 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 19:16:24.0764 3212 mpio - ok 19:16:24.0795 3212 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 19:16:24.0857 3212 mpsdrv - ok 19:16:24.0904 3212 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 19:16:24.0998 3212 MpsSvc - ok 19:16:25.0029 3212 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 19:16:25.0091 3212 MRxDAV - ok 19:16:25.0122 3212 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 19:16:25.0169 3212 mrxsmb - ok 19:16:25.0185 3212 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:16:25.0232 3212 mrxsmb10 - ok 19:16:25.0232 3212 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:16:25.0278 3212 mrxsmb20 - ok 19:16:25.0310 3212 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 19:16:25.0325 3212 msahci - ok 19:16:25.0356 3212 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 19:16:25.0372 3212 msdsm - ok 19:16:25.0403 3212 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 19:16:25.0434 3212 MSDTC - ok 19:16:25.0481 3212 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 19:16:25.0544 3212 Msfs - ok 19:16:25.0590 3212 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 19:16:25.0653 3212 mshidkmdf - ok 19:16:25.0684 3212 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 19:16:25.0700 3212 msisadrv - ok 19:16:25.0731 3212 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 19:16:25.0793 3212 MSiSCSI - ok 19:16:25.0809 3212 msiserver - ok 19:16:25.0871 3212 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 19:16:25.0949 3212 MSKSSRV - ok 19:16:25.0965 3212 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 19:16:26.0027 3212 MSPCLOCK - ok 19:16:26.0043 3212 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 19:16:26.0105 3212 MSPQM - ok 19:16:26.0136 3212 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 19:16:26.0168 3212 MsRPC - ok 19:16:26.0199 3212 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 19:16:26.0214 3212 mssmbios - ok 19:16:26.0230 3212 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 19:16:26.0308 3212 MSTEE - ok 19:16:26.0308 3212 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 19:16:26.0370 3212 MTConfig - ok 19:16:26.0417 3212 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys 19:16:26.0433 3212 MTsensor - ok 19:16:26.0464 3212 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 19:16:26.0480 3212 Mup - ok 19:16:26.0511 3212 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 19:16:26.0589 3212 napagent - ok 19:16:26.0636 3212 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 19:16:26.0698 3212 NativeWifiP - ok 19:16:26.0760 3212 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 19:16:26.0823 3212 NDIS - ok 19:16:26.0838 3212 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 19:16:26.0901 3212 NdisCap - ok 19:16:26.0948 3212 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 19:16:27.0010 3212 NdisTapi - ok 19:16:27.0041 3212 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 19:16:27.0119 3212 Ndisuio - ok 19:16:27.0150 3212 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 19:16:27.0213 3212 NdisWan - ok 19:16:27.0260 3212 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 19:16:27.0306 3212 NDProxy - ok 19:16:27.0338 3212 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 19:16:27.0400 3212 NetBIOS - ok 19:16:27.0431 3212 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 19:16:27.0509 3212 NetBT - ok 19:16:27.0540 3212 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 19:16:27.0556 3212 Netlogon - ok 19:16:27.0587 3212 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 19:16:27.0665 3212 Netman - ok 19:16:27.0696 3212 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 19:16:27.0774 3212 netprofm - ok 19:16:27.0806 3212 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 19:16:27.0821 3212 NetTcpPortSharing - ok 19:16:27.0837 3212 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 19:16:27.0852 3212 nfrd960 - ok 19:16:27.0899 3212 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 19:16:27.0930 3212 NlaSvc - ok 19:16:27.0962 3212 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 19:16:28.0008 3212 Npfs - ok 19:16:28.0024 3212 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 19:16:28.0102 3212 nsi - ok 19:16:28.0133 3212 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 19:16:28.0196 3212 nsiproxy - ok 19:16:28.0258 3212 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 19:16:28.0352 3212 Ntfs - ok 19:16:28.0383 3212 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 19:16:28.0461 3212 Null - ok 19:16:28.0492 3212 [ 6E41A4DF26340A07A489B721F9721EC1 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 19:16:28.0508 3212 NVHDA - ok 19:16:28.0742 3212 [ 5A9A416F77E98686079E4D7F90A55498 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 19:16:29.0147 3212 nvlddmkm - ok 19:16:29.0178 3212 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 19:16:29.0210 3212 nvraid - ok 19:16:29.0225 3212 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 19:16:29.0241 3212 nvstor - ok 19:16:29.0319 3212 [ 72545FE7BD0410E72D00B0029DAE3700 ] nvsvc C:\Windows\system32\nvvsvc.exe 19:16:29.0381 3212 nvsvc - ok 19:16:29.0397 3212 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 19:16:29.0428 3212 nv_agp - ok 19:16:29.0475 3212 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 19:16:29.0506 3212 odserv - ok 19:16:29.0537 3212 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 19:16:29.0568 3212 ohci1394 - ok 19:16:29.0615 3212 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 19:16:29.0646 3212 ose - ok 19:16:29.0678 3212 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 19:16:29.0709 3212 p2pimsvc - ok 19:16:29.0740 3212 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 19:16:29.0771 3212 p2psvc - ok 19:16:29.0818 3212 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 19:16:29.0849 3212 Parport - ok 19:16:29.0880 