| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mit GVU Trojaner infiziertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.01.2013, 01:57
| #1 |
 |  Mit GVU Trojaner infiziert Hallo, ich habe mir leider einen GVU Trojaner eingefangen und bin beim googeln (im abgesicherten Modus) auf dieser nette Forum hier gestossen. Ich versuche mein Problem nun mal mit Hilfe euer Checkliste zu erläutern. 1. defogger konnte ohne Probleme ausgeführt werden. 2. Inhalt der OTL.txt: Code:
ATTFilter OTL logfile created on: 11.01.2013 00:59:57 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Severin\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,16 Gb Available Physical Memory | 79,09% Memory free 8,00 Gb Paging File | 7,31 Gb Available in Paging File | 91,39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 60,00 Gb Total Space | 11,55 Gb Free Space | 19,25% Space Free | Partition Type: NTFS Drive D: | 200,00 Gb Total Space | 3,99 Gb Free Space | 2,00% Space Free | Partition Type: NTFS Drive E: | 336,17 Gb Total Space | 1,03 Gb Free Space | 0,31% Space Free | Partition Type: NTFS Computer Name: SEVERIN-PC | User Name: Severin | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.11 00:09:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Severin\Desktop\OTL.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2012.07.04 07:20:54 | 000,238,080 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.12.23 12:42:48 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.12.09 13:07:02 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.06.11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate) SRV - [2012.06.11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc) SRV - [2012.01.04 21:28:36 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.01.06 08:27:55 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2011.01.06 08:25:44 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2010.09.22 16:34:32 | 000,457,944 | R--- | M] (cFos Software GmbH) [Auto | Stopped] -- C:\Programme\cFosSpeed\spd.exe -- (cFosSpeedS) SRV - [2010.05.06 10:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.04.09 14:32:02 | 000,372,736 | ---- | M] (Sphinx Software) [Auto | Stopped] -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.04 07:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2012.07.04 07:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.07.04 06:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.12.16 16:53:01 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:64bit: - [2011.11.21 07:53:12 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2011.11.01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2011.11.01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2011.11.01 10:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.11.01 10:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2011.08.22 14:26:46 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k) DRV:64bit: - [2011.08.22 14:26:34 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia) DRV:64bit: - [2011.08.22 14:26:24 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k) DRV:64bit: - [2011.08.22 14:26:12 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k) DRV:64bit: - [2011.08.22 14:26:02 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv) DRV:64bit: - [2011.08.22 14:25:50 | 000,687,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) DRV:64bit: - [2011.08.22 14:25:40 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k) DRV:64bit: - [2011.08.22 14:25:30 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS) DRV:64bit: - [2011.08.22 14:25:30 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX) DRV:64bit: - [2011.08.22 14:25:16 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS) DRV:64bit: - [2011.08.22 14:25:16 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT) DRV:64bit: - [2011.08.22 14:25:06 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS) DRV:64bit: - [2011.08.22 14:25:06 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT) DRV:64bit: - [2011.07.26 18:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.11.03 21:13:50 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.09.22 16:34:40 | 001,501,912 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed) DRV:64bit: - [2010.03.18 10:00:40 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2010.03.18 10:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2010.03.18 10:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 95 5B D7 FF 82 EF CD 01 [binary data] IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/" FF - prefs.js..extensions.enabledAddons: %7B6005d9b1-d115-485a-a92a-3f6453ca3fe2%7D:2.4 FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {6005d9b1-d115-485a-a92a-3f6453ca3fe2}:1.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.myheritage.com/?orig=ds&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.11.03 10:22:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.09 13:07:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.09 09:19:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.09 15:37:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.17 23:35:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Ex\\UnicodeExtensionMap: 0000000E93ED55EEC68961619079B24652DD030B FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.09 15:37:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.11.02 23:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\Extensions [2010.11.02 23:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.01.08 13:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\Firefox\Profiles\w1snvgrr.default\extensions [2010.11.02 23:29:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Severin\AppData\Roaming\mozilla\Firefox\Profiles\w1snvgrr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.01.08 13:41:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\Firefox\Profiles\w1snvgrr.default\extensions\trash [2012.10.06 09:49:12 | 000,260,260 | ---- | M] () (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\extensions\{6005d9b1-d115-485a-a92a-3f6453ca3fe2}.xpi [2013.01.08 13:41:01 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012.11.25 22:03:40 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.12 22:20:40 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012.08.30 22:35:53 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\extensions\trash\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2009.06.15 19:28:18 | 000,002,164 | ---- | M] () -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\searchplugins\bing.xml [2011.07.20 20:14:43 | 000,001,644 | ---- | M] () -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\searchplugins\minecraft.xml [2010.07.21 20:27:32 | 000,002,630 | ---- | M] () -- C:\Users\Severin\AppData\Roaming\mozilla\firefox\profiles\w1snvgrr.default\searchplugins\wiki-aventurica-de.xml [2012.12.09 13:06:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.09 13:07:03 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.09 09:15:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.09 09:15:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.09 09:15:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.09 09:15:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.09 09:15:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.09 09:15:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [cFosSpeed] C:\Programme\cFosSpeed\cfosspeed.exe (cFos Software GmbH) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows7FirewallControl] C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [HotSwap! Applet] C:\Users\Severin\Desktop\HotSwap!.EXE (KaaKoon) O4 - HKCU..\Run: [HP Photosmart 6510 series (NET)] C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Severin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Severin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: BID Link Explorer: Öffne aktuelle Seite - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm () O8:64bit: - Extra context menu item: BID: Link in Queue einreihen - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm () O8:64bit: - Extra context menu item: BID: Öffne aktuelle Seite - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebid.htm () O8:64bit: - Extra context menu item: BID: Öffne diesen &Link - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm () O8:64bit: - Extra context menu item: BID: Seite in &Queue einreihen - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm () O8 - Extra context menu item: BID Link Explorer: Öffne aktuelle Seite - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm () O8 - Extra context menu item: BID: Link in Queue einreihen - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm () O8 - Extra context menu item: BID: Öffne aktuelle Seite - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebid.htm () O8 - Extra context menu item: BID: Öffne diesen &Link - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm () O8 - Extra context menu item: BID: Seite in &Queue einreihen - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97C52EDB-5B0F-46A5-A92F-493E65AA4BB9}: DhcpNameServer = 192.168.178.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.11 00:18:11 | 000,000,000 | ---D | C] -- C:\Users\Severin\AppData\Roaming\Malwarebytes [2013.01.11 00:18:04 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.11 00:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.11 00:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.11 00:18:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.11 00:17:51 | 000,000,000 | ---D | C] -- C:\Users\Severin\AppData\Local\Programs [2013.01.11 00:09:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Severin\Desktop\OTL.exe [2013.01.10 23:24:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2013.01.10 23:24:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung [2012.12.20 19:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012.12.20 19:56:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2012.12.12 23:23:02 | 000,000,000 | ---D | C] -- C:\Windows\Migration ========== Files - Modified Within 30 Days ========== [2013.01.11 00:55:22 | 000,000,188 | ---- | M] () -- C:\Users\Severin\defogger_reenable [2013.01.11 00:54:08 | 000,050,477 | ---- | M] () -- C:\Users\Severin\Desktop\Defogger.exe [2013.01.11 00:18:04 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.11 00:09:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Severin\Desktop\OTL.exe [2013.01.11 00:02:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.11 00:02:34 | 3220,672,512 | -HS- | M] () -- C:\hiberfil.sys [2013.01.10 23:37:10 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-00291102}.rfx [2013.01.10 23:37:10 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000001-00001102-00000005-00291102}.rfx [2013.01.10 23:37:10 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000001-00001102-00000005-00291102}.rfx [2013.01.10 23:37:05 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.10 23:37:05 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.10 23:35:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.10 23:33:05 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2013.01.10 23:32:15 | 000,001,950 | ---- | M] () -- C:\Users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 6510 series (Netzwerk).lnk [2013.01.10 23:31:17 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.10 23:31:00 | 000,301,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.10 23:28:08 | 000,002,940 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2013.01.10 23:28:08 | 000,001,049 | ---- | M] () -- C:\Users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2013.01.10 23:28:08 | 000,000,159 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.reg [2013.01.10 23:28:08 | 000,000,068 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.bat [2013.01.10 23:28:04 | 000,265,728 | ---- | M] () -- C:\Users\Severin\wgsdgsdgdsgsd.exe [2013.01.10 23:24:04 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Data Migration.lnk [2013.01.10 23:01:03 | 000,000,260 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job [2013.01.09 10:16:09 | 001,594,042 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.09 10:16:09 | 000,698,726 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.09 10:16:09 | 000,652,708 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.09 10:16:09 | 000,148,782 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.09 10:16:09 | 000,121,640 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.09 10:16:00 | 001,594,042 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.23 22:51:59 | 000,001,742 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2012.12.23 22:11:33 | 000,224,001 | ---- | M] () -- C:\Users\Severin\Documents\Scan0005.jpg [2012.12.23 12:46:17 | 000,001,053 | ---- | M] () -- C:\Users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.12.23 12:45:53 | 000,001,025 | ---- | M] () -- C:\Users\Severin\Desktop\Dropbox.lnk [2012.12.20 20:45:16 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.12.20 20:45:16 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.12.20 20:44:38 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.13 22:05:06 | 000,325,451 | ---- | M] () -- C:\Users\Severin\Documents\Scan0004.jpg [2012.12.13 22:05:06 | 000,001,463 | ---- | M] () -- C:\Users\Severin\.recently-used.xbel [2012.12.13 22:04:31 | 000,269,808 | ---- | M] () -- C:\Users\Severin\Documents\Scan0003.jpg ========== Files Created - No Company Name ========== [2013.01.11 00:55:22 | 000,000,188 | ---- | C] () -- C:\Users\Severin\defogger_reenable [2013.01.11 00:53:54 | 000,050,477 | ---- | C] () -- C:\Users\Severin\Desktop\Defogger.exe [2013.01.11 00:18:04 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.10 23:28:08 | 000,002,940 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2013.01.10 23:28:08 | 000,001,049 | ---- | C] () -- C:\Users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2013.01.10 23:28:08 | 000,000,159 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.reg [2013.01.10 23:28:08 | 000,000,068 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.bat [2013.01.10 23:28:07 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2013.01.10 23:28:04 | 000,265,728 | ---- | C] () -- C:\Users\Severin\wgsdgsdgdsgsd.exe [2013.01.10 23:24:04 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Data Migration.lnk [2013.01.10 21:10:02 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2012.12.23 22:11:33 | 000,224,001 | ---- | C] () -- C:\Users\Severin\Documents\Scan0005.jpg [2012.12.13 22:05:06 | 000,001,463 | ---- | C] () -- C:\Users\Severin\.recently-used.xbel [2012.12.13 22:02:19 | 000,325,451 | ---- | C] () -- C:\Users\Severin\Documents\Scan0004.jpg [2012.12.13 22:02:19 | 000,269,808 | ---- | C] () -- C:\Users\Severin\Documents\Scan0003.jpg [2012.12.12 22:00:03 | 000,204,105 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs [2012.12.12 22:00:02 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml [2012.12.12 21:59:58 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml [2012.12.12 21:59:54 | 000,004,148 | ---- | C] () -- C:\Windows\SysNative\psmodulediscoveryprovider.mof [2012.12.12 21:59:46 | 000,204,105 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs [2012.12.12 21:59:04 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.12.12 21:51:56 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.25 23:07:35 | 000,000,118 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc [2012.07.27 22:50:53 | 000,010,495 | ---- | C] () -- C:\Users\Severin\Severin_elster_2048.pfx [2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.02.23 17:35:31 | 000,008,203 | ---- | C] () -- C:\Users\Severin\.heldEinstellungen4_1.xml [2012.02.23 17:35:30 | 000,000,260 | ---- | C] () -- C:\Users\Severin\.dsa4.properties [2012.02.15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.12.22 10:51:51 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.22 13:37:48 | 000,021,208 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2011.08.22 12:59:58 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll [2011.08.22 12:57:32 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll [2011.08.22 12:47:18 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat [2011.08.22 12:47:18 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat [2011.08.22 12:39:28 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe [2011.08.22 12:39:24 