| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Topic Torch Tollbar --> Virus?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.01.2013, 01:19
| #1 |
 |  Topic Torch Tollbar --> Virus? Hallo, ich habe die letzten 2 Tage sehr viel Werbung eingeblendet bekommen, die zum Teil auch nicht entfernbar war. Auch öffnet sich fast immer 2 Browser Fenster wobei eines für einen Ego-shooter deren Name A.V.A ist, Werbung macht. Heute kamm auch auf einmal eine Toolbar, unten über der Taskleiste "Topic Torch". Als ich dann mal nach Topic Torch gegoogle hab war es für mich schluß mit lustig. Hab dann ein neues mir nicht bekanntes Programm "Yantoo" deinstaliert somit war auch die Tollbar verschwunden. Aber ich glaube nicht das es dies war so suchte ich weiter und bin bei euch gelandet. MbAM hat bei mir nichts gefunden auch nicht Kaspersky. Code:
ATTFilter OTL logfile created on: 13.01.2013 23:53:38 - Run 7 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\Bernhard\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 15,48 Gb Total Physical Memory | 13,31 Gb Available Physical Memory | 85,99% Memory free 30,95 Gb Paging File | 28,81 Gb Available in Paging File | 93,08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 55,90 Gb Total Space | 14,39 Gb Free Space | 25,74% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 797,51 Gb Free Space | 85,61% Space Free | Partition Type: NTFS Computer Name: BERNHARD-PC | User Name: Bernhard | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Users\Bernhard\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files (x86)\AddLyrics\YTLUpdater.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\0ac5296285b1a74de78ded1c844cfb60\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8ab16b2721684612a1c9053401797082\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Program Files (x86)\AddLyrics\YTLUpdater.exe () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab) DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys (NVIDIA Corporation) DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.) DRV:64bit: - (LGSUsbFilt) -- C:\Windows\SysNative\drivers\LGSUsbFilt.sys (Logitech Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.) DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.) DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.) DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.) DRV:64bit: - (npusbio) -- C:\Windows\SysNative\drivers\npusbio_x64.sys () DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (E100B) -- C:\Windows\SysNative\drivers\eFE5b32e.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{311E5933-A78B-43C0-B768-4C84EDF0FB23}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=AT&userid=53436c9e-893b-49b4-878f-7e89fa261913&searchtype=ds&q={searchTerms} IE - HKLM\..\SearchScopes\{311E5933-A78B-43C0-B768-4C84EDF0FB23}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = D:\Users\Bernhard\Downloads IE - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com IE - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=AT&userid=53436c9e-893b-49b4-878f-7e89fa261913&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=AT&userid=53436c9e-893b-49b4-878f-7e89fa261913&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://h1681442.stratoserver.net/board/index.php?page=Portal IE - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=AT&userid=53436c9e-893b-49b4-878f-7e89fa261913&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=AT&userid=53436c9e-893b-49b4-878f-7e89fa261913&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found IE - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=AT&userid=53436c9e-893b-49b4-878f-7e89fa261913&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_deAT510 IE - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.20 20:37:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.20 20:37:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.20 20:37:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.20 20:37:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.20 20:37:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\addlyrics@addlyrics.net: C:\Program Files (x86)\AddLyrics\FF\ [2013.01.08 17:25:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2013.01.02 22:23:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.11 09:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernhard\AppData\Roaming\mozilla\Extensions O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (AddLyrics) - {B40720CF-4DDD-40DC-86EA-26404E77C1E8} - C:\Program Files (x86)\AddLyrics\AddLyrics.dll (RVZR) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [addlyrics@addlyrics.net] C:\Program Files (x86)\AddLyrics\YTLUpdater.exe () O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0\bin\npjpi150.dll (Sun Microsystems, Inc.) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\..Trusted Domains: blank ([]about in Local intranet) O15 - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3576186414-1813243737-1090718235-1001\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.oracle.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72058886-7396-4C6D-95FA-5EB8D6171E6A}: DhcpNameServer = 10.0.0.138 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.13 23:29:14 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\Sony Online Entertainment [2013.01.13 21:30:04 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Local\Diagnostics [2013.01.13 21:19:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Users\Bernhard\Desktop\OTL.exe [2013.01.13 20:24:40 | 000,000,000 | ---D | C] -- D:\Users\Bernhard\Desktop\Alte Firefox-Daten [2013.01.11 17:05:08 | 000,127,075 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2013.01.11 17:05:08 | 000,049,262 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\jpicpl32.cpl [2013.01.11 17:05:08 | 000,049,247 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2013.01.11 17:05:08 | 000,049,245 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2013.01.11 17:04:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.01.11 17:04:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.01.08 22:40:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013.01.08 22:40:39 | 002,743,440 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2013.01.08 22:40:39 | 002,080,120 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll [2013.01.08 22:40:39 | 001,561,744 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2013.01.08 22:40:39 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.01.08 22:40:39 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2013.01.08 22:40:39 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.01.08 22:40:39 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.01.08 22:40:39 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.01.08 22:40:38 | 003,643,024 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2013.01.08 22:40:38 | 002,028,920 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll [2013.01.08 22:40:38 | 001,264,272 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2013.01.08 22:40:38 | 000,897,152 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO64.dll [2013.01.08 22:40:38 | 000,881,808 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2013.01.08 22:40:38 | 000,834,936 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2013.01.08 22:40:38 | 000,753,280 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll [2013.01.08 22:40:38 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013.01.08 22:40:38 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013.01.08 22:40:38 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.01.08 22:40:38 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.01.08 22:40:38 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013.01.08 22:40:38 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2013.01.08 22:40:38 | 000,109,712 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll [2013.01.08 22:40:38 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013.01.08 22:40:38 | 000,083,072 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll [2013.01.08 22:40:38 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013.01.08 22:40:38 | 000,065,112 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBppld64.dll [2013.01.08 22:40:38 | 000,060,504 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBPPCn64.dll [2013.01.08 22:40:38 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll [2013.01.08 22:40:37 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013.01.08 22:40:37 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2013.01.08 22:40:37 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll [2013.01.08 22:40:37 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2013.01.08 22:38:30 | 000,000,000 | ---D | C] -- C:\Driver_Win8_Win7 [2013.01.08 17:27:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013.01.08 17:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AddLyrics [2013.01.07 02:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013.01.07 02:26:14 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Local\PutLockerDownloader [2013.01.07 02:26:09 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com [2013.01.01 19:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012.12.30 21:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps [2012.12.25 18:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2012.12.25 18:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech [2012.12.25 18:32:52 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Local\Logitech [2012.12.25 18:32:52 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\Leadertech [2012.12.25 18:32:38 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys [2012.12.25 18:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2012.12.25 18:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2012.12.25 18:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software [2012.12.25 18:32:03 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\Logitech [2012.12.25 18:32:03 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\Logishrd [2012.12.25 18:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrackIR v5 [2012.12.22 21:36:30 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\NVIDIA [2012.12.18 20:01:02 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2012.12.18 20:01:02 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2012.12.18 20:01:02 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2012.12.18 20:01:02 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [2012.12.18 20:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL [2012.12.16 19:55:15 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ski Challenge 13 (CH) [2012.12.16 19:55:12 | 000,000,000 | ---D | C] -- C:\Games [2012.12.16 05:09:47 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\ArmA II Launcher [2012.12.16 05:08:32 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Local\ArmA [2012.12.16 05:07:13 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\Documents\ArmA 2 Other Profiles [2012.12.16 05:07:13 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\Documents\ArmA [2012.12.16 04:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.12.16 04:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.12.16 03:18:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2012.12.16 03:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Freely [2012.12.16 03:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\Open Freely [2012.12.16 02:56:47 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.12.16 02:31:06 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.12.16 02:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.12.16 02:31:05 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\Notepad++ [2012.12.15 23:25:33 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Roaming\Nero [2012.12.15 23:25:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search [2012.12.15 23:25:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.12.15 23:23:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2012.12.15 23:23:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2012.12.15 23:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2012.12.15 23:15:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2012.12.15 22:07:46 | 000,000,000 | ---D | C] -- C:\Users\Bernhard\AppData\Local\ArmA 2 [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.13 23:22:42 | 000,024,496 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.13 23:22:42 | 000,024,496 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.13 23:19:51 | 001,621,244 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.13 23:19:51 | 000,700,168 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.13 23:19:51 | 000,654,880 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.13 23:19:51 | 000,148,964 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.13 23:19:51 | 000,121,752 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.13 23:15:53 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.13 23:15:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.13 23:15:34 | 3874,246,654 | -HS- | M] () -- C:\hiberfil.sys [2013.01.13 23:07:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.13 23:02:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.13 21:43:58 | 000,000,000 | ---- | M] () -- C:\Users\Bernhard\defogger_reenable [2013.01.13 