3212 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 19:16:29.0896 3212 partmgr - ok 19:16:29.0912 3212 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 19:16:29.0958 3212 PcaSvc - ok 19:16:29.0974 3212 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 19:16:30.0005 3212 pci - ok 19:16:30.0036 3212 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 19:16:30.0052 3212 pciide - ok 19:16:30.0083 3212 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 19:16:30.0114 3212 pcmcia - ok 19:16:30.0130 3212 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 19:16:30.0146 3212 pcw - ok 19:16:30.0192 3212 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 19:16:30.0286 3212 PEAUTH - ok 19:16:30.0364 3212 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 19:16:30.0411 3212 PerfHost - ok 19:16:30.0489 3212 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 19:16:30.0598 3212 pla - ok 19:16:30.0629 3212 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 19:16:30.0660 3212 PlugPlay - ok 19:16:30.0707 3212 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 19:16:30.0738 3212 PNRPAutoReg - ok 19:16:30.0770 3212 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 19:16:30.0785 3212 PNRPsvc - ok 19:16:30.0832 3212 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 19:16:30.0894 3212 PolicyAgent - ok 19:16:30.0941 3212 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 19:16:31.0004 3212 Power - ok 19:16:31.0035 3212 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 19:16:31.0113 3212 PptpMiniport - ok 19:16:31.0128 3212 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 19:16:31.0144 3212 Processor - ok 19:16:31.0191 3212 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 19:16:31.0222 3212 ProfSvc - ok 19:16:31.0238 3212 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 19:16:31.0269 3212 ProtectedStorage - ok 19:16:31.0316 3212 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 19:16:31.0378 3212 Psched - ok 19:16:31.0440 3212 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 19:16:31.0534 3212 ql2300 - ok 19:16:31.0534 3212 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 19:16:31.0565 3212 ql40xx - ok 19:16:31.0581 3212 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 19:16:31.0612 3212 QWAVE - ok 19:16:31.0628 3212 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 19:16:31.0674 3212 QWAVEdrv - ok 19:16:31.0690 3212 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 19:16:31.0752 3212 RasAcd - ok 19:16:31.0799 3212 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 19:16:31.0862 3212 RasAgileVpn - ok 19:16:31.0893 3212 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 19:16:31.0955 3212 RasAuto - ok 19:16:31.0986 3212 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 19:16:32.0049 3212 Rasl2tp - ok 19:16:32.0127 3212 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 19:16:32.0205 3212 RasMan - ok 19:16:32.0252 3212 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 19:16:32.0314 3212 RasPppoe - ok 19:16:32.0330 3212 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 19:16:32.0392 3212 RasSstp - ok 19:16:32.0423 3212 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 19:16:32.0501 3212 rdbss - ok 19:16:32.0548 3212 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 19:16:32.0579 3212 rdpbus - ok 19:16:32.0610 3212 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 19:16:32.0673 3212 RDPCDD - ok 19:16:32.0704 3212 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 19:16:32.0766 3212 RDPENCDD - ok 19:16:32.0798 3212 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 19:16:32.0860 3212 RDPREFMP - ok 19:16:32.0922 3212 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 19:16:32.0954 3212 RdpVideoMiniport - ok 19:16:32.0985 3212 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 19:16:33.0032 3212 RDPWD - ok 19:16:33.0078 3212 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 19:16:33.0110 3212 rdyboost - ok 19:16:33.0125 3212 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 19:16:33.0203 3212 RemoteAccess - ok 19:16:33.0234 3212 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 19:16:33.0297 3212 RemoteRegistry - ok 19:16:33.0344 3212 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 19:16:33.0406 3212 RpcEptMapper - ok 19:16:33.0437 3212 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 19:16:33.0484 3212 RpcLocator - ok 19:16:33.0531 3212 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 19:16:33.0578 3212 RpcSs - ok 19:16:33.0624 3212 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 19:16:33.0687 3212 rspndr - ok 19:16:33.0702 3212 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 19:16:33.0718 3212 SamSs - ok 19:16:33.0765 3212 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 19:16:33.0796 3212 sbp2port - ok 19:16:33.0812 3212 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 19:16:33.0874 3212 SCardSvr - ok 19:16:33.0905 3212 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 19:16:33.0952 3212 scfilter - ok 19:16:34.0014 3212 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 19:16:34.0124 3212 Schedule - ok 19:16:34.0155 3212 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 19:16:34.0202 3212 SCPolicySvc - ok 19:16:34.0217 3212 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 19:16:34.0264 3212 SDRSVC - ok 19:16:34.0295 3212 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 19:16:34.0373 3212 secdrv - ok 19:16:34.0420 3212 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 19:16:34.0482 3212 seclogon - ok 19:16:34.0514 3212 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 19:16:34.0592 3212 SENS - ok 19:16:34.0623 3212 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 19:16:34.0654 3212 SensrSvc - ok 19:16:34.0701 3212 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 19:16:34.0732 3212 Serenum - ok 19:16:34.0763 3212 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 