| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Computer gesperrt GVU TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.01.2013, 15:12
| #1 |
 |  Computer gesperrt GVU Trojaner Hier die dateien, hoffenlich bekomme ich schnelle hilfe  Schritt 1 ausgeführt hier Schritt 2-3 Schritt 2 : OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.01.2013 14:36:36 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\DATA\Downloads 64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,98 Gb Total Physical Memory | 14,59 Gb Available Physical Memory | 91,33% Memory free 31,96 Gb Paging File | 30,67 Gb Available in Paging File | 95,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 443,11 Gb Free Space | 47,57% Space Free | Partition Type: NTFS Drive D: | 6,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: LUKASTOWER | User Name: Lukas | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.10 14:36:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\DATA\Downloads\OTL.exe PRC - [2012.12.12 16:36:15 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe PRC - [2012.08.30 20:22:31 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\DATA\Progamme\firefox.exe PRC - [2012.08.30 20:22:30 | 000,016,864 | ---- | M] (Mozilla Corporation) -- C:\DATA\Progamme\plugin-container.exe ========== Modules (No Company Name) ========== MOD - [2012.12.12 16:36:14 | 014,586,296 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll MOD - [2012.08.30 20:22:30 | 002,242,528 | ---- | M] () -- C:\DATA\Progamme\mozjs.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.09.28 14:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2012.09.28 02:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.01.09 03:39:34 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.11.19 20:17:25 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.08.30 20:22:30 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011.03.22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE) SRV - [2010.09.02 16:01:36 | 000,125,216 | ---- | M] (DeviceVM, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe -- (SmartViewService) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ATI\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.01) DRV:64bit: - [2012.10.13 20:56:59 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.09.28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.09.28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.04.25 18:08:02 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305) DRV:64bit: - [2012.04.24 22:28:28 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX) DRV:64bit: - [2012.04.09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.2) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.05.10 15:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger) DRV:64bit: - [2011.04.21 19:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.04 15:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.03.04 15:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.02.18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.11.18 00:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009.10.19 13:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 9F C9 A7 34 EF CD 01 [binary data] IE - HKCU\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\DeviceVM\SmartView\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK IE - HKCU\..\SearchScopes\{DCC4C677-CE06-41d8-811B-BA49DA2D36CF}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A6976579318&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A6976579318&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/?ref=logo" FF - prefs.js..extensions.enabledAddons: battlefieldplay4free@ea.com:1.0.80.2 FF - prefs.js..extensions.enabledAddons: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.3.1 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\DATA\Progamme\itunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\DATA\Progamme\components [2012.08.30 20:22:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\DATA\Progamme\plugins [2012.04.24 22:45:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions [2012.12.12 17:53:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\1zop6hfg.default\extensions [2012.09.20 21:50:28 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\1zop6hfg.default\extensions\battlefieldplay4free@ea.com [2012.12.12 17:52:20 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\1zop6hfg.default\extensions\ich@maltegoetz.de [2012.12.08 21:39:45 | 000,269,905 | ---- | M] () (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\firefox\profiles\1zop6hfg.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (SmartView VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\DeviceVM\SmartView\SmartView.dll (DeviceVM, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [SmartViewAgent] C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ToUcamVProperty] C:\PROGRA~2\PHILIP~1\VProperty.exe File not found O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.) O4 - HKCU..\Run: [ASRockXTU] File not found O4 - HKCU..\Run: [Steam] C:\DATA\Progamme\Steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [zASRockInstantBoot] File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BB66921-147F-41AE-9B7A-825D2BD2F90D}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{69b90abb-136f-11e2-8110-bc5ff41ef57a}\Shell - "" = AutoRun O33 - MountPoints2\{69b90abb-136f-11e2-8110-bc5ff41ef57a}\Shell\AutoRun\command - "" = E:\SETUP.EXE -autorun O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.10 14:19:01 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Programs [2013.01.09 03:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AC Tool [2013.01.07 10:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.01.07 10:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.01.07 10:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.01.07 10:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012.12.24 11:00:32 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\ts3overlay_hook_win64 [2012.12.16 22:11:51 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\.minecraft [2012.12.16 16:43:54 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\rigonauts [2012.12.12 17:49:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.12.12 16:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.12.12 16:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.12.12 16:47:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.12.12 16:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2012.12.12 16:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2012.12.12 16:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2012.12.12 16:39:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2012.12.12 16:39:34 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\HP [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.10 14:36:05 | 000,000,168 | ---- | M] () -- C:\Users\Lukas\defogger_reenable [2013.01.10 14:19:10 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.10 14:18:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.10 14:18:12 | 4278,960,126 | -HS- | M] () -- C:\hiberfil.sys [2013.01.10 14:16:08 | 000,002,889 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2013.01.10 08:58:35 | 000,016,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.10 08:58:35 | 000,016,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.10 08:46:48 | 000,001,412 | ---- | M] () -- C:\Users\Lukas\Desktop\Games.lnk [2013.01.09 03:25:46 | 000,000,997 | ---- | M] () -- C:\Users\Lukas\Desktop\ACTool.exe - Verknüpfung.lnk [2013.01.07 10:43:16 | 000,001,701 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.01.03 16:55:42 | 008,538,422 | ---- | M] () -- C:\Users\Lukas\Desktop\PEET VBT SPLASH! 2012 INSTRUMENTALS -Achtelfinale - Splifftastic (vs. Smoke T) 99BPM.mp3 [2012.12.26 10:19:20 | 000,065,024 | ---- | M] () -- C:\Users\Lukas\Desktop\Elite 1.9.39.exe [2012.12.20 16:42:34 | 001,642,216 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.20 16:42:34 | 000,707,316 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.20 16:42:34 | 000,660,934 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.20 16:42:34 | 000,152,908 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.20 16:42:34 | 000,125,124 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.17 16:57:45 | 000,272,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.12 16:39:42 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.10 14:36:05 | 000,000,168 | ---- | C] () -- C:\Users\Lukas\defogger_reenable [2013.01.10 14:19:10 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.10 14:16:08 | 000,002,889 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2013.01.09 03:25:46 | 000,000,997 | ---- | C] () -- C:\Users\Lukas\Desktop\ACTool.exe - Verknüpfung.lnk [2013.01.07 10:43:16 | 000,001,701 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.01.03 18:23:31 | 008,538,422 | ---- | C] () -- C:\Users\Lukas\Desktop\PEET VBT SPLASH! 2012 INSTRUMENTALS -Achtelfinale - Splifftastic (vs. Smoke T) 99BPM.mp3 [2012.12.28 02:50:54 | 000,065,024 | ---- | C] () -- C:\Users\Lukas\Desktop\Elite 1.9.39.exe [2012.12.16 16:40:03 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.12.16 16:38:37 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.12.14 15:42:46 | 000,001,412 | ---- | C] () -- C:\Users\Lukas\Desktop\Games.lnk [2012.12.13 06:33:28 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012.12.12 16:39:42 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.12.10 23:03:10 | 000,010,113 | ---- | C] () -- C:\Users\Lukas\AppData\Local\recently-used.xbel [2012.10.13 20:58:38 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe [2012.10.11 13:21:55 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat [2012.09.07 05:16:49 | 000,000,093 | ---- | C] () -- C:\Users\Lukas\AppData\Local\fusioncache.dat [2012.09.07 05:13:48 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.08.01 19:26:03 | 000,004,906 | ---- | C] () -- C:\ProgramData\gvpgdylr.gft [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.30 06:09:43 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.04.30 06:09:42 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.04.30 06:09:41 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe [2012.04.29 03:19:35 | 000,007,601 | ---- | C] () -- C:\Users\Lukas\AppData\Local\Resmon.ResmonCfg [2012.04.25 17:31:21 | 001,668,578 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.04.24 22:34:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.04.24 22:17:36 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.16 22:12:52 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\.minecraft [2012.08.24 16:59:47 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Awesomium [2012.10.13 20:58:12 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\DAEMON Tools Lite [2012.04.24 22:31:12 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\DeviceVm [2012.04.26 18:15:25 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Hi-Rez Studios [2012.08.17 16:46:59 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Kalypso Media [2012.04.26 17:31:58 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\LolClient [2012.05.25 12:34:35 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\LolClient2 [2012.07.10 17:02:20 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Need for Speed World [2012.12.02 02:20:49 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Origin [2012.12.16 16:43:54 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\rigonauts [2012.07.31 20:09:19 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\RotMG.Production [2013.01.03 19:08:00 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\TeamViewer [2012.04.25 19:33:31 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\ts3overlay [2012.12.24 11:39:52 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\ts3overlay_hook_win64 [2012.05.22 03:00:56 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\wargaming.net [2012.09.04 21:21:41 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\Waveform [2012.10.13 00:11:08 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\xrecode2 ========== Purity Check ========== < End of report > extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.01.2013 14:36:36 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\DATA\Downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,98 Gb Total Physical Memory | 14,59 Gb Available Physical Memory | 91,33% Memory free
31,96 Gb Paging File | 30,67 Gb Available in Paging File | 95,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 443,11 Gb Free Space | 47,57% Space Free | Partition Type: NTFS
Drive D: | 6,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: LUKASTOWER | User Name: Lukas | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\DATA\Progamme\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DE2040-34F0-40BE-A349-D2304DF8F93A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1EC3EC63-5C89-4522-AD64-33DA747225EE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4853EA97-BA25-41DD-BECA-71AF0E6C6119}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4BB5EE3E-F1A2-4D2D-8885-3A6627CD50A0}" = lport=56905 | protocol=17 | dir=in | name=pando media booster |
"{68339B0E-C363-46FF-9A76-3ACA3033DDCA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{84FD3E62-84F9-4768-A392-76DC02843D8E}" = lport=56905 | protocol=6 | dir=in | name=pando media booster |
"{85D01122-E2D1-456A-9AE0-D871164FAE0B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{91A24CB9-9C3F-4F6E-9331-7458F3122C5B}" = lport=56905 | protocol=6 | dir=in | name=pando media booster |
"{C96E5E2B-6DA5-42B9-BE4D-27732E98519A}" = lport=56905 | protocol=17 | dir=in | name=pando media booster |
"{D9723B78-A2D7-4FA3-AFB3-F202CC595CCB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F127044F-B0D5-4C17-A222-B9DF56439FBF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F3AAB98C-7AD3-4FFE-A9B8-6C8A03701480}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FCF8AEA3-F82E-4C02-8AC3-DD010F7803AD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0190B8F2-ECF6-49F0-A62E-87878CEF3EA7}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{0203D484-2278-4668-9108-40394BD7C1E3}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{02BFE566-5BA0-43C3-B257-EEB4EECE265B}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\counter-strike\hl.exe |
"{038AB480-DA16-4110-B38D-F76788B9C69C}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{03D2A100-FA27-4C92-BD6F-B8B392EBF675}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\the binding of isaac\isaac.exe |
"{0417E220-12F9-4232-AC3B-621EE77E5994}" = dir=in | app=c:\data\progamme\itunes\itunes.exe |
