| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Exploit.Drop.GSAWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.01.2013, 20:20
| #1 |
 |  Exploit.Drop.GSA Hallo und guten Abend, ich bin neu hier und hoffe mit meinem ersten Posting jetzt nicht gleich Fehler zu machen. Kurze Problemerläuterung: Ich habe vor mehreren Tagen das Pech gehabt mir den sogenannten BKA Virus einzufangen. PC wurde gesperrt mit der Aufforderung 100 Euro zu zahlen. Daraufhin bootete ich mit der GData DVD und führte einen Virenscan durch. Der Virus wurde gefunden und auch entfernt. Dachte ich zumindestens. Nach dem Neustart stellte ich fest das der Virus noch im Autostart hängt und konnte ihn dort ebenfalls entfernen. Nochmaliges Scannen verlief ohne weiteren Befund. Jetzt habe ich aber erneut 2 Virenfunde in den letzten beiden Tagen. Erst heute über Malwarebyte den im Titel genannten. Der Fund wurde in Quarantäne verschoben. Ich habe die genannten Scans durchgeführt und als Anlage beigefügt. Den GMER-Scan musste ich leider abbrechen, da er viel zu lange ging. Ich habe den Abbruch gesichert und einen Quickscan zusätzlich. Ich hoffe, das dies hilft. Weiterhin habe ich die Logs der letzten Virenscans beigefügt, welche Viren gefunden haben, sowie den Screen der Quarantäne und Virenfunde. Ich weiss noch immer nicht, ob der Virus per heute nun entfernt ist. Ich denke, dass er noch immer im Hintergrund hängt. Ich bitte euch um Hilfe! Leider habe ich mit Viren und Trojanern nicht so die Erfahrung und stehe hier als Virenazubi. Ich bedanke mich schon im voraus für Eure Hilfe und Unterstützung. Morgen abend schau ich dann mal rein...und hoffe auf gute Nachrichten  Liebe Grüße |
|
07.01.2013, 22:14
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Exploit.Drop.GSA Hallo und
__________________ Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen? Logfiles im Anhang erschweren die Auswertung massivst Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke.
__________________ |
|
08.01.2013, 05:33
| #3 |
| | Exploit.Drop.GSA Guten Morgen, entschuldige bitte, aber das war mein Fehler.
__________________Ich bin es wahrscheinlich gewohnt alles in den Anhang zu geben, um Platz im eigentlich Posting zu sparen bzw. die Übersichtlichkeit zu bewahren. Ich hol das jetzt gleich nach und poste es richtig: OTL (die OTL.txt vom Wochenende hab ich leider gelöscht. Hab sie nochmal erstellt. Leider kam hier keine Extra.txt mit raus. Daher konnte ich keine beifügen): Code:
ATTFilter OTL logfile created on: 08.01.2013 05:04:59 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chaos\Downloads\Viren 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,11 Gb Available Physical Memory | 76,53% Memory free 15,95 Gb Paging File | 13,55 Gb Available in Paging File | 84,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1346,17 Gb Total Space | 1289,24 Gb Free Space | 95,77% Space Free | Partition Type: NTFS Drive D: | 50,00 Gb Total Space | 21,25 Gb Free Space | 42,50% Space Free | Partition Type: NTFS Computer Name: CHAOS-PC | User Name: Chaos | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.06 18:29:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chaos\Downloads\Viren\OTL.exe PRC - [2012.12.05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012.09.17 04:24:09 | 000,995,352 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe PRC - [2012.09.11 04:04:03 | 001,617,432 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe PRC - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.24 11:19:14 | 000,306,216 | ---- | M] (G Data Software) -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe PRC - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe PRC - [2012.01.27 04:13:02 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe PRC - [2012.01.27 03:43:34 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe PRC - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.07.14 03:24:08 | 000,049,664 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe PRC - [2010.08.04 00:39:38 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe ========== Modules (No Company Name) ========== MOD - [2012.12.05 02:15:15 | 012,456,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll MOD - [2012.12.05 02:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll MOD - [2012.12.05 02:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll MOD - [2012.12.05 02:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll MOD - [2012.12.05 02:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll MOD - [2012.12.05 02:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll MOD - [2012.12.05 02:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll MOD - [2012.12.05 02:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll MOD - [2010.08.04 00:39:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2010.08.04 00:39:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.07.14 03:23:32 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.04.26 16:47:28 | 000,095,896 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4\RpcAgentSrv.exe -- (SandraAgentSrv) SRV:64bit: - [2008.02.19 08:12:32 | 000,565,928 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxbkcoms.exe -- (lxbk_device) SRV - [2012.12.12 05:27:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.11 04:04:03 | 001,617,432 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe -- (GDBackupSvc) SRV - [2012.08.30 04:06:18 | 002,011,568 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe -- (AVKWCtl) SRV - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.06.04 10:50:20 | 001,766,464 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe -- (GDFwSvc) SRV - [2012.05.24 11:19:14 | 000,306,216 | ---- | M] (G Data Software) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe -- (TSNxGService) SRV - [2012.05.14 04:26:47 | 001,218,552 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe -- (GDTunerSvc) SRV - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2012.01.27 03:43:34 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe -- (AVKService) SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2011.10.07 10:23:08 | 000,070,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi) SRV - [2011.09.28 01:47:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService) SRV - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.03.18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.02.19 08:12:18 | 000,537,256 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxbkcoms.exe -- (lxbk_device) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.09 12:36:46 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2012.12.09 12:36:46 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2012.10.30 11:50:14 | 000,060,320 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt) DRV:64bit: - [2012.10.30 11:48:57 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2012.10.30 11:48:57 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2012.10.30 11:48:57 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:64bit: - [2012.08.05 11:46:17 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD) DRV:64bit: - [2012.07.12 10:49:04 | 000,098,760 | ---- | M] (G Data Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TS4nt.sys -- (TS4NT) DRV:64bit: - [2012.07.12 10:48:53 | 000,064,376 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.08.17 08:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2011.08.17 08:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2011.08.17 08:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.08.17 08:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2011.08.02 01:47:30 | 000,391,144 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.08.02 01:47:30 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.06.24 15:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.01) DRV:64bit: - [2011.06.10 13:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.04.15 19:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2011.04.15 19:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.25 14:59:00 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.09.23 21:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2010.02.18 18:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.08.07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4\WNt500x64\Sandra.sys -- (SANDRA) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.09.10 08:50:16 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {9C31B4E0-C196-4E7D-B735-D3A4DC9080BA} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{9C31B4E0-C196-4E7D-B735-D3A4DC9080BA}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_deDE483 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.) ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Chaos\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 7 U1 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Chaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TSNxG4Tray] "C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGTray.exe" /system File not found O4 - HKCU..\Run: [GoogleChromeAutoLaunch_9C355F266C25602F9C5EB5F430276502] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Chaos\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Chaos\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.33 83.169.186.97 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CB084D1-3687-469C-A0FE-6D48E932050D}: DhcpNameServer = 83.169.186.33 83.169.186.97 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{13ef84bd-41e0-11e2-8d63-8c89a5a001e9}\Shell - "" = AutoRun O33 - MountPoints2\{13ef84bd-41e0-11e2-8d63-8c89a5a001e9}\Shell\AutoRun\command - "" = G:\Startme.exe O33 - MountPoints2\{a8772375-4ba4-11e2-a718-8c89a5a001e9}\Shell - "" = AutoRun O33 - MountPoints2\{a8772375-4ba4-11e2-a718-8c89a5a001e9}\Shell\AutoRun\command - "" = G:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.06 18:22:14 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Local\{33C93089-642B-43E0-8842-BC3D78053B32} [2013.01.06 18:21:50 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Roaming\Windows Live Writer [2013.01.06 18:21:50 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Local\Windows Live Writer [2013.01.06 16:17:10 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.01.06 16:17:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.01.06 14:59:59 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Roaming\Malwarebytes [2013.01.06 14:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.06 14:59:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.06 14:59:41 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.06 14:59:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.06 14:59:05 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Local\Programs [2012.12.29 05:38:27 | 000,016,504 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys [2012.12.28 21:04:53 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.12.15 07:33:39 | 000,000,000 | ---D | C] -- C:\Users\Chaos\Podcasts [2012.12.15 07:33:39 | 000,000,000 | ---D | C] -- C:\Users\Chaos\Documents\Media Go [2012.12.15 07:31:24 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Local\Sony [2012.12.15 07:31:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared [2012.12.15 07:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation [2012.12.15 07:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Media Go Install [2012.12.15 07:29:06 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Roaming\Sony [2012.12.09 12:36:46 | 000,027,760 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys [2012.12.09 12:36:46 | 000,014,448 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys [2012.12.09 12:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson [2012.12.09 12:35:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Ericsson [2012.12.09 12:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony [2012.12.09 12:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony [2012.12.09 12:34:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2012.12.09 11:59:36 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Local\{BADA8E17-556E-46A8-930C-8424DD7B818E} [2012.12.09 11:59:19 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Local\{13DE547A-B68E-4071-AEF4-47805C10AF03} [2012.12.09 11:58:41 | 000,000,000 | ---D | C] -- C:\Users\Chaos\AppData\Local\{5FFA9DF3-1D61-41DB-9286-B460C251DF1F} ========== Files - Modified Within 30 Days ========== [2013.01.08 04:44:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.08 04:37:23 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.08 04:37:23 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.08 04:35:21 | 000,939,455 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2013.01.08 04:35:21 | 000,050,827 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2013.01.08 04:30:18 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.08 04:30:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.08 04:30:08 | 2129,477,631 | -HS- | M] () -- C:\hiberfil.sys [2013.01.07 19:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.06 18:28:11 | 000,000,000 | ---- | M] () -- C:\Users\Chaos\defogger_reenable [2013.01.06 16:17:10 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk [2013.01.06 14:59:48 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.31 07:44:52 | 000,002,275 | ---- | M] () -- C:\Users\Chaos\Desktop\Free MP4 Video Converter.lnk [2012.12.29 05:38:27 | 000,016,504 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys [2012.12.28 06:37:55 | 000,002,889 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012.12.21 18:58:12 | 000,309,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.15 07:31:32 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Media Go.lnk [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.13 15:45:51 | 000,002,712 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.12.10 17:51:53 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2012.12.09 12:43:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf [2012.12.09 12:43:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf [2012.12.09 12:36:46 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys [2012.12.09 12:36:46 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys [2012.12.09 12:32:30 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.09 12:32:30 | 000,654,006 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.09 12:32:30 | 000,615,888 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.09 12:32:30 | 000,129,878 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.09 12:32:30 | 000,106,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat ========== Files Created - No Company Name ========== [2013.01.06 18:28:11 | 000,000,000 | ---- | C] () -- C:\Users\Chaos\defogger_reenable [2013.01.06 16:17:10 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk [2013.01.06 14:59:48 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.31 07:44:52 | 000,002,275 | ---- | C] () -- C:\Users\Chaos\Desktop\Free MP4 Video Converter.lnk [2012.12.28 06:37:55 | 000,002,889 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012.12.15 07:31:32 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Media Go.lnk [2012.12.09 12:43:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf [2012.12.09 12:43:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf [2012.12.09 12:34:06 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2012.05.13 06:19:54 | 011,563,008 | ---- | C] () -- C:\Users\Chaos\AppData\Roaming\Sandra.mdb [2012.05.13 05:04:23 | 000,939,455 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2012.05.12 14:51:28 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkserv.dll [2012.05.12 14:51:28 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkusb1.dll [2012.05.12 14:51:28 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpmui.dll [2012.05.12 14:51:28 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbkutil.dll [2012.05.12 14:51:28 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkinpa.dll [2012.05.12 14:51:28 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkiesc.dll [2012.05.12 14:51:28 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBKinst.dll [2012.05.12 14:51:28 | 000,180,904 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkppls.exe [2012.05.12 14:51:28 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkprox.dll [2012.05.12 14:51:27 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkhbn3.dll [2012.05.12 14:51:27 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomc.dll [2012.05.12 14:51:27 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbklmpm.dll [2012.05.12 14:51:27 | 000,537,256 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcoms.exe [2012.05.12 14:51:27 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomm.dll [2012.05.12 14:51:27 | 000,385,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkih.exe [2012.05.12 14:51:27 | 000,381,608 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcfg.exe [2012.05.12 14:51:27 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpplc.dll [2012.05.12 14:39:30 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe [2012.05.12 14:14:06 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.07.14 03:55:06 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.08.25 16:32:09 | 000,000,000 | ---D | M] -- C:\Users\Chaos\AppData\Roaming\Amazon [2012.12.31 07:44:52 | 000,000,000 | ---D | M] -- C:\Users\Chaos\AppData\Roaming\DVDVideoSoft [2012.11.18 15:47:09 | 000,000,000 | ---D | M] -- C:\Users\Chaos\AppData\Roaming\DVDVideoSoftIEHelpers [2012.12.15 07:33:37 | 000,000,000 | ---D | M] -- C:\Users\Chaos\AppData\Roaming\Sony [2013.01.06 18:21:50 | 000,000,000 | ---D | M] -- C:\Users\Chaos\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:28 on 06/01/2013 (Chaos)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter GMER 2.0.18437 - hxxp://www.gmer.net