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe [2011.05.21 10:19:19 | 000,000,862 | ---- | C] () -- C:\Windows\wiso.ini [2011.05.13 11:44:33 | 000,000,000 | ---- | C] () -- C:\Users\Severin\AppData\Local\{E29A6443-6C23-49EF-A7F8-F9FF89C7FCD1} [2010.11.20 09:20:03 | 000,036,864 | ---- | C] () -- C:\Users\Severin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.05 20:54:58 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\.minecraft [2011.10.17 07:19:49 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Amazon [2012.01.05 19:47:10 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\BF3CC [2011.07.21 19:47:10 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\BFBC2CC [2012.02.09 22:19:42 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\BID [2010.11.03 21:44:46 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Blender Foundation [2010.11.03 21:44:46 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Buhl Data Service [2010.11.03 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Buhl Data Service GmbH [2012.05.01 01:32:22 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\calibre [2010.11.03 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Canneverbe Limited [2010.11.03 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\DAEMON Tools Lite [2010.11.03 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\DataDesign [2013.01.10 23:32:19 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Dropbox [2010.11.03 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\FaceGen [2010.11.03 21:44:49 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\fotobuch.de AG [2012.11.01 14:31:12 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\gtk-2.0 [2011.03.30 06:50:34 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\IrfanView [2010.11.04 18:59:59 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Leadertech [2011.02.13 15:57:53 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\LEGO Company [2010.11.03 21:44:49 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\LetsTrade [2010.11.03 21:44:49 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\My Games [2010.11.03 21:44:49 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\MyHeritage [2012.02.17 23:37:59 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Nokia [2011.07.16 12:53:34 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Nokia Ovi Suite [2011.05.16 12:33:05 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\OfficeRecovery [2010.11.03 21:44:49 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\OpenOffice.org [2012.12.04 22:21:05 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Origin [2011.07.16 12:46:34 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\PC Suite [2011.12.18 23:57:05 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\pdfforge [2010.11.03 21:44:51 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Poser [2013.01.09 09:20:36 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Spotify [2013.01.10 21:10:40 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\TeamViewer [2010.09.24 19:34:17 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\The Complete Genealogy Reporter - FTB [2010.11.02 23:30:04 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\Thunderbird [2011.11.22 07:57:02 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\TrueCrypt [2013.01.10 21:00:03 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\TS3Client [2010.11.03 21:44:51 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\uTorrent [2011.07.09 17:44:05 | 000,000,000 | ---D | M] -- C:\Users\Severin\AppData\Roaming\XMedia Recode ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 11.01.2013 00:59:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Severin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,16 Gb Available Physical Memory | 79,09% Memory free
8,00 Gb Paging File | 7,31 Gb Available in Paging File | 91,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60,00 Gb Total Space | 11,55 Gb Free Space | 19,25% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 3,99 Gb Free Space | 2,00% Space Free | Partition Type: NTFS
Drive E: | 336,17 Gb Total Space | 1,03 Gb Free Space | 0,31% Space Free | Partition Type: NTFS
Computer Name: SEVERIN-PC | User Name: Severin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04A4DBFF-F734-4594-8060-6EE2A42E0DB4}" = lport=445 | protocol=6 | dir=in | app=system |
"{0942A38A-3AD1-4B72-99AA-611257CDFF54}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0A41AC16-15F8-4449-9C88-6A31CABA2DB9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2239F232-7E0A-4357-8424-5AC4EEDC1C89}" = lport=10243 | protocol=6 | dir=in | app=system |
"{224C43CD-6187-42FC-AC0C-B4418BF22EFB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{27D8A6AF-C79E-48C8-B10B-DBADCF09EFEF}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{2E04EB29-5FA1-406E-BD92-CBE08A2AAA76}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{396451FC-F3CF-4DE7-81FA-1365D5CA0E35}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5EB0967B-3B8C-4346-857E-DDFFA63A26DC}" = rport=139 | protocol=6 | dir=out | app=system |
"{672BF6B7-DE62-4572-89AB-D60C3F7C0712}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{68AEB13D-EB02-442C-8F48-EB2EED3EA3B9}" = rport=445 | protocol=6 | dir=out | app=system |
"{7028702C-7716-45CB-A7EE-31EB7A7120D5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{731FBDFC-6298-4714-A019-EB8E06546CE9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{74A97FF9-0ADC-4934-81E4-8B9DECDD6CC6}" = lport=139 | protocol=6 | dir=in | app=system |
"{77A8704C-C065-4F59-B877-3E95E69ADD93}" = lport=137 | protocol=17 | dir=in | app=system |
"{847FEC26-29CD-423D-AAE5-87063C96F4BF}" = rport=137 | protocol=17 | dir=out | app=system |
"{897C4D1E-A1AD-40A5-9C17-9369B7A77948}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9D61ACB5-98D7-4D4A-A293-6C945EE88F4A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ADA53EC7-9374-440C-AF82-37FF2C058D82}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BCC29598-60FD-411F-968A-90C23D82D97E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF75E53F-6FDB-4C28-88DB-EDAD84D002A9}" = lport=138 | protocol=17 | dir=in | app=system |
"{C50B013B-4F68-49BD-867A-A678238D9B1D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E152A1EA-B070-4EBC-B5F6-36CEF2A5E091}" = rport=138 | protocol=17 | dir=out | app=system |
"{EE41E141-EA8B-48C0-8F71-090E13C4204B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C54188E-93B5-4265-9681-7C0BDDC007FB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{0EB304A5-8AF2-4D44-ADBA-0B1EAE401EFE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1170758C-4F1A-44CB-994A-4A7DF308AC4B}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{11F197F0-4098-412C-82F8-6C1DFFB43B03}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{17D54610-493E-45B0-A366-48ED92AF5CE6}" = dir=in | app=c:\program files\hp\hp photosmart 6510 series\bin\devicesetup.exe |
"{1BABBBBB-4FD6-452D-8958-A8EB04A63F26}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{23534EAE-FDEC-4F6A-AA89-F94AE13B5620}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{241EC5D9-1133-4ADC-84A7-E6D835B28AAC}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{298D8EDF-2CF3-4EFE-9513-E68742571B5F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{2B6F0405-D037-4B46-B6F0-2337AE7949DC}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{31188CF3-83F0-42A8-950C-863417E8F1C7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{31F0DB85-5FEA-4DE1-964D-9894AB4CCE05}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{36282200-282B-437C-891B-29F9179F1777}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\burnout paradise\burnoutlauncher.exe |
"{36B093B3-9FE4-4793-9023-3C6E8BE92230}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"{39BE6F2F-973C-4B8F-B401-79E4D2103101}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{3D815138-DB76-4945-8706-F6B69DA56B4C}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{4490C835-9707-43A2-9106-459E54BF4D6F}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"{46F50D4B-5BF1-474B-BF67-AEC46DEA3ADF}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{4C8BF11C-0FF6-4E2E-B2D1-E547A5B6F9AA}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{4D965DFD-1ED8-49FB-8D53-BA69D68FB25E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{50C85BE4-AC08-4F5D-AB08-8B45E85D06C5}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\burnout paradise\burnoutconfigtool.exe |
"{55E213B1-2721-4C6E-AF9E-41180B396B86}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{5C429030-AD5B-487E-8D24-386272768014}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{628B96F7-2B9B-4366-8C8E-00DFA7F77CEF}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\burnout paradise\burnoutlauncher.exe |
"{67E13C61-FAA0-4FE4-A221-5EF04A9E08A3}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{6A90A517-9866-4D15-812D-C7132A2B4383}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{71963F58-575A-4C00-B95A-F8F71EFA321B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{762CC2DF-0366-4D9B-BC6F-408078CFEB71}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7E58FA76-B3D9-400C-9D09-C3990000F793}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{800043D4-6596-4FB8-8B86-F6BCD2ED7D6F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{86750DEE-DB9C-49B4-889C-11D9FE47AF19}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\thedarkeye cos\satinav.exe |
"{88C2DE66-BF1E-4412-B3EA-0ECAC5925E5B}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\thedarkeye cos\visionaireconfigurationtool.exe |
"{919B59C0-E759-4929-B327-3CFA44D51BE1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{92F62159-C494-40DD-91A5-CD6CA1F3CEE1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{95ACFD2C-6D10-4C89-949F-796607431469}" = protocol=6 | dir=out | app=system |
"{97A3CB01-225C-45E1-8609-DD0C7350857D}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\battlefield 3\bf3.exe |
"{9C4BF8B0-F419-4499-98B6-CA4225A1933C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A2208F1B-F5FE-47DA-A9CE-971ABECF43C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A28961D4-3463-4A2E-9953-B5B8349220D2}" = protocol=17 | dir=in | app=c:\users\severin\appdata\roaming\dropbox\bin\dropbox.exe |
"{A2C88CE6-B2F9-4871-8EB3-4DB0C5B1E27F}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{A5BB51F4-FB5C-418E-895B-23C09BA32912}" = protocol=6 | dir=in | app=c:\users\severin\appdata\roaming\dropbox\bin\dropbox.exe |
"{A5F8A325-FAAE-4FF9-BE1F-BAEB7686E1CE}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\burnout paradise\burnoutparadise.exe |
"{AA670F91-DE53-46DA-9EFC-FE1B0316EA05}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\battlefield 3\bf3.exe |
"{AB6EC94F-5FEB-4F48-ABF5-6BD50F389E98}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\burnout paradise\burnoutparadise.exe |
"{ACDDF320-93DB-4CEF-BAAC-47A619E34138}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{AE30BF6E-B417-41E9-BAE9-EFC8F0DC90D9}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{AF672B31-13E1-4470-B68B-4D5332566C79}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\burnout paradise\burnoutconfigtool.exe |
"{B15978B9-AC94-48BD-B68F-8FD2A2D18E08}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B656A016-E7F6-435F-B4AE-921303B22461}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B73E5361-C73F-4F3F-B97D-11706EA14809}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{BC96C20A-DE65-460E-9670-56D66FE97133}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{BF488F68-109A-45C9-A815-F987B0A3C1CA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BFF62C7B-598B-4C98-8342-54BD77F176A5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C48682D9-C343-452D-ABEC-8DEF6015AFC2}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{C669DA02-E8D0-4DB9-BF94-4B0D7C7E30BC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C98F5C19-3818-4AD5-8E0A-C9FBF0A7BE66}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CB6E6434-BE35-48D7-8E6E-6FAF7725840B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{CB9B6A9F-2859-4492-997F-691957239353}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CEE2CEBE-AE74-4CF6-B858-D4A351D65966}" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{CF5E8A18-B3BE-44DE-A0DF-8CCC8A7BD596}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{CFFCC50E-D707-4FB4-9ADD-7951C3964EA3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D016CBDC-5607-4CE2-80A9-32C065BB6F29}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{D2FB00F0-6F41-4F9E-BEC7-A18A5E3CDE70}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D90DA6D8-5EE7-49AD-AED3-939B11D03130}" = dir=in | app=c:\program files\hp\hp photosmart 6510 series\bin\hpnetworkcommunicator.exe |
"{D989C2AD-26DC-466A-A91D-24C209101694}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{DAE8B786-458A-4623-921A-0FC639FE9EB7}" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{DBEF0E6D-0B57-49FB-B58F-B6FDC9842D22}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E7AF22DA-FFCE-4809-B6C7-C9691544B8D1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{E810411B-BDBC-48E2-8CB8-03415511A328}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\thedarkeye cos\satinav.exe |
"{EA2BBCBF-EE4F-4919-BCE5-8E36611BA5CA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{EB753A6F-8E54-49ED-ADE9-0F19B0FFD343}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EFB0E045-80C0-4E9E-8D13-FEAB29498C87}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EFBB651D-791F-4F79-882F-FB4F4CF7F171}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\thedarkeye cos\visionaireconfigurationtool.exe |
"{F1CFA8C5-031D-4BC5-8B8C-AC79CE4D6ECF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F3B76E34-11FC-4806-A1DB-7A2C1D65FCC6}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{F621C7C4-4B3C-40EE-B1E7-41F703AD2CE8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{F6FCDFE5-B73A-4E6D-8C9C-04B6B999DC9E}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{F75C9497-6674-4521-8F8E-3A2B1837CA9E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FB691E44-72A7-406C-9B1B-F6A8623521E1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{FE8E7C92-0ADD-40A2-B9B8-F9038B7FF8C7}" = protocol=58 | dir=in | app=system |
"TCP Query User{4C9BA945-5013-40E5-BA84-9A6BF3556C7D}C:\users\severin\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\severin\appdata\roaming\spotify\spotify.exe |
"TCP Query User{4DDC0131-5D1E-4EF8-AD81-F638C213D097}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{51247B46-7E21-4C06-8A45-E4EC6B9A9BDE}D:\program files (x86)\flatout2\flatout2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\flatout2\flatout2.exe |
"TCP Query User{56ED6C79-2707-4C5E-A365-34DC808E83D4}C:\users\severin\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\severin\appdata\roaming\spotify\spotify.exe |
"TCP Query User{5D22BF51-4861-4CCC-AC3F-DAB3A1E9D054}D:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=d:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{B66A883C-A554-4B4A-A2C3-62B4A962ED39}D:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"TCP Query User{BDBD4314-63B1-4E30-B2B0-4FFC4767CD24}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{BE8ADDEE-DC51-432A-ACB8-96CD7F1F7986}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{C19611A0-284E-4C2B-9F22-78B4580DEF66}C:\users\severin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\severin\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{C5B5AD25-D756-4ED4-B344-D742F79438D0}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{CE97DEB7-B5E5-4C3A-86C5-8D8E1993A730}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{DD226E22-7234-426D-BE7C-AF393A1F4F40}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{02DC44F8-C2E8-40FB-8701-976BF9D59CED}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{08FD3548-7667-4594-AA94-08D025BCAD62}C:\users\severin\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\severin\appdata\roaming\spotify\spotify.exe |