"{054CB269-90BE-45B7-8060-8466987D5D4D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{067879F2-A7CC-488A-8B6F-00D28B21D4EA}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\rigonauts\rigonauts.exe |
"{08D27C94-92CF-4330-8FB9-B82126EB0BEE}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{0ADB434F-19E4-40E1-838E-E012C673E109}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0E6308B6-2B2A-4DC9-9C0C-7F5DFE26ECFC}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\waveform\waveform.exe |
"{0EF77934-BE18-40E4-AF70-B71DF45E4C8E}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{0F035D16-99B3-4C8C-B635-097FD84FE069}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{10749F9E-6C86-47AE-98BE-F057F52055C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1131B5A3-3D4D-425A-956D-994979141F7E}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steam.exe |
"{12557F05-063E-4650-91F0-FFDE27DB96B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{137C95E6-0315-4DAA-889A-AFCACD9D9242}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{147F09DA-8F37-4994-8E5E-C40D865B8234}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{180DC147-ED24-46BC-9593-364FA9A1F979}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{19DE4522-2F79-4066-9C9D-AA5206E564F2}" = protocol=6 | dir=in | app=c:\data\progamme\battleforge\bootstrapper.exe |
"{1B3124DA-3C20-456D-9883-A3AA3E46AA40}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1B643765-5A40-4B2D-BCCF-9D60F30CBF80}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\gothic 3\gothic3.exe |
"{1DDF788D-D6B6-41C9-A41F-2D109E584F39}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{20681CEA-7C2F-4983-9C6F-C24DC303FFDA}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{24116389-180C-4F2B-836A-ADBA00ABAE9A}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{28248E69-2246-4A45-890F-06D359FAFD05}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"{2A45CFE2-3CC4-4CC7-9743-029064974F0A}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\dota 2 beta\dota.exe |
"{2AC7AC05-005F-4106-989A-6BB679A3771F}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\metro 2033\metro2033.exe |
"{2E155F36-DBD8-4E3F-A597-471F9C4ED2E9}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\bunch of heroes\game.exe |
"{30169DE0-C222-4E60-BA97-58851833FF3D}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\dungeons\dungeonsstarter.exe |
"{3299061F-F72A-4736-9491-6B833C673B71}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\limbo\limbo.exe |
"{3418DB52-C718-426D-A61F-D4A560231DD3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{38E2D0B5-84D8-464A-8A01-DB6C83CB9699}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\castlecrashers\castle.exe |
"{3C79D155-5252-4A06-9EC8-380925769A39}" = dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{3DCE2C08-3C37-4CF8-86A1-C34C65485A58}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\metro 2033\metro2033.exe |
"{40E7A826-61A8-41F6-A3F8-422F000498CE}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\gothic\system\gothic.exe |
"{41A8163C-2015-4731-A78A-2C44CE1FA73D}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\the binding of isaac\isaac.exe |
"{45C51373-81BC-467F-9ABA-3F46429619E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C0A4C31-1FB6-406D-80AE-34E78B0DE7F0}" = protocol=17 | dir=in | app=c:\data\progamme\battleforge\battleforge.exe |
"{4D32492B-85F0-419F-98EF-3CED400EE134}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{4D414EC4-2917-48C7-B4B1-D29A35350AEC}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\just cause 2\justcause2.exe |
"{4EF4BC53-C732-4424-9880-6C6A414F159F}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\dungeons\dungeonsstarter.exe |
"{51979352-BB4F-4D05-8381-7E1F773C49D2}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"{53A62015-A753-44FA-8DF9-BD14CDBE854C}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\nexuiz\bin32\nexuiz.exe |
"{54DB65B3-B6D5-4B08-9F7F-4D2784AA0261}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{59644C8C-284A-4CE6-BE2C-F3403281095B}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\bunch of heroes\keyconfig.exe |
"{5B81157B-186C-4B20-ABB8-40B2A8BE4FAB}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe |
"{5C425B7A-7ED4-4286-A5B1-2C90BC2C7088}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5CED1244-9D9B-4647-A008-9175C1383296}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\gothic ii\system\gothic2.exe |
"{5E6FB4E9-D0F5-4B1A-9AC2-9D7EC5C0550E}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\bunch of heroes\game.exe |
"{60CCCB52-274E-4246-B7B3-01E4995F2EE5}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\nexuiz\bin32\editor.exe |
"{6357F36D-D6BE-41FF-BBE6-C833B3B749F7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{65A09951-2877-40EE-AB34-13DB08EC8EA8}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{67149AB3-EC03-4BB4-8AFE-2887498BA979}" = protocol=6 | dir=out | app=system |
"{6EA5A4FB-1833-45E7-A5FF-E304BAD43C4A}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{6F792640-08EB-4F5C-A195-C5B981F4D879}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{71446CB9-715F-47B1-84D7-0BA6FF18357C}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\hunted\binaries\win32\hunted.exe |
"{7334230A-9E98-40D6-944C-2B87A3140A0F}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steam.exe |
"{78151A80-57E3-4CED-8B08-F07F3082EFCA}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\terraria\terraria.exe |
"{7AEE5DD1-D1B8-460B-B48A-50F8A724EEEE}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\hunted\binaries\win32\hunted.exe |
"{7E1FD1AB-BE88-4487-872B-FF2238DCD253}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\dungeons - the dark lord\dungeonsthedarklord.exe |
"{8E669FBA-0840-466A-8F81-776E9C66A280}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\global agenda live\binaries\launcherbin\hirezlauncherui.exe |
"{9132ACDF-4439-4353-9E31-ECCCFB4D7BE1}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\brink\brink.exe |
"{9564CCBD-D838-41BB-8FDA-41190B6032E3}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\gothic ii\system\gothic2.exe |
"{96A05312-06E3-4CCC-85D9-3A7E30A2B9B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C8D6F85-0ABF-43AF-9E77-5000B9FC12E8}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{9D43AFAE-E749-4A88-A059-39D5FAB2A77D}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\arcania gothic 4\arcania.exe |
"{A0AD4644-E593-4F5C-A68A-B55E64061EFB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A205872A-79F9-4122-89CF-8C3138D67903}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\dungeons - the dark lord\dungeons-server.exe |
"{A3C546A1-9207-431D-8605-BABC8DDA09E4}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\arcania fall of setarrif\arcania addon.exe |
"{A517AB83-E68C-4C0B-B4E4-2FADB9F31202}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A8097684-8BB1-44A8-9264-D041F27E54C0}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{A852320D-D3E9-46D0-B8CA-BD5F6AA1A406}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\arcania fall of setarrif\arcania addon.exe |
"{A9B67152-2068-43EF-844C-21FA52FEF823}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A9F205D2-2667-47A7-A337-C70EDA5D83B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AAE565B2-B43F-4ED2-BD75-60563BA73C62}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\brink\brink.exe |
"{AB7E949A-865C-45F1-BFA7-A0026E550E4C}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\waveform\waveform.exe |
"{AF4E6237-6174-49D4-AB84-00A1F00E9751}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\gothic 3\gothic3.exe |
"{AFFF83BA-18B9-423C-BDC8-45AAAA4B8B2D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B1D270FD-7C67-49F1-8786-559713DBA08B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B2639FBF-8E3C-470F-BFFF-26E7E68E25A3}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{B4F60EED-E4E8-4FC7-8AE9-5BA0079EBA63}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B63C5DD4-4D47-42EA-940B-8A5B5E5A49D3}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\nexuiz\bin32\editor.exe |
"{B6DAA123-779C-4814-86A4-1CAF3D326293}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B86D52AF-1113-4E8C-8B57-475161515252}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BB972050-0565-40DF-B99D-8302EC06660F}" = protocol=6 | dir=in | app=c:\data\progamme\battleforge\battleforge.exe |
"{BC64734E-FA47-4E67-9F1F-F5DEBB53A39A}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"{BC75740F-B164-4F46-8A23-3AC881B7307C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{BFA063AC-45DC-48FD-852D-446503AF3645}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\bunch of heroes\keyconfig.exe |
"{C013A593-30F0-436C-9518-B03047118751}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\terraria\terraria.exe |
"{C3462BFA-0E31-4D16-A97B-E39D1742F6AF}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\homefront\binaries\homefront.exe |
"{C4234DE6-1929-4E60-8D21-3ECBA76CD9D1}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\hydrophobia\hydropc.exe |
"{C523D03E-8B25-431A-A625-367DF02A29A7}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\dungeons - the dark lord\dungeonsthedarklord.exe |
"{C56CEA91-0C44-45CD-97AA-EAAD93FEAB49}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{C5E36664-0A48-419D-9A1F-7E4648459085}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C6432406-826D-4BDB-B4F0-8A9544AFB8AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C9B0AE29-6707-4088-850B-99A8D87F5A84}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\garrysmod\hl2.exe |
"{CA93C3D4-3D5D-4B07-B913-7700F8403613}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\castlecrashers\castle.exe |
"{CBDB54C0-192D-46AB-9C24-15A5A8924C74}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\supermnc\uberlauncher.exe |
"{CDDAC86D-365A-4085-AB49-EB0380A238E8}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\dota 2 beta\dota.exe |
"{D27EDAF2-F702-424A-883D-7565FE729812}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\counter-strike\hl.exe |
"{D3663536-245E-4BD0-886B-44C7955122A0}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\dungeons - the dark lord\dungeons-server.exe |
"{D79F4617-D2E4-4F69-B322-2E6601FE5C20}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{DBCAC44A-F05E-4861-A3F5-3BE1E3619D36}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\rigonauts\rigonauts.exe |
"{DE2D95BA-6690-4B60-8090-606288D49D14}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\homefront\binaries\homefront.exe |
"{E1A1BF54-9009-4296-AEBB-02A190D3555F}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\just cause 2\justcause2.exe |
"{E22CB3E4-CCAD-48BD-84CC-BCA94A994B73}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{E4ACAEF2-CA5D-4C61-B8F6-07D666E2A9AB}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\limbo\limbo.exe |
"{E54A591E-AD3C-4F04-8F6E-49829A43A02E}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{E6A5DFB0-703E-47BF-A640-633A3B277E31}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{E765D956-AD38-4AA3-970A-1A7141E3E688}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{E87DF3A5-37B2-4913-9CDC-0A8D45ED24DE}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{E8DF7E13-06ED-4EBA-9F00-2FC504A61F10}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E9442BAF-FB3A-46DB-933E-E6ACF91C5B64}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\nexuiz\bin32\nexuiz.exe |
"{EADAA737-9A9F-4CEC-A66F-0F7573FB7E78}" = protocol=17 | dir=in | app=c:\data\progamme\battleforge\bootstrapper.exe |
"{EBBFE10F-47AB-4961-97DE-FBF094143189}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{EC7ECCD9-DAB8-4B58-9C49-786259809554}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{ECAD743F-F842-441E-A030-84F91364F9F3}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\crysis\bin32\crysis.exe |
"{EE3AC968-C025-4F85-BE63-029BC4B92EE1}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\crysis\bin32\crysis.exe |
"{EE6F1269-3EEA-4512-A15A-9A76A73FE16B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{EFBB2FB6-50C2-4535-9764-ED3785BF5F37}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F509185C-4520-427A-BCDC-E05084AEB8C3}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\supermnc\uberlauncher.exe |
"{F8FCF343-04A1-4587-80A4-B05ED07D9238}" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\arcania gothic 4\arcania.exe |
"{FBFEDCE2-5162-4489-A1EF-5D3869884339}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\garrysmod\hl2.exe |
"{FD0636D0-317A-4E11-BD50-4868A7DFCCD7}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\hydrophobia\hydropc.exe |
"{FF347AF1-B9BC-4AB1-B2E0-551D4F1CD649}" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\gothic\system\gothic.exe |
"TCP Query User{089F8B7B-F6ED-484B-8369-DA1B28DE2FF3}C:\data\progamme\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\data\progamme\guild wars 2\gw2.exe |
"TCP Query User{0A408394-58E4-46A2-8564-4FD1B8CA8713}C:\data\progamme\nfsw\data\nfsw.exe" = protocol=6 | dir=in | app=c:\data\progamme\nfsw\data\nfsw.exe |
"TCP Query User{2F5883D6-1A81-4DBE-AB75-AD648BF9DE6A}C:\users\lukas\desktop\mw2\iw4mp.exe" = protocol=6 | dir=in | app=c:\users\lukas\desktop\mw2\iw4mp.exe |
"TCP Query User{3D67F211-2568-4898-8D25-272284E2FB6A}C:\data\progamme\bfp4f\bfp4f.exe" = protocol=6 | dir=in | app=c:\data\progamme\bfp4f\bfp4f.exe |
"TCP Query User{40831D31-4DB7-4BAC-B7D8-9B0D58F99C7A}C:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe |
"TCP Query User{63C74B8C-FD23-482B-B509-D56A7AEFDEA2}C:\data\progamme\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{6400BBF9-0FE9-4774-9AFA-93A0374B3F47}C:\program files (x86)\gamespy\comrade\comrade.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gamespy\comrade\comrade.exe |
"TCP Query User{6E48422A-9680-4E80-9FB8-D6CE6987B421}C:\data\progamme\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"TCP Query User{706A6F1E-4B2B-4F1B-84EA-5EA36F241A73}C:\data\progamme\steam\steamapps\common\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"TCP Query User{74BE9F20-4675-4F01-AF90-140A10FD3A0B}C:\data\progamme\steam\steamapps\common\hunted\binaries\win32\p4dftre.dll" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\hunted\binaries\win32\p4dftre.dll |
"TCP Query User{89782CF8-015D-4147-9241-BB3ADE8B5994}C:\data\progamme\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\data\progamme\world_of_tanks\wotlauncher.exe |
"TCP Query User{8E5467FA-6F31-4CE6-98DC-B3DD2A8CBED7}C:\data\progamme\steam\steamapps\porsche12\garry's mod beta\hl2.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\garry's mod beta\hl2.exe |