19:16:34.0794 3212 Serial - ok 19:16:34.0826 3212 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 19:16:34.0872 3212 sermouse - ok 19:16:34.0904 3212 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 19:16:34.0966 3212 SessionEnv - ok 19:16:34.0997 3212 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 19:16:35.0028 3212 sffdisk - ok 19:16:35.0060 3212 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 19:16:35.0075 3212 sffp_mmc - ok 19:16:35.0075 3212 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 19:16:35.0122 3212 sffp_sd - ok 19:16:35.0153 3212 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 19:16:35.0200 3212 sfloppy - ok 19:16:35.0231 3212 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 19:16:35.0278 3212 SharedAccess - ok 19:16:35.0325 3212 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 19:16:35.0418 3212 ShellHWDetection - ok 19:16:35.0450 3212 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys 19:16:35.0465 3212 SiSGbeLH - ok 19:16:35.0496 3212 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 19:16:35.0512 3212 SiSRaid2 - ok 19:16:35.0528 3212 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 19:16:35.0543 3212 SiSRaid4 - ok 19:16:35.0559 3212 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 19:16:35.0621 3212 Smb - ok 19:16:35.0668 3212 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 19:16:35.0699 3212 SNMPTRAP - ok 19:16:35.0793 3212 [ A415C67B40DFB903ACCC1D40FBEE3269 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys 19:16:35.0886 3212 SNP2UVC - ok 19:16:35.0918 3212 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 19:16:35.0933 3212 spldr - ok 19:16:35.0964 3212 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 19:16:36.0011 3212 Spooler - ok 19:16:36.0136 3212 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 19:16:36.0308 3212 sppsvc - ok 19:16:36.0339 3212 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 19:16:36.0417 3212 sppuinotify - ok 19:16:36.0464 3212 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 19:16:36.0510 3212 srv - ok 19:16:36.0542 3212 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 19:16:36.0588 3212 srv2 - ok 19:16:36.0604 3212 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 19:16:36.0620 3212 srvnet - ok 19:16:36.0666 3212 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 19:16:36.0744 3212 SSDPSRV - ok 19:16:36.0776 3212 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 19:16:36.0854 3212 SstpSvc - ok 19:16:36.0885 3212 Steam Client Service - ok 19:16:36.0916 3212 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 19:16:36.0947 3212 stexstor - ok 19:16:36.0994 3212 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 19:16:37.0056 3212 stisvc - ok 19:16:37.0072 3212 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 19:16:37.0088 3212 swenum - ok 19:16:37.0150 3212 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 19:16:37.0244 3212 swprv - ok 19:16:37.0306 3212 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 19:16:37.0415 3212 SysMain - ok 19:16:37.0462 3212 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 19:16:37.0509 3212 TabletInputService - ok 19:16:37.0524 3212 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 19:16:37.0602 3212 TapiSrv - ok 19:16:37.0634 3212 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 19:16:37.0696 3212 TBS - ok 19:16:37.0758 3212 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 19:16:37.0868 3212 Tcpip - ok 19:16:37.0930 3212 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 19:16:37.0977 3212 TCPIP6 - ok 19:16:38.0008 3212 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 19:16:38.0039 3212 tcpipreg - ok 19:16:38.0070 3212 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 19:16:38.0102 3212 TDPIPE - ok 19:16:38.0133 3212 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 19:16:38.0164 3212 TDTCP - ok 19:16:38.0211 3212 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 19:16:38.0273 3212 tdx - ok 19:16:38.0304 3212 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 19:16:38.0320 3212 TermDD - ok 19:16:38.0351 3212 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 19:16:38.0429 3212 TermService - ok 19:16:38.0460 3212 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 19:16:38.0523 3212 Themes - ok 19:16:38.0554 3212 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 19:16:38.0601 3212 THREADORDER - ok 19:16:38.0632 3212 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 19:16:38.0694 3212 TrkWks - ok 19:16:38.0757 3212 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 19:16:38.0835 3212 TrustedInstaller - ok 19:16:38.0866 3212 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 19:16:38.0928 3212 tssecsrv - ok 19:16:38.0975 3212 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 19:16:39.0006 3212 TsUsbFlt - ok 19:16:39.0053 3212 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 19:16:39.0131 3212 tunnel - ok 19:16:39.0178 3212 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 19:16:39.0194 3212 uagp35 - ok 19:16:39.0240 3212 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 19:16:39.0303 3212 udfs - ok 19:16:39.0334 3212 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 19:16:39.0381 3212 UI0Detect - ok 19:16:39.0412 3212 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 19:16:39.0428 3212 uliagpkx - ok 19:16:39.0459 3212 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 19:16:39.0490 3212 umbus - ok 19:16:39.0521 3212 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 19:16:39.0537 3212 UmPass - ok 19:16:39.0584 3212 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 19:16:39.0662 3212 upnphost - ok 19:16:39.0693 3212 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 19:16:39.0708 3212 usbccgp - ok 19:16:39.0740 3212 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 19:16:39.0786 3212 usbcir - ok 19:16:39.0802 3212 