Rootkit scan 2013-01-06 20:07:52
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000069 ST1500DL rev.CC4A 1397,27GB
Running: q51xvcbb.exe; Driver: C:\Users\Chaos\AppData\Local\Temp\fwdoqpog.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b71401 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b71419 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b71431 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b7144a 2 bytes [B7, 77]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b714dd 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b714f5 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b7150d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b71525 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b7153d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b71555 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b7156d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b71585 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b7159d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b715b5 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b715cd 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b716b2 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3804] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b716bd 2 bytes [B7, 77]
? C:\Windows\system32\mssprxy.dll [3804] entry point in ".rdata" section 0000000074ec71e6
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b71401 2 bytes [B7, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b71419 2 bytes [B7, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b71431 2 bytes [B7, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b7144a 2 bytes [B7, 77]
.text ... * 9
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b714dd 2 bytes [B7, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b714f5 2 bytes [B7, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b7150d 2 bytes [B7, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b71525 2 bytes [B7, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b7153d 2 bytes [B7, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b71555 2 bytes [B7, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b7156d 2 bytes [B7, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b71585 2 bytes [B7, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b7159d 2 bytes [B7, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b715b5 2 bytes [B7, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b715cd 2 bytes [B7, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b716b2 2 bytes [B7, 77]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b716bd 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077bbf991 7 bytes {MOV EDX, 0x5bb228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077bbfbd5 7 bytes {MOV EDX, 0x5bb268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077bbfc05 7 bytes {MOV EDX, 0x5bb1a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077bbfc1d 7 bytes {MOV EDX, 0x5bb128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077bbfc35 7 bytes {MOV EDX, 0x5bb328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077bbfc65 7 bytes {MOV EDX, 0x5bb368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077bbfce5 7 bytes {MOV EDX, 0x5bb2e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077bbfcfd 7 bytes {MOV EDX, 0x5bb2a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077bbfd49 7 bytes {MOV EDX, 0x5bb068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077bbfe41 7 bytes {MOV EDX, 0x5bb0a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077bc0099 7 bytes {MOV EDX, 0x5bb028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077bc10a5 7 bytes {MOV EDX, 0x5bb1e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077bc111d 7 bytes {MOV EDX, 0x5bb168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077bc1321 7 bytes {MOV EDX, 0x5bb0e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b71401 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b71419 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b71431 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b7144a 2 bytes [B7, 77]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b714dd 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b714f5 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b7150d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b71525 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b7153d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b71555 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b7156d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b71585 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b7159d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b715b5 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b715cd 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b716b2 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4460] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b716bd 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077bbf991 7 bytes {MOV EDX, 0x661628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077bbfbd5 7 bytes {MOV EDX, 0x661668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077bbfc05 7 bytes {MOV EDX, 0x6615a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077bbfc1d 7 bytes {MOV EDX, 0x661528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077bbfc35 7 bytes {MOV EDX, 0x661728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077bbfc65 7 bytes {MOV EDX, 0x661768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077bbfce5 7 bytes {MOV EDX, 0x6616e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077bbfcfd 7 bytes {MOV EDX, 0x6616a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077bbfd49 7 bytes {MOV EDX, 0x661468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077bbfe41 7 bytes {MOV EDX, 0x6614a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077bc0099 7 bytes {MOV EDX, 0x661428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077bc10a5 7 bytes {MOV EDX, 0x6615e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077bc111d 7 bytes {MOV EDX, 0x661568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077bc1321 7 bytes {MOV EDX, 0x6614e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b71401 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b71419 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b71431 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b7144a 2 bytes [B7, 77]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b714dd 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b714f5 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b7150d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b71525 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b7153d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b71555 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b7156d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b71585 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b7159d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b715b5 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b715cd 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b716b2 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4512] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b716bd 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b71401 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b71419 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b71431 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b7144a 2 bytes [B7, 77]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b714dd 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b714f5 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b7150d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b71525 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b7153d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b71555 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b7156d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b71585 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b7159d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b715b5 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b715cd 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b716b2 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b716bd 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b71401 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b71419 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b71431 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b7144a 2 bytes [B7, 77]
.text ... * 9
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b714dd 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b714f5 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b7150d 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b71525 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b7153d 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b71555 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b7156d 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b71585 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b7159d 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b715b5 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b715cd 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b716b2 2 bytes [B7, 77]
.text C:\Windows\SysWOW64\DllHost.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b716bd 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b71401 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b71419 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b71431 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b7144a 2 bytes [B7, 77]
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b714dd 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b714f5 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b7150d 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b71525 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b7153d 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b71555 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b7156d 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b71585 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b7159d 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b715b5 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b715cd 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b716b2 2 bytes [B7, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[4728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b716bd 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077bbf991 7 bytes {MOV EDX, 0x436228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077bbfbd5 7 bytes {MOV EDX, 0x436268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077bbfc05 7 bytes {MOV EDX, 0x4361a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077bbfc1d 7 bytes {MOV EDX, 0x436128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077bbfc35 7 bytes {MOV EDX, 0x436328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077bbfc65 7 bytes {MOV EDX, 0x436368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077bbfce5 7 bytes {MOV EDX, 0x4362e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077bbfcfd 7 bytes {MOV EDX, 0x4362a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077bbfd49 7 bytes {MOV EDX, 0x436068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077bbfe41 7 bytes {MOV EDX, 0x4360a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077bc0099 7 bytes {MOV EDX, 0x436028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077bc10a5 7 bytes {MOV EDX, 0x4361e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077bc111d 7 bytes {MOV EDX, 0x436168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077bc1321 7 bytes {MOV EDX, 0x4360e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b71401 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b71419 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b71431 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b7144a 2 bytes [B7, 77]
.text ... * 9
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b714dd 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b714f5 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b7150d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b71525 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b7153d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b71555 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b7156d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b71585 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b7159d 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b715b5 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b715cd 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b716b2 2 bytes [B7, 77]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b716bd 2 bytes [B7, 77]
---- User IAT/EAT - GMER 2.0 ----
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef3742750] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef3742b98] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef3747de0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef3748130] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef3741908] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef3741c00] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef37481d8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef3742878] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef3747a5c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmIncrement] [7fef3746c48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef37477bc] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef3747064] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef3746544] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2524] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef3745e30] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
---- Threads - GMER 2.0 ----
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:2124] 000000001004aa30
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:4696] 000000001004a8f0
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5128] 000000001005cfb2
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5136] 0000000073b6345e
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5140] 0000000073b6345e
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5144] 0000000073b6345e
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5148] 0000000073b6345e
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5152] 0000000073b6345e
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5156] 0000000073b6345e
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5160] 0000000073b6345e
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5184] 0000000073b6345e
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5360] 000000001005cfb2
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5196] 0000000010059710
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5280] 0000000010059710
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5576] 0000000010059710
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5584] 0000000010059710
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:2964] 0000000010059710
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:196] 000000001005cfb2
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:3144] 0000000010059710
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:5408] 0000000010059710
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:6668] 0000000010059710
Thread C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964:456] 0000000010059710
Thread C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1908:3688] 0000000072b61a8f
Thread C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2036:2216] 0000000077bf2e25
Thread C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2036:2224] 0000000072fff704
Thread C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2036:2228] 0000000072eea356
Thread C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2036:2232] 0000000072eea356
Thread C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2036:2236] 0000000072eea356
Thread C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2036:2244] 0000000076e47587
Thread C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2036:8432] 0000000077bf3e45
Thread C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [3788:3876] 000000007271b0dd
Thread C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [3788:136] 0000000072715822
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4632:5108] 000007fefc692a7c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4632:3048] 000000006b7d6c88
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [964] 0000000076860000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1908] 0000000004520000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe [1956] 0000000076860000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [3788] 0000000072810000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3912] 0000000074ea0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe [4004] 00000000752e0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4632] 0000000074a20000
Library ? (*** suspicious ***) @ C:\Windows\system32\taskhost.exe [1576] 000007fefe4e0000
---- Disk sectors - GMER 2.0 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.0 ----
Log GData VirenScan 06.01.13 Code:
ATTFilter Virenprüfung mit G Data TotalProtection 2013
Version 23.0.5.9 (17.09.2012)
Virensignaturen vom 06.01.2013
Startzeit: 06.01.2013 14:22:45
Engine(s): Engine A (AVA 22.7327), Engine B (AVL 22.1443)
Heuristik: Ein
Archive: Ein
Systembereiche: Ein
RootKits prüfen: Ein
Prüfung der Systembereiche...