"TCP Query User{AF218AB9-D336-45FC-B52F-9D9F86A6FD54}C:\data\progamme\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\global agenda live\binaries\globalagenda.exe |
"TCP Query User{B6BB53DB-AD48-43E0-8135-C9FC5C45BF62}C:\data\progamme\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\data\progamme\world_of_tanks\worldoftanks.exe |
"TCP Query User{BA959F43-76EC-475B-A32D-5345647848CF}C:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe |
"TCP Query User{D07BA925-C062-43FC-A835-2B8160A3D3A1}C:\users\lukas\desktop\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\lukas\desktop\terrariaserver.exe |
"TCP Query User{D685C2B6-C8EB-4748-BA47-EECD7372D4C0}C:\data\progamme\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"TCP Query User{D8D4A8A1-0B1C-4C72-8884-313DA74C25C9}C:\data\downloads\gw2.exe" = protocol=6 | dir=in | app=c:\data\downloads\gw2.exe |
"TCP Query User{FEA8B25D-8682-47C4-AC62-A346D5E5475B}C:\data\progamme\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\data\progamme\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{01E22073-96A3-4A3C-9A5B-25F73D425BAF}C:\data\progamme\nfsw\data\nfsw.exe" = protocol=17 | dir=in | app=c:\data\progamme\nfsw\data\nfsw.exe |
"UDP Query User{02E6F9EE-7D7A-44EB-A34D-CC4579A23116}C:\data\progamme\steam\steamapps\porsche12\garry's mod beta\hl2.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\garry's mod beta\hl2.exe |
"UDP Query User{0BA2A206-C4E5-413D-B690-4BC66CD376E0}C:\data\progamme\steam\steamapps\common\hunted\binaries\win32\p4dftre.dll" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\hunted\binaries\win32\p4dftre.dll |
"UDP Query User{0D7E25BD-54B4-4EFE-9891-CB96E7B23825}C:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe |
"UDP Query User{188DEA46-6328-4664-8E15-3D4DB841E66F}C:\data\progamme\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\data\progamme\world_of_tanks\wotlauncher.exe |
"UDP Query User{29DBB655-DDB1-4DD1-9C91-2D49B831D625}C:\data\progamme\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"UDP Query User{3C12D5CB-E89C-47C2-A140-FAD9DA97E53F}C:\data\progamme\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{591D5530-2393-450E-836B-3F3384242485}C:\users\lukas\desktop\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\lukas\desktop\terrariaserver.exe |
"UDP Query User{5ECBE185-8628-434B-BEB3-A8E26ED8C778}C:\data\downloads\gw2.exe" = protocol=17 | dir=in | app=c:\data\downloads\gw2.exe |
"UDP Query User{68F1F29B-8317-4FAE-99C2-89EEA5B56602}C:\data\progamme\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\data\progamme\guild wars 2\gw2.exe |
"UDP Query User{6FFC0810-98DD-4A47-BCCF-06ABF3947BCC}C:\data\progamme\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"UDP Query User{83DDCCBF-51D2-4362-AA4E-FBDCF0D33C64}C:\users\lukas\desktop\mw2\iw4mp.exe" = protocol=17 | dir=in | app=c:\users\lukas\desktop\mw2\iw4mp.exe |
"UDP Query User{93B69857-7F1C-4EFF-8424-5707512427D8}C:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\porsche12\counter-strike source\hl2.exe |
"UDP Query User{950998F5-55B3-4F34-8872-31AA7A6CEE50}C:\data\progamme\steam\steamapps\common\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\borderlands\binaries\borderlands.exe |
"UDP Query User{A641D2E8-473B-400D-AD66-A5231BF119F2}C:\data\progamme\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{A6EA7BA9-FD03-40B9-BA62-0728FE4BD863}C:\data\progamme\bfp4f\bfp4f.exe" = protocol=17 | dir=in | app=c:\data\progamme\bfp4f\bfp4f.exe |
"UDP Query User{AF18B27F-765C-44F1-90A9-D780991977C4}C:\data\progamme\steam\steamapps\common\global agenda live\binaries\globalagenda.exe" = protocol=17 | dir=in | app=c:\data\progamme\steam\steamapps\common\global agenda live\binaries\globalagenda.exe |
"UDP Query User{CCF00E5C-89D4-437D-8CA5-E90EDAFB6B1C}C:\program files (x86)\gamespy\comrade\comrade.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gamespy\comrade\comrade.exe |
"UDP Query User{E3455D83-A002-4C2D-9370-C35F0079B7ED}C:\data\progamme\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\data\progamme\world_of_tanks\worldoftanks.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{18A5D014-E9AD-DEFE-FAFE-A409612F51B4}" = AMD Media Foundation Decoders
"{3AB49270-1A18-D672-48AA-74F211D18B67}" = AMD Fuel
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{50BD00DC-127E-BF00-FDD5-E1A93AB3507C}" = ccc-utility64
"{5F92DAD2-FD95-DD12-50DF-A6F66C7E67C8}" = AMD Drag and Drop Transcoding
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{BB009B20-0BA0-ABDF-1947-4D56639214C7}" = AMD Accelerated Video Transcoding
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF37555F-0259-43DA-B60C-47106FA14AA3}" = HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät
"{E85D1C80-28C4-76B8-5A5A-2C8D8B38D5D9}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"1A5F9CA096C1264148686D01FA64ECB1852A1E78" = Windows-Treiberpaket - Philips CL (phaudlwr) MEDIA (05/20/2009 1.0.5.12)
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"762FBE60B6E852506898A9D54562361A617C7E54" = Windows-Treiberpaket - Philips (spc999) Image (12/14/2009 1.00.0.0000)
"ASRock App Charger_is1" = ASRock App Charger v1.0.5
"D14E3E22BA930CC9B10285B356F09450E31F774E" = Windows-Treiberpaket - Philips (VM20d7) Image (08/02/2010 300.2000.4001.07)
"E019BCB59D66D62DD242667429C00BE4DE496F93" = Windows-Treiberpaket - Philips USB (12/14/2009 1.00.0.0000)
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{03AEAB60-A7B3-A8DB-468B-EB30FB4B40B0}" = CCC Help German
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{162ABED6-E60C-6CFF-100E-43C16ABBC5BE}" = CCC Help Chinese Standard
"{1CB724FF-D18C-8FFB-E7C9-0A09CF8EC066}" = CCC Help Japanese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C14CC3-5E3B-D39A-5B37-B15E59785063}" = CCC Help Chinese Traditional
"{2632A2C0-ECF4-7F79-7136-9FEA4C253A4C}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{30F712DA-64FE-5DBE-AE76-3F8EA3F8223C}" = CCC Help French
"{3524297F-158C-F964-F1AD-B0BC4314DE44}" = HydraVision
"{3C39B3CC-4EC8-C756-AF4B-72366504FCA5}" = CCC Help Hungarian
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CC9D761-A9B6-D8EA-D2A9-B74B5A90B108}" = CCC Help Norwegian
"{54B227A6-BDBE-69FA-D450-B99609063044}" = CCC Help Greek
"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4000}" = AION Free-To-Play PTS
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7C587778-C433-980E-F3C1-203890DC4FBE}" = CCC Help Polish
"{7DC3EABF-66A2-6D79-B485-6328525CA387}" = CCC Help Swedish
"{7E4B7FD9-4ECE-4298-A910-3160B7918059}" = CryEngine(R)2 Sandbox(TM)2
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{843603C6-75B7-BAB5-80DE-E76FB28DEEF2}" = CCC Help Finnish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8BBC66FD-0195-29B4-5A58-E0B0554E8F42}" = AMD VISION Engine Control Center
"{8D9EEAC7-42D5-3951-612A-EAA7B684C592}" = CCC Help Italian
"{9791DAED-B734-2835-988B-157BDA087496}" = CCC Help Dutch
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98B740C3-FAA4-C523-7478-4DBCAB7B27D1}" = Catalyst Control Center Graphics Previews Common
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F0CAC6D-9B0D-A95F-CF61-6E88952D6181}" = CCC Help Thai
"{A625DB70-98D5-16FD-C49D-4B8B1B2304A4}" = CCC Help Spanish
"{A90214C3-3A0C-2F05-6083-E1A4BAD9E30D}" = CCC Help Danish
"{AA123216-6DE0-E57C-DC57-4FECEACB482F}" = CCC Help Russian
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1" = xrecode II 1.0.0.195
"{C448EA30-BB7F-4D42-83BC-385EBA140AF2}" = SmartView for IE
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C585E652-0CBC-4276-9FE7-047078677904}" = Blacklight Retribution
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D0837A59-83E6-3392-1BD9-86D3445676DB}" = CCC Help Korean
"{D70AB273-113B-D7DE-5C8D-82CABA7CB0AF}" = Catalyst Control Center Localization All
"{DC32F34C-9DF6-4468-B53A-BAEBE4CD9F22}" = Philips SPZ3000 Webcam
"{DC8772D4-C75F-5235-63E2-BBC73F909B7A}" = CCC Help Czech
"{DED7FD3C-DDD2-43BB-B0F5-B07F9D0430D3}" = CCC Help Portuguese
"{E157F2EB-E06F-B57F-9105-68F348DB2EAD}" = CCC Help English
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E933F71E-E82C-4E65-81FF-C6FC07E5DB4E}" = Philips ToUcam Fun Camera
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EDAC90A7-D34A-47D2-A644-BE5356C5F409}" = Philips ToUcam Pro Camera
"{EF036F44-A287-BC23-3F6E-AAE6FDEF47EF}" = Catalyst Control Center InstallProxy
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC Tool" = AC Tool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.91
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.28
"Battlelog Web Plugins" = Battlelog Web Plugins
"BOSS" = BOSS
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESN Sonar-0.70.4" = ESN Sonar
"Hitman: Contracts" = Hitman: Contracts
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4000}" = AION Free-To-Play PTS
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"RollerCoaster Tycoon Setup" = Roll
"Steam App 10" = Counter-Strike
"Steam App 104700" = Super Monday Night Combat
"Steam App 105600" = Terraria
"Steam App 108800" = Crysis 2 Maximum Edition
"Steam App 111400" = Bunch Of Heroes
"Steam App 113200" = The Binding of Isaac
"Steam App 12210" = Grand Theft Auto IV
"Steam App 1250" = Killing Floor
"Steam App 17020" = Global Agenda
"Steam App 17300" = Crysis
"Steam App 17330" = Crysis Warhead
"Steam App 17410" = Mirror's Edge
"Steam App 200210" = Realm of the Mad God
"Steam App 200550" = DUNGEONS - The Dark Lord (Steam Special Edition)
"Steam App 200710" = Torchlight II
"Steam App 204180" = Waveform
"Steam App 204360" = Castle Crashers
"Steam App 214100" = Rigonauts
"Steam App 22350" = BRINK
"Steam App 22380" = Fallout: New Vegas
"Steam App 22450" = Hunted: The Demon's Forge
"Steam App 240" = Counter-Strike: Source
"Steam App 35420" = Killing Floor Mod: Defence Alliance 2
"Steam App 39500" = Gothic 3
"Steam App 39510" = Gothic II: Gold Edition
"Steam App 39690" = ArcaniA – Gothic 4
"Steam App 4000" = Garry's Mod
"Steam App 4010" = Garry's Mod 13 Beta
"Steam App 43110" = Metro 2033
"Steam App 48000" = LIMBO
"Steam App 55100" = Homefront
"Steam App 570" = Dota 2
"Steam App 57650" = DUNGEONS - Steam Special Edition
"Steam App 65540" = Gothic
"Steam App 65610" = Arcania: Fall of Setarrif
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 730" = Counter-Strike: Global Offensive Beta
"Steam App 8190" = Just Cause 2
"Steam App 8980" = Borderlands
"Steam App 92000" = Hydrophobia: Prophecy
"Steam App 96800" = Nexuiz
"XFastUsb" = XFastUsb
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free (Lukas)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.12.2012 12:05:18 | Computer Name = LukasTower | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SoftwareUpdate.exe, Version: 2.1.3.127,
Zeitstempel: 0x4de6dd5a Name des fehlerhaften Moduls: ts3overlay_hook_win32.dll,
Version: 3.7.8.0, Zeitstempel: 0x5075d352 Ausnahmecode: 0xc0000005 Fehleroffset:
0x000289d6 ID des fehlerhaften Prozesses: 0x788 Startzeit der fehlerhaften Anwendung:
0x01cde1f076f90852 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Apple
Software Update\SoftwareUpdate.exe Pfad des fehlerhaften Moduls: C:\DATA\Progamme\TS3\plugins\ts3overlay\ts3overlay_hook_win32.dll
Berichtskennung:
b5b06003-4de3-11e2-b748-bc5ff41ef57a
Error - 24.12.2012 21:19:19 | Computer Name = LukasTower | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Gw2.exe, Version: 1.0.0.1, Zeitstempel:
0x50d8f591 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x3768fd24 ID des fehlerhaften Prozesses:
0x1208 Startzeit der fehlerhaften Anwendung: 0x01cde23dd6a1b0bb Pfad der fehlerhaften
Anwendung: C:\DATA\Progamme\Guild Wars 2\Gw2.exe Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
1acb8167-4e31-11e2-b748-bc5ff41ef57a
Error - 24.12.2012 21:19:35 | Computer Name = LukasTower | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Gw2.exe, Version: 1.0.0.1, Zeitstempel:
0x50d8f591 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x377cfd24 ID des fehlerhaften Prozesses:
0x17c0 Startzeit der fehlerhaften Anwendung: 0x01cde23de1af32df Pfad der fehlerhaften
Anwendung: C:\DATA\Progamme\Guild Wars 2\Gw2.exe Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
241bfb49-4e31-11e2-b748-bc5ff41ef57a
Error - 26.12.2012 12:40:46 | Computer Name = LukasTower | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 26.12.2012 15:09:44 | Computer Name = LukasTower | Source = Application Hang | ID = 1002
Description = Programm Steam.exe, Version 1.0.1595.686 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: dd4 Startzeit:
01cde39bade6ac89 Endzeit: 12 Anwendungspfad: C:\DATA\Progamme\Steam\Steam.exe Berichts-ID:
cd2754e4-4f8f-11e2-9fe5-bc5ff41ef57a
Error - 27.12.2012 22:50:00 | Computer Name = LukasTower | Source = Application Hang | ID = 1002
Description = Programm LolClient.exe, Version 2.0.2.12610 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: b80 Startzeit: 01cde4a08e468afb Endzeit: 4 Anwendungspfad: C:\DATA\Progamme\Leage
Of legends\RADS\projects\lol_air_client\releases\0.0.0.229\deploy\LolClient.exe
Berichts-ID:
435d7716-5099-11e2-abe7-bc5ff41ef57a
Error - 28.12.2012 12:24:58 | Computer Name = LukasTower | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 31.12.2012 22:23:48 | Computer Name = LukasTower | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 02.01.2013 16:24:06 | Computer Name = LukasTower | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 04.01.2013 11:29:14 | Computer Name = LukasTower | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: League of Legends.exe, Version: 1.0.0.152,
Zeitstempel: 0x50d067ea Name des fehlerhaften Moduls: League of Legends.exe, Version:
1.0.0.152, Zeitstempel: 0x50d067ea Ausnahmecode: 0xc0000005 Fehleroffset: 0x004a553a
ID
des fehlerhaften Prozesses: 0xa5c Startzeit der fehlerhaften Anwendung: 0x01cdea90267e7440
Pfad
der fehlerhaften Anwendung: C:\DATA\Progamme\Leage Of legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.204\deploy\League
of Legends.exe Pfad des fehlerhaften Moduls: C:\DATA\Progamme\Leage Of legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.204\deploy\League
of Legends.exe Berichtskennung: 7e5b3cd3-5683-11e2-92d8-bc5ff41ef57a
[ System Events ]
Error - 23.12.2012 15:52:23 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 24.12.2012 05:53:46 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 25.12.2012 07:02:11 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 26.12.2012 06:41:55 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 27.12.2012 09:27:35 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 28.12.2012 10:20:09 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 28.12.2012 19:12:37 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 29.12.2012 07:30:20 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 30.12.2012 07:42:56 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 31.12.2012 09:07:22 | Computer Name = LukasTower | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