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 19:16:39.0833 3212 usbehci - ok 19:16:39.0864 3212 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 19:16:39.0911 3212 usbhub - ok 19:16:39.0927 3212 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 19:16:39.0958 3212 usbohci - ok 19:16:40.0005 3212 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 19:16:40.0020 3212 usbprint - ok 19:16:40.0036 3212 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:16:40.0067 3212 USBSTOR - ok 19:16:40.0098 3212 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 19:16:40.0130 3212 usbuhci - ok 19:16:40.0145 3212 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 19:16:40.0192 3212 usbvideo - ok 19:16:40.0223 3212 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 19:16:40.0286 3212 UxSms - ok 19:16:40.0301 3212 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 19:16:40.0317 3212 VaultSvc - ok 19:16:40.0348 3212 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 19:16:40.0364 3212 vdrvroot - ok 19:16:40.0410 3212 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 19:16:40.0488 3212 vds - ok 19:16:40.0520 3212 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 19:16:40.0535 3212 vga - ok 19:16:40.0551 3212 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 19:16:40.0613 3212 VgaSave - ok 19:16:40.0676 3212 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 19:16:40.0691 3212 vhdmp - ok 19:16:40.0707 3212 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 19:16:40.0738 3212 viaide - ok 19:16:40.0769 3212 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 19:16:40.0785 3212 volmgr - ok 19:16:40.0832 3212 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 19:16:40.0863 3212 volmgrx - ok 19:16:40.0894 3212 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 19:16:40.0910 3212 volsnap - ok 19:16:40.0925 3212 vpnva - ok 19:16:40.0956 3212 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 19:16:40.0988 3212 vsmraid - ok 19:16:41.0066 3212 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 19:16:41.0237 3212 VSS - ok 19:16:41.0268 3212 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 19:16:41.0300 3212 vwifibus - ok 19:16:41.0331 3212 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 19:16:41.0362 3212 vwififlt - ok 19:16:41.0393 3212 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 19:16:41.0456 3212 W32Time - ok 19:16:41.0502 3212 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 19:16:41.0549 3212 WacomPen - ok 19:16:41.0596 3212 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 19:16:41.0658 3212 WANARP - ok 19:16:41.0674 3212 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 19:16:41.0721 3212 Wanarpv6 - ok 19:16:41.0783 3212 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 19:16:41.0877 3212 WatAdminSvc - ok 19:16:41.0939 3212 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 19:16:42.0048 3212 wbengine - ok 19:16:42.0080 3212 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 19:16:42.0126 3212 WbioSrvc - ok 19:16:42.0158 3212 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 19:16:42.0220 3212 wcncsvc - ok 19:16:42.0236 3212 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 19:16:42.0282 3212 WcsPlugInService - ok 19:16:42.0298 3212 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 19:16:42.0314 3212 Wd - ok 19:16:42.0360 3212 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 19:16:42.0407 3212 Wdf01000 - ok 19:16:42.0423 3212 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 19:16:42.0470 3212 WdiServiceHost - ok 19:16:42.0470 3212 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 19:16:42.0501 3212 WdiSystemHost - ok 19:16:42.0532 3212 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 19:16:42.0579 3212 WebClient - ok 19:16:42.0610 3212 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 19:16:42.0688 3212 Wecsvc - ok 19:16:42.0704 3212 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 19:16:42.0766 3212 wercplsupport - ok 19:16:42.0813 3212 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 19:16:42.0875 3212 WerSvc - ok 19:16:42.0906 3212 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 19:16:42.0953 3212 WfpLwf - ok 19:16:42.0984 3212 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys 19:16:43.0000 3212 WimFltr - ok 19:16:43.0031 3212 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 19:16:43.0047 3212 WIMMount - ok 19:16:43.0078 3212 WinDefend - ok 19:16:43.0078 3212 WinHttpAutoProxySvc - ok 19:16:43.0140 3212 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 19:16:43.0203 3212 Winmgmt - ok 19:16:43.0296 3212 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 19:16:43.0452 3212 WinRM - ok 19:16:43.0515 3212 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 19:16:43.0593 3212 Wlansvc - ok 19:16:43.0624 3212 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 19:16:43.0655 3212 WmiAcpi - ok 19:16:43.0686 3212 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 19:16:43.0733 3212 wmiApSrv - ok 19:16:43.0764 3212 WMPNetworkSvc - ok 19:16:43.0796 3212 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 19:16:43.0811 3212 WPCSvc - ok 19:16:43.0842 3212 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 19:16:43.0874 3212 WPDBusEnum - ok 19:16:43.0905 3212 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 19:16:43.0967 3212 ws2ifsl - ok 19:16:43.0983 3212 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 19:16:44.0045 3212 wscsvc - ok 19:16:44.0045 3212 WSearch - ok 19:16:44.0139 3212 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 19:16:44.0232 3212 wuauserv - ok 19:16:44.0264 3212 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 19:16:44.0295 3212 WudfPf - ok 19:16:44.0342 3212 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 19:16:44.0373 3212 WUDFRd - ok 19:16:44.0404 3212 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 19:16:44.0451 3212 wudfsvc - ok 19:16:44.0482 3212 