Prüfung aller im Speicher befindlichen Prozesse und Verweise im Autostart...
Analyse vorzeitig abgebrochen: 06.01.2013 14:35:37
855 Dateien überprüft
1 infizierte Dateien gefunden
0 verdächtige Dateien gefunden
Archiv: 7a59efdb-510ba4e8
Pfad: C:\Users\Chaos\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27
Status: Datei in Quarantäne. Es ist ein Neustart erforderlich.
Virus: Exploit.Java.CVE.Z (2x) (Engine A)
Objekt: ewjvaiwebvhtuai124a.class
In Archiv: C:\Users\Chaos\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\7a59efdb-510ba4e8
Status: Virus gefunden
Virus: Exploit.Java.CVE.Z (Engine A)
Objekt: test.class
In Archiv: C:\Users\Chaos\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\7a59efdb-510ba4e8
Status: Virus gefunden
Virus: Exploit.Java.CVE.Z (Engine A)
Der Zugriff auf die folgenden Dateien wurde verweigert:
C:\Windows\system32\Drivers\SSPORT.sys
Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.06.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Chaos :: CHAOS-PC [limitiert] 06.01.2013 15:01:40 mbam-log-2013-01-06 (15-01-40).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 727839 Laufzeit: 2 Stunde(n), 8 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende)  Die Log vom Virenscan 291212 und den Code vom GMR Scan (mit Abbruch) konnte ich hier nicht einfügen. Hier bekam ich die Meldung, dass die Datei zu groß ist. Im Startthread hängen sie im Angang. Vielen Dank für die Antwort und bis heute Abend. Liebe Grüße |
|
08.01.2013, 19:58
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Exploit.Drop.GSA Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
09.01.2013, 04:36
| #5 |
| | Exploit.Drop.GSA Guten Morgen, Ich danke dir für deine Antwort.! Weitere Logs hab ich nicht. Die Logs vom OTL hatte ich versehentlich gelöscht. Ich war eigentlich der Ansicht sie gesichert zu haben... das war ein Irrtum. Aber sonst liegt mir nichts weiter vor, als schon gepostet. Bye |
|
09.01.2013, 10:57
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Exploit.Drop.GSA Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> Exploit.Drop.GSA |
|
09.01.2013, 19:03
| #7 |
| | Exploit.Drop.GSA Hallo und einen schönen guten Abend, ich habe die Anweisungen ausgeführt. Ich bekam die Meldung, dass keine Malware gefunden wurde, daher erfolgte auch kein Neustart. (Der letzte Fund war von Malwarebytes am 06.01.13 und wurde in Quarantäne verschoben. Protokoll hier im Thread) Hier ist der Log von heute: Code:
ATTFilter Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2013.01.09.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chaos :: CHAOS-PC [administrator]
09.01.2013 18:47:34
mbar-log-2013-01-09 (18-47-34).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29282
Time elapsed: 6 minute(s), 38 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 Werd schon ganz wirr ! Ich habe mir die Log vom OTL nochmals angesehen und habe in den ganzen Zeilen folgendes entdeckt: [2012.12.28 06:37:55 | 000,002,889 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js Wenn ich jetzt richtig liege, ist das die Bezeichnung der Datei/Virus. Heisst das, ich sollte von weiteren Internetaktivitäten erstmal die Finger lassen, da der Virus vielleicht noch mehr Schaden anrichtet? Ich möchte mich auch gleich nochmal für deine Mühe bedanken! Es ist wirklich sehr beeindruckend, was du/ihr aus den Logs so rauslesen könnt. Für viele (auch für mich) ist das meistens nur ein Zahlenchaos. Machs gut. Bis morgen Geändert von Amy0407 (09.01.2013 um 19:15 Uhr) |
|
09.01.2013, 23:49
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Exploit.Drop.GSA 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.01.2013, 05:13
| #9 |
| | Exploit.Drop.GSA Guten Morgen, anbei die Logs der ausgeführten Programme. TDSS hat 2 gefunden TDSS.txt Code:
ATTFilter 05:05:21.0304 2688 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
05:05:22.0773 2688 ============================================================
05:05:22.0774 2688 Current date / time: 2013/01/10 05:05:22.0773
05:05:22.0774 2688 SystemInfo:
05:05:22.0774 2688
05:05:22.0774 2688 OS Version: 6.1.7601 ServicePack: 1.0
05:05:22.0774 2688 Product type: Workstation
05:05:22.0774 2688 ComputerName: CHAOS-PC
05:05:22.0775 2688 UserName: Chaos
05:05:22.0775 2688 Windows directory: C:\Windows
05:05:22.0775 2688 System windows directory: C:\Windows
05:05:22.0775 2688 Running under WOW64
05:05:22.0775 2688 Processor architecture: Intel x64
05:05:22.0775 2688 Number of processors: 8
05:05:22.0775 2688 Page size: 0x1000
05:05:22.0775 2688 Boot type: Normal boot
05:05:22.0775 2688 ============================================================
05:05:23.0207 2688 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2F509, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
05:05:23.0230 2688 ============================================================
05:05:23.0230 2688 \Device\Harddisk0\DR0:
05:05:23.0230 2688 MBR partitions:
05:05:23.0230 2688 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
05:05:23.0230 2688 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xA8454800
05:05:23.0230 2688 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xA8487000, BlocksNum 0x6400000
05:05:23.0230 2688 ============================================================
05:05:23.0250 2688 C: <-> \Device\Harddisk0\DR0\Partition2
05:05:23.0305 2688 D: <-> \Device\Harddisk0\DR0\Partition3
05:05:23.0305 2688 ============================================================
05:05:23.0306 2688 Initialize success
05:05:23.0306 2688 ============================================================
05:05:41.0981 2852 ============================================================
05:05:41.0981 2852 Scan started
05:05:41.0981 2852 Mode: Manual; SigCheck; TDLFS;
05:05:41.0981 2852 ============================================================
05:05:42.0610 2852 ================ Scan system memory ========================
05:05:42.0610 2852 System memory - ok
05:05:42.0610 2852 ================ Scan services =============================
05:05:42.0736 2852 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
05:05:42.0849 2852 1394ohci - ok
05:05:42.0880 2852 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
05:05:42.0900 2852 ACPI - ok
05:05:42.0922 2852 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
05:05:42.0957 2852 AcpiPmi - ok
05:05:43.0023 2852 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
05:05:43.0047 2852 AdobeARMservice - ok
05:05:43.0146 2852 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
05:05:43.0183 2852 AdobeFlashPlayerUpdateSvc - ok
05:05:43.0234 2852 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
05:05:43.0268 2852 adp94xx - ok
05:05:43.0316 2852 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
05:05:43.0349 2852 adpahci - ok
05:05:43.0372 2852 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
05:05:43.0387 2852 adpu320 - ok
05:05:43.0407 2852 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
05:05:43.0482 2852 AeLookupSvc - ok
05:05:43.0521 2852 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
05:05:43.0588 2852 AFD - ok
05:05:43.0610 2852 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
05:05:43.0634 2852 agp440 - ok
05:05:43.0654 2852 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
05:05:43.0678 2852 ALG - ok
05:05:43.0695 2852 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
05:05:43.0708 2852 aliide - ok
05:05:43.0774 2852 AMD FUEL Service - ok
05:05:43.0798 2852 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
05:05:43.0825 2852 amdide - ok
05:05:43.0880 2852 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\drivers\amdiox64.sys
05:05:43.0917 2852 amdiox64 - ok
05:05:43.0934 2852 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
05:05:43.0958 2852 AmdK8 - ok
05:05:43.0984 2852 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
05:05:44.0006 2852 AmdPPM - ok
05:05:44.0024 2852 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
05:05:44.0039 2852 amdsata - ok
05:05:44.0067 2852 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
05:05:44.0083 2852 amdsbs - ok
05:05:44.0102 2852 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
05:05:44.0114 2852 amdxata - ok
05:05:44.0130 2852 [ F9D46B6B322708BD5AFCC8767EBDC901 ] amd_sata C:\Windows\system32\drivers\amd_sata.sys
05:05:44.0142 2852 amd_sata - ok
05:05:44.0161 2852 [ 329CC9C7E20DEEBCD4CD10816193EF14 ] amd_xata C:\Windows\system32\drivers\amd_xata.sys
05:05:44.0173 2852 amd_xata - ok
05:05:44.0186 2852 [ F312FAD7DBD49ED21A194AC71B497832 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
05:05:44.0196 2852 AODDriver4.01 - ok
05:05:44.0230 2852 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
05:05:44.0307 2852 AppID - ok
05:05:44.0353 2852 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
05:05:44.0405 2852 AppIDSvc - ok
05:05:44.0414 2852 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
05:05:44.0451 2852 Appinfo - ok
05:05:44.0471 2852 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
05:05:44.0485 2852 arc - ok
05:05:44.0494 2852 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
05:05:44.0509 2852 arcsas - ok
05:05:44.0523 2852 [ D6D2BB2F4F5868549DDE75F3146BC84E ] asmthub3 C:\Windows\system32\drivers\asmthub3.sys
05:05:44.0565 2852 asmthub3 - ok
05:05:44.0584 2852 [ 1E758172367DC2A3653F16586D62A3F0 ] asmtxhci C:\Windows\system32\drivers\asmtxhci.sys
05:05:44.0610 2852 asmtxhci - ok
05:05:44.0628 2852 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
05:05:44.0674 2852 AsyncMac - ok
05:05:44.0697 2852 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
05:05:44.0709 2852 atapi - ok
05:05:44.0724 2852 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
05:05:44.0780 2852 AudioEndpointBuilder - ok
05:05:44.0787 2852 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
05:05:44.0826 2852 AudioSrv - ok
05:05:44.0958 2852 [ C48176DA44D0298A7075D3C5CF8C3D8D ] AVKProxy C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
05:05:45.0003 2852 AVKProxy - ok
05:05:45.0041 2852 [ 29DA2D5958B352022A1BB5CE6FDB427C ] AVKService C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe
05:05:45.0062 2852 AVKService - ok
05:05:45.0129 2852 [ 22F1444896844B0462359825EF628507 ] AVKWCtl C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe
05:05:45.0179 2852 AVKWCtl - ok
05:05:45.0243 2852 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
05:05:45.0300 2852 AxInstSV - ok
05:05:45.0321 2852 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
05:05:45.0350 2852 b06bdrv - ok
05:05:45.0386 2852 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
05:05:45.0440 2852 b57nd60a - ok
05:05:45.0465 2852 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
05:05:45.0489 2852 BDESVC - ok
05:05:45.0507 2852 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
05:05:45.0578 2852 Beep - ok
05:05:45.0610 2852 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
05:05:45.0658 2852 BFE - ok
05:05:45.0681 2852 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