< End of report >
Log vom GMER GMER 2.0.18444 - hxxp://www.gmer.net Rootkit scan 2013-01-10 15:05:34 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EARS-00Y5B1 rev.80.00A80 931,51GB Running: gmer-2.0.18444.exe; Driver: C:\Users\Lukas\AppData\Local\Temp\fxroquow.sys ---- Threads - GMER 2.0 ---- Thread C:\Windows\System32\svchost.exe [1408:2020] 000007fef609239c Thread C:\Windows\System32\svchost.exe [1408:1696] 000007fef8339688 Thread C:\DATA\Progamme\firefox.exe [1084:1344] 0000000070ab0519 Thread C:\DATA\Progamme\firefox.exe [1084:716] 0000000077932e25 Thread C:\DATA\Progamme\firefox.exe [1084:1112] 0000000070aaf186 Thread C:\DATA\Progamme\firefox.exe [1084:1564] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:880] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1176] 00000000739062ee Thread C:\DATA\Progamme\firefox.exe [1084:1640] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1420] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1424] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1872] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1868] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1256] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1492] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1500] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1836] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:2032] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1576] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1824] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1652] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:756] 0000000077933e45 Thread C:\DATA\Progamme\firefox.exe [1084:824] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1364] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1340] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1996] 0000000073fd32fb Thread C:\DATA\Progamme\firefox.exe [1084:1348] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:2632] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:2060] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:1264] 0000000077933e45 Thread C:\DATA\Progamme\firefox.exe [1084:2204] 0000000071c8c724 Thread C:\DATA\Progamme\firefox.exe [1084:2388] 0000000076c0d864 Thread C:\DATA\Progamme\firefox.exe [1084:2416] 0000000077933e45 Thread C:\DATA\Progamme\firefox.exe [1084:2472] 0000000071bf27c1 Thread C:\DATA\Progamme\plugin-container.exe [528:1560] 0000000070aaf186 Thread C:\DATA\Progamme\plugin-container.exe [528:1080] 000000006f36ea20 Thread C:\DATA\Progamme\plugin-container.exe [528:1148] 000000006f36ea20 Thread C:\DATA\Progamme\plugin-container.exe [528:1552] 0000000077932e25 Thread C:\DATA\Progamme\plugin-container.exe [528:124] 0000000077933e45 Thread C:\DATA\Progamme\plugin-container.exe [528:428] 000000006f36ea20 Thread C:\DATA\Progamme\plugin-container.exe [528:584] 000000006f36ea20 ---- Processes - GMER 2.0 ---- Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [1408] 000007feff3b0000 ---- EOF - GMER 2.0 ---- ^ HATTE firefox zu , process war noch da! hoffe das macht keine probleme Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.10.04 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Lukas :: LUKASTOWER [Administrator] 10.01.2013 14:19:57 mbam-log-2013-01-10 (14-19-57).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 205913 Laufzeit: 3 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 6 C:\Users\Lukas\Desktop\asdasdasd.exe (Trojan.Agent.PS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lukas\wgsdgsdgdsgsd.exe (Trojan.Fakesig) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\dsgsdgdsgdsgw.bat (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\dsgsdgdsgdsgw.reg (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) ^Malware bytes Geändert von craphere (10.01.2013 um 15:22 Uhr) Grund: auf ansage |
|
10.01.2013, 15:17
| #2 |
| /// Malware-holic   | Computer gesperrt GVU Trojaner hi
__________________schnell ist nicht, wir haben auch noch jede Menge andere Nutzer, du bekommst, wie jeder andere, Hilfe, wenn du drann bist. außerdem währe es günstig, wenn du alle Logs posten würdest. ich sehe, dass Malwarebytes instaliert ist, öffne es, Logs, poste Berichte mit Funden.
__________________ |
|
11.01.2013, 15:51
| #3 |
| | Computer gesperrt GVU Trojaner MWB log ist drinne wie gewünscht, Meintest du noch andere logs? dachte das waren alle , die in der anleitung standen
__________________ |
|
11.01.2013, 15:54
| #4 |
| /// Malware-holic | Computer gesperrt GVU Trojaner du hast das log erst nach meinem Post reineditirt, deswegen hab ichs nicht gesehen. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.01.2013, 16:37
| #5 |
| | Computer gesperrt GVU Trojaner Hier der Log vom TDSS Code:
ATTFilter 16:34:59.0363 2652 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:35:01.0376 2652 ============================================================
16:35:01.0376 2652 Current date / time: 2013/01/11 16:35:01.0376
16:35:01.0376 2652 SystemInfo:
16:35:01.0376 2652
16:35:01.0376 2652 OS Version: 6.1.7601 ServicePack: 1.0
16:35:01.0376 2652 Product type: Workstation
16:35:01.0376 2652 ComputerName: LUKASTOWER
16:35:01.0376 2652 UserName: Lukas
16:35:01.0376 2652 Windows directory: C:\Windows
16:35:01.0376 2652 System windows directory: C:\Windows
16:35:01.0376 2652 Running under WOW64
16:35:01.0376 2652 Processor architecture: Intel x64
16:35:01.0376 2652 Number of processors: 4
16:35:01.0376 2652 Page size: 0x1000
16:35:01.0376 2652 Boot type: Normal boot
16:35:01.0376 2652 ============================================================
16:35:02.0608 2652 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:35:02.0624 2652 ============================================================
16:35:02.0624 2652 \Device\Harddisk0\DR0:
16:35:02.0655 2652 MBR partitions:
16:35:02.0655 2652 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:35:02.0655 2652 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
16:35:02.0655 2652 ============================================================
16:35:02.0671 2652 C: <-> \Device\Harddisk0\DR0\Partition2
16:35:02.0671 2652 ============================================================
16:35:02.0671 2652 Initialize success
16:35:02.0671 2652 ============================================================
16:35:31.0026 4620 ============================================================
16:35:31.0026 4620 Scan started
16:35:31.0026 4620 Mode: Manual; SigCheck; TDLFS;
16:35:31.0026 4620 ============================================================
16:35:32.0399 4620 ================ Scan system memory ========================
16:35:32.0399 4620 System memory - ok
16:35:32.0399 4620 ================ Scan services =============================
16:35:32.0555 4620 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:35:32.0586 4620 1394ohci - ok
16:35:32.0649 4620 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:35:32.0664 4620 ACPI - ok
16:35:32.0695 4620 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:35:32.0695 4620 AcpiPmi - ok
16:35:32.0758 4620 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:35:32.0773 4620 adp94xx - ok
16:35:32.0789 4620 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:35:32.0805 4620 adpahci - ok
16:35:32.0805 4620 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:35:32.0820 4620 adpu320 - ok
16:35:32.0851 4620 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:35:32.0867 4620 AeLookupSvc - ok
16:35:32.0929 4620 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:35:32.0945 4620 AFD - ok
16:35:32.0976 4620 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:35:32.0992 4620 agp440 - ok
16:35:33.0007 4620 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:35:33.0023 4620 ALG - ok
16:35:33.0023 4620 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:35:33.0039 4620 aliide - ok
16:35:33.0085 4620 [ 4C1E3649C89C7D542CD18ECC5210099D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:35:33.0101 4620 AMD External Events Utility - ok
16:35:33.0179 4620 AMD FUEL Service - ok
16:35:33.0195 4620 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:35:33.0210 4620 amdide - ok
16:35:33.0241 4620 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
16:35:33.0257 4620 amdiox64 - ok
16:35:33.0273 4620 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:35:33.0288 4620 AmdK8 - ok
16:35:33.0475 4620 [ A3C0A15B39F979E8F3EABA901D72ECD7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:35:33.0569 4620 amdkmdag - ok
16:35:33.0616 4620 [ 20F3CD38B107C1BD747C0EA37D450165 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:35:33.0631 4620 amdkmdap - ok
16:35:33.0631 4620 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:35:33.0631 4620 AmdPPM - ok
16:35:33.0678 4620 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:35:33.0678 4620 amdsata - ok
16:35:33.0694 4620 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:35:33.0709 4620 amdsbs - ok
16:35:33.0725 4620 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:35:33.0725 4620 amdxata - ok
16:35:33.0756 4620 AODDriver4.01 - ok
16:35:33.0803 4620 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
16:35:33.0803 4620 AODDriver4.2 - ok
16:35:33.0834 4620 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:35:33.0865 4620 AppID - ok
16:35:33.0865 4620 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:35:33.0897 4620 AppIDSvc - ok
16:35:33.0943 4620 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:35:33.0975 4620 Appinfo - ok
16:35:34.0053 4620 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:35:34.0068 4620 Apple Mobile Device - ok
16:35:34.0115 4620 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
16:35:34.0115 4620 AppMgmt - ok
16:35:34.0131 4620 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:35:34.0131 4620 arc - ok
16:35:34.0131 4620 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:35:34.0146 4620 arcsas - ok
16:35:34.0193 4620 [ 6FE3237C1177E66437E7AD0E8AC1A6E5 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
16:35:34.0193 4620 asmthub3 - ok
16:35:34.0271 4620 [ C4043E39A2ABBC56581CA25DF161E9F7 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
16:35:34.0287 4620 asmtxhci - ok
16:35:34.0333 4620 aspnet_state - ok
16:35:34.0349 4620 [ E1AFEE1584C74050DE0DD16DE2A54BF3 ] AsrAppCharger C:\Windows\system32\DRIVERS\AsrAppCharger.sys
16:35:34.0349 4620 AsrAppCharger - ok
16:35:34.0365 4620 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:35:34.0380 4620 AsyncMac - ok
16:35:34.0396 4620 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:35:34.0396 4620 atapi - ok
16:35:34.0427 4620 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
16:35:34.0427 4620 AtiHDAudioService - ok
16:35:34.0489 4620 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:35:34.0521 4620 AudioEndpointBuilder - ok
16:35:34.0536 4620 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:35:34.0567 4620 AudioSrv - ok
16:35:34.0645 4620 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:35:34.0661 4620 AxInstSV - ok
16:35:34.0677 4620 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:35:34.0677 4620 b06bdrv - ok
16:35:34.0692 4620 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:35:34.0708 4620 b57nd60a - ok
16:35:34.0755 4620 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:35:34.0755 4620 BDESVC - ok
16:35:34.0770 4620 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:35:34.0801 4620 Beep - ok
16:35:34.0864 4620 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:35:34.0879 4620 BFE - ok
16:35:34.0926 4620 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:35:34.0957 4620 BITS - ok
16:35:34.0957 4620 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:35:34.0973 4620 blbdrive - ok
16:35:34.0989 4620 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:35:35.0004 4620 Bonjour Service - ok
16:35:35.0035 4620 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:35:35.0035 4620 bowser - ok
16:35:35.0051 4620 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:35:35.0051 4620 BrFiltLo - ok
16:35:35.0051 4620 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:35:35.0067 4620 BrFiltUp - ok
16:35:35.0098 4620 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:35:35.0098 4620 Browser - ok
16:35:35.0098 4620 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:35:35.0113 4620 Brserid - ok
16:35:35.0113 4620 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:35:35.0129 4620 BrSerWdm - ok
16:35:35.0129 4620 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:35:35.0145 4620 BrUsbMdm - ok
16:35:35.0145 4620 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:35:35.0145 4620 BrUsbSer - ok
16:35:35.0145 4620 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:35:35.0160 4620 BTHMODEM - ok
16:35:35.0176 4620 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:35:35.0191 4620 bthserv - ok
16:35:35.0207 4620 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:35:35.0223 4620 cdfs - ok
16:35:35.0269 4620 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:35:35.0285 4620 cdrom - ok
16:35:35.0316 4620 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:35:35.0332 4620 CertPropSvc - ok
16:35:35.0347 4620 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:35:35.0347 4620 circlass - ok
16:35:35.0379 4620 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:35:35.0394 4620 CLFS - ok
16:35:35.0410 4620 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:35:35.0410 4620 clr_optimization_v2.0.50727_32 - ok
16:35:35.0457 4620 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:35:35.0457 4620 clr_optimization_v2.0.50727_64 - ok
16:35:35.0519 4620 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:35:35.0535 4620 clr_optimization_v4.0.30319_32 - ok
16:35:35.0566 4620 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:35:35.0581 4620 clr_optimization_v4.0.30319_64 - ok
16:35:35.0581 4620 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:35:35.0581 4620 CmBatt - ok
16:35:35.0597 4620 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:35:35.0597 4620 cmdide - ok
16:35:35.0628 4620 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
16:35:35.0659 4620 CNG - ok
16:35:35.0659 4620 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:35:35.0675 4620 Compbatt - ok
16:35:35.0722 4620 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:35:35.0737 4620 CompositeBus - ok
16:35:35.0737 4620 COMSysApp - ok
16:35:35.0753 4620 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:35:35.0753 4620 crcdisk - ok