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 19:16:44.0529 3212 WwanSvc - ok 19:16:44.0529 3212 ================ Scan global =============================== 19:16:44.0576 3212 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 19:16:44.0607 3212 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll 19:16:44.0622 3212 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll 19:16:44.0638 3212 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 19:16:44.0685 3212 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 19:16:44.0685 3212 [Global] - ok 19:16:44.0700 3212 ================ Scan MBR ================================== 19:16:44.0716 3212 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 19:16:45.0683 3212 \Device\Harddisk0\DR0 - ok 19:16:45.0683 3212 ================ Scan VBR ================================== 19:16:45.0683 3212 [ C3DAF0CF1E7D1A5C7CF2E6238AAEFAB4 ] \Device\Harddisk0\DR0\Partition1 19:16:45.0683 3212 \Device\Harddisk0\DR0\Partition1 - ok 19:16:45.0699 3212 [ E2A97CA7C1E82AF0C9D4D473D9F68013 ] \Device\Harddisk0\DR0\Partition2 19:16:45.0699 3212 \Device\Harddisk0\DR0\Partition2 - ok 19:16:45.0699 3212 ============================================================ 19:16:45.0699 3212 Scan finished 19:16:45.0699 3212 ============================================================ 19:16:45.0730 4952 Detected object count: 1 19:16:45.0730 4952 Actual detected object count: 1 19:21:40.0459 4952 C:\Program Files\ATKGFNEX\GFNEXSrv.exe - copied to quarantine 19:21:40.0469 4952 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine |
![]() | #4 | |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() GVU-Trojaner combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
![]() | #5 |
| ![]() GVU-Trojaner Frohes Neues! Hier die ComboFix.txt.... Code:
ATTFilter ComboFix 13-01-03.02 - Orangutanklaus 03/01/2013 13:59:36.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.4061.2524 [GMT 1:00] ausgeführt von:: c:\users\Orangutanklaus\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\FullRemove.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-12-03 bis 2013-01-03 )))))))))))))))))))))))))))))) . . 2013-01-03 13:08 . 2013-01-03 13:08 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-29 18:21 . 2012-12-29 18:21 -------- d-----w- C:\TDSSKiller_Quarantine 2012-12-29 11:11 . 2012-12-29 11:11 -------- d-----w- c:\users\Orangutanklaus\AppData\Roaming\Malwarebytes 2012-12-29 11:11 . 2012-12-29 11:11 -------- d-----w- c:\programdata\Malwarebytes 2012-12-29 11:11 . 2012-12-29 11:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-29 11:11 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-29 11:11 . 2012-12-29 11:11 -------- d-----w- c:\users\Orangutanklaus\AppData\Local\Programs 2012-12-28 14:55 . 2012-12-28 14:55 -------- d-----w- c:\users\Orangutanklaus\AppData\Local\FLT 2012-12-25 00:29 . 2012-12-25 12:54 -------- d-----w- c:\program files (x86)\Common Files\Steam 2012-12-25 00:29 . 2012-12-28 14:14 -------- d-----w- c:\program files (x86)\Steam 2012-12-24 15:06 . 2012-12-24 15:15 -------- d-----w- c:\users\Orangutanklaus\AppData\Roaming\Trine2 2012-12-21 22:26 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 22:26 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 22:26 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 22:26 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-12 21:30 . 2012-12-12 21:30 -------- d-----w- c:\users\Orangutanklaus\AppData\Local\DOSBox 2012-12-06 10:40 . 2012-12-06 12:04 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-25 12:55 . 2012-10-15 08:33 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-25 12:55 . 2012-10-15 08:33 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-12 23:59 . 2012-10-15 10:51 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-11-16 14:40 . 2012-11-16 14:40 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-11-16 14:40 . 2012-11-16 14:40 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-11-16 14:40 . 2012-11-16 14:40 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-22 12:02 . 2012-10-22 12:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2012-10-16 13:32 . 2012-10-16 13:32 197912 ----a-w- c:\windows\SysWow64\physxcudart_20.dll 2012-10-16 09:20 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-10-16 09:20 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-10-16 08:38 . 2012-11-28 17:55 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 17:55 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 17:55 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-15 12:19 . 2012-10-15 12:19 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-10-15 09:41 . 2012-10-15 09:41 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-10-15 09:41 . 2012-10-15 09:41 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-10-15 09:41 . 2012-10-15 09:41 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-10-15 09:41 . 2012-10-15 09:41 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-10-15 09:41 . 2012-10-15 09:41 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-10-15 09:41 . 2012-10-15 09:41 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-10-15 09:41 . 2012-10-15 09:41 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-10-15 09:41 . 2012-10-15 09:41 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-10-15 09:41 . 2012-10-15 09:41 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-10-15 09:41 . 2012-10-15 09:41 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-10-15 09:41 . 2012-10-15 09:41 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-10-15 09:41 . 2012-10-15 09:41 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-10-15 09:41 . 2012-10-15 09:41 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-10-15 09:41 . 2012-10-15 09:41 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-10-15 09:41 . 2012-10-15 09:41 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-10-15 09:41 . 