05:05:45.0730 2852 BITS - ok
05:05:45.0750 2852 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
05:05:45.0781 2852 blbdrive - ok
05:05:45.0805 2852 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
05:05:45.0855 2852 bowser - ok
05:05:45.0872 2852 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
05:05:45.0899 2852 BrFiltLo - ok
05:05:45.0924 2852 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
05:05:45.0943 2852 BrFiltUp - ok
05:05:45.0965 2852 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
05:05:45.0983 2852 Browser - ok
05:05:46.0005 2852 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
05:05:46.0027 2852 Brserid - ok
05:05:46.0042 2852 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
05:05:46.0067 2852 BrSerWdm - ok
05:05:46.0089 2852 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
05:05:46.0132 2852 BrUsbMdm - ok
05:05:46.0148 2852 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
05:05:46.0164 2852 BrUsbSer - ok
05:05:46.0186 2852 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
05:05:46.0211 2852 BTHMODEM - ok
05:05:46.0240 2852 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
05:05:46.0283 2852 bthserv - ok
05:05:46.0314 2852 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
05:05:46.0384 2852 cdfs - ok
05:05:46.0406 2852 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
05:05:46.0430 2852 cdrom - ok
05:05:46.0439 2852 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
05:05:46.0475 2852 CertPropSvc - ok
05:05:46.0487 2852 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
05:05:46.0512 2852 circlass - ok
05:05:46.0527 2852 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
05:05:46.0547 2852 CLFS - ok
05:05:46.0602 2852 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
05:05:46.0626 2852 clr_optimization_v2.0.50727_32 - ok
05:05:46.0667 2852 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
05:05:46.0690 2852 clr_optimization_v2.0.50727_64 - ok
05:05:46.0720 2852 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
05:05:46.0736 2852 clr_optimization_v4.0.30319_32 - ok
05:05:46.0759 2852 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
05:05:46.0774 2852 clr_optimization_v4.0.30319_64 - ok
05:05:46.0792 2852 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
05:05:46.0815 2852 CmBatt - ok
05:05:46.0837 2852 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
05:05:46.0852 2852 cmdide - ok
05:05:46.0876 2852 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
05:05:46.0910 2852 CNG - ok
05:05:46.0925 2852 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
05:05:46.0938 2852 Compbatt - ok
05:05:46.0949 2852 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
05:05:46.0977 2852 CompositeBus - ok
05:05:46.0981 2852 COMSysApp - ok
05:05:46.0996 2852 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
05:05:47.0009 2852 crcdisk - ok
05:05:47.0036 2852 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
05:05:47.0067 2852 CryptSvc - ok
05:05:47.0092 2852 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
05:05:47.0141 2852 DcomLaunch - ok
05:05:47.0167 2852 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
05:05:47.0208 2852 defragsvc - ok
05:05:47.0226 2852 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
05:05:47.0267 2852 DfsC - ok
05:05:47.0283 2852 DgiVecp - ok
05:05:47.0300 2852 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
05:05:47.0322 2852 Dhcp - ok
05:05:47.0330 2852 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
05:05:47.0377 2852 discache - ok
05:05:47.0399 2852 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
05:05:47.0412 2852 Disk - ok
05:05:47.0433 2852 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
05:05:47.0454 2852 Dnscache - ok
05:05:47.0475 2852 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
05:05:47.0525 2852 dot3svc - ok
05:05:47.0534 2852 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
05:05:47.0577 2852 DPS - ok
05:05:47.0598 2852 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
05:05:47.0623 2852 drmkaud - ok
05:05:47.0645 2852 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
05:05:47.0676 2852 DXGKrnl - ok
05:05:47.0707 2852 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
05:05:47.0743 2852 EapHost - ok
05:05:47.0819 2852 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
05:05:47.0918 2852 ebdrv - ok
05:05:47.0932 2852 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
05:05:47.0946 2852 EFS - ok
05:05:47.0986 2852 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
05:05:48.0025 2852 ehRecvr - ok
05:05:48.0034 2852 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
05:05:48.0050 2852 ehSched - ok
05:05:48.0064 2852 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
05:05:48.0086 2852 elxstor - ok
05:05:48.0108 2852 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
05:05:48.0134 2852 ErrDev - ok
05:05:48.0156 2852 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
05:05:48.0205 2852 EventSystem - ok
05:05:48.0222 2852 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
05:05:48.0264 2852 exfat - ok
05:05:48.0285 2852 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
05:05:48.0324 2852 fastfat - ok
05:05:48.0364 2852 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
05:05:48.0409 2852 Fax - ok
05:05:48.0429 2852 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
05:05:48.0477 2852 fdc - ok
05:05:48.0492 2852 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
05:05:48.0536 2852 fdPHost - ok
05:05:48.0549 2852 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
05:05:48.0594 2852 FDResPub - ok
05:05:48.0605 2852 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
05:05:48.0618 2852 FileInfo - ok
05:05:48.0632 2852 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
05:05:48.0699 2852 Filetrace - ok
05:05:48.0725 2852 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
05:05:48.0762 2852 flpydisk - ok
05:05:48.0787 2852 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
05:05:48.0819 2852 FltMgr - ok
05:05:48.0857 2852 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
05:05:48.0895 2852 FontCache - ok
05:05:48.0919 2852 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
05:05:48.0930 2852 FontCache3.0.0.0 - ok
05:05:48.0938 2852 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
05:05:48.0951 2852 FsDepends - ok
05:05:48.0970 2852 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
05:05:48.0983 2852 Fs_Rec - ok
05:05:49.0000 2852 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
05:05:49.0018 2852 fvevol - ok
05:05:49.0037 2852 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
05:05:49.0050 2852 gagp30kx - ok
05:05:49.0120 2852 [ C85543022E99762B5DF58109152E48D5 ] GDBackupSvc C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe
05:05:49.0183 2852 GDBackupSvc - ok
05:05:49.0224 2852 [ D201C1F6B0F5E4F202CBCB75D6352E63 ] GDBehave C:\Windows\system32\drivers\GDBehave.sys
05:05:49.0252 2852 GDBehave - ok
05:05:49.0309 2852 [ 2922B4D0AA4095797E66D87F08CA4D72 ] GDFwSvc C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe
05:05:49.0361 2852 GDFwSvc - ok
05:05:49.0380 2852 [ E1558301938B6CF92F7677224D3FB6F7 ] GDMnIcpt C:\Windows\system32\drivers\MiniIcpt.sys
05:05:49.0394 2852 GDMnIcpt - ok
05:05:49.0409 2852 [ 5F1E5EAE8F08B6E2FABE8345E0BDFE48 ] GDPkIcpt C:\Windows\system32\drivers\PktIcpt.sys
05:05:49.0421 2852 GDPkIcpt - ok
05:05:49.0473 2852 [ 110C6DC36EA9F5DA664A584756B1B297 ] GDScan C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
05:05:49.0503 2852 GDScan - ok
05:05:49.0536 2852 [ 0567B5641DF3C52FB4E6B623726669ED ] GDTunerSvc C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe
05:05:49.0565 2852 GDTunerSvc - ok
05:05:49.0578 2852 [ 4ECBCAD43B7FED6F135BF108BB71434D ] gdwfpcd C:\Windows\system32\drivers\gdwfpcd64.sys
05:05:49.0591 2852 gdwfpcd - ok
05:05:49.0616 2852 [ 16C2A6BCDDA8952C2035DEC861492A19 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
05:05:49.0627 2852 ggflt - ok
05:05:49.0654 2852 [ 6B503DF845EABF3457E49FBBDA26C10E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
05:05:49.0666 2852 ggsemc - ok
05:05:49.0679 2852 GLogin - ok
05:05:49.0704 2852 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
05:05:49.0752 2852 gpsvc - ok
05:05:49.0782 2852 [ 9580CBF03D2EE08BD1C0D701AAE4092A ] GRD C:\Windows\system32\drivers\GRD.sys
05:05:49.0795 2852 GRD - ok
05:05:49.0838 2852 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
05:05:49.0851 2852 gupdate - ok
05:05:49.0874 2852 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
05:05:49.0886 2852 gupdatem - ok
05:05:49.0915 2852 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
05:05:49.0945 2852 gusvc - ok
05:05:49.0956 2852 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
05:05:49.0969 2852 hcw85cir - ok
05:05:49.0989 2852 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
05:05:50.0016 2852 HdAudAddService - ok
05:05:50.0043 2852 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
05:05:50.0066 2852 HDAudBus - ok
05:05:50.0089 2852 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
05:05:50.0116 2852 HidBatt - ok
05:05:50.0144 2852 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
05:05:50.0192 2852 HidBth - ok
05:05:50.0203 2852 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
05:05:50.0225 2852 HidIr - ok
05:05:50.0243 2852 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
05:05:50.0321 2852 hidserv - ok
05:05:50.0344 2852 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
05:05:50.0357 2852 HidUsb - ok
05:05:50.0373 2852 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
05:05:50.0416 2852 hkmsvc - ok
05:05:50.0437 2852 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
05:05:50.0461 2852 HomeGroupListener - ok
05:05:50.0488 2852 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
05:05:50.0503 2852 HomeGroupProvider - ok
05:05:50.0529 2852 [ 3CD18F0B3681FB267E67763CC3152D4E ] HookCentre C:\Windows\system32\drivers\HookCentre.sys
05:05:50.0542 2852 HookCentre - ok
05:05:50.0561 2852 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
05:05:50.0575 2852 HpSAMD - ok
05:05:50.0606 2852 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
05:05:50.0677 2852 HTTP - ok
05:05:50.0691 2852 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
05:05:50.0703 2852 hwpolicy - ok
05:05:50.0728 2852 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
05:05:50.0743 2852 i8042prt - ok
05:05:50.0759 2852 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
05:05:50.0779 2852 iaStorV - ok
05:05:50.0813 2852 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
05:05:50.0856 2852 idsvc - ok
05:05:50.0968 2852 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
05:05:51.0141 2852 igfx - ok
05:05:51.0154 2852 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
05:05:51.0167 2852 iirsp - ok
05:05:51.0194 2852 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
05:05:51.0246 2852 IKEEXT - ok