16:35:35.0784 4620 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:35:35.0784 4620 CryptSvc - ok
16:35:35.0815 4620 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
16:35:35.0815 4620 CSC - ok
16:35:35.0862 4620 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
16:35:35.0878 4620 CscService - ok
16:35:35.0909 4620 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:35:35.0940 4620 DcomLaunch - ok
16:35:35.0971 4620 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:35:35.0987 4620 defragsvc - ok
16:35:36.0034 4620 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:35:36.0065 4620 DfsC - ok
16:35:36.0096 4620 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:35:36.0112 4620 Dhcp - ok
16:35:36.0112 4620 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:35:36.0127 4620 discache - ok
16:35:36.0143 4620 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:35:36.0159 4620 Disk - ok
16:35:36.0190 4620 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:35:36.0190 4620 Dnscache - ok
16:35:36.0237 4620 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:35:36.0268 4620 dot3svc - ok
16:35:36.0299 4620 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:35:36.0330 4620 DPS - ok
16:35:36.0361 4620 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:35:36.0377 4620 drmkaud - ok
16:35:36.0439 4620 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:35:36.0439 4620 dtsoftbus01 - ok
16:35:36.0486 4620 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:35:36.0502 4620 DXGKrnl - ok
16:35:36.0533 4620 [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
16:35:36.0533 4620 E1G60 - ok
16:35:36.0564 4620 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:35:36.0580 4620 EapHost - ok
16:35:36.0642 4620 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:35:36.0673 4620 ebdrv - ok
16:35:36.0689 4620 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:35:36.0705 4620 EFS - ok
16:35:36.0736 4620 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:35:36.0751 4620 ehRecvr - ok
16:35:36.0783 4620 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:35:36.0798 4620 ehSched - ok
16:35:36.0829 4620 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:35:36.0845 4620 elxstor - ok
16:35:36.0876 4620 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:35:36.0876 4620 ErrDev - ok
16:35:36.0923 4620 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:35:36.0954 4620 EventSystem - ok
16:35:36.0954 4620 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:35:36.0985 4620 exfat - ok
16:35:37.0001 4620 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:35:37.0032 4620 fastfat - ok
16:35:37.0095 4620 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:35:37.0110 4620 Fax - ok
16:35:37.0110 4620 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:35:37.0110 4620 fdc - ok
16:35:37.0141 4620 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:35:37.0157 4620 fdPHost - ok
16:35:37.0173 4620 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:35:37.0204 4620 FDResPub - ok
16:35:37.0204 4620 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:35:37.0204 4620 FileInfo - ok
16:35:37.0219 4620 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:35:37.0251 4620 Filetrace - ok
16:35:37.0251 4620 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:35:37.0251 4620 flpydisk - ok
16:35:37.0297 4620 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:35:37.0313 4620 FltMgr - ok
16:35:37.0329 4620 [ FE95AE537B41A7E2F4CFE353064DC4AF ] FNETTBOH_305 C:\Windows\system32\drivers\FNETTBOH_305.SYS
16:35:37.0344 4620 FNETTBOH_305 - ok
16:35:37.0391 4620 [ 7C3C4B4C951EC1BDFD4F769D05E2CC68 ] FNETURPX C:\Windows\system32\drivers\FNETURPX.SYS
16:35:37.0391 4620 FNETURPX - ok
16:35:37.0438 4620 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:35:37.0453 4620 FontCache - ok
16:35:37.0485 4620 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:35:37.0500 4620 FontCache3.0.0.0 - ok
16:35:37.0500 4620 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:35:37.0500 4620 FsDepends - ok
16:35:37.0531 4620 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:35:37.0531 4620 Fs_Rec - ok
16:35:37.0578 4620 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:35:37.0594 4620 fvevol - ok
16:35:37.0625 4620 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:35:37.0641 4620 gagp30kx - ok
16:35:37.0672 4620 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:35:37.0672 4620 GEARAspiWDM - ok
16:35:37.0719 4620 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:35:37.0750 4620 gpsvc - ok
16:35:37.0765 4620 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:35:37.0781 4620 hcw85cir - ok
16:35:37.0843 4620 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:35:37.0843 4620 HdAudAddService - ok
16:35:37.0890 4620 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:35:37.0890 4620 HDAudBus - ok
16:35:37.0906 4620 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:35:37.0906 4620 HidBatt - ok
16:35:37.0906 4620 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:35:37.0921 4620 HidBth - ok
16:35:37.0921 4620 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:35:37.0937 4620 HidIr - ok
16:35:37.0953 4620 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:35:37.0968 4620 hidserv - ok
16:35:38.0031 4620 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:35:38.0031 4620 HidUsb - ok
16:35:38.0077 4620 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:35:38.0093 4620 hkmsvc - ok
16:35:38.0140 4620 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:35:38.0155 4620 HomeGroupListener - ok
16:35:38.0187 4620 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:35:38.0202 4620 HomeGroupProvider - ok
16:35:38.0249 4620 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:35:38.0249 4620 HpSAMD - ok
16:35:38.0296 4620 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:35:38.0327 4620 HTTP - ok
16:35:38.0358 4620 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:35:38.0374 4620 hwpolicy - ok
16:35:38.0405 4620 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:35:38.0405 4620 i8042prt - ok
16:35:38.0436 4620 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:35:38.0452 4620 iaStorV - ok
16:35:38.0499 4620 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:35:38.0514 4620 idsvc - ok
16:35:38.0530 4620 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:35:38.0545 4620 iirsp - ok
16:35:38.0561 4620 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:35:38.0592 4620 IKEEXT - ok
16:35:38.0670 4620 [ C7124DA48E557D8F88D0D7F1254557F4 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:35:38.0717 4620 IntcAzAudAddService - ok
16:35:38.0733 4620 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:35:38.0733 4620 intelide - ok
16:35:38.0764 4620 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:35:38.0764 4620 intelppm - ok
16:35:38.0779 4620 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:35:38.0795 4620 IPBusEnum - ok
16:35:38.0826 4620 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:35:38.0857 4620 IpFilterDriver - ok
16:35:38.0889 4620 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:35:38.0889 4620 iphlpsvc - ok
16:35:38.0904 4620 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:35:38.0920 4620 IPMIDRV - ok
16:35:38.0920 4620 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:35:38.0935 4620 IPNAT - ok
16:35:39.0013 4620 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:35:39.0013 4620 iPod Service - ok
16:35:39.0045 4620 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:35:39.0045 4620 IRENUM - ok
16:35:39.0091 4620 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:35:39.0091 4620 isapnp - ok
16:35:39.0123 4620 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:35:39.0123 4620 iScsiPrt - ok
16:35:39.0154 4620 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:35:39.0154 4620 kbdclass - ok
16:35:39.0169 4620 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:35:39.0185 4620 kbdhid - ok
16:35:39.0201 4620 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:35:39.0201 4620 KeyIso - ok
16:35:39.0232 4620 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:35:39.0232 4620 KSecDD - ok
16:35:39.0263 4620 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:35:39.0279 4620 KSecPkg - ok
16:35:39.0279 4620 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:35:39.0310 4620 ksthunk - ok
16:35:39.0325 4620 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:35:39.0357 4620 KtmRm - ok
16:35:39.0419 4620 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:35:39.0435 4620 LanmanServer - ok
16:35:39.0497 4620 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:35:39.0528 4620 LanmanWorkstation - ok
16:35:39.0559 4620 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:35:39.0591 4620 lltdio - ok
16:35:39.0606 4620 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:35:39.0637 4620 lltdsvc - ok
16:35:39.0637 4620 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:35:39.0669 4620 lmhosts - ok
16:35:39.0684 4620 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:35:39.0684 4620 LSI_FC - ok
16:35:39.0700 4620 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:35:39.0700 4620 LSI_SAS - ok
16:35:39.0715 4620 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:35:39.0731 4620 LSI_SAS2 - ok
16:35:39.0731 4620 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:35:39.0747 4620 LSI_SCSI - ok
16:35:39.0762 4620 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:35:39.0793 4620 luafv - ok
16:35:39.0825 4620 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:35:39.0840 4620 MBAMProtector - ok
16:35:39.0887 4620 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:35:39.0903 4620 MBAMScheduler - ok
16:35:39.0949 4620 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:35:39.0965 4620 MBAMService - ok
16:35:39.0981 4620 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys
16:35:39.0996 4620 MBfilt - ok
16:35:40.0027 4620 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:35:40.0043 4620 Mcx2Svc - ok
16:35:40.0043 4620 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:35:40.0059 4620 megasas - ok
16:35:40.0074 4620 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:35:40.0074 4620 MegaSR - ok
16:35:40.0105 4620 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:35:40.0137 4620 MMCSS - ok
16:35:40.0152 4620 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:35:40.0168 4620 Modem - ok
16:35:40.0183 4620 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:35:40.0183 4620 monitor - ok
16:35:40.0199 4620 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
16:35:40.0199 4620 mouclass - ok
16:35:40.0215 4620 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:35:40.0230 4620 mouhid - ok
16:35:40.0246 4620 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:35:40.0261 4620 mountmgr - ok
16:35:40.0339 4620 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:35:40.0339 4620 MozillaMaintenance - ok
16:35:40.0371 4620 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:35:40.0371 4620 mpio - ok
16:35:40.0371 4620 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:35:40.0402 4620 mpsdrv - ok
16:35:40.0449 4620 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:35:40.0480 4620 MpsSvc - ok
16:35:40.0527 4620 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:35:40.0527 4620 MRxDAV - ok
16:35:40.0558 4620 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:35:40.0573 4620 mrxsmb - ok
16:35:40.0573 4620 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:35:40.0589 4620 mrxsmb10 - ok
16:35:40.0605 4620 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:35:40.0620 4620 mrxsmb20 - ok
16:35:40.0636 4620 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:35:40.0636 4620 msahci - ok
16:35:40.0651 4620 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:35:40.0667 4620 msdsm - ok
16:35:40.0683 4620 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:35:40.0683 4620 MSDTC - ok
16:35:40.0698 4620 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:35:40.0714 4620 Msfs - ok
16:35:40.0729 4620 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:35:40.0761 4620 mshidkmdf - ok
16:35:40.0792 4620 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:35:40.0792 4620 msisadrv - ok
16:35:40.0839 4620 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:35:40.0870 4620 MSiSCSI - ok
16:35:40.0870 4620 msiserver - ok
16:35:40.0885 4620 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:35:40.0917 4620 MSKSSRV - ok
16:35:40.0917 4620 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:35:40.0948 4620 MSPCLOCK - ok
16:35:40.0963 4620 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:35:40.0979 4620 MSPQM - ok
16:35:41.0026 4620 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:35:41.0026 4620 MsRPC - ok
16:35:41.0041 4620 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:35:41.0041 4620 mssmbios - ok
16:35:41.0057 4620 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:35:41.0073 4620 MSTEE - ok
16:35:41.0073 4620 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:35:41.0088 4620 MTConfig - ok
16:35:41.0104 4620 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:35:41.0104 4620 Mup - ok
16:35:41.0151 4620 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:35:41.0166 4620 napagent - ok
16:35:41.0213 4620 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:35:41.0229 4620 NativeWifiP - ok
16:35:41.0275 4620 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:35:41.0291 4620 NDIS - ok
16:35:41.0307 4620 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:35:41.0338 4620 NdisCap - ok
16:35:41.0353 4620 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:35:41.0369 4620 NdisTapi - ok
16:35:41.0400 4620 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:35:41.0416 4620 Ndisuio - ok
16:35:41.0463 4620 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:35:41.0494 4620 NdisWan - ok
16:35:41.0525 4620 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:35:41.0541 4620 NDProxy - ok
16:35:41.0572 4620 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:35:41.0587 4620 NetBIOS - ok
16:35:41.0634 4620 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:35:41.0650 4620 NetBT - ok
16:35:41.0665 4620 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:35:41.0681 4620 Netlogon - ok
16:35:41.0712 4620 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:35:41.0743 4620 Netman - ok
16:35:41.0790 4620 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:35:41.0806 4620 NetMsmqActivator - ok
16:35:41.0806 4620 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:35:41.0821 4620 NetPipeActivator - ok