21:42:59 | 000,000,060 | ---- | M] () -- C:\Users\Bernhard\AppData\Roaming\mbam.context.scan [2013.01.13 21:42:36 | 000,000,438 | ---- | M] () -- D:\Users\Bernhard\Desktop\LAN-Verbindung - Verknüpfung.lnk [2013.01.13 21:21:20 | 000,365,568 | ---- | M] () -- D:\Users\Bernhard\Desktop\gmer-2.0.18444.exe [2013.01.13 21:19:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Bernhard\Desktop\OTL.exe [2013.01.13 21:19:14 | 000,050,477 | ---- | M] () -- D:\Users\Bernhard\Desktop\Defogger.exe [2013.01.13 18:32:15 | 000,003,700 | ---- | M] () -- C:\Users\Bernhard\Documents\cc_20130113_183209.reg [2013.01.13 18:30:20 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.01.13 18:14:46 | 000,000,831 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.12 23:15:32 | 000,147,358 | ---- | M] () -- C:\Users\Bernhard\Documents\ts3_clientui-win64-1357824174-2013-01-12 23_15_31.943496.dmp [2013.01.12 23:03:34 | 000,145,574 | ---- | M] () -- C:\Users\Bernhard\Documents\ts3_clientui-win64-1357824174-2013-01-12 23_03_32.245331.dmp [2013.01.12 13:49:39 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.12 13:49:39 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.11 17:04:53 | 000,127,075 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2013.01.11 17:04:53 | 000,049,262 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\jpicpl32.cpl [2013.01.11 17:04:53 | 000,049,247 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2013.01.11 17:04:53 | 000,049,245 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2013.01.07 21:45:11 | 000,143,742 | ---- | M] () -- C:\Users\Bernhard\Documents\ts3_clientui-win64-1354873317-2013-01-07 21_45_11.271377.dmp [2013.01.07 21:08:41 | 000,144,038 | ---- | M] () -- C:\Users\Bernhard\Documents\ts3_clientui-win64-1354873317-2013-01-07 21_08_41.379123.dmp [2013.01.07 02:36:32 | 000,143,342 | ---- | M] () -- C:\Users\Bernhard\Documents\ts3_clientui-win64-1354873317-2013-01-07 02_36_32.672760.dmp [2013.01.07 02:23:58 | 000,144,478 | ---- | M] () -- C:\Users\Bernhard\Documents\ts3_clientui-win64-1354873317-2013-01-07 02_23_58.563627.dmp [2013.01.01 19:49:32 | 000,002,219 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012.12.30 21:08:49 | 000,000,517 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk [2012.12.30 19:03:04 | 000,001,365 | ---- | M] () -- D:\Users\Bernhard\Desktop\BierAIG #5 RHS.lnk [2012.12.25 18:32:39 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys [2012.12.25 18:12:10 | 000,001,006 | ---- | M] () -- C:\Users\Public\Desktop\TrackIR v5.lnk [2012.12.25 18:05:33 | 000,000,842 | ---- | M] () -- C:\Users\Bernhard\Documents\cc_20121225_180526.reg [2012.12.24 12:24:13 | 000,146,902 | ---- | M] () -- C:\Users\Bernhard\Documents\ts3_clientui-win64-1354873317-2012-12-24 12_24_13.163921.dmp [2012.12.18 20:22:56 | 000,001,480 | ---- | M] () -- D:\Users\Bernhard\Desktop\arma - Verknüpfung.lnk [2012.12.18 20:18:01 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2012.12.18 20:18:01 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2012.12.18 20:18:01 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2012.12.18 20:18:01 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [2012.12.16 20:08:03 | 000,195,636 | ---- | M] () -- C:\Users\Bernhard\wer macht was.pdf [2012.12.16 19:55:15 | 000,000,881 | ---- | M] () -- D:\Users\Bernhard\Desktop\Ski Challenge 13 (CH) starten.lnk [2012.12.16 18:29:28 | 000,001,602 | ---- | M] () -- D:\Users\Bernhard\Desktop\AssassinsCreedBrotherhood - Verknüpfung.lnk [2012.12.16 04:03:51 | 000,006,554 | ---- | M] () -- C:\Users\Bernhard\Documents\cc_20121216_040345.reg [2012.12.16 04:03:27 | 000,057,850 | ---- | M] () -- C:\Users\Bernhard\Documents\cc_20121216_040318.reg [2012.12.15 23:23:15 | 000,002,843 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 12.lnk [2012.12.15 01:28:42 | 000,221,089 | ---- | M] () -- D:\Users\Bernhard\Desktop\Lobpreis Hochimst.png [2012.12.15 01:23:59 | 000,058,880 | ---- | M] () -- D:\Users\Bernhard\Desktop\CGT-INTERN 20121201 Lobpreis und Anbetung in Hochimst_Gebetshaus_Termine 2013.msg [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.13 21:43:58 | 000,000,000 | ---- | C] () -- C:\Users\Bernhard\defogger_reenable [2013.01.13 21:42:59 | 000,000,060 | ---- | C] () -- C:\Users\Bernhard\AppData\Roaming\mbam.context.scan [2013.01.13 21:42:36 | 000,000,438 | ---- | C] () -- D:\Users\Bernhard\Desktop\LAN-Verbindung - Verknüpfung.lnk [2013.01.13 21:21:20 | 000,365,568 | ---- | C] () -- D:\Users\Bernhard\Desktop\gmer-2.0.18444.exe [2013.01.13 21:19:14 | 000,050,477 | ---- | C] () -- D:\Users\Bernhard\Desktop\Defogger.exe [2013.01.13 18:32:12 | 000,003,700 | ---- | C] () -- C:\Users\Bernhard\Documents\cc_20130113_183209.reg [2013.01.12 23:15:31 | 000,147,358 | ---- | C] () -- C:\Users\Bernhard\Documents\ts3_clientui-win64-1357824174-2013-01-12 23_15_31.943496.dmp [2013.01.12 23:03:32 | 000,145,574 | ---- | C] () -- C:\Users\Bernhard\Documents\ts3_clientui-win64-1357824174-2013-01-12 23_03_32.245331.dmp [2013.01.08 22:40:38 | 000,332,665 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2013.01.07 21:45:11 | 000,143,742 | ---- | C] () -- C:\Users\Bernhard\Documents\ts3_clientui-win64-1354873317-2013-01-07 21_45_11.271377.dmp [2013.01.07 21:08:41 | 000,144,038 | ---- | C] () -- C:\Users\Bernhard\Documents\ts3_clientui-win64-1354873317-2013-01-07 21_08_41.379123.dmp [2013.01.07 02:36:32 | 000,143,342 | ---- | C] () -- C:\Users\Bernhard\Documents\ts3_clientui-win64-1354873317-2013-01-07 02_36_32.672760.dmp [2013.01.07 02:23:58 | 000,144,478 | ---- | C] () -- C:\Users\Bernhard\Documents\ts3_clientui-win64-1354873317-2013-01-07 02_23_58.563627.dmp [2013.01.01 19:49:32 | 000,002,219 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012.12.30 21:08:49 | 000,000,517 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk [2012.12.25 18:12:10 | 000,001,006 | ---- | C] () -- C:\Users\Public\Desktop\TrackIR v5.lnk [2012.12.25 18:05:31 | 000,000,842 | ---- | C] () -- C:\Users\Bernhard\Documents\cc_20121225_180526.reg [2012.12.24 12:24:13 | 000,146,902 | ---- | C] () -- C:\Users\Bernhard\Documents\ts3_clientui-win64-1354873317-2012-12-24 12_24_13.163921.dmp [2012.12.22 21:36:00 | 000,045,600 | ---- | C] () -- C:\Windows\SysNative\drivers\npusbio_x64.sys [2012.12.19 21:41:03 | 000,001,365 | ---- | C] () -- D:\Users\Bernhard\Desktop\BierAIG #5 RHS.lnk [2012.12.18 19:56:24 | 000,001,480 | ---- | C] () -- D:\Users\Bernhard\Desktop\arma - Verknüpfung.lnk [2012.12.16 20:08:02 | 000,195,636 | ---- | C] () -- C:\Users\Bernhard\wer macht was.pdf [2012.12.16 19:55:15 | 000,000,881 | ---- | C] () -- D:\Users\Bernhard\Desktop\Ski Challenge 13 (CH) starten.lnk [2012.12.16 18:29:28 | 000,001,602 | ---- | C] () -- D:\Users\Bernhard\Desktop\AssassinsCreedBrotherhood - Verknüpfung.lnk [2012.12.16 04:03:50 | 000,006,554 | ---- | C] () -- C:\Users\Bernhard\Documents\cc_20121216_040345.reg [2012.12.16 04:03:25 | 000,057,850 | ---- | C] () -- C:\Users\Bernhard\Documents\cc_20121216_040318.reg [2012.12.16 04:01:06 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.12.16 03:18:04 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.12.15 23:23:15 | 000,002,843 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 12.lnk [2012.12.15 01:26:08 | 000,221,089 | ---- | C] () -- D:\Users\Bernhard\Desktop\Lobpreis Hochimst.png [2012.12.15 01:23:59 | 000,058,880 | ---- | C] () -- D:\Users\Bernhard\Desktop\CGT-INTERN 20121201 Lobpreis und Anbetung in Hochimst_Gebetshaus_Termine 2013.msg [2012.11.25 01:46:18 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2012.11.17 19:30:36 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.11.17 19:30:35 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.03.16 14:09:19 | 001,640,718 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.08.16 10:56:34 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.08.16 10:56:34 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.16 05:09:47 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\ArmA II Launcher [2012.11.12 14:21:10 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\HTC [2012.11.12 14:21:14 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2012.12.19 21:39:55 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\JustSyncArmA [2012.12.25 18:32:52 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Leadertech [2012.11.11 23:35:46 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\mquadr.at [2012.12.16 02:32:59 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Notepad++ [2012.11.12 00:56:47 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Outlook [2012.11.16 03:49:25 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\pdfforge [2012.11.17 19:30:33 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\PunkBuster [2013.01.13 23:29:14 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Sony Online Entertainment [2012.11.11 22:18:32 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\wargaming.net ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.01.2013 23:53:38 - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\Bernhard\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