05:05:51.0335 2852 [ CB7DADEF3D83FE2C12655A0BDCBA99F2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
05:05:51.0420 2852 IntcAzAudAddService - ok
05:05:51.0443 2852 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
05:05:51.0457 2852 intelide - ok
05:05:51.0471 2852 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
05:05:51.0493 2852 intelppm - ok
05:05:51.0504 2852 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
05:05:51.0551 2852 IPBusEnum - ok
05:05:51.0567 2852 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
05:05:51.0607 2852 IpFilterDriver - ok
05:05:51.0636 2852 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
05:05:51.0667 2852 iphlpsvc - ok
05:05:51.0684 2852 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
05:05:51.0704 2852 IPMIDRV - ok
05:05:51.0708 2852 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
05:05:51.0743 2852 IPNAT - ok
05:05:51.0761 2852 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
05:05:51.0784 2852 IRENUM - ok
05:05:51.0805 2852 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
05:05:51.0819 2852 isapnp - ok
05:05:51.0836 2852 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
05:05:51.0853 2852 iScsiPrt - ok
05:05:51.0874 2852 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
05:05:51.0886 2852 kbdclass - ok
05:05:51.0904 2852 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
05:05:51.0930 2852 kbdhid - ok
05:05:51.0942 2852 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
05:05:51.0955 2852 KeyIso - ok
05:05:51.0977 2852 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
05:05:51.0991 2852 KSecDD - ok
05:05:52.0004 2852 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
05:05:52.0020 2852 KSecPkg - ok
05:05:52.0035 2852 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
05:05:52.0069 2852 ksthunk - ok
05:05:52.0103 2852 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
05:05:52.0181 2852 KtmRm - ok
05:05:52.0223 2852 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
05:05:52.0285 2852 LanmanServer - ok
05:05:52.0310 2852 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
05:05:52.0350 2852 LanmanWorkstation - ok
05:05:52.0370 2852 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
05:05:52.0404 2852 lltdio - ok
05:05:52.0417 2852 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
05:05:52.0460 2852 lltdsvc - ok
05:05:52.0483 2852 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
05:05:52.0545 2852 lmhosts - ok
05:05:52.0572 2852 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
05:05:52.0587 2852 LSI_FC - ok
05:05:52.0607 2852 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
05:05:52.0621 2852 LSI_SAS - ok
05:05:52.0637 2852 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
05:05:52.0651 2852 LSI_SAS2 - ok
05:05:52.0661 2852 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
05:05:52.0676 2852 LSI_SCSI - ok
05:05:52.0689 2852 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
05:05:52.0731 2852 luafv - ok
05:05:52.0741 2852 lxbk_device - ok
05:05:52.0757 2852 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
05:05:52.0785 2852 Mcx2Svc - ok
05:05:52.0799 2852 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
05:05:52.0812 2852 megasas - ok
05:05:52.0822 2852 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
05:05:52.0840 2852 MegaSR - ok
05:05:52.0873 2852 [ 8A43D23ACE2E8C95A2D87B6E9599DEDA ] MemeoBackgroundService C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
05:05:52.0884 2852 MemeoBackgroundService - ok
05:05:52.0893 2852 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
05:05:52.0947 2852 MMCSS - ok
05:05:52.0961 2852 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
05:05:53.0001 2852 Modem - ok
05:05:53.0014 2852 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
05:05:53.0037 2852 monitor - ok
05:05:53.0045 2852 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
05:05:53.0058 2852 mouclass - ok
05:05:53.0085 2852 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
05:05:53.0120 2852 mouhid - ok
05:05:53.0142 2852 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
05:05:53.0168 2852 mountmgr - ok
05:05:53.0186 2852 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
05:05:53.0211 2852 mpio - ok
05:05:53.0224 2852 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
05:05:53.0271 2852 mpsdrv - ok
05:05:53.0290 2852 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
05:05:53.0339 2852 MpsSvc - ok
05:05:53.0356 2852 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
05:05:53.0392 2852 MRxDAV - ok
05:05:53.0412 2852 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
05:05:53.0453 2852 mrxsmb - ok
05:05:53.0469 2852 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
05:05:53.0497 2852 mrxsmb10 - ok
05:05:53.0511 2852 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
05:05:53.0532 2852 mrxsmb20 - ok
05:05:53.0555 2852 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
05:05:53.0568 2852 msahci - ok
05:05:53.0581 2852 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
05:05:53.0596 2852 msdsm - ok
05:05:53.0607 2852 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
05:05:53.0634 2852 MSDTC - ok
05:05:53.0646 2852 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
05:05:53.0688 2852 Msfs - ok
05:05:53.0712 2852 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
05:05:53.0772 2852 mshidkmdf - ok
05:05:53.0800 2852 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
05:05:53.0814 2852 msisadrv - ok
05:05:53.0832 2852 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
05:05:53.0879 2852 MSiSCSI - ok
05:05:53.0883 2852 msiserver - ok
05:05:53.0905 2852 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
05:05:53.0949 2852 MSKSSRV - ok
05:05:53.0966 2852 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
05:05:54.0009 2852 MSPCLOCK - ok
05:05:54.0022 2852 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
05:05:54.0055 2852 MSPQM - ok
05:05:54.0073 2852 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
05:05:54.0092 2852 MsRPC - ok
05:05:54.0118 2852 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
05:05:54.0130 2852 mssmbios - ok
05:05:54.0140 2852 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
05:05:54.0182 2852 MSTEE - ok
05:05:54.0203 2852 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
05:05:54.0238 2852 MTConfig - ok
05:05:54.0255 2852 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
05:05:54.0269 2852 Mup - ok
05:05:54.0287 2852 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
05:05:54.0326 2852 napagent - ok
05:05:54.0352 2852 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
05:05:54.0387 2852 NativeWifiP - ok
05:05:54.0435 2852 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
05:05:54.0485 2852 NDIS - ok
05:05:54.0496 2852 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
05:05:54.0541 2852 NdisCap - ok
05:05:54.0556 2852 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
05:05:54.0601 2852 NdisTapi - ok
05:05:54.0614 2852 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
05:05:54.0663 2852 Ndisuio - ok
05:05:54.0675 2852 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
05:05:54.0717 2852 NdisWan - ok
05:05:54.0726 2852 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
05:05:54.0770 2852 NDProxy - ok
05:05:54.0778 2852 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
05:05:54.0851 2852 NetBIOS - ok
05:05:54.0866 2852 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
05:05:54.0915 2852 NetBT - ok
05:05:54.0932 2852 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
05:05:54.0945 2852 Netlogon - ok
05:05:54.0980 2852 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
05:05:55.0027 2852 Netman - ok
05:05:55.0043 2852 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
05:05:55.0085 2852 netprofm - ok
05:05:55.0094 2852 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
05:05:55.0107 2852 NetTcpPortSharing - ok
05:05:55.0130 2852 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
05:05:55.0144 2852 nfrd960 - ok
05:05:55.0174 2852 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
05:05:55.0202 2852 NlaSvc - ok
05:05:55.0226 2852 [ 907B5E1E4A592E5EDC5E4CCBDE4863C2 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
05:05:55.0252 2852 nmwcd - ok
05:05:55.0277 2852 [ 41C1AC1F3613435EB32D67BCB80A5FA5 ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
05:05:55.0303 2852 nmwcdc - ok
05:05:55.0318 2852 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
05:05:55.0352 2852 Npfs - ok
05:05:55.0364 2852 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
05:05:55.0408 2852 nsi - ok
05:05:55.0423 2852 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
05:05:55.0458 2852 nsiproxy - ok
05:05:55.0511 2852 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
05:05:55.0576 2852 Ntfs - ok
05:05:55.0592 2852 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
05:05:55.0629 2852 Null - ok
05:05:55.0667 2852 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
05:05:55.0698 2852 NVENETFD - ok
05:05:55.0734 2852 [ 10204955027011E08A9DC27737A48A54 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
05:05:55.0765 2852 NVHDA - ok
05:05:55.0957 2852 [ CC1EFEA1F0AB17E59BD4B5BAFF3E5CB0 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
05:05:56.0285 2852 nvlddmkm - ok
05:05:56.0324 2852 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
05:05:56.0340 2852 nvraid - ok
05:05:56.0349 2852 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
05:05:56.0364 2852 nvstor - ok
05:05:56.0412 2852 [ 39F933CA2798156B0B7A19D104B73B9A ] nvsvc C:\Windows\system32\nvvsvc.exe
05:05:56.0447 2852 nvsvc - ok
05:05:56.0514 2852 [ 4E5C5D88EB0A8D21824D5A3EB7327E69 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
05:05:56.0559 2852 nvUpdatusService - ok
05:05:56.0578 2852 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
05:05:56.0592 2852 nv_agp - ok
05:05:56.0598 2852 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
05:05:56.0614 2852 ohci1394 - ok
05:05:56.0639 2852 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
05:05:56.0670 2852 p2pimsvc - ok
05:05:56.0688 2852 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
05:05:56.0718 2852 p2psvc - ok
05:05:56.0730 2852 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
05:05:56.0753 2852 Parport - ok
05:05:56.0777 2852 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
05:05:56.0791 2852 partmgr - ok
05:05:56.0806 2852 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
05:05:56.0867 2852 PcaSvc - ok
05:05:56.0893 2852 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
05:05:56.0909 2852 pci - ok
05:05:56.0925 2852 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
05:05:56.0938 2852 pciide - ok
05:05:56.0960 2852 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
05:05:56.0976 2852 pcmcia - ok
05:05:56.0999 2852 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
05:05:57.0012 2852 pcw - ok
05:05:57.0029 2852 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