16:35:41.0821 4620 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:35:41.0853 4620 netprofm - ok
16:35:41.0853 4620 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:35:41.0868 4620 NetTcpActivator - ok
16:35:41.0868 4620 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:35:41.0868 4620 NetTcpPortSharing - ok
16:35:41.0899 4620 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:35:41.0899 4620 nfrd960 - ok
16:35:41.0946 4620 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:35:41.0946 4620 NlaSvc - ok
16:35:41.0946 4620 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:35:41.0977 4620 Npfs - ok
16:35:41.0993 4620 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:35:42.0009 4620 nsi - ok
16:35:42.0024 4620 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:35:42.0040 4620 nsiproxy - ok
16:35:42.0102 4620 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:35:42.0133 4620 Ntfs - ok
16:35:42.0149 4620 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:35:42.0165 4620 Null - ok
16:35:42.0211 4620 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:35:42.0211 4620 nvraid - ok
16:35:42.0227 4620 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:35:42.0227 4620 nvstor - ok
16:35:42.0258 4620 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:35:42.0274 4620 nv_agp - ok
16:35:42.0305 4620 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:35:42.0321 4620 ohci1394 - ok
16:35:42.0336 4620 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:35:42.0352 4620 p2pimsvc - ok
16:35:42.0367 4620 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:35:42.0383 4620 p2psvc - ok
16:35:42.0383 4620 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:35:42.0399 4620 Parport - ok
16:35:42.0430 4620 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:35:42.0430 4620 partmgr - ok
16:35:42.0445 4620 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:35:42.0461 4620 PcaSvc - ok
16:35:42.0508 4620 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:35:42.0508 4620 pci - ok
16:35:42.0523 4620 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:35:42.0539 4620 pciide - ok
16:35:42.0539 4620 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:35:42.0555 4620 pcmcia - ok
16:35:42.0555 4620 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:35:42.0555 4620 pcw - ok
16:35:42.0570 4620 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:35:42.0601 4620 PEAUTH - ok
16:35:42.0648 4620 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:35:42.0664 4620 PeerDistSvc - ok
16:35:42.0773 4620 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:35:42.0789 4620 PerfHost - ok
16:35:42.0835 4620 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:35:42.0867 4620 pla - ok
16:35:42.0945 4620 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:35:42.0960 4620 PlugPlay - ok
16:35:42.0976 4620 PnkBstrA - ok
16:35:42.0991 4620 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:35:43.0007 4620 PNRPAutoReg - ok
16:35:43.0007 4620 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:35:43.0023 4620 PNRPsvc - ok
16:35:43.0038 4620 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:35:43.0069 4620 PolicyAgent - ok
16:35:43.0085 4620 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:35:43.0116 4620 Power - ok
16:35:43.0147 4620 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:35:43.0163 4620 PptpMiniport - ok
16:35:43.0179 4620 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:35:43.0179 4620 Processor - ok
16:35:43.0241 4620 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:35:43.0241 4620 ProfSvc - ok
16:35:43.0257 4620 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:35:43.0272 4620 ProtectedStorage - ok
16:35:43.0319 4620 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:35:43.0335 4620 Psched - ok
16:35:43.0366 4620 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:35:43.0381 4620 ql2300 - ok
16:35:43.0397 4620 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:35:43.0397 4620 ql40xx - ok
16:35:43.0413 4620 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:35:43.0428 4620 QWAVE - ok
16:35:43.0444 4620 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:35:43.0459 4620 QWAVEdrv - ok
16:35:43.0475 4620 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:35:43.0506 4620 RasAcd - ok
16:35:43.0537 4620 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:35:43.0569 4620 RasAgileVpn - ok
16:35:43.0584 4620 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:35:43.0615 4620 RasAuto - ok
16:35:43.0647 4620 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:35:43.0662 4620 Rasl2tp - ok
16:35:43.0709 4620 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:35:43.0740 4620 RasMan - ok
16:35:43.0740 4620 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:35:43.0771 4620 RasPppoe - ok
16:35:43.0787 4620 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:35:43.0803 4620 RasSstp - ok
16:35:43.0849 4620 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:35:43.0881 4620 rdbss - ok
16:35:43.0896 4620 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:35:43.0896 4620 rdpbus - ok
16:35:44.0005 4620 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:35:44.0037 4620 RDPCDD - ok
16:35:44.0083 4620 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:35:44.0083 4620 RDPDR - ok
16:35:44.0099 4620 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:35:44.0130 4620 RDPENCDD - ok
16:35:44.0130 4620 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:35:44.0161 4620 RDPREFMP - ok
16:35:44.0208 4620 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:35:44.0208 4620 RdpVideoMiniport - ok
16:35:44.0255 4620 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:35:44.0255 4620 RDPWD - ok
16:35:44.0302 4620 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:35:44.0302 4620 rdyboost - ok
16:35:44.0349 4620 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:35:44.0380 4620 RemoteAccess - ok
16:35:44.0380 4620 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:35:44.0411 4620 RemoteRegistry - ok
16:35:44.0442 4620 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:35:44.0458 4620 RpcEptMapper - ok
16:35:44.0489 4620 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:35:44.0489 4620 RpcLocator - ok
16:35:44.0536 4620 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:35:44.0567 4620 RpcSs - ok
16:35:44.0567 4620 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:35:44.0583 4620 rspndr - ok
16:35:44.0645 4620 [ F4C374B1C46DE294B573BB43723AC3F6 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:35:44.0661 4620 RTL8167 - ok
16:35:44.0692 4620 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:35:44.0692 4620 s3cap - ok
16:35:44.0707 4620 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:35:44.0707 4620 SamSs - ok
16:35:44.0754 4620 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:35:44.0754 4620 sbp2port - ok
16:35:44.0770 4620 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:35:44.0801 4620 SCardSvr - ok
16:35:44.0848 4620 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:35:44.0863 4620 scfilter - ok
16:35:44.0910 4620 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:35:44.0941 4620 Schedule - ok
16:35:44.0988 4620 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:35:45.0004 4620 SCPolicySvc - ok
16:35:45.0035 4620 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:35:45.0051 4620 SDRSVC - ok
16:35:45.0066 4620 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:35:45.0082 4620 secdrv - ok
16:35:45.0129 4620 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:35:45.0144 4620 seclogon - ok
16:35:45.0160 4620 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:35:45.0191 4620 SENS - ok
16:35:45.0207 4620 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:35:45.0207 4620 SensrSvc - ok
16:35:45.0222 4620 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:35:45.0238 4620 Serenum - ok
16:35:45.0238 4620 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:35:45.0253 4620 Serial - ok
16:35:45.0269 4620 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:35:45.0285 4620 sermouse - ok
16:35:45.0331 4620 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:35:45.0347 4620 SessionEnv - ok
16:35:45.0394 4620 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:35:45.0394 4620 sffdisk - ok
16:35:45.0409 4620 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:35:45.0409 4620 sffp_mmc - ok
16:35:45.0425 4620 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:35:45.0441 4620 sffp_sd - ok
16:35:45.0456 4620 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:35:45.0456 4620 sfloppy - ok
16:35:45.0472 4620 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:35:45.0503 4620 SharedAccess - ok
16:35:45.0534 4620 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:35:45.0565 4620 ShellHWDetection - ok
16:35:45.0581 4620 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:35:45.0597 4620 SiSRaid2 - ok
16:35:45.0597 4620 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:35:45.0612 4620 SiSRaid4 - ok
16:35:45.0675 4620 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:35:45.0675 4620 SkypeUpdate - ok
16:35:45.0721 4620 [ C337738BA4BD745E0983EC6EF262798D ] SmartViewService C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe
16:35:45.0737 4620 SmartViewService - ok
16:35:45.0753 4620 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:35:45.0768 4620 Smb - ok
16:35:45.0799 4620 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:35:45.0799 4620 SNMPTRAP - ok
16:35:45.0815 4620 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:35:45.0831 4620 spldr - ok
16:35:45.0862 4620 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:35:45.0877 4620 Spooler - ok
16:35:45.0971 4620 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:35:46.0018 4620 sppsvc - ok
16:35:46.0049 4620 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:35:46.0065 4620 sppuinotify - ok
16:35:46.0111 4620 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:35:46.0111 4620 srv - ok
16:35:46.0127 4620 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:35:46.0143 4620 srv2 - ok
16:35:46.0158 4620 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:35:46.0158 4620 srvnet - ok
16:35:46.0205 4620 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:35:46.0236 4620 SSDPSRV - ok
16:35:46.0236 4620 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:35:46.0267 4620 SstpSvc - ok
16:35:46.0283 4620 Steam Client Service - ok
16:35:46.0283 4620 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:35:46.0299 4620 stexstor - ok
16:35:46.0330 4620 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:35:46.0345 4620 stisvc - ok
16:35:46.0377 4620 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:35:46.0392 4620 storflt - ok
16:35:46.0408 4620 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
16:35:46.0408 4620 StorSvc - ok
16:35:46.0423 4620 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:35:46.0439 4620 storvsc - ok
16:35:46.0470 4620 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:35:46.0470 4620 swenum - ok
16:35:46.0517 4620 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:35:46.0548 4620 swprv - ok
16:35:46.0564 4620 Synth3dVsc - ok
16:35:46.0626 4620 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:35:46.0642 4620 SysMain - ok
16:35:46.0689 4620 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:35:46.0704 4620 TabletInputService - ok
16:35:46.0751 4620 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:35:46.0767 4620 TapiSrv - ok
16:35:46.0767 4620 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:35:46.0798 4620 TBS - ok
16:35:46.0860 4620 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:35:46.0891 4620 Tcpip - ok
16:35:46.0938 4620 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:35:46.0969 4620 TCPIP6 - ok
16:35:46.0985 4620 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:35:47.0001 4620 tcpipreg - ok
16:35:47.0001 4620 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:35:47.0016 4620 TDPIPE - ok
16:35:47.0032 4620 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:35:47.0032 4620 TDTCP - ok
16:35:47.0094 4620 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:35:47.0125 4620 tdx - ok
16:35:47.0141 4620 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:35:47.0141 4620 TermDD - ok
16:35:47.0188 4620 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:35:47.0219 4620 TermService - ok
16:35:47.0250 4620 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:35:47.0250 4620 Themes - ok
16:35:47.0266 4620 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:35:47.0297 4620 THREADORDER - ok
16:35:47.0313 4620 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:35:47.0344 4620 TrkWks - ok
16:35:47.0391 4620 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:35:47.0422 4620 TrustedInstaller - ok
16:35:47.0453 4620 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:35:47.0484 4620 tssecsrv - ok
16:35:47.0515 4620 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:35:47.0515 4620 TsUsbFlt - ok
16:35:47.0531 4620 tsusbhub - ok
16:35:47.0578 4620 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:35:47.0609 4620 tunnel - ok
16:35:47.0609 4620 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:35:47.0625 4620 uagp35 - ok
16:35:47.0656 4620 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:35:47.0671 4620 udfs - ok
16:35:47.0703 4620 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:35:47.0703 4620 UI0Detect - ok
16:35:47.0734 4620 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:35:47.0734 4620 uliagpkx - ok
16:35:47.0796 4620 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
16:35:47.0796 4620 umbus - ok
16:35:47.0843 4620 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:35:47.0843 4620 UmPass - ok
16:35:47.0874 4620 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
16:35:47.0874 4620 UmRdpService - ok
16:35:47.0905 4620 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:35:47.0921 4620 upnphost - ok
16:35:47.0968 4620 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:35:47.0983 4620 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
16:35:47.0983 4620 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
16:35:48.0030 4620 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:35:48.0046 4620 usbaudio - ok
16:35:48.0077 4620 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:35:48.0093 4620 usbccgp - ok
16:35:48.0124 4620 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:35:48.0124 4620 usbcir - ok
16:35:48.0139 4620 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:35:48.0139 4620 usbehci - ok