"UDP Query User{2B5EEABA-4EF2-4DEE-8ECE-BABF8449542B}D:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=d:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{5B3DB361-B659-41E5-A31D-7430F5974E74}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{6431705D-1AF2-44B7-B44C-0ACA9254C508}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{665605D3-8578-4A5A-8E06-9F7D60017FA3}C:\users\severin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\severin\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{8CE9B30B-EE61-4F11-8A87-C8EB3B9DB9AC}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{983585E4-B2F4-4371-8972-9657AD067BCF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{9F76C71B-1927-4716-AB96-42081C52DAC7}D:\program files (x86)\flatout2\flatout2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\flatout2\flatout2.exe |
"UDP Query User{BDF0C3CB-D116-4E3F-B6DF-BB6401E1B7B9}C:\users\severin\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\severin\appdata\roaming\spotify\spotify.exe |
"UDP Query User{E26F545E-D569-42E4-B378-F81FBF9A56EC}D:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"UDP Query User{FF0D7133-65E4-4C76-87C6-1D16A3F20DBC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{018F3B17-AF23-809D-3807-25A16563416C}" = AMD Media Foundation Decoders
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1A2B11DC-654B-0C80-14AA-B980D07257A7}" = ccc-utility64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2B8577D-EECF-4062-BEB7-A8BE3FD679ED}" = HP Photosmart 6510 series - Grundlegende Software für das Gerät
"{B6D7EF7F-DE25-4E27-A88F-F43C7D728367}" = Project+ 2.5.1
"{CCBF4FD7-F4D2-4DB0-BC0E-F4EC42220EFF}" = Microsoft SQL Server Compact 4.0 x64 DEU
"{D9710515-1C8F-4AF9-A61D-2E0287915B73}" = Studie zur Verbesserung von HP Photosmart 6510 series Produkten
"{E391E2FF-927F-46A6-8466-C688A2FAF1FB}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F809FFB5-6F9B-AFDE-6048-5D9E95A85505}" = AMD Drag and Drop Transcoding
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"4144-4862-0472-7103" = WorldPainter 0.6.12
"cFosSpeed" = cFosSpeed v6.02
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"GPL Ghostscript 9.04" = GPL Ghostscript
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Recuva" = Recuva
"SP6" = Logitech SetPoint 6.15
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{03E1711E-2A57-D826-142F-4D1C8CBB9CE3}" = CCC Help Korean
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05499036-169E-2DB2-CA6A-921826EDB571}" = CCC Help Hungarian
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1737B9BC-D3B4-D62A-C79F-049D1C14BAC5}" = CCC Help Finnish
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1C179D24-8307-A87E-5BF2-7F847B5489FB}" = CCC Help Dutch
"{1C961E37-1448-39D0-7A46-BB6BEA266C18}" = CCC Help Russian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24E95349-8629-47A0-EB12-9B081EFE4122}" = Catalyst Control Center Localization All
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4048B649-4AD0-1C0F-3C0F-09478FE3E4E8}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{51E47ACA-6672-7A6B-FE18-20E1EA4802E3}" = CCC Help Greek
"{59C7AFEC-E6E0-C99E-31FD-1FCBBFF70393}" = Catalyst Control Center
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper Version 2.8.0
"{5CA66729-D7A8-428B-21AC-CE78AB6BC83D}" = CCC Help Portuguese
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{604B7475-6B17-D7DF-636D-E1E147349316}" = CCC Help Japanese
"{61AF34EF-B0A4-4664-975B-81904824EB1C}" = WISO Mein Geld 2011 Professional
"{62460273-C5CA-BEAB-5AEA-360698FCB506}" = CCC Help Czech
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D5B770B-9F4B-5D56-C270-196E91C9F0FF}" = CCC Help Danish
"{6E25AE88-7018-022F-508B-80656F538535}" = CCC Help Polish
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77033683-0816-4D7D-8BF1-3949B4E9823D}" = Battlefield 3™
"{778AA318-7343-B50A-09FE-96BD3FF18501}" = Catalyst Control Center InstallProxy
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{941BF29A-8738-34FB-58AF-116758FA60AB}" = CCC Help Thai
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4D322B-0BE2-F994-701F-8E464029B11A}" = CCC Help Swedish
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A2F95F8C-CDA9-4B08-BAD1-CA9656E4EC14}" = HP Photosmart 6510 series Hilfe
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9FDFB03-82ED-0DCC-6351-A562F184E9ED}" = CCC Help Italian
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B62BA521-B0BB-7215-6467-9EC0A1E61D85}" = Catalyst Control Center Graphics Previews Common
"{B6C2569C-E2AA-4AB9-8C26-AC2487A2BFFC}" = Sid Meier's Civilization 4
"{B6D49D90-3D8B-F6D4-2009-11AE0E11EBC3}" = CCC Help English
"{BE0BEC1F-C9D6-17D5-075A-53DF0A23C282}" = CCC Help Norwegian
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BF6685DC-50F9-48EA-B2FF-99AF905D7660}" = Envisioneer Express 5.0
"{BFD7E2D6-B4E1-D425-166E-CF27BBD79C10}" = CCC Help Spanish
"{C04ACDD0-62A7-091E-0B83-4383E7073469}" = CCC Help Turkish
"{C1AC5BDC-5441-4671-894D-70B542022652}" = calibre
"{C7232E58-FD2F-5EC0-B4FD-2C5FA2DB6BB8}" = CCC Help French
"{C9912275-67A2-4624-A212-83E53AF7ADC8}" = Minutor
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D4DE3DB4-7734-47E5-8D92-B80146311406}" = Samsung Data Migration
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E661CA41-4846-13AB-5137-25F13F1C5D6B}" = CCC Help Chinese Standard
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FCB53C89-7998-6782-DA2B-99B49BE8AD96}" = CCC Help German
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALchemy" = Creative ALchemy
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AudioCS" = Creative Audio Control Panel
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Bulk Image Downloader_is1" = Bulk Image Downloader v4.35.0.0
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"ESN Sonar-0.70.0" = ESN Sonar
"ESN Sonar-0.70.4" = ESN Sonar
"HP Photo Creations" = HP Photo Creations
"InstallShield_{BF6685DC-50F9-48EA-B2FF-99AF905D7660}" = Envisioneer Express 5.0
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"New LEGO Digital Designer" = LEGO Digital Designer
"Nokia Suite" = Nokia Suite
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"QuickPar" = QuickPar 0.9
"SFBM" = SoundFont-Bank-Manager
"Steam App 203830" = The Dark Eye: Chains of Satinav
"Sweet Home 3D_is1" = Sweet Home 3D version 3.5
"TeamViewer 8" = TeamViewer 8
"TrueCrypt" = TrueCrypt
"UnityWebPlayer" = Unity Web Player (All users)
"VLC media player" = VLC media player 2.0.4
"WaveStudio 7" = Creative WaveStudio 7
"Windows7FirewallControl_is1" = Windows7FirewallControl (i386) 3.5.1.131
"Winload Toolbar" = Winload Toolbar
"WISO Mein Geld 2011 Professional" = WISO Mein Geld 2011 Professional
"XMedia Recode" = XMedia Recode 3.0.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"7d0ab3f03a657c8f" = BC2CC
"af8063ee51cc0619" = BF3CC
"Dropbox" = Dropbox
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.12.2012 17:57:20 | Computer Name = Severin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5891
Error - 30.12.2012 04:46:11 | Computer Name = Severin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 03.01.2013 18:20:13 | Computer Name = Severin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cfosspeed.exe, Version: 6.2.1722.0,
Zeitstempel: 0x4c9a0acf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000004e4b4
ID
des fehlerhaften Prozesses: 0xdc4 Startzeit der fehlerhaften Anwendung: 0x01cde4944be75e8f
Pfad
der fehlerhaften Anwendung: C:\Program Files\cFosSpeed\cfosspeed.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: be1b0f63-55f3-11e2-b23d-002185345dc5
Error - 03.01.2013 20:14:02 | Computer Name = Severin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 03.01.2013 20:14:02 | Computer Name = Severin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2078
Error - 03.01.2013 20:14:02 | Computer Name = Severin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2078
Error - 04.01.2013 17:30:18 | Computer Name = Severin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 07.01.2013 04:49:54 | Computer Name = Severin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 07.01.2013 04:49:54 | Computer Name = Severin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1953
Error - 07.01.2013 04:49:54 | Computer Name = Severin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1953
Error - 08.01.2013 09:43:10 | Computer Name = Severin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
[ System Events ]
Error - 10.01.2013 19:52:40 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.01.2013 19:54:48 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.01.2013 19:54:48 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.01.2013 19:54:48 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.01.2013 19:59:47 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.01.2013 19:59:47 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.01.2013 19:59:47 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.01.2013 20:01:55 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.01.2013 20:01:55 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.01.2013 20:01:55 | Computer Name = Severin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-11 01:49:52
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD6400AAKS-65A7B0 rev.01.03B01 596,17GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Severin\AppData\Local\Temp\kxdirfow.sys
---- Threads - GMER 2.0 ----
Thread C:\Windows\System32\svchost.exe [1788:1912] 000007fef8b89688
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1628] 000000006ffefee5
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:772] 0000000077b62e25
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1840] 000000006ffe8f6c
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1936] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1272] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1132] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:208] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1980] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1216] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1020] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1432] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1504] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1184] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1488] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:2028] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1484] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1796] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:2000] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1292] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1608] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:552] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1224] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1792] 0000000074f827c1
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:316] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:252] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1144] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1968] 0000000077b63e45
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:784] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:284] 0000000073f562ee
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1660] 00000000747ac724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1516] 0000000077b63e45
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:892] 0000000070f632fb
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1376] 00000000763ad864
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1068:1492] 0000000077b63e45
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [1788] 000007fefe3d0000
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB5 0x35 0xA2 0xF2 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x71 0xAB 0xD4 0xF9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFD 0xCB 0x2A 0x2A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB5 0x35 0xA2 0xF2 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x71 0xAB 0xD4 0xF9 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFD 0xCB 0x2A 0x2A ...
---- EOF - GMER 2.0 ----
MfG Severin |
|
11.01.2013, 02:00
| #2 |
| /// Malware-holic   | Mit GVU Trojaner infiziert HI
__________________ist nicht alles, öffne Malwarebytes, Logdateien, poste Berichte mit Funden.
__________________ |
|
11.01.2013, 08:55
| #3 |
| | Mit GVU Trojaner infiziert Guten Morgen,
__________________ich hab den Scan letzte Nacht noch gestartet, hier die Ergebnisse: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.10.13 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Severin :: SEVERIN-PC [Administrator] 11.01.2013 02:05:16 mbam-log-2013-01-11 (02-05-16).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 538289 Laufzeit: 57 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 18 E:\Files\Anwendungen\CryptLoad_1.1.4\router\FRITZ!Box\nc.exe (PUP.Netcat) -> Keine Aktion durchgeführt. E:\Files\Anwendungen\cartograph_g_2011_04_20_bins\Cartograph_G_Post_Processor.exe (Trojan.Agent.cn) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\Files\Anwendungen\cartograph_g_2011_09_16_bins\Cartograph_G_Post_Processor.exe (Trojan.Agent.cn) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\Files\Diverses\von Deike\Collage lars und ich sonnenbrille.jpg (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\Files\Diverses\von Deike\Carina und Endrik\DSCF0511.JPG (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\Files\Diverses\von Deike\Carina und Endrik\DSCF0516.JPG (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\Files\Diverses\von Deike\Lars und ich 20.7\090720_184351_6.jpg (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\Files\Diverses\von Deike\neu\IMAGE0005.BMP.BMP (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\Files\Diverses\von Deike\neu\IMAGE0007.BMP.BMP (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\Files\Diverses\von Deike\Umbau\PICT2588.JPG (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\Files\Diverses\von Deike\Umbau\PICT2678.JPG (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\Files\Diverses\von Deike\Umbau\PICT3015.JPG (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\Files\Diverses\von Deike\Weihnachten 2008\PICT2403.JPG (Extension.Mismatch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Severin\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\dsgsdgdsgdsgw.bat (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\dsgsdgdsgdsgw.reg (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) MfG Sören |
|
11.01.2013, 16:20
| #4 |
| /// Malware-holic | Mit GVU Trojaner infiziert hi gab es weitere ältere Logs mit Funden, dann posten bitte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.01.2013, 18:16
| #5 |
| | Mit GVU Trojaner infiziert Hallo mal wieder, nein tut mir leid, mehr habe ich nicht. Sollte irgendwo noch etwas sein? MfG Severin |
|
11.01.2013, 19:36
| #6 |
| /// Malware-holic | Mit GVU Trojaner infiziert hi ne, muss nicht unbedingt :-) dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2013.01.10 23:28:08 | 000,002,940 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.10 23:28:08 | 000,001,049 | ---- | M] () -- C:\Users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.10 23:28:08 | 000,000,159 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
[2013.01.10 23:28:08 | 000,000,068 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
[2013.01.10 23:28:04 | 000,265,728 | ---- | M] () -- C:\Users\Severin\wgsdgsdgdsgsd.exe
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
__________________ --> Mit GVU Trojaner infiziert |
|
11.01.2013, 23:25
| #7 |
| | Mit GVU Trojaner infiziert Nabend, da haben wir uns vorhin knapp verpasst, schade. Aber gut, nun hab ich das Skript ausgeführt, mit folgendem Ergebnis: Code:
ATTFilter All processes killed
========== OTL ==========
C:\ProgramData\dsgsdgdsgdsgw.js moved successfully.
File C:\Users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk not found.
File C:\ProgramData\dsgsdgdsgdsgw.reg not found.
File C:\ProgramData\dsgsdgdsgdsgw.bat not found.
File C:\Users\Severin\wgsdgsdgdsgsd.exe not found.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: AppData
User: Default
User: Default User
User: Public
User: Severin
->Flash cache emptied: 4263846 bytes
Total Flash Files Cleaned = 4,00 mb
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Severin
->Temp folder emptied: 328114825 bytes
->Temporary Internet Files folder emptied: 265008183 bytes
->Java cache emptied: 20089197 bytes
->FireFox cache emptied: 78139336 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1306309186 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.905,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01112013_231255
Files\Folders moved on Reboot...