15,48 Gb Total Physical Memory | 13,31 Gb Available Physical Memory | 85,99% Memory free
30,95 Gb Paging File | 28,81 Gb Available in Paging File | 93,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,90 Gb Total Space | 14,39 Gb Free Space | 25,74% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 797,51 Gb Free Space | 85,61% Space Free | Partition Type: NTFS
Computer Name: BERNHARD-PC | User Name: Bernhard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3576186414-1813243737-1090718235-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0399D586-8DF0-4AEF-8D2F-F80696779A2E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{28F2CC07-2DBF-48A7-88E8-F64EEE859563}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4E0C946C-5AB2-4193-B79C-9C4A52BB83F4}" = rport=137 | protocol=17 | dir=out | app=system |
"{514C2BA7-DD64-450D-ABE0-D7DBEC2444D1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5687EC2B-76D3-449C-BD04-8FBE4E28E7A7}" = lport=137 | protocol=17 | dir=in | app=system |
"{59F648D6-B4CE-4484-8DFB-82814CEB35C7}" = lport=139 | protocol=6 | dir=in | app=system |
"{5ACA1AC9-A590-4283-8711-B9BB1D006CF7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5FC9ACD2-1E37-4566-BBB3-08998B055FDA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{625C236E-BF57-48B7-9709-9A8F9F75AE12}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{70323341-C42F-42E0-B28B-F4DDC58D56BA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{760D80C7-1883-4722-8FAD-6D1F781CA8FD}" = rport=445 | protocol=6 | dir=out | app=system |
"{803EA205-169B-4328-8B5B-54540A21A2E2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{81EDEE7C-BE3E-489B-B1A2-0B67ADF6DB18}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9399A28E-6F6C-48F6-A31F-D8CC1A2AD4CC}" = rport=139 | protocol=6 | dir=out | app=system |
"{942CE0DE-2936-4B88-ABEA-BFC48108C262}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{96207A97-449A-4477-A799-0E223984103E}" = lport=138 | protocol=17 | dir=in | app=system |
"{9AB7A02D-DDBB-466C-B85C-6511E83C0EE4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A8CFC1C4-ED0C-4A18-B1C5-D0A35382D5C8}" = lport=445 | protocol=6 | dir=in | app=system |
"{AC98B80D-B498-4773-8609-A22BDBBEAAE2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B7AD4292-48C1-41A6-AA45-0C19199C0F82}" = rport=138 | protocol=17 | dir=out | app=system |
"{B8CE9CB0-0B4A-4840-986D-B8728D3910E6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C4C9895B-9FEF-4509-94E3-B4C02B31713C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D2298C00-5BB1-43D5-9D0B-DEEA68653368}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F665597E-C9F5-4E2A-9C55-93EF7FF7A30C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06A73B30-300F-40A8-A3EC-B329F7A319BD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{086EC94A-B2C5-4A7C-9C91-96E82E945260}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{15F1B602-62D8-4625-9A24-DC7D731DDCEA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{285F931F-9FFE-499E-B58B-950011D2976E}" = protocol=6 | dir=in | app=d:\program files\ubis soft\assasin's creed brotherhood\uplaybrowser.exe |
"{2A4ABE1A-4764-4CC5-9FAB-30CC84645B0F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2AAF90FA-2423-4917-B168-814ECA02AF3C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{30170395-1C90-48D2-9A4E-8A55CAE95580}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{36281C91-D260-4C68-A367-0B743FFFBB35}" = protocol=17 | dir=in | app=d:\program files\bohemia interactive\arma\arma.exe |
"{3706C70B-C5C9-4BE8-8C48-8B03877FFED0}" = protocol=6 | dir=in | app=d:\program files (x86)\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{37E95901-7F4F-4BDB-897E-CA6E9F1474AF}" = protocol=17 | dir=in | app=d:\program files (x86)\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{3BE1738A-4C2B-4C96-A524-FF9DE08BDED0}" = protocol=17 | dir=in | app=d:\program files\ubis soft\assasin's creed brotherhood\acbmp.exe |
"{3C274644-526D-42F5-A547-5E91203EF98C}" = protocol=6 | dir=out | app=system |
"{4094834B-10E4-4FE0-98CD-50992271E1A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{496D0BC1-8A77-465C-966D-FBB442B2069A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{533BBBCB-55F2-4904-82B7-3DBFE32CAA33}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{58489B28-9ABC-4986-8CD4-C27E819427EF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5AB7B0CA-5A1A-447F-9A46-B7777612BBC7}" = protocol=6 | dir=in | app=d:\program files\ubis soft\assasin's creed brotherhood\assassinscreedbrotherhood.exe |