16:35:48.0186 4620 [ 858BE9C0E498C8E505E198E17EECE0D9 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
16:35:48.0186 4620 usbfilter - ok
16:35:48.0202 4620 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:35:48.0217 4620 usbhub - ok
16:35:48.0233 4620 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:35:48.0233 4620 usbohci - ok
16:35:48.0280 4620 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:35:48.0295 4620 usbprint - ok
16:35:48.0327 4620 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:35:48.0342 4620 usbscan - ok
16:35:48.0358 4620 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:35:48.0358 4620 USBSTOR - ok
16:35:48.0358 4620 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:35:48.0373 4620 usbuhci - ok
16:35:48.0405 4620 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:35:48.0420 4620 usbvideo - ok
16:35:48.0436 4620 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:35:48.0467 4620 UxSms - ok
16:35:48.0483 4620 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:35:48.0483 4620 VaultSvc - ok
16:35:48.0498 4620 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:35:48.0514 4620 vdrvroot - ok
16:35:48.0545 4620 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:35:48.0576 4620 vds - ok
16:35:48.0592 4620 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:35:48.0607 4620 vga - ok
16:35:48.0623 4620 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:35:48.0639 4620 VgaSave - ok
16:35:48.0654 4620 VGPU - ok
16:35:48.0670 4620 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:35:48.0685 4620 vhdmp - ok
16:35:48.0717 4620 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:35:48.0717 4620 viaide - ok
16:35:48.0763 4620 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:35:48.0763 4620 vmbus - ok
16:35:48.0779 4620 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:35:48.0795 4620 VMBusHID - ok
16:35:48.0810 4620 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:35:48.0810 4620 volmgr - ok
16:35:48.0857 4620 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:35:48.0873 4620 volmgrx - ok
16:35:48.0919 4620 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:35:48.0919 4620 volsnap - ok
16:35:48.0966 4620 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:35:48.0966 4620 vsmraid - ok
16:35:49.0029 4620 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:35:49.0060 4620 VSS - ok
16:35:49.0060 4620 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:35:49.0075 4620 vwifibus - ok
16:35:49.0091 4620 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:35:49.0122 4620 W32Time - ok
16:35:49.0138 4620 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:35:49.0153 4620 WacomPen - ok
16:35:49.0185 4620 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:35:49.0200 4620 WANARP - ok
16:35:49.0216 4620 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:35:49.0247 4620 Wanarpv6 - ok
16:35:49.0278 4620 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:35:49.0309 4620 wbengine - ok
16:35:49.0325 4620 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:35:49.0341 4620 WbioSrvc - ok
16:35:49.0372 4620 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:35:49.0387 4620 wcncsvc - ok
16:35:49.0403 4620 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:35:49.0403 4620 WcsPlugInService - ok
16:35:49.0450 4620 [ 147C60622CB53E901EFD8BB6D44A4C46 ] WCUService_STC_IE C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
16:35:49.0465 4620 WCUService_STC_IE - ok
16:35:49.0481 4620 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:35:49.0481 4620 Wd - ok
16:35:49.0512 4620 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:35:49.0528 4620 Wdf01000 - ok
16:35:49.0559 4620 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:35:49.0559 4620 WdiServiceHost - ok
16:35:49.0575 4620 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:35:49.0575 4620 WdiSystemHost - ok
16:35:49.0606 4620 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:35:49.0621 4620 WebClient - ok
16:35:49.0653 4620 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:35:49.0668 4620 Wecsvc - ok
16:35:49.0684 4620 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:35:49.0715 4620 wercplsupport - ok
16:35:49.0731 4620 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:35:49.0762 4620 WerSvc - ok
16:35:49.0762 4620 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:35:49.0777 4620 WfpLwf - ok
16:35:49.0793 4620 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:35:49.0809 4620 WIMMount - ok
16:35:49.0809 4620 WinDefend - ok
16:35:49.0824 4620 WinHttpAutoProxySvc - ok
16:35:49.0871 4620 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:35:49.0887 4620 Winmgmt - ok
16:35:49.0933 4620 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:35:49.0980 4620 WinRM - ok
16:35:50.0027 4620 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:35:50.0043 4620 WinUsb - ok
16:35:50.0074 4620 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:35:50.0089 4620 Wlansvc - ok
16:35:50.0214 4620 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:35:50.0245 4620 wlidsvc - ok
16:35:50.0292 4620 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:35:50.0292 4620 WmiAcpi - ok
16:35:50.0308 4620 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:35:50.0308 4620 wmiApSrv - ok
16:35:50.0323 4620 WMPNetworkSvc - ok
16:35:50.0339 4620 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:35:50.0355 4620 WPCSvc - ok
16:35:50.0370 4620 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:35:50.0386 4620 WPDBusEnum - ok
16:35:50.0401 4620 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:35:50.0417 4620 ws2ifsl - ok
16:35:50.0433 4620 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
16:35:50.0448 4620 wscsvc - ok
16:35:50.0448 4620 WSearch - ok
16:35:50.0511 4620 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:35:50.0542 4620 wuauserv - ok
16:35:50.0573 4620 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:35:50.0589 4620 WudfPf - ok
16:35:50.0620 4620 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:35:50.0635 4620 WUDFRd - ok
16:35:50.0667 4620 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:35:50.0667 4620 wudfsvc - ok
16:35:50.0682 4620 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:35:50.0698 4620 WwanSvc - ok
16:35:50.0713 4620 ================ Scan global ===============================
16:35:50.0745 4620 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:35:50.0776 4620 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
16:35:50.0791 4620 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
16:35:50.0807 4620 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:35:50.0823 4620 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:35:50.0823 4620 [Global] - ok
16:35:50.0823 4620 ================ Scan MBR ==================================
16:35:50.0854 4620 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:35:51.0088 4620 \Device\Harddisk0\DR0 - ok
16:35:51.0088 4620 ================ Scan VBR ==================================
16:35:51.0088 4620 [ 88246EC84101CE5E4A53BDAEB27D73CC ] \Device\Harddisk0\DR0\Partition1
16:35:51.0088 4620 \Device\Harddisk0\DR0\Partition1 - ok
16:35:51.0088 4620 [ 72F42BCF3E62F61ED4FA550A401132D3 ] \Device\Harddisk0\DR0\Partition2
16:35:51.0088 4620 \Device\Harddisk0\DR0\Partition2 - ok
16:35:51.0088 4620 ============================================================
16:35:51.0088 4620 Scan finished
16:35:51.0088 4620 ============================================================
16:35:51.0103 0988 Detected object count: 1
16:35:51.0103 0988 Actual detected object count: 1
16:35:59.0995 0988 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
16:35:59.0995 0988 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
11.01.2013, 16:43
| #6 | |
| /// Malware-holic | Computer gesperrt GVU Trojaner hi combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Computer gesperrt GVU Trojaner |
|
11.01.2013, 17:32
| #7 |
| | Computer gesperrt GVU Trojaner Hier der Log Vom Combofix! Erstmal panik geschoben, da das ding mir erstmal jede internetverindung genommen hat und ich nichts lesen konnte ! Bin ja Nicht ganz pc doof aber Das hier übersteigt mein horizont check da nicht mal annähernd durch  !Code:
ATTFilter ComboFix 13-01-11.01 - Lukas 11.01.2013 17:26:45.2.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.49.1031.18.16364.13786 [GMT 1:00]
ausgeführt von:: c:\users\Lukas\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-11 bis 2013-01-11 ))))))))))))))))))))))))))))))
.
.
2013-01-11 16:29 . 2013-01-11 16:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-10 19:31 . 2013-01-10 19:31 -------- d-----w- c:\programdata\HTC
2013-01-10 15:47 . 2013-01-10 15:47 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E861B26D-9E0C-45B6-AAF3-39288EF3C622}\offreg.dll
2013-01-10 15:29 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E861B26D-9E0C-45B6-AAF3-39288EF3C622}\mpengine.dll
2013-01-10 13:19 . 2013-01-10 13:19 -------- d-----w- c:\users\Lukas\AppData\Local\Programs
2013-01-10 13:16 . 2013-01-10 13:16 2889 ----a-w- c:\programdata\dsgsdgdsgdsgw.js
2013-01-09 02:25 . 2013-01-09 02:25 -------- d-----w- c:\program files (x86)\AC Tool
2013-01-07 09:42 . 2013-01-07 09:42 -------- d-----w- c:\program files\iPod
2013-01-07 09:42 . 2013-01-07 09:43 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-07 09:42 . 2013-01-07 09:43 -------- d-----w- c:\program files\iTunes
2012-12-24 10:00 . 2012-12-24 10:39 -------- d-----w- c:\users\Lukas\AppData\Roaming\ts3overlay_hook_win64
2012-12-16 21:11 . 2012-12-16 21:12 -------- d-----w- c:\users\Lukas\AppData\Roaming\.minecraft
2012-12-16 15:43 . 2012-12-16 15:43 -------- d-----w- c:\users\Lukas\AppData\Roaming\rigonauts
2012-12-16 15:40 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-12-16 15:40 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-16 15:40 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-16 15:40 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-16 15:38 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-16 15:38 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-16 15:38 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-16 15:38 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-16 15:38 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-16 15:38 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-16 15:38 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-16 15:36 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-12-16 15:36 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-16 15:36 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-16 15:36 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-12-16 15:36 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-12-16 15:36 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-12-16 15:36 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-12-16 15:34 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-12-16 15:34 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 15:49 . 2012-09-24 16:25 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-12 15:47 . 2012-12-12 15:47 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-12 15:47 . 2012-12-12 15:47 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-12 15:47 . 2012-12-12 15:47 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-12 15:36 . 2012-04-25 14:44 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 15:36 . 2012-04-25 14:44 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-09 15:45 . 2012-04-30 06:28 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-12-09 15:45 . 2012-04-30 05:09 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-12-09 15:45 . 2012-04-30 05:09 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-11-19 19:17 . 2012-04-30 05:09 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-18 00:46 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-11-18 00:45 . 2009-08-18 10:24 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-10-16 08:38 . 2012-12-16 15:35 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-16 15:35 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-16 15:35 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-13 19:56 . 2012-10-13 19:56 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-04-24 21:43 . 2012-04-24 21:43 0 ----a-w- c:\program files\nsy5591.tmp
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\DeviceVM\SmartView\AddressBarSearch.dll" [2010-09-02 162080]
.
[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\data\Progamme\Steam\steam.exe" [2012-12-01 1354736]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-12-05 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2012-04-24 4942336]
"SmartViewAgent"="c:\program files (x86)\DeviceVM\SmartView\SmartViewAgent.exe" [2010-09-02 948504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"iTunesHelper"="c:\data\Progamme\itunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2012-04-25 31808]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2011-05-10 17192]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-13 283200]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-04-24 15936]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 SmartViewService;SmartView service;c:\program files (x86)\DeviceVM\SmartView\SmartViewService.exe [2010-09-02 125216]
S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-03-04 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-03-04 390632]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-10-19 39480]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 11670323
*NewlyCreated* - 27941410
*Deregistered* - 11670323
*Deregistered* - 27941410
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-18 11855976]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\1zop6hfg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=logo
FF - ExtSQL: 2012-12-08 21:39; {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}; c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\1zop6hfg.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF - ExtSQL: 2012-12-12 17:52; ich@maltegoetz.de; c:\users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\1zop6hfg.default\extensions\ich@maltegoetz.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2918150296-1997832558-1535474348-1000\Software\SecuROM\License information*]
"datasecu"=hex:de,53,60,83,da,87,3b,a6,4e,1e,09,c1,88,11,9a,4e,1f,b5,d3,05,0f,
a6,43,5b,3f,d0,77,6b,3c,4a,88,61,6e,46,1d,ea,05,d9,a3,29,2b,f3,ae,2a,37,b1,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-11 17:31:03
ComboFix-quarantined-files.txt 2013-01-11 16:31
.
Vor Suchlauf: 14 Verzeichnis(se), 470.315.966.464 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 470.255.788.032 Bytes frei
.