2012-10-15 09:41 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-10-15 09:41 . 2012-10-15 09:41 222208 ----a-w- c:\windows\system32\msls31.dll 2012-10-15 09:41 . 2012-10-15 09:41 197120 ----a-w- c:\windows\system32\msrating.dll 2012-10-15 09:41 . 2012-10-15 09:41 65024 ----a-w- c:\windows\system32\pngfilt.dll 2012-10-15 09:41 . 2012-10-15 09:41 267776 ----a-w- c:\windows\system32\ieaksie.dll 2012-10-15 09:41 . 2012-10-15 09:41 163840 ----a-w- c:\windows\system32\ieakui.dll 2012-10-15 09:41 . 2012-10-15 09:41 149504 ----a-w- c:\windows\system32\occache.dll 2012-10-15 09:41 . 2012-10-15 09:41 12288 ----a-w- c:\windows\system32\mshta.exe 2012-10-15 09:41 . 2012-10-15 09:41 114176 ----a-w- c:\windows\system32\admparse.dll 2012-10-15 09:41 . 2012-10-15 09:41 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-10-15 09:41 . 2012-10-15 09:41 145920 ----a-w- c:\windows\system32\iepeers.dll 2012-10-15 09:41 . 2012-10-15 09:41 55296 ----a-w- c:\windows\system32\msfeedsbs.dll 2012-10-15 09:41 . 2012-10-15 09:41 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-10-15 09:41 . 2012-10-15 09:41 10752 ----a-w- c:\windows\system32\msfeedssync.exe 2012-10-15 09:41 . 2012-10-15 09:41 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-10-15 09:41 . 2012-10-15 09:41 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-10-15 09:41 . 2012-10-15 09:41 160256 ----a-w- c:\windows\system32\ieakeng.dll 2012-10-15 09:41 . 2012-10-15 09:41 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-10-15 09:41 . 2012-10-15 09:41 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-10-15 09:41 . 2012-10-15 09:41 82432 ----a-w- c:\windows\system32\icardie.dll 2012-10-15 09:41 . 2012-10-15 09:41 534528 ----a-w- c:\windows\system32\ieapfltr.dll 2012-10-15 09:41 . 2012-10-15 09:41 452608 ----a-w- c:\windows\system32\dxtmsft.dll 2012-10-15 09:41 . 2012-10-15 09:41 448512 ----a-w- c:\windows\system32\html.iec 2012-10-15 09:41 . 2012-10-15 09:41 3695416 ----a-w- c:\windows\system32\ieapfltr.dat 2012-10-15 09:41 . 2012-10-15 09:41 282112 ----a-w- c:\windows\system32\dxtrans.dll 2012-10-15 09:41 . 2012-10-15 09:41 89088 ----a-w- c:\windows\system32\ie4uinit.exe 2012-10-15 09:41 . 2012-10-15 09:41 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-10-15 09:41 . 2012-10-15 09:41 403248 ----a-w- c:\windows\system32\iedkcs32.dll 2012-10-15 09:41 . 2012-10-15 09:41 39936 ----a-w- c:\windows\system32\iernonce.dll 2012-10-15 09:41 . 2012-10-15 09:41 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-10-15 09:41 . 2012-10-15 09:41 249344 ----a-w- c:\windows\system32\webcheck.dll 2012-10-15 09:41 . 2012-10-15 09:41 160256 ----a-w- c:\windows\system32\wextract.exe 2012-10-15 09:41 . 2012-10-15 09:41 103936 ----a-w- c:\windows\system32\inseng.dll 2012-10-15 09:41 . 2012-10-15 09:41 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-10-15 02:48 . 2012-10-15 02:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2012-10-09 18:17 . 2012-11-15 09:41 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 18:17 . 2012-11-15 09:41 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-15 09:41 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-15 09:41 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Orangutanklaus\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Orangutanklaus\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Orangutanklaus\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-06 3143800] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\Orangutanklaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Orangutanklaus\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-22 28538560] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-2-25 12862] SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-2-25 156880] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-06 5814392] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-21 44032] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-14 1255736] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-15 283200] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552] S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-07-09 140800] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 58880] . . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Orangutanklaus\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Orangutanklaus\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Orangutanklaus\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Orangutanklaus\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-05 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-05 387608] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-05 365592] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-28 16336488] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 617856] . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://asus.msn.com uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.2 FF - ProfilePath - c:\users\Orangutanklaus\AppData\Roaming\Mozilla\Firefox\Profiles\b0n1ylj2.default\ FF - ExtSQL: 2012-11-16 12:25; support@lastpass.com; c:\users\Orangutanklaus\AppData\Roaming\Mozilla\Firefox\Profiles\b0n1ylj2.default\extensions\support@lastpass.com . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Orangutanklaus\AppData\Local\Akamai\netsession_win.exe Toolbar-Locked - (no file) AddRemove-ASUS_UL_Series_Screensaver - c:\windows\system32\ASUS_UL_Series_Screensaver.scr . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-01-03 14:21:31 ComboFix-quarantined-files.txt 2013-01-03 13:21 . Vor Suchlauf: 10 Verzeichnis(se), 44,748,427,264 Bytes frei Nach Suchlauf: 18 Verzeichnis(se), 44,559,712,256 Bytes frei . - - End Of File - - 37F6F00DF15117A8ABA4F5E8C0C8A085 THX! |
![]() | #6 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() GVU-Trojaner Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools,uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ --> GVU-Trojaner |
![]() | #7 |