C:\Users\Severin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Der Neustart im normalen Modus funktionierte übrigens problemlos. Kann man eingetlich hier irgendwo nachlesen, was OTL und die ganzen anderen Programme, die ihr so verwendet, eigentlich macht? Ich bin neugierig und würde gerne verstehen, was ich hier tue. MfG Severin |
|
13.01.2013, 18:28
| #8 |
| /// Malware-holic | Mit GVU Trojaner infiziert in den anleitungen der einzlnen programme download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.01.2013, 19:43
| #9 |
| | Mit GVU Trojaner infiziert Nabend, Hier das Ergebnis: Code:
ATTFilter 19:38:33.0637 4628 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:38:33.0767 4628 ============================================================
19:38:33.0767 4628 Current date / time: 2013/01/13 19:38:33.0767
19:38:33.0767 4628 SystemInfo:
19:38:33.0767 4628
19:38:33.0767 4628 OS Version: 6.1.7601 ServicePack: 1.0
19:38:33.0767 4628 Product type: Workstation
19:38:33.0768 4628 ComputerName: SEVERIN-PC
19:38:33.0768 4628 UserName: Severin
19:38:33.0768 4628 Windows directory: C:\Windows
19:38:33.0768 4628 System windows directory: C:\Windows
19:38:33.0768 4628 Running under WOW64
19:38:33.0768 4628 Processor architecture: Intel x64
19:38:33.0768 4628 Number of processors: 4
19:38:33.0768 4628 Page size: 0x1000
19:38:33.0768 4628 Boot type: Normal boot
19:38:33.0768 4628 ============================================================
19:38:34.0540 4628 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:38:34.0546 4628 ============================================================
19:38:34.0546 4628 \Device\Harddisk0\DR0:
19:38:34.0546 4628 MBR partitions:
19:38:34.0546 4628 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x7800000
19:38:34.0546 4628 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7800800, BlocksNum 0x19000000
19:38:34.0546 4628 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x20800800, BlocksNum 0x2A056800
19:38:34.0546 4628 ============================================================
19:38:34.0572 4628 C: <-> \Device\Harddisk0\DR0\Partition1
19:38:34.0600 4628 D: <-> \Device\Harddisk0\DR0\Partition2
19:38:34.0634 4628 E: <-> \Device\Harddisk0\DR0\Partition3
19:38:34.0634 4628 ============================================================
19:38:34.0635 4628 Initialize success
19:38:34.0635 4628 ============================================================
19:38:59.0395 3696 ============================================================
19:38:59.0395 3696 Scan started
19:38:59.0395 3696 Mode: Manual; SigCheck; TDLFS;
19:38:59.0395 3696 ============================================================
19:38:59.0920 3696 ================ Scan system memory ========================
19:38:59.0920 3696 System memory - ok
19:38:59.0920 3696 ================ Scan services =============================
19:39:00.0056 3696 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:39:00.0193 3696 1394ohci - ok
19:39:00.0234 3696 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:39:00.0261 3696 ACPI - ok
19:39:00.0288 3696 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:39:00.0329 3696 AcpiPmi - ok
19:39:00.0458 3696 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:39:00.0480 3696 AdobeARMservice - ok
19:39:00.0526 3696 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:39:00.0563 3696 adp94xx - ok
19:39:00.0606 3696 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:39:00.0627 3696 adpahci - ok
19:39:00.0645 3696 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:39:00.0662 3696 adpu320 - ok
19:39:00.0690 3696 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:39:00.0742 3696 AeLookupSvc - ok
19:39:00.0792 3696 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:39:00.0848 3696 AFD - ok
19:39:00.0881 3696 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:39:00.0895 3696 agp440 - ok
19:39:00.0906 3696 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:39:00.0953 3696 ALG - ok
19:39:00.0967 3696 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:39:00.0981 3696 aliide - ok
19:39:01.0013 3696 [ E20DDDFBD0DBE7D8EAD4D7A51D654367 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:39:01.0042 3696 AMD External Events Utility - ok
19:39:01.0056 3696 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:39:01.0070 3696 amdide - ok
19:39:01.0091 3696 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:39:01.0126 3696 AmdK8 - ok
19:39:01.0363 3696 [ 4284FB1240537A33E6EC417EFD87D40F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:39:01.0661 3696 amdkmdag - ok
19:39:01.0693 3696 [ 6C25C497E05EFD0CB6033A0444FC9B51 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:39:01.0717 3696 amdkmdap - ok
19:39:01.0744 3696 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:39:01.0787 3696 AmdPPM - ok
19:39:01.0808 3696 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:39:01.0830 3696 amdsata - ok
19:39:01.0851 3696 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:39:01.0876 3696 amdsbs - ok
19:39:01.0894 3696 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:39:01.0907 3696 amdxata - ok
19:39:01.0940 3696 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:39:02.0008 3696 AppID - ok
19:39:02.0031 3696 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:39:02.0082 3696 AppIDSvc - ok
19:39:02.0117 3696 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:39:02.0166 3696 Appinfo - ok
19:39:02.0246 3696 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:39:02.0265 3696 Apple Mobile Device - ok
19:39:02.0278 3696 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:39:02.0298 3696 arc - ok
19:39:02.0311 3696 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:39:02.0330 3696 arcsas - ok
19:39:02.0448 3696 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:39:02.0469 3696 aspnet_state - ok
19:39:02.0503 3696 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
19:39:02.0516 3696 aswFsBlk - ok
19:39:02.0539 3696 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
19:39:02.0552 3696 aswMonFlt - ok
19:39:02.0592 3696 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
19:39:02.0604 3696 aswRdr - ok
19:39:02.0646 3696 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
19:39:02.0673 3696 aswSnx - ok
19:39:02.0685 3696 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
19:39:02.0702 3696 aswSP - ok
19:39:02.0710 3696 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
19:39:02.0723 3696 aswTdi - ok
19:39:02.0729 3696 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:39:02.0779 3696 AsyncMac - ok
19:39:02.0802 3696 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:39:02.0815 3696 atapi - ok
19:39:02.0854 3696 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:39:02.0867 3696 AtiHDAudioService - ok
19:39:03.0049 3696 [ 4284FB1240537A33E6EC417EFD87D40F ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:39:03.0176 3696 atikmdag - ok
19:39:03.0215 3696 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:39:03.0292 3696 AudioEndpointBuilder - ok
19:39:03.0302 3696 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:39:03.0342 3696 AudioSrv - ok
19:39:03.0426 3696 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
19:39:03.0440 3696 avast! Antivirus - ok
19:39:03.0479 3696 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:39:03.0515 3696 AxInstSV - ok
19:39:03.0551 3696 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:39:03.0588 3696 b06bdrv - ok
19:39:03.0619 3696 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:39:03.0665 3696 b57nd60a - ok
19:39:03.0775 3696 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
19:39:03.0800 3696 BBSvc - ok
19:39:03.0832 3696 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
19:39:03.0849 3696 BBUpdate - ok
19:39:03.0871 3696 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:39:03.0897 3696 BDESVC - ok
19:39:03.0922 3696 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:39:03.0991 3696 Beep - ok
19:39:04.0040 3696 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:39:04.0098 3696 BFE - ok
19:39:04.0121 3696 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:39:04.0198 3696 BITS - ok
19:39:04.0216 3696 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:39:04.0241 3696 blbdrive - ok
19:39:04.0288 3696 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:39:04.0313 3696 Bonjour Service - ok
19:39:04.0346 3696 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:39:04.0360 3696 bowser - ok
19:39:04.0404 3696 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:39:04.0448 3696 BrFiltLo - ok
19:39:04.0463 3696 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:39:04.0481 3696 BrFiltUp - ok
19:39:04.0517 3696 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:39:04.0542 3696 Browser - ok
19:39:04.0559 3696 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:39:04.0603 3696 Brserid - ok
19:39:04.0619 3696 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:39:04.0648 3696 BrSerWdm - ok
19:39:04.0659 3696 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:39:04.0693 3696 BrUsbMdm - ok
19:39:04.0709 3696 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:39:04.0725 3696 BrUsbSer - ok
19:39:04.0737 3696 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:39:04.0769 3696 BTHMODEM - ok
19:39:04.0799 3696 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:39:04.0845 3696 bthserv - ok
19:39:04.0859 3696 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:39:04.0897 3696 cdfs - ok
19:39:04.0937 3696 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
19:39:04.0962 3696 cdrom - ok
19:39:05.0000 3696 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:39:05.0070 3696 CertPropSvc - ok
19:39:05.0134 3696 [ BBFFE2A1430FD787C11B7A2DB8987A84 ] cFosSpeed C:\Windows\system32\DRIVERS\cfosspeed6.sys
19:39:05.0195 3696 cFosSpeed - ok
19:39:05.0235 3696 [ D86C0A0F22E893BAFE4AECEFAC8ECA8E ] cFosSpeedS C:\Program Files\cFosSpeed\spd.exe
19:39:05.0261 3696 cFosSpeedS - ok
19:39:05.0280 3696 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:39:05.0310 3696 circlass - ok
19:39:05.0328 3696 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:39:05.0349 3696 CLFS - ok
19:39:05.0425 3696 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:39:05.0446 3696 clr_optimization_v2.0.50727_32 - ok
19:39:05.0477 3696 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:39:05.0496 3696 clr_optimization_v2.0.50727_64 - ok
19:39:05.0574 3696 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:39:05.0625 3696 clr_optimization_v4.0.30319_32 - ok
19:39:05.0648 3696 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:39:05.0661 3696 clr_optimization_v4.0.30319_64 - ok
19:39:05.0683 3696 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:39:05.0710 3696 CmBatt - ok
19:39:05.0736 3696 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:39:05.0751 3696 cmdide - ok
19:39:05.0778 3696 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
19:39:05.0813 3696 CNG - ok
19:39:05.0824 3696 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:39:05.0839 3696 Compbatt - ok
19:39:05.0871 3696 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:39:05.0907 3696 CompositeBus - ok
19:39:05.0924 3696 COMSysApp - ok
19:39:05.0938 3696 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:39:05.0953 3696 crcdisk - ok
19:39:05.0997 3696 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
19:39:06.0017 3696 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
19:39:06.0017 3696 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
19:39:06.0047 3696 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
19:39:06.0063 3696 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
19:39:06.0063 3696 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
19:39:06.0108 3696 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:39:06.0149 3696 CryptSvc - ok
19:39:06.0190 3696 [ DF908DFC09A49F6F71A88E1EBFED97D6 ] CT20XUT C:\Windows\system32\drivers\CT20XUT.SYS
19:39:06.0211 3696 CT20XUT - ok
19:39:06.0224 3696 [ DF908DFC09A49F6F71A88E1EBFED97D6 ] CT20XUT.SYS C:\Windows\System32\drivers\CT20XUT.SYS
19:39:06.0237 3696 CT20XUT.SYS - ok
19:39:06.0270 3696 [ 8B15225C82E7F6064D4523DF494BF112 ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
19:39:06.0288 3696 ctac32k - ok
19:39:06.0307 3696 [ 80298AE72BDCF141DE89CF4DD54E286A ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
19:39:06.0325 3696 ctaud2k - ok
19:39:06.0404 3696 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
19:39:06.0425 3696 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
19:39:06.0425 3696 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
19:39:06.0461 3696 [ 76E301B0465F0F8D4AD50B1E21A429F2 ] CTEXFIFX C:\Windows\system32\drivers\CTEXFIFX.SYS
19:39:06.0490 3696 CTEXFIFX - ok
19:39:06.0527 3696 [ 76E301B0465F0F8D4AD50B1E21A429F2 ] CTEXFIFX.SYS C:\Windows\System32\drivers\CTEXFIFX.SYS
19:39:06.0556 3696 CTEXFIFX.SYS - ok
19:39:06.0567 3696 [ 9DD0C0D2EAABB276229B0FBADBABBCDE ] CTHWIUT C:\Windows\system32\drivers\CTHWIUT.SYS
19:39:06.0579 3696 CTHWIUT - ok
19:39:06.0583 3696 [ 9DD0C0D2EAABB276229B0FBADBABBCDE ] CTHWIUT.SYS C:\Windows\System32\drivers\CTHWIUT.SYS
19:39:06.0595 3696 CTHWIUT.SYS - ok
19:39:06.0602 3696 [ 95FE230FB90AAE0240ED6B5882659236 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
19:39:06.0612 3696 ctprxy2k - ok
19:39:06.0628 3696 [ 95DEEDAC0EB4EA39E8E52C82874ECD55 ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
19:39:06.0641 3696 ctsfm2k - ok
19:39:06.0679 3696 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:39:06.0783 3696 DcomLaunch - ok
19:39:06.0920 3696 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:39:06.0987 3696 defragsvc - ok
19:39:07.0027 3696 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:39:07.0083 3696 DfsC - ok
19:39:07.0120 3696 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:39:07.0160 3696 Dhcp - ok
19:39:07.0185 3696 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:39:07.0220 3696 discache - ok
19:39:07.0246 3696 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:39:07.0261 3696 Disk - ok
19:39:07.0292 3696 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:39:07.0333 3696 Dnscache - ok
19:39:07.0365 3696 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:39:07.0444 3696 dot3svc - ok
19:39:07.0489 3696 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
19:39:07.0530 3696 Dot4 - ok
19:39:07.0544 3696 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
19:39:07.0574 3696 Dot4Print - ok
19:39:07.0593 3696 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
19:39:07.0618 3696 dot4usb - ok
19:39:07.0649 3696 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:39:07.0696 3696 DPS - ok
19:39:07.0734 3696 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:39:07.0774 3696 drmkaud - ok
19:39:07.0813 3696 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:39:07.0840 3696 DXGKrnl - ok
19:39:07.0862 3696 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:39:07.0905 3696 EapHost - ok
19:39:07.0973 3696 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:39:08.0063 3696 ebdrv - ok
19:39:08.0089 3696 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:39:08.0136 3696 EFS - ok
19:39:08.0177 3696 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:39:08.0238 3696 ehRecvr - ok
19:39:08.0260 3696 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:39:08.0290 3696 ehSched - ok
19:39:08.0317 3696 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:39:08.0342 3696 elxstor - ok