"{615C5834-7A46-43CA-ADBD-5186B78D459F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{63C4186B-EBB8-460A-AB94-CA26459D349B}" = protocol=6 | dir=in | app=d:\program files\bohemia interactive\arma 2\arma2oa.exe |
"{66886C39-92F6-489D-A254-DC8271ED6516}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{6CC78D5B-9C83-4186-9BB0-5E7D4C01707C}" = protocol=17 | dir=in | app=d:\program files\bohemia interactive\arma 2\arma2oa.exe |
"{6F3A1D73-F02E-4523-8502-754951771413}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{74394408-E078-4B93-BA89-D91EC3EE211A}" = protocol=17 | dir=in | app=d:\program files\ubis soft\assasin's creed brotherhood\acbsp.exe |
"{74715770-7492-449C-BB17-2402BF583861}" = protocol=6 | dir=in | app=d:\program files\bohemia interactive\arma\arma.exe |
"{74B2AEF5-2F9E-4974-9956-C7DF74C9F7A8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{789F1161-41FC-4E9A-9001-2F0B7EBDE137}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{84335A12-253F-41F3-9F25-4B2189CB8017}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{92B71267-DAAA-4433-B2E9-D2DF6FF8EFD7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{95E5DED7-B4A3-44BB-8CC8-1E01DADBEEFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98F58E7E-58DB-444A-848F-FF9B2ED440D5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9A0CD610-6B25-4A30-9A66-9B7FC8B6A25C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{A219F355-E269-43F1-9F7F-359F056F737E}" = protocol=17 | dir=in | app=d:\program files (x86)\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{A5C15C5B-4176-463A-BB9F-53894E21190F}" = protocol=6 | dir=in | app=d:\program files\ubis soft\assasin's creed brotherhood\acbsp.exe |
"{A67CAD26-561E-4D4A-A463-7332047C987B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A7A556A1-82B4-499F-856D-95BB1F74DFD3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B65A81F2-21AD-413F-A6F7-4822671D8211}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B86515BE-F5EB-4455-A0C9-C4A9F2482605}" = protocol=6 | dir=in | app=d:\program files (x86)\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{B9FEDC2E-694D-4198-B2F8-A52E8ADA7B12}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{BCB161E0-E457-486B-8666-D90F74840677}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C14159B5-D008-4BD3-9748-3CA5B2C9BB83}" = protocol=17 | dir=in | app=d:\program files\ubis soft\assasin's creed brotherhood\assassinscreedbrotherhood.exe |
"{C16D6FA1-7657-456C-9ACE-A52B619D2BE2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{C4E3B693-6FF6-4F30-8050-5D4C736E878C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{CC3AFC15-BBDE-4104-AC20-3D8547B4BE75}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DA45F6C4-897D-44BF-B24E-B652B975D160}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EB2276D6-242A-4E1D-AD93-33D899B0B854}" = protocol=17 | dir=in | app=d:\program files\ubis soft\assasin's creed brotherhood\uplaybrowser.exe |
"{F69E7AFF-876B-4C92-96D7-C4C4054A30E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FD7D693F-C9B2-41E1-844D-93BF8D013E81}" = protocol=6 | dir=in | app=d:\program files\ubis soft\assasin's creed brotherhood\acbmp.exe |
"TCP Query User{5D4B8012-B5E5-48D5-BA35-B21D31BC9EAD}D:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{ECF38791-6F87-44E1-AC42-C342B9060D2D}D:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{1066A995-FF75-4B8F-8406-D2FE461DC18B}D:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{A1668B90-C398-4A66-B5A9-69DC56FC36A7}D:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{14297226-E0A0-3781-8911-E9D529552663}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1" = Open Freely
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"CCleaner" = CCleaner
"Logitech Gaming Software" = Logitech Gaming Software 8.40
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
"x64 Components_is1" = x64 Components v3.8.9
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{2890E324-6F3B-4975-8B95-E7D6D80E0226}" = Nero Burning ROM Help (CHM)
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}" = Google Earth
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4767A89A-F6A5-41B1-903C-734483739882}" = Highspeed-Internet-Installation