| ![]() GVU-Trojaner Hallo, so...hatte CCleaner schon auf dem Rechner. Hab gemacht was du geschrieben hast. Hab noch ein weitere Tag dazugefügt: wahrscheinlich notwendig für ein paar Daten bei denen ich mir relativ sicher bin, dass sie zu Treiber oder ähnliches darstellen... Code:
ATTFilter Acrobat.com Adobe Systems Incorporated 25/02/2010 1.60MB 1.6.65 unbekannt Adobe AIR Adobe Systems Inc. 25/02/2010 1.5.0.7220 unbekannt Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 25/02/2010 10.0.32.18 unbekannt Adobe Flash Player 11 Plugin Adobe Systems Incorporated 25/12/2012 6.00MB 11.5.502.135 unbekannt Adobe Reader XI - Deutsch Adobe Systems Incorporated 15/10/2012 128MB 11.0.00 notwendig Alcor Micro USB Card Reader Alcor Micro Corp. 25/02/2010 2.89MB 1.5.17.25482 wahrscheinlich notwendig ASUS AI Recovery ASUS 25/02/2010 2.89MB 1.0.6 unnötig ASUS FancyStart ASUSTeK Computer Inc. 25/02/2010 10.5MB 1.0.6 unbekannt ASUS Live Update ASUS 25/02/2010 2.5.9 unbekannt ASUS Power4Gear Hybrid ASUS 25/02/2010 11.8MB 1.1.25 notwendig ASUS SmartLogon ASUS 25/02/2010 10.8MB 1.0.0007 unnötig ASUS Virtual Camera asus 25/02/2010 3.15MB 1.0.17 unbekannt ASUS_UL_Series_Screensaver 25/02/2010 unnötig Atheros Client Installation Program Atheros 25/02/2010 7 unbekannt Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 25/02/2010 1.0.0.10 unbekannt ATK Generic Function Service ATK 25/02/2010 1.00.0008 unbekannt ATK Hotkey ASUS 25/02/2010 5.74MB 1.0.0052 unbekannt ATK Media ASUS 25/02/2010 206KB 2.0.0006 unbekannt ATKOSD2 ASUS 25/02/2010 6.52MB 7.0.0006 unbekannt AVG 2013 AVG Technologies 10/12/2012 2013.0.2805 notwendig Borderlands 2K Games 16/10/2012 337MB 1.4.1 notwendig CCleaner Piriform 24/09/2012 3.23 notwendig ControlDeck ASUS 25/02/2010 1.81MB 1.0.4 notwendig CrystalDiskInfo 5.0.5 Crystal Dew World 15/10/2012 3.96MB 5.0.5 unbekannt CyberLink LabelPrint CyberLink Corp. 25/02/2010 137MB 2.5.1908 unbekannt CyberLink Power2Go CyberLink Corp. 25/02/2010 110MB 6.1.3509a unbekannt DAEMON Tools Lite DT Soft Ltd 15/10/2012 4.45.4.0316 notwendig Defraggler Piriform 15/10/2012 2.1 notwendig Distance 6.0 15/10/2012 notwendig Dropbox "Dropbox, Inc." 27/12/2012 1.6.10 notwendig EstimateS Win 8.20 15/10/2012 notwendig ETDWare PS/2-x64 7.0.5.7_WHQL 25/02/2010 unbekannt Express Gate "DeviceVM, Inc." 25/02/2010 382MB 1.2.13.23 wahrscheinlich notwendig Fast Boot ASUS 25/02/2010 1.44MB 1.0.4 wahrscheinlich notwendig Foxit Reader Foxit Corporation 15/10/2012 39.2MB 5.4.3.920 notwendig GIMP 2.8.2 The GIMP Team 16/11/2012 244MB 2.8.2 notwendig iLinc Client 16/11/2012 unbekannt Java 7 Update 9 Oracle 16/11/2012 128MB 7.0.90 unbekannt LibreOffice 3.6 The Document Foundation 16/10/2012 558MB 3.6.2.2 notwendig Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 29/12/2012 18.4MB 1.70.0.1100 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 15/10/2012 38.8MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 15/10/2012 2.93MB 4.0.30319 unbekannt Microsoft Office Enterprise 2007 Microsoft Corporation 27/10/2012 12.0.6612.1000 notwendig Microsoft Office File Validation Add-In Microsoft Corporation 28/10/2012 7.95MB 14.0.5130.5003 unbekannt Microsoft Office Live Add-in 1.5 Microsoft Corporation 28/10/2012 508KB 2.0.4024.1 unbekannt Microsoft Office Outlook Connector Microsoft Corporation 10/10/2012 6.13MB 12.0.6414.1000 unbekannt Microsoft Silverlight Microsoft Corporation 14/10/2012 32.2MB 4.1.10329.0 unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 10/10/2012 1.72MB 3.1.0000 unbekannt Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 10/10/2012 625KB 1.0.1215.0 unbekannt Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 10/10/2012 1.44MB 1.0.1215.0 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 15/10/2012 12.2MB 10.0.40219 unbekannt Mozilla Firefox 17.0.1 (x86 de) Mozilla 09/12/2012 41.5MB 17.0.1 notwendig Mozilla Maintenance Service Mozilla 09/12/2012 329KB 17.0.1 unbekannt Mozilla Thunderbird 17.0 (x86 de) Mozilla 06/12/2012 41.9MB 17 notwendig MSXML 4.0 SP3 Parser (KB2721691) Microsoft Corporation 15/10/2012 1.53MB 4.30.2114.0 unbekannt MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 25/02/2010 1.53MB 4.30.2107.0 unbekannt NVIDIA Drivers NVIDIA Corporation 25/02/2010 1.3 wahrscheinlich notwendig PRIMER 5 PRIMER-E 29/10/2012 7.19MB 5.2.9.0 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 25/02/2010 6.0.1.5942 wahrscheinlich notwendig RedMon - Redirection Port Monitor 05/11/2012 unbekannt SRS Premium Sound Control Panel "SRS Labs, Inc." 25/02/2010 1.78MB 1.8.1200 wahrscheinlich notwendig Steam Valve Corporation 25/12/2012 35.4MB 1.0.0.0 notwendig USB 2.0 UVC 0.3M WebCam 25/02/2010 unbekannt Visual Studio 2010 x64 Redistributables AVG Technologies 15/10/2012 12.4MB 13.0.0.1 unbekannt VLC media player 2.1.0-git-20120328-0404 VideoLAN 15/10/2012 2.1.0-git-20120328-0404 notwendig Winamp "Nullsoft, Inc" 28/10/2012 5.63 notwendig Windows Live Anmelde-Assistent Microsoft Corporation 15/10/2012 1.93MB 5.000.818.6 unbekannt Windows Live Essentials Microsoft Corporation 10/10/2012 14.0.8050.1202 unbekannt Windows Live Sync Microsoft Corporation 10/10/2012 2.79MB 14.0.8050.1202 unbekannt Windows Live-Uploadtool Microsoft Corporation 10/10/2012 224KB 14.0.8014.1029 unbekannt WinFlash ASUS 25/02/2010 1.28MB 2.29.0 unbekannt WinRAR 4.20 (64-Bit) win.rar GmbH 15/10/2012 4.20.0 notwendig Wireless Console 3 ASUS 25/02/2010 2.43MB 3.0.13 unbekannt XCOM: Enemy Unknown 28/12/2012 12.9GB notwendig |
![]() | #8 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() GVU-Trojaner deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: ASUS SmartLogon ASUS Virtual Camera : falls du keine camera nutzt ASUS_UL_Series_Screensaver CyberLink : beide Defraggler : windows 7 bzw vista defrag ist gut genug, ist nicht unbedingt nötig. Deinstaliere: Java downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Windows Live : alle für dich unnötigen. Öffne bitte CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