19:39:08.0373 3696 [ 1125E333BB0BA07EA83C13AEDA00ECCB ] emupia C:\Windows\system32\drivers\emupia2k.sys
19:39:08.0385 3696 emupia - ok
19:39:08.0412 3696 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:39:08.0442 3696 ErrDev - ok
19:39:08.0478 3696 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:39:08.0549 3696 EventSystem - ok
19:39:08.0563 3696 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:39:08.0612 3696 exfat - ok
19:39:08.0631 3696 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:39:08.0683 3696 fastfat - ok
19:39:08.0729 3696 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:39:08.0786 3696 Fax - ok
19:39:08.0800 3696 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:39:08.0817 3696 fdc - ok
19:39:08.0826 3696 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:39:08.0876 3696 fdPHost - ok
19:39:08.0886 3696 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:39:08.0932 3696 FDResPub - ok
19:39:08.0947 3696 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:39:08.0961 3696 FileInfo - ok
19:39:08.0970 3696 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:39:09.0031 3696 Filetrace - ok
19:39:09.0034 3696 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:39:09.0059 3696 flpydisk - ok
19:39:09.0087 3696 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:39:09.0104 3696 FltMgr - ok
19:39:09.0147 3696 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:39:09.0205 3696 FontCache - ok
19:39:09.0250 3696 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:39:09.0262 3696 FontCache3.0.0.0 - ok
19:39:09.0273 3696 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:39:09.0289 3696 FsDepends - ok
19:39:09.0317 3696 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:39:09.0337 3696 Fs_Rec - ok
19:39:09.0377 3696 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:39:09.0434 3696 fvevol - ok
19:39:09.0457 3696 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:39:09.0472 3696 gagp30kx - ok
19:39:09.0501 3696 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:39:09.0512 3696 GEARAspiWDM - ok
19:39:09.0551 3696 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:39:09.0612 3696 gpsvc - ok
19:39:09.0687 3696 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:39:09.0706 3696 gupdate - ok
19:39:09.0737 3696 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:39:09.0754 3696 gupdatem - ok
19:39:09.0790 3696 [ FB82CE21D7B134DE2D270DB9DA646818 ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
19:39:09.0820 3696 ha20x2k - ok
19:39:09.0852 3696 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
19:39:09.0864 3696 hamachi - ok
19:39:09.0956 3696 [ 785FD63B74B30986A9F2C7D965CA509F ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
19:39:10.0007 3696 Hamachi2Svc - ok
19:39:10.0023 3696 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:39:10.0053 3696 hcw85cir - ok
19:39:10.0102 3696 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:39:10.0133 3696 HdAudAddService - ok
19:39:10.0159 3696 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:39:10.0190 3696 HDAudBus - ok
19:39:10.0206 3696 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:39:10.0231 3696 HidBatt - ok
19:39:10.0248 3696 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:39:10.0279 3696 HidBth - ok
19:39:10.0293 3696 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:39:10.0322 3696 HidIr - ok
19:39:10.0341 3696 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:39:10.0390 3696 hidserv - ok
19:39:10.0436 3696 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:39:10.0458 3696 HidUsb - ok
19:39:10.0485 3696 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:39:10.0532 3696 hkmsvc - ok
19:39:10.0558 3696 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:39:10.0592 3696 HomeGroupListener - ok
19:39:10.0623 3696 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:39:10.0651 3696 HomeGroupProvider - ok
19:39:10.0685 3696 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:39:10.0701 3696 HpSAMD - ok
19:39:10.0746 3696 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:39:10.0812 3696 HTTP - ok
19:39:10.0841 3696 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:39:10.0854 3696 hwpolicy - ok
19:39:10.0877 3696 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:39:10.0894 3696 i8042prt - ok
19:39:10.0920 3696 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:39:10.0944 3696 iaStorV - ok
19:39:10.0985 3696 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:39:11.0029 3696 idsvc - ok
19:39:11.0057 3696 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:39:11.0077 3696 iirsp - ok
19:39:11.0106 3696 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:39:11.0168 3696 IKEEXT - ok
19:39:11.0185 3696 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:39:11.0199 3696 intelide - ok
19:39:11.0218 3696 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:39:11.0232 3696 intelppm - ok
19:39:11.0266 3696 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:39:11.0316 3696 IPBusEnum - ok
19:39:11.0343 3696 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:39:11.0394 3696 IpFilterDriver - ok
19:39:11.0432 3696 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:39:11.0463 3696 iphlpsvc - ok
19:39:11.0490 3696 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:39:11.0525 3696 IPMIDRV - ok
19:39:11.0547 3696 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:39:11.0596 3696 IPNAT - ok
19:39:11.0662 3696 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:39:11.0700 3696 iPod Service - ok
19:39:11.0724 3696 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:39:11.0754 3696 IRENUM - ok
19:39:11.0768 3696 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:39:11.0782 3696 isapnp - ok
19:39:11.0796 3696 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:39:11.0815 3696 iScsiPrt - ok
19:39:11.0835 3696 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:39:11.0850 3696 kbdclass - ok
19:39:11.0882 3696 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:39:11.0907 3696 kbdhid - ok
19:39:11.0922 3696 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:39:11.0937 3696 KeyIso - ok
19:39:11.0978 3696 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:39:11.0994 3696 KSecDD - ok
19:39:12.0027 3696 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:39:12.0043 3696 KSecPkg - ok
19:39:12.0055 3696 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:39:12.0096 3696 ksthunk - ok
19:39:12.0127 3696 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:39:12.0206 3696 KtmRm - ok
19:39:12.0243 3696 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:39:12.0293 3696 LanmanServer - ok
19:39:12.0327 3696 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:39:12.0371 3696 LanmanWorkstation - ok
19:39:12.0466 3696 [ 7447F069CE66633DAFA0B2DEEE7AF5BA ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
19:39:12.0493 3696 LBTServ - ok
19:39:12.0542 3696 [ 0A7D6ED578D85F0C35353424EE3F5245 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:39:12.0558 3696 LHidFilt - ok
19:39:12.0579 3696 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:39:12.0635 3696 lltdio - ok
19:39:12.0662 3696 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:39:12.0713 3696 lltdsvc - ok
19:39:12.0726 3696 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:39:12.0763 3696 lmhosts - ok
19:39:12.0767 3696 [ 6542E2E6DB58118FBB1B82A68CE3AFF9 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:39:12.0777 3696 LMouFilt - ok
19:39:12.0795 3696 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:39:12.0810 3696 LSI_FC - ok
19:39:12.0826 3696 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:39:12.0842 3696 LSI_SAS - ok
19:39:12.0856 3696 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:39:12.0871 3696 LSI_SAS2 - ok
19:39:12.0887 3696 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:39:12.0903 3696 LSI_SCSI - ok
19:39:12.0924 3696 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:39:12.0973 3696 luafv - ok
19:39:12.0995 3696 [ DA3494DF01C62D821911ED91CE5E1642 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
19:39:13.0006 3696 LUsbFilt - ok
19:39:13.0032 3696 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:39:13.0059 3696 Mcx2Svc - ok
19:39:13.0071 3696 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:39:13.0086 3696 megasas - ok
19:39:13.0097 3696 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:39:13.0115 3696 MegaSR - ok
19:39:13.0141 3696 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:39:13.0191 3696 MMCSS - ok
19:39:13.0207 3696 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:39:13.0252 3696 Modem - ok
19:39:13.0281 3696 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:39:13.0310 3696 monitor - ok
19:39:13.0331 3696 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:39:13.0345 3696 mouclass - ok
19:39:13.0360 3696 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:39:13.0404 3696 mouhid - ok
19:39:13.0437 3696 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:39:13.0452 3696 mountmgr - ok
19:39:13.0500 3696 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:39:13.0521 3696 MozillaMaintenance - ok
19:39:13.0545 3696 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:39:13.0561 3696 mpio - ok
19:39:13.0573 3696 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:39:13.0609 3696 mpsdrv - ok
19:39:13.0647 3696 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:39:13.0730 3696 MpsSvc - ok
19:39:13.0765 3696 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:39:13.0795 3696 MRxDAV - ok
19:39:13.0822 3696 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:39:13.0847 3696 mrxsmb - ok
19:39:13.0872 3696 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:39:13.0899 3696 mrxsmb10 - ok
19:39:13.0925 3696 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:39:13.0963 3696 mrxsmb20 - ok
19:39:13.0985 3696 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:39:13.0999 3696 msahci - ok
19:39:14.0013 3696 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:39:14.0028 3696 msdsm - ok
19:39:14.0040 3696 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:39:14.0066 3696 MSDTC - ok
19:39:14.0102 3696 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:39:14.0137 3696 Msfs - ok
19:39:14.0142 3696 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:39:14.0184 3696 mshidkmdf - ok
19:39:14.0212 3696 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:39:14.0226 3696 msisadrv - ok
19:39:14.0256 3696 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:39:14.0306 3696 MSiSCSI - ok
19:39:14.0310 3696 msiserver - ok
19:39:14.0325 3696 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:39:14.0367 3696 MSKSSRV - ok
19:39:14.0418 3696 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:39:14.0470 3696 MSPCLOCK - ok
19:39:14.0482 3696 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:39:14.0527 3696 MSPQM - ok
19:39:14.0557 3696 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:39:14.0576 3696 MsRPC - ok
19:39:14.0592 3696 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:39:14.0605 3696 mssmbios - ok
19:39:14.0608 3696 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:39:14.0657 3696 MSTEE - ok
19:39:14.0670 3696 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:39:14.0692 3696 MTConfig - ok
19:39:14.0711 3696 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:39:14.0725 3696 Mup - ok
19:39:14.0754 3696 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:39:14.0811 3696 napagent - ok
19:39:14.0835 3696 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:39:14.0866 3696 NativeWifiP - ok
19:39:14.0913 3696 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:39:14.0959 3696 NDIS - ok
19:39:14.0974 3696 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:39:15.0010 3696 NdisCap - ok
19:39:15.0033 3696 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:39:15.0077 3696 NdisTapi - ok
19:39:15.0116 3696 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:39:15.0158 3696 Ndisuio - ok
19:39:15.0182 3696 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:39:15.0226 3696 NdisWan - ok
19:39:15.0252 3696 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:39:15.0306 3696 NDProxy - ok
19:39:15.0373 3696 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
19:39:15.0403 3696 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:39:15.0403 3696 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:39:15.0415 3696 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:39:15.0469 3696 NetBIOS - ok
19:39:15.0505 3696 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:39:15.0548 3696 NetBT - ok
19:39:15.0563 3696 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:39:15.0579 3696 Netlogon - ok
19:39:15.0605 3696 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:39:15.0656 3696 Netman - ok
19:39:15.0683 3696 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:39:15.0695 3696 NetMsmqActivator - ok
19:39:15.0717 3696 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:39:15.0728 3696 NetPipeActivator - ok
19:39:15.0741 3696 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:39:15.0805 3696 netprofm - ok
19:39:15.0810 3696 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:39:15.0821 3696 NetTcpActivator - ok
19:39:15.0825 3696 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:39:15.0837 3696 NetTcpPortSharing - ok
19:39:15.0859 3696 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:39:15.0874 3696 nfrd960 - ok
19:39:15.0901 3696 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:39:15.0937 3696 NlaSvc - ok
19:39:15.0988 3696 [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
19:39:16.0036 3696 nmwcd - ok
19:39:16.0069 3696 [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
19:39:16.0122 3696 nmwcdc - ok
19:39:16.0143 3696 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:39:16.0178 3696 Npfs - ok
19:39:16.0198 3696 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:39:16.0256 3696 nsi - ok
19:39:16.0271 3696 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:39:16.0320 3696 nsiproxy - ok
19:39:16.0400 3696 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:39:16.0473 3696 Ntfs - ok
19:39:16.0487 3696 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:39:16.0522 3696 Null - ok
19:39:16.0559 3696 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:39:16.0575 3696 nvraid - ok
19:39:16.0599 3696 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:39:16.0615 3696 nvstor - ok
19:39:16.0637 3696 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:39:16.0653 3696 nv_agp - ok
19:39:16.0679 3696 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:39:16.0702 3696 ohci1394 - ok
19:39:16.0718 3696 [ FA78441F605C39545810F33A08528AEA ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
19:39:16.0730 3696 ossrv - ok
19:39:16.0740 3696 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:39:16.0771 3696 p2pimsvc - ok
19:39:16.0790 3696 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:39:16.0822 3696 p2psvc - ok
19:39:16.0847 3696 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:39:16.0862 3696 Parport - ok
19:39:16.0894 3696 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:39:16.0909 3696 partmgr - ok
19:39:16.0924 3696 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:39:16.0956 3696 PcaSvc - ok
19:39:16.0994 3696 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
19:39:17.0095 3696 pccsmcfd - ok
19:39:17.0155 3696 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:39:17.0189 3696 pci - ok