- - End Of File - - 597E871DE48097FD24A8DB1D0E55E07D
Geändert von craphere (11.01.2013 um 17:41 Uhr) |
|
11.01.2013, 19:49
| #8 |
| /// Malware-holic | Computer gesperrt GVU Trojaner Hi lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.01.2013, 21:33
| #9 |
| | Computer gesperrt GVU TrojanerCode:
ATTFilter AC Tool 09.01.2013 Notwendig Acrobat.com Adobe Systems Incorporated 24.04.2012 1.1.377 Notwendig Adobe AIR Adobe Systems Inc. 24.04.2012 1.0.4990 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 12.12.2012 6,00MB 11.5.502.135 Adobe Reader 9.5.2 Adobe Systems Incorporated 13.12.2012 103MB 9.5.2 Adobe Shockwave Player 11.6 Adobe Systems, Inc. 28.10.2012 11.6.8.638 AION Free-To-Play Gameforge 22.06.2012 22,6MB 2.70.0000 unnötig AION Free-To-Play PTS Gameforge 12.07.2012 22,6MB 3.00.0000 unnötig AMD Catalyst Install Manager Advanced Micro Devices, Inc. 23.10.2012 26,3MB 8.0.891.0 Notwendig Apple Application Support Apple Inc. 10.12.2012 65,0MB 2.3.2 Notwendig Apple Mobile Device Support Apple Inc. 10.12.2012 25,1MB 6.0.1.3 Notwendig Apple Software Update Apple Inc. 27.04.2012 2,38MB 2.1.3.127 Notwendig ArcaniA – Gothic 4 Spellbound Studios 11.10.2012 Notwendig Arcania: Fall of Setarrif Spellbound Studios 11.10.2012 Notwendig Asmedia ASM104x USB 3.0 Host Controller Driver Asmedia Technology 24.04.2012 2,22MB 1.10.1.0 Notwendig ASRock App Charger v1.0.5 ASRock Inc. 24.04.2012 1,32MB Notwendig ASRock eXtreme Tuner v0.1.91 24.04.2012 16,6MB Notwendig ASRock InstantBoot v1.28 24.04.2012 unnötig Battlefield 3™ Electronic Arts 19.11.2012 1.4.0.0 Notwendig Battlefield Play4Free (Lukas) EA Digital illusions 21.09.2012 unnötig BattleForge™ Electronic Arts 09.07.2012 88,4MB 1.0.0.0 unnötig Battlelog Web Plugins EA Digital Illusions CE AB 20.11.2012 2.1.2 Notwendig Blacklight Retribution Perfect World Entertainment 30.04.2012 1.00.9500 Notwendig Bonjour Apple Inc. 27.04.2012 2,00MB 3.0.0.10 unnötig Borderlands Gearbox Software 28.07.2012 Notwendig BOSS BOSS Development Team 04.08.2012 2.0.0 unnötig BRINK Splash Damage 14.07.2012 Notwendig Bunch Of Heroes 23.09.2012 Notwendig Castle Crashers 26.11.2012 Notwendig CCleaner Piriform 19.12.2012 3.26 notwendig? Cheat Engine 6.2 Dark Byte 24.06.2012 27,0MB unnötig Counter-Strike Valve 24.04.2012 Notwendig Counter-Strike: Global Offensive Beta 15.08.2012 Notwendig Counter-Strike: Source Valve 12.07.2012 Notwendig CryEngine(R)2 Sandbox(TM)2 Electronic Arts 08.09.2012 39,1MB 1.00.0000 Notwendig Crysis Crytek 11.09.2012 Notwendig Crysis 2 Maximum Edition Electronic Arts 09.09.2012 Notwendig Crysis Warhead Crytek 10.09.2012 Notwendig DAEMON Tools Lite DT Soft Ltd 13.10.2012 4.45.4.0314 unnötig Dota 2 25.04.2012 Notwendig DUNGEONS - Steam Special Edition Realmforge Studios 12.08.2012 unnötig DUNGEONS - The Dark Lord (Steam Special Edition) 12.08.2012 unnötig ESN Sonar ESN Social Software AB 20.11.2012 0.70.4 unbekannt Fallout: New Vegas Bethesda Softworks 14.07.2012 unnötig GameSpy Comrade GameSpy 07.09.2012 19,0MB 1.5.0.156 unnötig Garry's Mod Team Garry 12.07.2012 Notwendig Garry's Mod 13 Beta TEAM GARRY 24.08.2012 Notwendig GIMP 2.8.2 The GIMP Team 04.09.2012 244MB 2.8.2 unnötig Global Agenda Hi-Rez Studios 26.04.2012 Notwendig Gothic 11.10.2012 Notwendig Gothic 3 Piranha Bytes 11.10.2012 Notwendig Gothic II: Gold Edition Piranha Bytes 11.10.2012 Notwendig Grand Theft Auto IV Rockstar 08.11.2012 Notwendig Hitman: Contracts Eidos 11.09.2012 unnötig Homefront THQ 06.10.2012 unnötig HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät Hewlett-Packard Co. 12.12.2012 102MB 28.0.1313.0 Notwendig Hunted: The Demon's Forge Bethesda 15.07.2012 Notwendig Hydrophobia: Prophecy Dark Energy Digital 04.09.2012 Notwendig iTunes Apple Inc. 07.01.2013 189MB 11.0.1.12 Notwendig Java 7 Update 9 Oracle 12.12.2012 128MB 7.0.90 Notwendig Just Cause 2 Avalanche Studios 24.08.2012 Notwendig Killing Floor Tripwire Interactive 29.10.2012 Notwendig Killing Floor Mod: Defence Alliance 2 29.10.2012 Notwendig LIMBO 28.12.2012 Notwendig Logitech GamePanel Software 3.03.133 Logitech Inc. 09.11.2012 53,8MB 3.03.133 Notwendig Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 10.01.2013 18,4MB 1.70.0.1100 Notwendig ???? Metro 2033 THQ 06.10.2012 Notwendig Microsoft .NET Framework 1.1 Microsoft 07.09.2012 34,8MB 1.1.4322 Notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 02.01.2011 38,8MB 4.0.30319 Notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 02.01.2011 2,93MB 4.0.30319 Notwendig Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 25.04.2012 10,6MB 4.0.30319 Notwendig Microsoft Games for Windows - LIVE Microsoft Corporation 09.11.2012 8,31MB 3.1.186.0 unnötig Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 18.11.2012 31,3MB 3.5.92.0 unnötig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 09.07.2012 298KB 8.0.59193 Notwendig Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 11.09.2012 708KB 8.0.56336 Notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 25.04.2012 252KB 9.0.30729 Notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 24.04.2012 788KB 9.0.30729.4148 Notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 12.08.2012 1,42MB 9.0.21022 Notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 14.07.2012 240KB 9.0.30729 Notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 24.04.2012 596KB 9.0.30729.4148 Notwendig Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 24.04.2012 13,6MB 10.0.30319 Notwendig Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 14.07.2012 11,1MB 10.0.40219 Notwendig Microsoft XNA Framework Redistributable 4.0 Microsoft Corporation 25.04.2012 9,17MB 4.0.20823.0 Notwendig Mirror's Edge DICE 24.08.2012 Notwendig Mozilla Firefox 15.0 (x86 en-US) Mozilla 30.08.2012 159GB 15.0 notwedig Mozilla Maintenance Service Mozilla 30.08.2012 327KB 15.0 unbekannt NC Launcher (GameForge) NCsoft 22.06.2012 unnötig Need For Speed™ World Electronic Arts 09.07.2012 13,5MB 1.0.0.991unnötig Nexuiz IllFonic 15.08.2012 unnötig Nexus Mod Manager Black Tree Gaming 04.08.2012 13,4MB 0.19.0 unnötig NVIDIA PhysX NVIDIA Corporation 30.04.2012 78,9MB 9.10.0513 unnötig OpenAL 04.09.2012 unnötig Origin Electronic Arts, Inc. 18.11.2012 9.0.15.65 Notwendig Pando Media Booster Pando Networks Inc. 29.04.2012 5,46MB 2.6.0.7 Notwendig Philips SPZ3000 Webcam Philips 16.05.2012 2.1unnötig Philips ToUcam Fun Camera 16.05.2012 unnötig Philips ToUcam Pro Camera 16.05.2012 unnötig PL-2303 USB-to-Serial 23.05.2012 unnötig PunkBuster Services Even Balance, Inc. 19.11.2012 0.991 unbekannt Realm of the Mad God 31.07.2012 unnötig Realtek Ethernet Controller Driver Realtek 24.04.2012 7.44.421.2011 Notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 24.04.2012 6.0.1.6378 Notwendig Rigonauts 16.12.2012 Notwendig Roll 13.10.2012 Unbekannt Skype™ 6.0 Skype Technologies S.A. 22.11.2012 20,3MB 6.0.126 Notwendig SmartView for IE DeviceVM, Inc. 24.04.2012 1.0.4.1 unnötig Steam Valve Corporation 25.04.2012 1,59MB 1.0.0.0 Notwendig Super Monday Night Combat 26.04.2012 unnötig TeamSpeak 3 Client TeamSpeak Systems GmbH 25.04.2012 3.0.6 Notwendig Terraria 25.04.2012 Notwendig The Binding of Isaac 22.06.2012 Notwendig The Elder Scrolls V: Skyrim Bethesda Game Studios 14.07.2012 Notwendig Torchlight II 27.09.2012 Notwendig Waveform 02.09.2012 Notwendig Windows Live ID Sign-in Assistant Microsoft Corporation 18.11.2012 10,0MB 6.500.3165.0 unnötig Windows-Treiberpaket - Philips (spc999) Image (12/14/2009 1.00.0.0000) Philips 16.05.2012 12/14/2009 1.00.0.0000 ubekannt Windows-Treiberpaket - Philips (VM20d7) Image (08/02/2010 300.2000.4001.07) Philips 16.05.2012 08/02/2010 300.2000.4001.07 unbekannt Windows-Treiberpaket - Philips CL (phaudlwr) MEDIA (05/20/2009 1.0.5.12) Philips CL 16.05.2012 05/20/2009 1.0.5.12 unbekannt Windows-Treiberpaket - Philips USB (12/14/2009 1.00.0.0000) Philips 16.05.2012 12/14/2009 1.00.0.0000 unbekannt treiber webcam ? WinRAR 4.11 (64-Bit) win.rar GmbH 25.04.2012 4.11.0 Notwendig XFastUsb 24.04.2012 unnötig xrecode II 1.0.0.195 13.10.2012 24,4MB Unbekannt Geändert von craphere (11.01.2013 um 21:49 Uhr) Grund: code gesetzt ,ergänzt |
|
11.01.2013, 21:41
| #10 |
| /// Malware-holic | Computer gesperrt GVU Trojaner wieso ist nur die Hälfte beschriftet?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.01.2013, 21:43
| #11 |
| | Computer gesperrt GVU Trojaner -> edit kommt... Edit kommt sofort-- Bin soweit, sollte alles beschriftet sein , sry hatte die halbe anweisung überlesen.. |
|
14.01.2013, 22:25
| #12 |
| | Computer gesperrt GVU Trojaner Bump |
|
15.01.2013, 21:13
| #13 |
| /// Malware-holic | Computer gesperrt GVU Trojaner deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: AION : alle BOSS Cheat DAEMON DUNGEONS : alle ESN Fallout: GameSpy GIMP Hitman: Homefront Java downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Need NC Nexuiz Nexus Philips : alle PL Realm SmartView Super Windows Live XFastUsb xrecode öffne CCleaner, analysieren starten, pc neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.01.2013, 22:07
| #14 |
| | Computer gesperrt GVU Trojaner Hier der Log vom ADWC Code:
ATTFilter # AdwCleaner v2.105 - Datei am 16/01/2013 um 22:06:53 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Enterprise Service Pack 1 (64 bits)
# Benutzer : Lukas - LUKASTOWER
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Lukas\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16450
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0 (en-US)
Datei : C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\1zop6hfg.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [963 octets] - [16/01/2013 22:06:53]
########## EOF - C:\AdwCleaner[R1].txt - [1022 octets] ##########
|
|
16.01.2013, 22:11
| #15 |
| /// Malware-holic | Computer gesperrt GVU Trojaner Hi, Downloade Dir bitte AdwCleaner auf deinen Desktop.
neustarten, teste bitte, wie der PC + Programme wie Browser laufen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Computer gesperrt GVU Trojaner |
| adobe, bho, bonjour, computer, defender, error, explorer, flash player, format, gesperrt, grand theft auto, helper, install.exe, launch, logfile, malware bytes, mozilla, nexus, pando media booster, plug-in, programm, realtek, registry, richtlinie, rundll, scan, security, software, svchost.exe, teamspeak, udp, wgsdgsdgdsgsd.exe, windows |
Linear-Darstellung