![]() | #9 |
| ![]() GVU-Trojaner Also.... ich hab alles deinstalliert. Bis auf: Die Kamera da ich sie doch ab und zu benutze. Und zur Adobe Software habe ich eine Frage. Soll ich komplett alle Adobe Einträge deinstallieren? Und anschließend neu installieren. Als pdf Reader benutze ich auch primär den Foxit Reader. Geändert von Mopedtobias! (05.01.2013 um 16:10 Uhr) |
![]() | #10 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() GVU-Trojaner Hi, flash player auf jeden fall, beim adobe Reader musst du dann überlegen, ob du ihn erneut instalierst? mir gefällt er besser, als die meisten Konkurenzprodukte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
![]() | #11 |
| ![]() GVU-Trojaner Ok super. Alles erledigt. Hier die Logfile vom ADWCleaner. Code:
ATTFilter # AdwCleaner v2.104 - Datei am 06/01/2013 um 00:35:21 erstellt # Aktualisiert am 29/12/2012 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Orangutanklaus - MOPEDTOBIAS # Bootmodus : Normal # Ausgeführt unter : C:\Users\Orangutanklaus\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** #NAME? [OK] Die Registrierungsdatenbank ist sauber. #NAME? Datei : C:\Users\Orangutanklaus\AppData\Roaming\Mozilla\Firefox\Profiles\b0n1ylj2.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [753 octets] - [06/01/2013 00:35:21] ########## EOF - C:\AdwCleaner[R1].txt - [812 octets] ########## |
![]() | #12 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() GVU-Trojaner OK, teste bitte, wie der PC läuft, + Programme. Wenn alles io ist: Öffne otl, bereinigen, pc startet neu, Remover werden gelöscht. Falls noch ein Setup über bleibt, löschen + die vorhandenen Logs, Papierkorb leeren. PC absichern: als antimalware programm würde ich emsisoft empfehlen. diese haben für mich den besten schutz kostet aber etwas. http://www.trojaner-board.de/103809-...i-malware.html testversion: Meine Antivirus-Empfehlung: Emsisoft Anti-Malware insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren. vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen. kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen. http://www.trojaner-board.de/110895-...antivirus.html sag mir welches du nutzt, dann gebe ich konfigurationshinweise. bitte dein bisheriges av deinstalieren die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch! http://www.trojaner-board.de/96344-a...-rechners.html Starte bitte mit der Passage, Windows Vista und Windows 7 Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist. aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen. als browser rate ich dir zu chrome: Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe anleitung lesen bitte falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen. Sandboxie Die devinition einer Sandbox ist hier nachzulesen: Sandbox Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen. Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen. Download Link: Sandboxie - Download - Filepony anleitung: http://www.trojaner-board.de/71542-a...sandboxie.html ausführliche anleitung als pdf, auch abarbeiten: Sandbox Einstellungen | bitte folgende zusatz konfiguration machen: sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen. dort klicke auf sandbox einstellungen. beschrenkungen, bei programm start und internet zugriff schreibe: chrome.exe dann gehe auf anwendungen, webbrowser, chrome. dort aktiviere alles außer gesammten profil ordner freigeben. Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen. Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate. Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten. Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten. Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar. Weiter mit: Maßnahmen für ALLE Windows-Versionen alles komplett durcharbeiten anmerkung zu file hippo. in den settings zusätzlich auswählen: hide beta updates. Run updateChecker when Windows starts Backup Programm: in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an: http://www.trojaner-board.de/82962-w...en-backup.html Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar. Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist. Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern bitte auch lesen, wie mache ich programme für alle sichtbar: Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox. wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst. wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser passwort sicherheit: jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort bei der passwort verwaltung und erstellung hilft roboform Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager anleitung: RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
![]() | #13 |
| ![]() GVU-Trojaner Gut ich habe so alles aus deinem Post bis zur Sandbox abgearbeitet. Diese ist Installiert aber noch nicht konfiguriert. Als AV benutze ich avast und als Browser würde ich gerne Firefox behalten da ich daran gewöhnt bin. LG |
![]() | #14 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() GVU-Trojaner Hi schon Chrome angesehen? er bietet einige Sicherheitsfeatures mehr, und sollte schneller arbeiten ansehen kann nichts schaden, meckern kann man später ja immernoch :-) adblock für chrome: http://filepony.de/download-ghostery_chrome/ sicher surfen mit chrome: Sicher surfen mit Google Chrome | Verbraucher sicher online
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
![]() | #15 |
| ![]() GVU-Trojaner Bitte den Threat noch nicht schließen...hatte in den letzten Tagen wenig Zeit mich um meinen Rechner zu kümmern!!! Danke und LG |
![]() |
Themen zu GVU-Trojaner |
abgesicherten, administrator, adobe reader xi, anti-malware, appdata, application/pdf:, autostart, code, crystaldiskinfo, datei, dateien, dsgsdgdsgdsgw.pad, euro, explorer, gesperrt, install.exe, leute, log, malwarebytes, neu, office 2007, plug-in, plötzlich, problem, rechner, schannel.dll, service, speicher, super, temp, trojaner, version, visual studio, webcam, windows |