19:39:17.0236 3696 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:39:17.0257 3696 pciide - ok
19:39:17.0278 3696 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:39:17.0297 3696 pcmcia - ok
19:39:17.0315 3696 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:39:17.0330 3696 pcw - ok
19:39:17.0344 3696 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:39:17.0414 3696 PEAUTH - ok
19:39:17.0489 3696 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:39:17.0521 3696 PerfHost - ok
19:39:17.0578 3696 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:39:17.0657 3696 pla - ok
19:39:17.0683 3696 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:39:17.0715 3696 PlugPlay - ok
19:39:17.0747 3696 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:39:17.0755 3696 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:39:17.0755 3696 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:39:17.0766 3696 PnkBstrA - ok
19:39:17.0787 3696 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:39:17.0823 3696 PNRPAutoReg - ok
19:39:17.0841 3696 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:39:17.0860 3696 PNRPsvc - ok
19:39:17.0892 3696 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:39:17.0945 3696 PolicyAgent - ok
19:39:17.0973 3696 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:39:18.0027 3696 Power - ok
19:39:18.0054 3696 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:39:18.0090 3696 PptpMiniport - ok
19:39:18.0115 3696 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:39:18.0144 3696 Processor - ok
19:39:18.0169 3696 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:39:18.0189 3696 ProfSvc - ok
19:39:18.0196 3696 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:39:18.0213 3696 ProtectedStorage - ok
19:39:18.0244 3696 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:39:18.0289 3696 Psched - ok
19:39:18.0329 3696 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:39:18.0380 3696 ql2300 - ok
19:39:18.0411 3696 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:39:18.0428 3696 ql40xx - ok
19:39:18.0453 3696 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:39:18.0488 3696 QWAVE - ok
19:39:18.0505 3696 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:39:18.0524 3696 QWAVEdrv - ok
19:39:18.0539 3696 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:39:18.0599 3696 RasAcd - ok
19:39:18.0627 3696 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:39:18.0662 3696 RasAgileVpn - ok
19:39:18.0673 3696 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:39:18.0712 3696 RasAuto - ok
19:39:18.0742 3696 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:39:18.0805 3696 Rasl2tp - ok
19:39:18.0836 3696 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:39:18.0878 3696 RasMan - ok
19:39:18.0894 3696 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:39:18.0936 3696 RasPppoe - ok
19:39:18.0950 3696 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:39:18.0992 3696 RasSstp - ok
19:39:19.0022 3696 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:39:19.0067 3696 rdbss - ok
19:39:19.0080 3696 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:39:19.0110 3696 rdpbus - ok
19:39:19.0118 3696 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:39:19.0155 3696 RDPCDD - ok
19:39:19.0165 3696 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:39:19.0213 3696 RDPENCDD - ok
19:39:19.0226 3696 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:39:19.0261 3696 RDPREFMP - ok
19:39:19.0305 3696 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:39:19.0334 3696 RdpVideoMiniport - ok
19:39:19.0379 3696 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:39:19.0430 3696 RDPWD - ok
19:39:19.0465 3696 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:39:19.0489 3696 rdyboost - ok
19:39:19.0510 3696 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:39:19.0558 3696 RemoteAccess - ok
19:39:19.0587 3696 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:39:19.0639 3696 RemoteRegistry - ok
19:39:19.0661 3696 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:39:19.0712 3696 RpcEptMapper - ok
19:39:19.0733 3696 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:39:19.0765 3696 RpcLocator - ok
19:39:19.0802 3696 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:39:19.0843 3696 RpcSs - ok
19:39:19.0866 3696 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:39:19.0924 3696 rspndr - ok
19:39:19.0961 3696 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:39:19.0987 3696 RTL8167 - ok
19:39:19.0997 3696 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:39:20.0013 3696 SamSs - ok
19:39:20.0036 3696 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:39:20.0052 3696 sbp2port - ok
19:39:20.0064 3696 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:39:20.0113 3696 SCardSvr - ok
19:39:20.0136 3696 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:39:20.0190 3696 scfilter - ok
19:39:20.0236 3696 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:39:20.0301 3696 Schedule - ok
19:39:20.0333 3696 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:39:20.0367 3696 SCPolicySvc - ok
19:39:20.0429 3696 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:39:20.0463 3696 SDRSVC - ok
19:39:20.0481 3696 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:39:20.0524 3696 secdrv - ok
19:39:20.0552 3696 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:39:20.0600 3696 seclogon - ok
19:39:20.0610 3696 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:39:20.0648 3696 SENS - ok
19:39:20.0655 3696 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:39:20.0685 3696 SensrSvc - ok
19:39:20.0699 3696 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:39:20.0716 3696 Serenum - ok
19:39:20.0729 3696 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:39:20.0759 3696 Serial - ok
19:39:20.0779 3696 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:39:20.0796 3696 sermouse - ok
19:39:20.0857 3696 [ F31E9531AF225CA25350D5E87E999B31 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
19:39:20.0898 3696 ServiceLayer - ok
19:39:20.0935 3696 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:39:20.0973 3696 SessionEnv - ok
19:39:21.0002 3696 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:39:21.0032 3696 sffdisk - ok
19:39:21.0046 3696 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:39:21.0070 3696 sffp_mmc - ok
19:39:21.0073 3696 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:39:21.0097 3696 sffp_sd - ok
19:39:21.0114 3696 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:39:21.0130 3696 sfloppy - ok
19:39:21.0153 3696 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:39:21.0203 3696 SharedAccess - ok
19:39:21.0231 3696 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:39:21.0291 3696 ShellHWDetection - ok
19:39:21.0311 3696 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:39:21.0326 3696 SiSRaid2 - ok
19:39:21.0338 3696 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:39:21.0353 3696 SiSRaid4 - ok
19:39:21.0396 3696 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:39:21.0434 3696 Smb - ok
19:39:21.0460 3696 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:39:21.0478 3696 SNMPTRAP - ok
19:39:21.0499 3696 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:39:21.0513 3696 spldr - ok
19:39:21.0550 3696 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:39:21.0605 3696 Spooler - ok
19:39:21.0686 3696 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:39:21.0818 3696 sppsvc - ok
19:39:21.0839 3696 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:39:21.0890 3696 sppuinotify - ok
19:39:21.0951 3696 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\System32\Drivers\sptd.sys
19:39:21.0988 3696 sptd - ok
19:39:22.0021 3696 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:39:22.0053 3696 srv - ok
19:39:22.0088 3696 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:39:22.0107 3696 srv2 - ok
19:39:22.0123 3696 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:39:22.0146 3696 srvnet - ok
19:39:22.0171 3696 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:39:22.0224 3696 SSDPSRV - ok
19:39:22.0243 3696 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:39:22.0283 3696 SstpSvc - ok
19:39:22.0329 3696 Steam Client Service - ok
19:39:22.0354 3696 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:39:22.0375 3696 stexstor - ok
19:39:22.0420 3696 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
19:39:22.0458 3696 StillCam - ok
19:39:22.0506 3696 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:39:22.0563 3696 stisvc - ok
19:39:22.0588 3696 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:39:22.0608 3696 swenum - ok
19:39:22.0641 3696 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:39:22.0709 3696 swprv - ok
19:39:22.0759 3696 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:39:22.0829 3696 SysMain - ok
19:39:22.0856 3696 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:39:22.0893 3696 TabletInputService - ok
19:39:22.0934 3696 [ F33FDC72298DF4BF9813A55D21F4EB31 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
19:39:22.0950 3696 taphss - ok
19:39:22.0982 3696 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:39:23.0055 3696 TapiSrv - ok
19:39:23.0067 3696 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:39:23.0117 3696 TBS - ok
19:39:23.0172 3696 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:39:23.0245 3696 Tcpip - ok
19:39:23.0283 3696 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:39:23.0321 3696 TCPIP6 - ok
19:39:23.0338 3696 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:39:23.0371 3696 tcpipreg - ok
19:39:23.0406 3696 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:39:23.0439 3696 TDPIPE - ok
19:39:23.0470 3696 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:39:23.0499 3696 TDTCP - ok
19:39:23.0532 3696 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:39:23.0584 3696 tdx - ok
19:39:23.0704 3696 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
19:39:23.0774 3696 TeamViewer8 - ok
19:39:23.0819 3696 [ F5520DBB47C60EE83024B38720ABDA24 ] teamviewervpn C:\Windows\system32\DRIVERS\teamviewervpn.sys
19:39:23.0836 3696 teamviewervpn - ok
19:39:23.0861 3696 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:39:23.0876 3696 TermDD - ok
19:39:23.0913 3696 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:39:23.0966 3696 TermService - ok
19:39:23.0988 3696 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:39:24.0020 3696 Themes - ok
19:39:24.0041 3696 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:39:24.0077 3696 THREADORDER - ok
19:39:24.0092 3696 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:39:24.0144 3696 TrkWks - ok
19:39:24.0183 3696 [ 8DE922CD4FEA6F83B10805DF965B9A08 ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
19:39:24.0198 3696 truecrypt - ok
19:39:24.0246 3696 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:39:24.0310 3696 TrustedInstaller - ok
19:39:24.0343 3696 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:39:24.0387 3696 tssecsrv - ok
19:39:24.0440 3696 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:39:24.0471 3696 TsUsbFlt - ok
19:39:24.0510 3696 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:39:24.0557 3696 tunnel - ok
19:39:24.0581 3696 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:39:24.0597 3696 uagp35 - ok
19:39:24.0623 3696 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:39:24.0675 3696 udfs - ok
19:39:24.0703 3696 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:39:24.0722 3696 UI0Detect - ok
19:39:24.0733 3696 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:39:24.0749 3696 uliagpkx - ok
19:39:24.0776 3696 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:39:24.0802 3696 umbus - ok
19:39:24.0813 3696 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:39:24.0829 3696 UmPass - ok
19:39:24.0847 3696 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:39:24.0910 3696 upnphost - ok
19:39:24.0942 3696 [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
19:39:24.0970 3696 upperdev - ok
19:39:24.0996 3696 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:39:25.0028 3696 usbccgp - ok
19:39:25.0065 3696 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:39:25.0103 3696 usbcir - ok
19:39:25.0128 3696 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:39:25.0150 3696 usbehci - ok
19:39:25.0187 3696 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:39:25.0225 3696 usbhub - ok
19:39:25.0239 3696 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:39:25.0257 3696 usbohci - ok
19:39:25.0271 3696 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:39:25.0290 3696 usbprint - ok
19:39:25.0333 3696 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
19:39:25.0354 3696 usbser - ok
19:39:25.0417 3696 [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
19:39:25.0456 3696 UsbserFilt - ok
19:39:25.0475 3696 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:39:25.0501 3696 USBSTOR - ok
19:39:25.0522 3696 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:39:25.0538 3696 usbuhci - ok
19:39:25.0558 3696 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:39:25.0596 3696 UxSms - ok
19:39:25.0604 3696 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:39:25.0621 3696 VaultSvc - ok
19:39:25.0658 3696 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:39:25.0672 3696 vdrvroot - ok
19:39:25.0715 3696 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:39:25.0768 3696 vds - ok
19:39:25.0786 3696 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:39:25.0805 3696 vga - ok
19:39:25.0815 3696 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:39:25.0856 3696 VgaSave - ok
19:39:25.0888 3696 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:39:25.0907 3696 vhdmp - ok
19:39:25.0920 3696 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:39:25.0935 3696 viaide - ok
19:39:25.0946 3696 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:39:25.0960 3696 volmgr - ok
19:39:25.0988 3696 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:39:26.0008 3696 volmgrx - ok
19:39:26.0019 3696 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:39:26.0038 3696 volsnap - ok
19:39:26.0072 3696 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
19:39:26.0088 3696 vpcbus - ok
19:39:26.0122 3696 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
19:39:26.0159 3696 vpcnfltr - ok
19:39:26.0177 3696 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
19:39:26.0210 3696 vpcusb - ok
19:39:26.0253 3696 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
19:39:26.0276 3696 vpcvmm - ok
19:39:26.0310 3696 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:39:26.0328 3696 vsmraid - ok
19:39:26.0401 3696 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:39:26.0485 3696 VSS - ok
19:39:26.0511 3696 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:39:26.0538 3696 vwifibus - ok
19:39:26.0562 3696 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:39:26.0626 3696 W32Time - ok
19:39:26.0640 3696 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:39:26.0665 3696 WacomPen - ok
19:39:26.0705 3696 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:39:26.0750 3696 WANARP - ok
19:39:26.0758 3696 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:39:26.0793 3696 Wanarpv6 - ok
19:39:26.0832 3696 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:39:26.0878 3696 wbengine - ok