05:05:57.0073 2852 PEAUTH - ok
05:05:57.0132 2852 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
05:05:57.0172 2852 PerfHost - ok
05:05:57.0209 2852 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
05:05:57.0276 2852 pla - ok
05:05:57.0315 2852 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
05:05:57.0350 2852 PlugPlay - ok
05:05:57.0359 2852 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
05:05:57.0384 2852 PNRPAutoReg - ok
05:05:57.0397 2852 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
05:05:57.0414 2852 PNRPsvc - ok
05:05:57.0442 2852 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
05:05:57.0491 2852 PolicyAgent - ok
05:05:57.0510 2852 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
05:05:57.0546 2852 Power - ok
05:05:57.0566 2852 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
05:05:57.0603 2852 PptpMiniport - ok
05:05:57.0625 2852 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
05:05:57.0650 2852 Processor - ok
05:05:57.0670 2852 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
05:05:57.0694 2852 ProfSvc - ok
05:05:57.0709 2852 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
05:05:57.0722 2852 ProtectedStorage - ok
05:05:57.0745 2852 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
05:05:57.0786 2852 Psched - ok
05:05:57.0832 2852 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
05:05:57.0879 2852 ql2300 - ok
05:05:57.0884 2852 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
05:05:57.0898 2852 ql40xx - ok
05:05:57.0917 2852 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
05:05:57.0938 2852 QWAVE - ok
05:05:57.0949 2852 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
05:05:57.0973 2852 QWAVEdrv - ok
05:05:57.0990 2852 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
05:05:58.0030 2852 RasAcd - ok
05:05:58.0055 2852 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
05:05:58.0095 2852 RasAgileVpn - ok
05:05:58.0110 2852 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
05:05:58.0154 2852 RasAuto - ok
05:05:58.0165 2852 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
05:05:58.0211 2852 Rasl2tp - ok
05:05:58.0227 2852 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
05:05:58.0280 2852 RasMan - ok
05:05:58.0296 2852 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
05:05:58.0331 2852 RasPppoe - ok
05:05:58.0342 2852 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
05:05:58.0418 2852 RasSstp - ok
05:05:58.0437 2852 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
05:05:58.0485 2852 rdbss - ok
05:05:58.0507 2852 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
05:05:58.0533 2852 rdpbus - ok
05:05:58.0546 2852 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
05:05:58.0583 2852 RDPCDD - ok
05:05:58.0610 2852 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
05:05:58.0653 2852 RDPENCDD - ok
05:05:58.0664 2852 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
05:05:58.0703 2852 RDPREFMP - ok
05:05:58.0729 2852 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
05:05:58.0751 2852 RDPWD - ok
05:05:58.0772 2852 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
05:05:58.0789 2852 rdyboost - ok
05:05:58.0827 2852 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
05:05:58.0890 2852 RemoteAccess - ok
05:05:58.0907 2852 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
05:05:58.0954 2852 RemoteRegistry - ok
05:05:58.0959 2852 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
05:05:59.0003 2852 RpcEptMapper - ok
05:05:59.0011 2852 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
05:05:59.0031 2852 RpcLocator - ok
05:05:59.0050 2852 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
05:05:59.0087 2852 RpcSs - ok
05:05:59.0097 2852 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
05:05:59.0133 2852 rspndr - ok
05:05:59.0169 2852 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
05:05:59.0190 2852 RTL8167 - ok
05:05:59.0222 2852 [ B3F36B4B3F192EA87DDC119F3A0B3E45 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
05:05:59.0245 2852 RTL8192su - ok
05:05:59.0254 2852 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
05:05:59.0267 2852 SamSs - ok
05:05:59.0347 2852 [ 5EFBBFCC6ADAC121C8E2FE76641ED329 ] SANDRA C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4\WNt500x64\Sandra.sys
05:05:59.0370 2852 SANDRA - ok
05:05:59.0385 2852 [ 00DE27C8349D0D049636DD8BD02E3BC4 ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4\RpcAgentSrv.exe
05:05:59.0403 2852 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - warning
05:05:59.0403 2852 SandraAgentSrv - detected UnsignedFile.Multi.Generic (1)
05:05:59.0415 2852 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
05:05:59.0440 2852 sbp2port - ok
05:05:59.0459 2852 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
05:05:59.0497 2852 SCardSvr - ok
05:05:59.0511 2852 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
05:05:59.0551 2852 scfilter - ok
05:05:59.0570 2852 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
05:05:59.0622 2852 Schedule - ok
05:05:59.0640 2852 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
05:05:59.0672 2852 SCPolicySvc - ok
05:05:59.0684 2852 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
05:05:59.0712 2852 SDRSVC - ok
05:05:59.0729 2852 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
05:05:59.0770 2852 secdrv - ok
05:05:59.0778 2852 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
05:05:59.0813 2852 seclogon - ok
05:05:59.0824 2852 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
05:05:59.0860 2852 SENS - ok
05:05:59.0880 2852 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
05:05:59.0906 2852 SensrSvc - ok
05:05:59.0934 2852 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
05:05:59.0970 2852 Serenum - ok
05:05:59.0982 2852 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
05:06:00.0006 2852 Serial - ok
05:06:00.0022 2852 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
05:06:00.0047 2852 sermouse - ok
05:06:00.0060 2852 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
05:06:00.0098 2852 SessionEnv - ok
05:06:00.0122 2852 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
05:06:00.0164 2852 sffdisk - ok
05:06:00.0175 2852 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
05:06:00.0190 2852 sffp_mmc - ok
05:06:00.0209 2852 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
05:06:00.0227 2852 sffp_sd - ok
05:06:00.0241 2852 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
05:06:00.0260 2852 sfloppy - ok
05:06:00.0279 2852 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
05:06:00.0319 2852 SharedAccess - ok
05:06:00.0341 2852 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
05:06:00.0385 2852 ShellHWDetection - ok
05:06:00.0394 2852 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
05:06:00.0407 2852 SiSRaid2 - ok
05:06:00.0419 2852 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
05:06:00.0432 2852 SiSRaid4 - ok
05:06:00.0462 2852 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
05:06:00.0498 2852 Smb - ok
05:06:00.0512 2852 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
05:06:00.0542 2852 SNMPTRAP - ok
05:06:00.0627 2852 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
05:06:00.0654 2852 Sony PC Companion - ok
05:06:00.0673 2852 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
05:06:00.0686 2852 spldr - ok
05:06:00.0718 2852 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
05:06:00.0753 2852 Spooler - ok
05:06:00.0807 2852 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
05:06:00.0880 2852 sppsvc - ok
05:06:00.0896 2852 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
05:06:00.0939 2852 sppuinotify - ok
05:06:00.0966 2852 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
05:06:00.0995 2852 srv - ok
05:06:01.0009 2852 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
05:06:01.0033 2852 srv2 - ok
05:06:01.0042 2852 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
05:06:01.0067 2852 srvnet - ok
05:06:01.0091 2852 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
05:06:01.0138 2852 SSDPSRV - ok
05:06:01.0141 2852 SSPORT - ok
05:06:01.0150 2852 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
05:06:01.0193 2852 SstpSvc - ok
05:06:01.0221 2852 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
05:06:01.0248 2852 stexstor - ok
05:06:01.0301 2852 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
05:06:01.0365 2852 stisvc - ok
05:06:01.0392 2852 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
05:06:01.0405 2852 swenum - ok
05:06:01.0431 2852 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
05:06:01.0478 2852 swprv - ok
05:06:01.0511 2852 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
05:06:01.0556 2852 SysMain - ok
05:06:01.0572 2852 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
05:06:01.0605 2852 TabletInputService - ok
05:06:01.0631 2852 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
05:06:01.0675 2852 TapiSrv - ok
05:06:01.0689 2852 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
05:06:01.0725 2852 TBS - ok
05:06:01.0786 2852 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
05:06:01.0844 2852 Tcpip - ok
05:06:01.0876 2852 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
05:06:01.0918 2852 TCPIP6 - ok
05:06:01.0932 2852 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
05:06:01.0951 2852 tcpipreg - ok
05:06:01.0974 2852 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
05:06:01.0996 2852 TDPIPE - ok
05:06:02.0029 2852 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
05:06:02.0056 2852 TDTCP - ok
05:06:02.0072 2852 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
05:06:02.0115 2852 tdx - ok
05:06:02.0137 2852 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
05:06:02.0151 2852 TermDD - ok
05:06:02.0176 2852 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
05:06:02.0220 2852 TermService - ok
05:06:02.0234 2852 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
05:06:02.0253 2852 Themes - ok
05:06:02.0265 2852 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
05:06:02.0299 2852 THREADORDER - ok
05:06:02.0310 2852 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
05:06:02.0349 2852 TrkWks - ok
05:06:02.0391 2852 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
05:06:02.0443 2852 TrustedInstaller - ok
05:06:02.0474 2852 [ 59BD43714E1034A913F019413905D387 ] TS4NT C:\Windows\system32\Drivers\TS4nt.sys
05:06:02.0488 2852 TS4NT - ok
05:06:02.0551 2852 [ B4A0237AF692AC90E18F61880A48D010 ] TSNxGService C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe
05:06:02.0579 2852 TSNxGService - ok
05:06:02.0593 2852 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
05:06:02.0632 2852 tssecsrv - ok
05:06:02.0654 2852 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
05:06:02.0683 2852 TsUsbFlt - ok
05:06:02.0703 2852 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
05:06:02.0717 2852 TsUsbGD - ok