19:39:26.0894 3696 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:39:26.0920 3696 WbioSrvc - ok
19:39:26.0954 3696 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:39:26.0997 3696 wcncsvc - ok
19:39:27.0013 3696 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:39:27.0031 3696 WcsPlugInService - ok
19:39:27.0048 3696 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:39:27.0062 3696 Wd - ok
19:39:27.0104 3696 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:39:27.0148 3696 Wdf01000 - ok
19:39:27.0159 3696 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:39:27.0194 3696 WdiServiceHost - ok
19:39:27.0197 3696 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:39:27.0220 3696 WdiSystemHost - ok
19:39:27.0249 3696 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:39:27.0280 3696 WebClient - ok
19:39:27.0311 3696 [ D5BA7D43FA2EF656BF7E98A188391E40 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:39:27.0354 3696 Wecsvc - ok
19:39:27.0372 3696 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:39:27.0446 3696 wercplsupport - ok
19:39:27.0459 3696 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:39:27.0511 3696 WerSvc - ok
19:39:27.0536 3696 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:39:27.0571 3696 WfpLwf - ok
19:39:27.0582 3696 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:39:27.0597 3696 WIMMount - ok
19:39:27.0604 3696 WinDefend - ok
19:39:27.0641 3696 [ E32EEC5A7F8D3B57C9C18A93B67137E8 ] Windows7FirewallService C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe
19:39:27.0662 3696 Windows7FirewallService ( UnsignedFile.Multi.Generic ) - warning
19:39:27.0662 3696 Windows7FirewallService - detected UnsignedFile.Multi.Generic (1)
19:39:27.0664 3696 WinHttpAutoProxySvc - ok
19:39:27.0719 3696 [ 136760C1E9697BAF4ECDEAE5590A0806 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:39:27.0759 3696 Winmgmt - ok
19:39:27.0831 3696 [ 3BB6B401A780BF434C8F58137DE10BF7 ] WinRM C:\Windows\system32\WsmSvc.dll
19:39:27.0911 3696 WinRM - ok
19:39:27.0965 3696 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:39:27.0985 3696 WinUsb - ok
19:39:28.0021 3696 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:39:28.0082 3696 Wlansvc - ok
19:39:28.0108 3696 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:39:28.0124 3696 WmiAcpi - ok
19:39:28.0138 3696 [ 4DF841632B62A7CF19A79A05046A8AB1 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:39:28.0164 3696 wmiApSrv - ok
19:39:28.0193 3696 WMPNetworkSvc - ok
19:39:28.0200 3696 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:39:28.0218 3696 WPCSvc - ok
19:39:28.0244 3696 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:39:28.0265 3696 WPDBusEnum - ok
19:39:28.0287 3696 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:39:28.0330 3696 ws2ifsl - ok
19:39:28.0348 3696 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:39:28.0384 3696 wscsvc - ok
19:39:28.0411 3696 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
19:39:28.0439 3696 WSDPrintDevice - ok
19:39:28.0443 3696 WSearch - ok
19:39:28.0508 3696 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:39:28.0607 3696 wuauserv - ok
19:39:28.0633 3696 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:39:28.0659 3696 WudfPf - ok
19:39:28.0685 3696 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:39:28.0715 3696 WUDFRd - ok
19:39:28.0740 3696 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:39:28.0772 3696 wudfsvc - ok
19:39:28.0787 3696 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:39:28.0826 3696 WwanSvc - ok
19:39:28.0839 3696 ================ Scan global ===============================
19:39:28.0859 3696 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:39:28.0891 3696 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:39:28.0913 3696 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:39:28.0944 3696 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:39:28.0969 3696 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:39:28.0985 3696 [Global] - ok
19:39:28.0985 3696 ================ Scan MBR ==================================
19:39:28.0990 3696 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:39:29.0253 3696 \Device\Harddisk0\DR0 - ok
19:39:29.0254 3696 ================ Scan VBR ==================================
19:39:29.0257 3696 [ 2B2FCCCB3093449100FF0F5F590D4AF3 ] \Device\Harddisk0\DR0\Partition1
19:39:29.0258 3696 \Device\Harddisk0\DR0\Partition1 - ok
19:39:29.0294 3696 [ BF78523CFA1A5DA6AD35E18E01259135 ] \Device\Harddisk0\DR0\Partition2
19:39:29.0296 3696 \Device\Harddisk0\DR0\Partition2 - ok
19:39:29.0314 3696 [ 521A615D93809E1EA86DF87CEFB8C5AA ] \Device\Harddisk0\DR0\Partition3
19:39:29.0316 3696 \Device\Harddisk0\DR0\Partition3 - ok
19:39:29.0316 3696 ============================================================
19:39:29.0316 3696 Scan finished
19:39:29.0316 3696 ============================================================
19:39:29.0327 5904 Detected object count: 6
19:39:29.0327 5904 Actual detected object count: 6
19:39:51.0066 5904 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:51.0066 5904 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:39:51.0068 5904 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:51.0068 5904 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:39:51.0069 5904 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:51.0069 5904 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:39:51.0071 5904 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:51.0071 5904 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:39:51.0073 5904 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:51.0073 5904 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:39:51.0074 5904 Windows7FirewallService ( UnsignedFile.Multi.Generic ) - skipped by user
19:39:51.0074 5904 Windows7FirewallService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
13.01.2013, 21:10
| #10 | |
| /// Malware-holic | Mit GVU Trojaner infiziert hi combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.01.2013, 22:49
| #11 |
| | Mit GVU Trojaner infiziert Kaum hört man auf seine Mails alle 5 min zu checken und guckt TV, kommt ne Antwort *g* Ok, hier mein Combofix Log: Code:
ATTFilter ComboFix 13-01-13.01 - Severin 13.01.2013 22:21:14.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2332 [GMT 1:00]
ausgeführt von:: c:\users\Severin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-13 bis 2013-01-13 ))))))))))))))))))))))))))))))
.
.
2013-01-13 21:30 . 2013-01-13 21:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-11 22:26 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C752FA1-CB07-43B7-A192-7114628FE9A1}\mpengine.dll
2013-01-11 22:12 . 2013-01-11 22:12 -------- d-----w- C:\_OTL
2013-01-10 23:18 . 2013-01-10 23:18 -------- d-----w- c:\users\Severin\AppData\Roaming\Malwarebytes
2013-01-10 23:18 . 2013-01-10 23:18 -------- d-----w- c:\programdata\Malwarebytes
2013-01-10 23:18 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-10 23:18 . 2013-01-10 23:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-10 23:17 . 2013-01-10 23:17 -------- d-----w- c:\users\Severin\AppData\Local\Programs
2013-01-10 22:24 . 2013-01-10 22:24 -------- d-----w- c:\program files (x86)\Samsung
2013-01-10 21:03 . 2013-01-11 23:21 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-01-09 08:32 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 08:32 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 08:32 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 08:32 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 08:32 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 08:32 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-09 08:32 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 08:32 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 08:31 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 08:31 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-21 13:16 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 13:16 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 13:16 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 13:16 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-20 18:56 . 2012-12-20 18:56 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 09:07 . 2010-11-03 17:35 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-20 19:45 . 2010-11-04 17:24 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-12-20 19:45 . 2010-11-04 07:26 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-12-20 19:44 . 2010-11-04 07:26 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-12-13 07:20 . 2012-04-14 19:40 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-13 07:20 . 2011-06-13 08:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-14 07:06 . 2012-12-12 20:52 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 20:52 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 20:52 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 20:52 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 20:52 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 20:52 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 20:52 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 20:52 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 20:52 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 20:52 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 20:52 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 20:52 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 20:52 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 20:52 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 20:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 20:52 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 20:52 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 20:52 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 20:52 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 20:52 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 20:52 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 20:52 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 20:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 20:19 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-12 20:19 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 20:19 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-30 22:51 . 2010-11-02 22:38 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2011-05-13 05:52 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2010-11-02 22:38 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2010-11-02 22:38 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2010-11-02 22:38 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2010-11-02 22:38 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2010-11-02 22:38 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2011-01-14 07:07 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-16 08:38 . 2012-12-12 20:50 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-12 20:50 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-12 20:50 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\tbWinl.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-03-17 14:45 2355224 ----a-w- c:\program files (x86)\Winload\tbWinl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\tbWinl.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Severin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Severin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Severin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"HotSwap! Applet"="c:\users\Severin\Desktop\HotSwap!.EXE" [2009-01-10 103936]
"HP Photosmart 6510 series (NET)"="c:\program files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" [2011-05-25 2672488]
"Steam"="d:\program files (x86)\Steam\Steam.exe" [2012-12-06 1354736]
"Spotify Web Helper"="c:\users\Severin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-01-04 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
"Windows7FirewallControl"="c:\program files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe" [2010-04-09 753664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"CTxfiHlp"="CTXFIHLP.EXE" [2011-08-22 25600]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
.
c:\users\Severin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Severin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-22 28538560]
Tintenwarnungen überwachen - HP Photosmart 6510 series (Netzwerk).lnk - c:\windows\system32\RunDll32.exe [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe [2012-5-5 1380504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-01-06 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-01-06 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2011-08-22 202840]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2011-08-22 1417304]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2011-08-22 94808]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-03 834544]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files (x86)\Windows7FirewallControl\Windows7FirewallService.exe [2010-04-09 372736]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2011-08-22 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2011-08-22 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2011-08-22 94808]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-12-16 35112]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 29257555
*NewlyCreated* - 73943673
*Deregistered* - 29257555
*Deregistered* - 73943673
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-16 21:25]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-16 21:25]
.
2013-01-13 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Severin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Severin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Severin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Severin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cFosSpeed"="c:\program files\cFosSpeed\cFosSpeed.exe" [2010-09-22 1245912]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1609296]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: BID Link Explorer: Öffne aktuelle Seite - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: BID: Link in Queue einreihen - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: BID: Seite in &Queue einreihen - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: BID: Öffne aktuelle Seite - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebid.htm
IE: BID: Öffne diesen &Link - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm
TCP: DhcpNameServer = 192.168.178.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Severin\AppData\Roaming\Mozilla\Firefox\Profiles\w1snvgrr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\users\Severin\AppData\Roaming\Mozilla\Firefox\Profiles\w1snvgrr.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
WebBrowser-{40C3CC16-7269-4B32-9531-17F2950FB06F} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3078376766-442276371-979753471-1001\Software\SecuROM\License information*]
"datasecu"=hex:fc,3d,7c,44,2a,f5,dd,08,7e,74,b0,3f,7a,d0,b9,2d,df,45,bc,f0,af,
ca,ae,d7,2c,b3,84,b3,6d,7d,50,26,d5,e4,16,cf,09,27,a0,b4,eb,da,b8,84,a4,67,\
"rkeysecu"=hex:ea,54,87,05,f9,c9,85,3d,fe,ed,bf,d8,93,40,ca,e8
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-13 22:43:33
ComboFix-quarantined-files.txt 2013-01-13 21:43
.
Vor Suchlauf: 9 Verzeichnis(se), 13.393.481.728 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 13.240.115.200 Bytes frei
.
- - End Of File - - B48286F69BF3309BFCD72686960C3966
|
|
14.01.2013, 20:29
| #12 |
| /// Malware-holic | Mit GVU Trojaner infiziert lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.01.2013, 23:31
| #13 |
| | Mit GVU Trojaner infiziert Oha, das war stellenweise gar nicht so einfach. Bei den Creative und HP Geschichten (Sounkarte und Drucker) bin ich mir nicht sicher, was ich davon wirklich nutze und was nicht. Ausserdem weiß ich grade nicht mehr für was ich Microsoft .NET installiert hatte. Acrobat, CD Burner und Java scheint in alt und neu dabei zu sein. Gut und bei manchen Spielen kann man sich über "notwendig" auch streiten. *g* Hier ist nun erstmal die Liste: Code:
ATTFilter 7-Zip 4.65 (x64 edition) Igor Pavlov 03.11.2010 3,98MB 4.65.00.0 notwendig Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 13.02.2011 10.0.22.87 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 13.12.2012 6,00MB 11.5.502.135 notwendig (aber einer von beiden reicht wohl) Adobe Reader X (10.1.5) - Deutsch Adobe Systems Incorporated 09.01.2013 122MB 10.1.5 notwendig Amazon MP3-Downloader 1.0.9 17.10.2011 notwendig AMD Catalyst Install Manager Advanced Micro Devices, Inc. 11.07.2012 26,2MB 8.0.877.0 notwendig Apple Application Support Apple Inc. 30.07.2012 61,0MB 2.1.9 unnötig Apple Mobile Device Support Apple Inc. 30.07.2012 24,9MB 5.2.0.6 unnötig Apple Software Update Apple Inc. 14.10.2011 2,38MB 2.1.3.127 unnötig avast! Free Antivirus AVAST Software 03.11.2012 7.0.1474.0 notwendig Battlefield 3™ Electronic Arts 03.11.2011 1.4.0.0 notwendig Battlefield: Bad Company™ 2 Electronic Arts 04.11.2010 5,73GB 1.0.0.0 notwendig Battlelog Web Plugins EA Digital Illusions CE AB 22.11.2012 2.1.2 notwendig BC2CC i3D.net 26.02.2011 2.3.1.0 notwendig BF3CC i3D 05.01.2012 0.3.0.25 notwendig Bing Bar Microsoft Corporation 27.08.2012 464KB 7.1.391.0 unnötig Bonjour Apple Inc. 14.10.2011 2,04MB 3.0.0.10 unnötig Bulk Image Downloader v4.35.0.0 Antibody Software 09.02.2012 13,6MB unnötig Burnout(TM) Paradise The Ultimate Box Electronic Arts 16.11.2011 3,38GB 1.1.0.0 notwendig calibre Kovid Goyal 01.05.2012 126MB 0.8.49 unnötig CCleaner Piriform 19.12.2012 3.26 notwendig CDBurnerXP CDBurnerXP 12.12.2010 15,7MB 4.3.8.2474 notwendig CDBurnerXP CDBurnerXP 23.12.2012 16,9MB 4.5.0.3685 notwendig (aber einer von beiden reicht wohl) cFosSpeed v6.02 cFos Software GmbH, Bonn 02.11.2010 6.02 notwendig Creative ALchemy Creative Technology Limited 06.01.2011 1.41 notwendig Creative Audio Control Panel Creative Technology Limited 11.11.2011 2.00 notwendig Creative Konsole Starter Creative Technology Limited 06.01.2011 notwendig Creative MediaSource 5 Creative Technology Limited 06.01.2011 5.26 notwendig Creative Software AutoUpdate Creative Technology Limited 11.11.2011 1.40 notwendig Creative Sound Blaster Properties x64 Edition 11.11.2011 notwendig Creative WaveStudio 7 Creative Technology Limited 06.01.2011 7.12 notwendig Driver Sweeper Version 2.8.0 Phyxion.net 05.01.2011 14,0MB 2.8.0 unnötig Dropbox Dropbox, Inc. 23.12.2012 1.6.10 notwendig Envisioneer Express 5.0 Cadsoft Corporation 07.07.2012 331MB 5.0 unnötig ESN Sonar ESN Social Software AB 08.11.2012 0.70.0 unbekannt GIMP 2.6.8 03.11.2010 notwendig Google Earth Google 22.11.2011 92,7MB 6.1.0.5001 unnötig Google SketchUp 8 Google, Inc. 06.07.2012 71,9MB 3.0.14358 unnötig GPL Ghostscript Artifex Software Inc. 23.12.2011 9.04 notwendig HP Photo Creations HP Photo Creations 22.12.2011 40,0MB 1.0.0.5192 notwendig HP Photosmart 6510 series - Grundlegende Software für das Gerät Hewlett-Packard Co. 22.12.2011 164MB 24.0.342.0 notwendig HP Photosmart 6510 series Hilfe Hewlett Packard 22.12.2011 8,71MB 140.0.2.2 notwendig HP Product Detection HP 08.05.2012 1,86MB 11.14.0001 notwendig HP Update Hewlett-Packard 20.12.2011 3,98MB 5.003.001.001 notwendig IrfanView (remove only) Irfan Skiljan 03.11.2010 1,50MB 4.27 notwendig iTunes Apple Inc. 30.07.2012 182MB 10.6.3.25 notwendig IZArc 4.1.2 Ivan Zahariev 21.11.2010 13,3MB 4.1.2 unnötig Java 7 Update 7 (64-bit) Oracle 02.09.2012 127MB 7.0.70 notwendig Java 7 Update 9 Oracle 03.09.2012 128MB 7.0.90 unnötig Java(TM) 6 Update 24 (64-bit) Oracle 25.04.2011 90,7MB 6.0.240 unnötig JavaFX 2.1.1 Oracle Corporation 09.07.2012 20,8MB 2.1.1 unbekannt JDownloader AppWork UG (haftungsbeschränkt) 06.11.2010 unnötig LEGO Digital Designer LEGO A/S 13.02.2011 unnötig Logitech SetPoint 6.15 Logitech 04.11.2010 39,0MB 6.15.25 notwendig LogMeIn Hamachi LogMeIn, Inc. 20.12.2012 2.1.0.294 notwendig Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 11.01.2013 18,4MB 1.70.0.1100 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 03.11.2010 38,8MB 4.0.30319 notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 03.11.2010 2,93MB 4.0.30319 notwendig Microsoft .NET Framework 4 Extended Microsoft Corporation 20.11.2010 51,9MB 4.0.30319 notwendig Microsoft Silverlight Microsoft Corporation 14.05.2012 80,3MB 4.1.10329.0 notwendig Microsoft SQL Server Compact 4.0 x64 DEU Microsoft Corporation 17.04.2012 20,4MB 4.0.8482.1 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 09.07.2011 300KB 8.0.61001 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 02.11.2010 2,52MB 9.0.21022 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 04.11.2010 786KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 09.07.2011 788KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Corporation 25.07.2012 1,46MB 9.0.30411 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 30.09.2011 238KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 02.11.2010 596KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 09.07.2011 600KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 30.09.2011 13,8MB 10.0.40219 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 30.09.2011 15,0MB 10.0.40219 unbekannt Minutor Sean Kasun 01.04.2012 253KB 1.6.0 notwendig MozBackup 1.4.9 Pavel Cvrcek 02.11.2010 notwendig Mozilla Firefox 18.0 (x86 de) Mozilla 11.01.2013 43,4MB 18.0 notwendig Mozilla Maintenance Service Mozilla 12.01.2013 330KB 17.0.2 notwendig Mozilla Thunderbird 17.0.2 (x86 de) Mozilla 12.01.2013 43,3MB 17.0.2 notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 17.07.2011 1,27MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 17.07.2011 1,33MB 4.20.9876.0 unbekannt Nokia Connectivity Cable Driver Nokia 17.02.2012 3,94MB 7.1.69.0 notwendig Nokia Suite Nokia 20.03.2012 3.3.89.0 notwendig OpenAL 02.11.2010 unbekannt OpenOffice.org 3.4 OpenOffice.org 25.07.2012 346MB 3.4.9590 notwendig Origin Electronic Arts, Inc. 08.03.2012 8.5.0.4554 notwendig PC Connectivity Solution Nokia 17.02.2012 20,8MB 11.5.29.0 notwendig PDFCreator Frank Heindörfer, Philip Chinery 18.12.2011 1.2.3 notwendig Project+ 2.5.1 PHOENIX CONTACT GmbH & Co. KG 25.11.2012 237MB 2.5.158.1 unnötig PunkBuster Services Even Balance, Inc. 03.11.2011 0.991 notwendig QuickPar 0.9 Peter B. Clements 21.11.2010 0.9 unnötig Recuva Piriform 10.12.2010 1.38 unnötig Samsung Data Migration Samsung 10.01.2013 0.9.1.23 notwendig Sid Meier's Civilization 4 Firaxis Games 03.11.2010 1.74 notwendig Sid Meier's Civilization 4 - Beyond the Sword Firaxis Games 03.11.2010 3.19 notwendig SoundFont-Bank-Manager Creative Technology Limited 03.11.2010 3.21 unbekannt Spotify Spotify AB 05.01.2013 0.8.5.1333.g822e0de8 notwendig Steam Valve Corporation 22.06.2012 37,4MB 1.0.0.0 notwendig Studie zur Verbesserung von HP Photosmart 6510 series Produkten Hewlett-Packard Co. 22.12.2011 8,28MB 24.0.342.0 unnötig Sweet Home 3D version 3.5 eTeks 07.07.2012 99,5MB notwendig TeamSpeak 3 Client TeamSpeak Systems GmbH 04.11.2010 notwendig TeamViewer 8 TeamViewer 10.01.2013 8.0.16642 notwendig The Dark Eye: Chains of Satinav 22.06.2012 notwendig TrueCrypt TrueCrypt Foundation 21.11.2011 7.1 notwendig Unity Web Player (All users) Unity Technologies ApS 13.02.2011 12,0MB unbekannt VLC media player 2.0.4 VideoLAN 25.11.2012 2.0.4 notwendig Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Nokia 17.02.2012 08/22/2008 7.0.0.0 notwendig Windows7FirewallControl (i386) 3.5.1.131 Sphinx Software 02.11.2010 3.5.1.131 notwendig Winload Toolbar 14.01.2011 unbekannt WinRAR 03.11.2010 notwendig WISO Mein Geld 2011 Professional Buhl Data Service GmbH 03.11.2010 notwendig WISO Steuer-Sparbuch 2011 Buhl Data Service GmbH 21.05.2011 18.00.6928 notwendig WISO Steuer-Sparbuch 2012 Buhl Data Service GmbH 05.05.2012 19.03.7334 notwendig WorldPainter 0.6.12 pepsoft.org 05.04.2012 0.6.12 notwendig XMedia Recode 3.0.0.5 Sebastian Dörfler 08.07.2011 3.0.0.5 notwendig |
|
15.01.2013, 20:51
| #14 |
| /// Malware-holic | Mit GVU Trojaner infiziert deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Bing Bulk calibre Envisioneer ESN Google : beide IZArc Java: alle downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: JDownloader LEGO Project+ QuickPar Recuva Studie Unity Winload Öffne CCleaner, analysieren starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.01.2013, 22:41
| #15 |
| | Mit GVU Trojaner infiziert Nabend, hier das Ergebnis von AdwCleaner: Code:
ATTFilter # AdwCleaner v2.105 - Datei am 15/01/2013 um 22:38:18 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Severin - SEVERIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Severin\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Users\Severin\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Severin\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Severin\AppData\Roaming\Mozilla\Firefox\Profiles\w1snvgrr.default\Conduit
Ordner Gefunden : C:\Users\Severin\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0 (de)
Datei : C:\Users\Severin\AppData\Roaming\Mozilla\Firefox\Profiles\w1snvgrr.default\prefs.js
Gefunden : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2319825.CTID", "CT2319825");
Gefunden : user_pref("CT2319825.CurrentServerDate", "14-1-2011");
Gefunden : user_pref("CT2319825.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2319825.EMailNotifierPollDate", "Fri Jan 14 2011 21:20:47 GMT+0100");
Gefunden : user_pref("CT2319825.FeedPollDate11908299", "Fri Jan 14 2011 21:20:51 GMT+0100");
Gefunden : user_pref("CT2319825.FirstServerDate", "14-1-2011");
Gefunden : user_pref("CT2319825.FirstTime", true);
Gefunden : user_pref("CT2319825.FirstTimeFF3", true);
Gefunden : user_pref("CT2319825.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2319825.Initialize", true);
Gefunden : user_pref("CT2319825.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2319825.InstalledDate", "Fri Jan 14 2011 21:20:45 GMT+0100");
Gefunden : user_pref("CT2319825.InvalidateCache", false);
Gefunden : user_pref("CT2319825.IsGrouping", false);
Gefunden : user_pref("CT2319825.IsMulticommunity", false);
Gefunden : user_pref("CT2319825.IsOpenThankYouPage", false);
Gefunden : user_pref("CT2319825.IsOpenUninstallPage", true);
Gefunden : user_pref("CT2319825.LanguagePackLastCheckTime", "Fri Jan 14 2011 21:20:54 GMT+0100");
Gefunden : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2319825.LastLogin_2.5.8.6", "Fri Jan 14 2011 21:20:46 GMT+0100");
Gefunden : user_pref("CT2319825.LatestVersion", "3.2.5.2");
Gefunden : user_pref("CT2319825.Locale", "de");
Gefunden : user_pref("CT2319825.LoginCache", 4);
Gefunden : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2319825.RadioIsPodcast", false);
Gefunden : user_pref("CT2319825.RadioLastCheckTime", "Fri Jan 14 2011 21:20:47 GMT+0100");
Gefunden : user_pref("CT2319825.RadioLastUpdateIPServer", "3");
Gefunden : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000");
Gefunden : user_pref("CT2319825.RadioMediaID", "11949532");
Gefunden : user_pref("CT2319825.RadioMediaType", "Media Player");
Gefunden : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
Gefunden : user_pref("CT2319825.RadioStationName", "1Live");
Gefunden : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_ei[...]
Gefunden : user_pref("CT2319825.SHRINK_TOOLBAR", 1);
Gefunden : user_pref("CT2319825.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gefunden : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Gefunden : user_pref("CT2319825.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Fri Jan 14 2011 21:20:46 GMT+0100");
Gefunden : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gefunden : user_pref("CT2319825.SettingsCheckIntervalMin", 120);
Gefunden : user_pref("CT2319825.SettingsLastCheckTime", "Fri Jan 14 2011 21:20:44 GMT+0100");
Gefunden : user_pref("CT2319825.SettingsLastUpdate", "1295011672");
Gefunden : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Fri Jan 14 2011 21:20:44 GMT+0100");
Gefunden : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255348257");
Gefunden : user_pref("CT2319825.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gefunden : user_pref("CT2319825.Uninstall", true);
Gefunden : user_pref("CT2319825.UserID", "UN90558805066316415");
Gefunden : user_pref("CT2319825.WeatherNetwork", "");
Gefunden : user_pref("CT2319825.WeatherPollDate", "Fri Jan 14 2011 21:20:51 GMT+0100");
Gefunden : user_pref("CT2319825.WeatherUnit", "C");
Gefunden : user_pref("CT2319825.alertChannelId", "715912");
Gefunden : user_pref("CT2319825.backendstorage.id", "33303134393832");
Gefunden : user_pref("CT2319825.clientLogIsEnabled", true);
Gefunden : user_pref("CT2319825.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gefunden : user_pref("CT2319825.myStuffEnabled", true);
Gefunden : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2319825.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.myheritage.com/?orig=ds&q=[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2319825");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825");
Gefunden : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Jan 14 2011 21:20:47 GMT+0100");
*************************
AdwCleaner[R1].txt - [7746 octets] - [15/01/2013 22:38:18]
########## EOF - C:\AdwCleaner[R1].txt - [7806 octets] ##########
Mal so interessehalber, wieviele Schritte kommen eigentlich? MfG Severin |
|
| Themen zu Mit GVU Trojaner infiziert |
| 7-zip, antivirus, bingbar, bonjour, checkliste, downloader, exploit.drop.gs, exploit.drop.gsa, extension.mismatch, fehler, firefox, flash player, home, hotspot, install.exe, jdownloader, launch, logfile, mozilla, netzwerk, ntdll.dll, plug-in, problem, pup.netcat, realtek, recuva, registry, richtlinie, security, sketchup, software, spotify web helper, svchost.exe, teamspeak, trojan.agent.cn, trojan.ransom.sugen, trojaner, windows, winload toolbar |
Linear-Darstellung