05:06:02.0735 2852 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
05:06:02.0775 2852 tunnel - ok
05:06:02.0797 2852 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
05:06:02.0811 2852 uagp35 - ok
05:06:02.0825 2852 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
05:06:02.0886 2852 udfs - ok
05:06:02.0903 2852 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
05:06:02.0936 2852 UI0Detect - ok
05:06:02.0969 2852 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
05:06:02.0996 2852 uliagpkx - ok
05:06:03.0028 2852 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
05:06:03.0052 2852 umbus - ok
05:06:03.0069 2852 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
05:06:03.0109 2852 UmPass - ok
05:06:03.0132 2852 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
05:06:03.0199 2852 upnphost - ok
05:06:03.0226 2852 [ 4E93C8496359E97830C75AC36393654D ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
05:06:03.0259 2852 upperdev - ok
05:06:03.0275 2852 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
05:06:03.0313 2852 usbccgp - ok
05:06:03.0344 2852 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
05:06:03.0373 2852 usbcir - ok
05:06:03.0394 2852 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
05:06:03.0413 2852 usbehci - ok
05:06:03.0440 2852 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
05:06:03.0467 2852 usbhub - ok
05:06:03.0483 2852 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
05:06:03.0497 2852 usbohci - ok
05:06:03.0524 2852 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
05:06:03.0541 2852 usbprint - ok
05:06:03.0568 2852 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
05:06:03.0591 2852 usbscan - ok
05:06:03.0616 2852 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
05:06:03.0652 2852 usbser - ok
05:06:03.0663 2852 [ 8844CB19A37B65E27049D4A7786726A9 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
05:06:03.0709 2852 UsbserFilt - ok
05:06:03.0725 2852 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
05:06:03.0751 2852 USBSTOR - ok
05:06:03.0776 2852 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
05:06:03.0801 2852 usbuhci - ok
05:06:03.0820 2852 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
05:06:03.0868 2852 UxSms - ok
05:06:03.0920 2852 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
05:06:03.0951 2852 VaultSvc - ok
05:06:03.0982 2852 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
05:06:04.0011 2852 vdrvroot - ok
05:06:04.0035 2852 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
05:06:04.0075 2852 vds - ok
05:06:04.0093 2852 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
05:06:04.0110 2852 vga - ok
05:06:04.0120 2852 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
05:06:04.0162 2852 VgaSave - ok
05:06:04.0179 2852 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
05:06:04.0196 2852 vhdmp - ok
05:06:04.0220 2852 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
05:06:04.0232 2852 viaide - ok
05:06:04.0244 2852 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
05:06:04.0258 2852 volmgr - ok
05:06:04.0269 2852 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
05:06:04.0287 2852 volmgrx - ok
05:06:04.0304 2852 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
05:06:04.0323 2852 volsnap - ok
05:06:04.0349 2852 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
05:06:04.0363 2852 vsmraid - ok
05:06:04.0399 2852 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
05:06:04.0480 2852 VSS - ok
05:06:04.0492 2852 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
05:06:04.0518 2852 vwifibus - ok
05:06:04.0542 2852 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
05:06:04.0565 2852 vwififlt - ok
05:06:04.0587 2852 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
05:06:04.0626 2852 W32Time - ok
05:06:04.0643 2852 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
05:06:04.0661 2852 WacomPen - ok
05:06:04.0679 2852 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
05:06:04.0719 2852 WANARP - ok
05:06:04.0722 2852 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
05:06:04.0753 2852 Wanarpv6 - ok
05:06:04.0806 2852 [ 261A725F8ACEDDA695C7FFF6D6EDE6B5 ] watchmi C:\Program Files (x86)\watchmi\TvdService.exe
05:06:04.0819 2852 watchmi ( UnsignedFile.Multi.Generic ) - warning
05:06:04.0819 2852 watchmi - detected UnsignedFile.Multi.Generic (1)
05:06:04.0865 2852 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
05:06:04.0924 2852 wbengine - ok
05:06:04.0944 2852 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
05:06:04.0975 2852 WbioSrvc - ok
05:06:04.0990 2852 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
05:06:05.0015 2852 wcncsvc - ok
05:06:05.0026 2852 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
05:06:05.0049 2852 WcsPlugInService - ok
05:06:05.0060 2852 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
05:06:05.0073 2852 Wd - ok
05:06:05.0103 2852 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
05:06:05.0131 2852 Wdf01000 - ok
05:06:05.0141 2852 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
05:06:05.0167 2852 WdiServiceHost - ok
05:06:05.0171 2852 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
05:06:05.0190 2852 WdiSystemHost - ok
05:06:05.0207 2852 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
05:06:05.0243 2852 WebClient - ok
05:06:05.0258 2852 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
05:06:05.0311 2852 Wecsvc - ok
05:06:05.0326 2852 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
05:06:05.0374 2852 wercplsupport - ok
05:06:05.0390 2852 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
05:06:05.0424 2852 WerSvc - ok
05:06:05.0447 2852 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
05:06:05.0481 2852 WfpLwf - ok
05:06:05.0499 2852 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
05:06:05.0511 2852 WIMMount - ok
05:06:05.0535 2852 WinDefend - ok
05:06:05.0539 2852 WinHttpAutoProxySvc - ok
05:06:05.0581 2852 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
05:06:05.0650 2852 Winmgmt - ok
05:06:05.0683 2852 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
05:06:05.0754 2852 WinRM - ok
05:06:05.0792 2852 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
05:06:05.0837 2852 WinUsb - ok
05:06:05.0864 2852 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
05:06:05.0903 2852 Wlansvc - ok
05:06:05.0936 2852 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
05:06:05.0963 2852 wlcrasvc - ok
05:06:06.0019 2852 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
05:06:06.0083 2852 wlidsvc - ok
05:06:06.0109 2852 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
05:06:06.0127 2852 WmiAcpi - ok
05:06:06.0147 2852 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
05:06:06.0166 2852 wmiApSrv - ok
05:06:06.0183 2852 WMPNetworkSvc - ok
05:06:06.0203 2852 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
05:06:06.0234 2852 WPCSvc - ok
05:06:06.0244 2852 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
05:06:06.0261 2852 WPDBusEnum - ok
05:06:06.0277 2852 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
05:06:06.0339 2852 ws2ifsl - ok
05:06:06.0355 2852 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
05:06:06.0375 2852 wscsvc - ok
05:06:06.0378 2852 WSearch - ok
05:06:06.0395 2852 [ 82E8F5AA03DF7DBDB8A33F700D5D8CDA ] wsvd C:\Windows\system32\DRIVERS\wsvd.sys
05:06:06.0409 2852 wsvd - ok
05:06:06.0473 2852 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
05:06:06.0525 2852 wuauserv - ok
05:06:06.0551 2852 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
05:06:06.0566 2852 WudfPf - ok
05:06:06.0589 2852 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
05:06:06.0617 2852 WUDFRd - ok
05:06:06.0631 2852 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
05:06:06.0657 2852 wudfsvc - ok
05:06:06.0669 2852 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
05:06:06.0692 2852 WwanSvc - ok
05:06:06.0712 2852 ================ Scan global ===============================
05:06:06.0732 2852 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
05:06:06.0765 2852 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
05:06:06.0776 2852 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
05:06:06.0790 2852 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
05:06:06.0814 2852 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
05:06:06.0818 2852 [Global] - ok
05:06:06.0818 2852 ================ Scan MBR ==================================
05:06:06.0829 2852 [ 5D949EEA3BEEC2DF38A2D7900AD89A60 ] \Device\Harddisk0\DR0
05:06:09.0043 2852 \Device\Harddisk0\DR0 - ok
05:06:09.0043 2852 ================ Scan VBR ==================================
05:06:09.0047 2852 [ 4D2116B1D0928B24062AFEFFE8277A7C ] \Device\Harddisk0\DR0\Partition1
05:06:09.0049 2852 \Device\Harddisk0\DR0\Partition1 - ok
05:06:09.0095 2852 [ C1D9D0A11540696D42F56CDADA727778 ] \Device\Harddisk0\DR0\Partition2
05:06:09.0099 2852 \Device\Harddisk0\DR0\Partition2 - ok
05:06:09.0130 2852 [ F4BF22D640D4C018E23BF62A9101CCB0 ] \Device\Harddisk0\DR0\Partition3
05:06:09.0132 2852 \Device\Harddisk0\DR0\Partition3 - ok
05:06:09.0133 2852 ============================================================
05:06:09.0133 2852 Scan finished
05:06:09.0133 2852 ============================================================
05:06:09.0150 5924 Detected object count: 2
05:06:09.0150 5924 Actual detected object count: 2
05:08:29.0619 5924 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - skipped by user
05:08:29.0619 5924 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:08:29.0620 5924 watchmi ( UnsignedFile.Multi.Generic ) - skipped by user
05:08:29.0620 5924 watchmi ( UnsignedFile.Multi.Generic ) - User select action: Skip
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-10 04:31:55
-----------------------------
04:31:55.524 OS Version: Windows x64 6.1.7601 Service Pack 1
04:31:55.524 Number of processors: 8 586 0x102
04:31:55.525 ComputerName: CHAOS-PC UserName: Chaos
04:32:00.695 Initialize success
04:35:16.913 AVAST engine defs: 13010901
04:45:33.497 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
04:45:33.501 Disk 0 Vendor: ST1500DL CC4A Size: 1430799MB BusType: 11
04:45:33.541 Disk 0 MBR read successfully
04:45:33.546 Disk 0 MBR scan
04:45:33.559 Disk 0 unknown MBR code
04:45:33.568 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
04:45:33.586 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1378473 MB offset 206848
04:45:33.630 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 51200 MB offset 2823319552
04:45:33.654 Disk 0 Partition 4 00 12 Compaq diag NTFS 1024 MB offset 2928177152
04:45:33.716 Disk 0 scanning C:\Windows\system32\drivers
04:45:46.550 Service scanning
04:46:08.418 Modules scanning
04:46:08.433 Disk 0 trace - called modules:
04:46:08.457 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
04:46:08.466 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80076e9790]
04:46:08.475 3 CLASSPNP.SYS[fffff88001b7b43f] -> nt!IofCallDriver -> [0xfffffa800680aac0]
04:46:08.484 5 amd_xata.sys[fffff8800108ca1d] -> nt!IofCallDriver -> \Device\00000069[0xfffffa80067fa840]
04:46:13.367 AVAST engine scan C:\Windows
04:46:16.617 AVAST engine scan C:\Windows\system32
04:48:50.999 AVAST engine scan C:\Windows\system32\drivers
04:49:06.519 AVAST engine scan C:\Users\Chaos
04:58:06.150 AVAST engine scan C:\ProgramData
04:59:46.354 Scan finished successfully
05:00:42.571 Disk 0 MBR has been saved successfully to "C:\Users\Chaos\Desktop\MBR.dat"
05:00:42.575 The log file has been saved successfully to "C:\Users\Chaos\Desktop\aswMBR.txt"
|
|
10.01.2013, 11:51
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Exploit.Drop.GSA Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.01.2013, 18:27
| #11 |
| | Exploit.Drop.GSA Guten Abend! Vielen Dank für deine Antwort! Ich habe Combofix jetzt seit reichlich 45 Minuten laufen und es stagniert in Stufe 4! Am Rechner selbst kann ich optisch keine Festplattenaktivität erkennen. Hat sich das Programm evtl. Aufgehangen? Aktuell schreibe ich vom Handy. Nochmal ein kurzes Hallo, ich habe das Programm nach 1 Stunde Laufzeit beendet. lt. anderen Beiträgen über Google ist eine Laufzeit von 1 Stunde ohne Änderungen als Absturz des Programms anzusehen. Ich hoffe doch sehr, dass ich jetzt keine Fehler begangen habe. Ich habe einen neuen Versuch gestartet und den Lauf neu angesetzt. Leider ebenfalls mit dem gleichen Ergebnis. Das Programm habe ich nicht deinstalliert. Es befindet sich noch auf dem Desktop. Bevor ich den Scan gestartet habe hab ich Virenscanner, Firewalls ect. komplett ausgeschaltet. Ich wünsche dir einen schönen Abend. Bis morgen! |
|
10.01.2013, 21:20
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Exploit.Drop.GSA Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.01.2013, 05:47
| #13 |
| | Exploit.Drop.GSA Moin, hab ich gemacht (Combofix deinstalliert ect) . Das ganze 2x, da er leider weiter bei Stufe 4 einfach stehen bleibt und sich nichts mehr tut. Ich bekomme auch weder eine Aufforderung zum Systemwiederherstellungspunkt, noch zu Updates. Beim Start kommen die ganzen Warnungen (Virenscanner, Firewall aus) und dann legt er gleich mit dem Scanvorgang los.. bis 4 und Ende! machs gut bis heute Abend und Danke  |
|
11.01.2013, 16:34
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Exploit.Drop.GSA Probier CF bitte im abgesicherten Modus mit Netzwerktreibern aus Abgesicherter Modus zur Bereinigung
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.01.2013, 19:17
| #15 |
| | Exploit.Drop.GSA Guten Abend, das hat jetzt funktioniert. Um muss noch ergänzen, dass CF die Aktivität von GData gemeldet hat und um Deaktivierung bat. Durch den abgesicherten Modus war GData bereits deaktiviert und auch im Taskmanager konnte ich nichts erkennen. Ich hätte gar keine Änderungen an GData vornehmen können, da keine Änderung angenommen wurde. Ich hoffe sehr, dass diese Meldung das Ergebnis von CF nicht beeinflusst. Alternativ müsste ich GData deinstallieren und den Vorgang erneut starten. Code:
ATTFilter ComboFix 13-01-11.01 - Chaos 11.01.2013 19:01:49.5.8 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8169.7157 [GMT 1:00]
ausgeführt von:: c:\users\Chaos\Desktop\ComboFix.exe
AV: G Data TotalProtection 2013 *Enabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Enabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data TotalProtection 2013 *Enabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-11 bis 2013-01-11 ))))))))))))))))))))))))))))))
.
.
2013-01-11 18:06 . 2013-01-11 18:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-11 18:06 . 2013-01-11 18:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-11 03:48 . 2013-01-11 03:48 -------- d-----w- c:\users\Chaos\AppData\Local\Diagnostics
2013-01-06 17:21 . 2013-01-06 17:21 -------- d-----w- c:\users\Chaos\AppData\Local\Windows Live Writer
2013-01-06 17:21 . 2013-01-06 17:21 -------- d-----w- c:\users\Chaos\AppData\Roaming\Windows Live Writer
2013-01-06 13:59 . 2013-01-06 13:59 -------- d-----w- c:\users\Chaos\AppData\Roaming\Malwarebytes
2013-01-06 13:59 . 2013-01-06 13:59 -------- d-----w- c:\programdata\Malwarebytes
2013-01-06 13:59 . 2013-01-06 13:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-06 13:59 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-06 13:59 . 2013-01-06 13:59 -------- d-----w- c:\users\Chaos\AppData\Local\Programs
2012-12-29 04:38 . 2012-12-29 04:38 16504 ----a-w- c:\windows\system32\drivers\GdPhyMem.sys
2012-12-28 05:37 . 2012-12-28 05:37 2889 ----a-w- c:\programdata\dsgsdgdsgdsgw.js
2012-12-21 05:47 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 05:47 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 05:47 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 05:47 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-15 06:33 . 2012-12-15 06:33 -------- d-----w- c:\users\Chaos\Podcasts
2012-12-15 06:31 . 2012-12-15 06:34 -------- d-----w- c:\users\Chaos\AppData\Local\Sony
2012-12-15 06:31 . 2012-12-15 06:31 -------- d-----w- c:\program files (x86)\Common Files\Sony Shared
2012-12-15 06:30 . 2012-12-15 06:31 -------- d-----w- c:\programdata\Sony Corporation
2012-12-15 06:29 . 2012-12-15 06:31 -------- d-----w- c:\program files (x86)\Sony Media Go Install
2012-12-15 06:29 . 2012-12-15 06:33 -------- d-----w- c:\users\Chaos\AppData\Roaming\Sony
2012-12-12 18:37 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 18:37 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-12 18:37 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 18:37 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 17:26 . 2011-07-18 20:31 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 05:27 . 2012-05-29 01:24 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 05:27 . 2011-12-01 21:26 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-09 11:36 . 2012-12-09 11:36 27760 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-12-09 11:36 . 2012-12-09 11:36 14448 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-11-30 04:45 . 2013-01-09 17:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-30 10:50 . 2012-05-12 11:51 60320 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2012-10-30 10:48 . 2012-05-12 11:51 126880 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2012-10-30 10:48 . 2012-05-12 11:51 54176 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2012-10-30 10:48 . 2012-05-12 11:51 64416 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
2012-10-16 08:38 . 2012-11-28 04:54 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 04:54 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 04:54 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-12 39408]
"GoogleChromeAutoLaunch_9C355F266C25602F9C5EB5F430276502"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-01-08 1248360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-14 336384]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe" [2012-09-17 995352]
"GDFirewallTray"="c:\program files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe" [2012-01-27 1470968]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
watchmi tray.lnk - c:\windows\Installer\{409DC300-28AF-468F-9624-1F3309701881}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe [2012-5-12 300928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2012-10-30 126880]
R1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2012-10-30 64416]
R1 GLogin;GLogin; [x]
R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2012-08-05 106648]
R1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2012-07-12 64376]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-14 361984]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
R2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-08-23 1542680]
R2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\TotalProtection\AVK\AVKService.exe [2012-01-27 468472]
R2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe [2012-08-30 2011568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 GDBackupSvc;G Data Backup Service;c:\program files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2012-09-11 1617432]
R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2008-02-19 565928]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-09-28 25824]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
R2 TSNxGService;G Data Datensafe Service;c:\program files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe [2012-05-24 306216]
R2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe [2011-10-07 70144]
R3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe [2012-06-04 1766464]
R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2012-10-30 60320]
R3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-03-29 470008]
R3 GDTunerSvc;G Data Tuner Service;c:\program files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe [2012-05-14 1218552]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-12-09 14448]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP4\RpcAgentSrv.exe [2009-04-26 95896]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2010-09-23 129008]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-04-15 79488]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-04-15 40064]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2012-10-30 54176]
S0 TS4NT;TS4nt driver;c:\windows\System32\Drivers\TS4nt.sys [2012-07-12 98760]
S3 amdiox64;AMD IO Driver;c:\windows\system32\drivers\amdiox64.sys [2010-02-18 46136]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2011-08-02 129000]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2011-08-02 391144]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-11 04:44 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-29 05:27]
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-12 11:22]
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-12 11:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Chaos\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 83.169.186.33 83.169.186.97
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-TSNxG4Tray - c:\program files (x86)\G Data\TotalProtection\TSNxG\TSNxGTray.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-AFPL Ghostscript 8.54 - c:\program files (x86)\gs\uninstgs.exe
AddRemove-AFPL Ghostscript Fonts - c:\program files (x86)\gs\uninstgs.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-11 19:08:56
ComboFix-quarantined-files.txt 2013-01-11 18:08
.
Vor Suchlauf: 8 Verzeichnis(se), 1.394.750.980.096 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 1.394.446.548.992 Bytes frei
.
- - End Of File - - E52E9EF5B036EC1B3D65A205555C3B0F
 Danke und bis morgen |
|
| Themen zu Exploit.Drop.GSA |
| abbruch, anlage, applaus, autostart, dvd, ebenfalls, erneut, euro, fehler, gdata, gesperrt, gmer-scan, guten, hilfe!, hintergrund, hängt, kurze, neu, neustart, pc wurde gesperrt, quarantäne, scan, scannen, screen, trojaner, trojanern, virenscan, virus |
Linear-Darstellung