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E3AA543-09D7-401E-9DF2-2591D24C7C49}" = Addon Sync 2009
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5963F4B4-D138-47CD-ADEF-470E87E185BD}" = Nero Burning ROM
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6B7FB3C4-E71B-478D-9E15-5AE97EAD67B8}" = aonFTP
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{904B64C4-49D8-4941-A2B6-D13D06C5CD8B}" = Controller
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C0CA68BF-2963-4139-8207-1E83038F86F8}" = Nero BurningROM 12
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F3CA05B7-B4C0-4C9B-AAA6-16B868B35DF2}" = TrackIR5
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"addlyrics@addlyrics.net" = AddLyrics
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aonFTP" = aonFTP
"aonUpdate" = aonUpdate
"ArmA" = ArmA Uninstall
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"ArmA2" = ArmA2 Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Controller" = Controller
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fraps" = Fraps
"Highspeed-Internet-Installation" = Highspeed-Internet-Installation
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3576186414-1813243737-1090718235-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"sc13-CH_MAIN" = Ski Challenge 13 (CH)
"SkyDriveSetup.exe" = Microsoft SkyDrive
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.01.2013 03:22:22 | Computer Name = Bernhard-PC | Source = Windows Search Service | ID = 1006
Description =
Error - 13.01.2013 03:22:43 | Computer Name = Bernhard-PC | Source = Windows Search Service | ID = 1006
Description =
Error - 13.01.2013 03:22:58 | Computer Name = Bernhard-PC | Source = Windows Search Service | ID = 1006
Description =
Error - 13.01.2013 03:23:22 | Computer Name = Bernhard-PC | Source = Windows Search Service | ID = 1006
Description =
Error - 13.01.2013 03:23:43 | Computer Name = Bernhard-PC | Source = Windows Search Service | ID = 1006
Description =
Error - 13.01.2013 03:23:58 | Computer Name = Bernhard-PC | Source = Windows Search Service | ID = 1006
Description =
Error - 13.01.2013 03:24:22 | Computer Name = Bernhard-PC | Source = Windows Search Service | ID = 1006
Description =
Error - 13.01.2013 03:24:43 | Computer Name = Bernhard-PC | Source = Windows Search Service | ID = 1006
Description =
Error - 13.01.2013 03:24:58 | Computer Name = Bernhard-PC | Source = Windows Search Service | ID = 1006
Description =
Error - 13.01.2013 03:25:22 | Computer Name = Bernhard-PC | Source = Windows Search Service | ID = 1006
Description =
[ System Events ]
Error - 13.01.2013 02:15:20 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
619 Mal passiert.
Error - 13.01.2013 02:15:40 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: %%5
Error - 13.01.2013 02:15:40 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
620 Mal passiert.
Error - 13.01.2013 02:15:55 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: %%5
Error - 13.01.2013 02:15:55 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
621 Mal passiert.
Error - 13.01.2013 02:16:20 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: %%5
Error - 13.01.2013 02:16:20 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
622 Mal passiert.
Error - 13.01.2013 02:16:40 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: %%5
Error - 13.01.2013 02:16:40 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
623 Mal passiert.
Error - 13.01.2013 02:16:55 | Computer Name = Bernhard-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: %%5
< End of report >
Geändert von Shilo (14.01.2013 um 01:30 Uhr) |
|
14.01.2013, 11:53
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Topic Torch Tollbar --> Virus? Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ |
|
14.01.2013, 12:10
| #3 |
| | Topic Torch Tollbar --> Virus? MbAM
__________________Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.13.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Bernhard :: BERNHARD-PC [Administrator] 13.01.2013 19:58:03 mbam-log-2013-01-13 (19-58-03).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 402122 Laufzeit: 11 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Hab auch GMER ein log aber das ist riesig 1.12MB und ich kann es hier nicht einfügen, was hab ich da falsch gemacht. Gruß Shilo und danke Geändert von Shilo (14.01.2013 um 12:35 Uhr) |
|
14.01.2013, 12:41
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Topic Torch Tollbar --> Virus?Zitat:
Aber nur ausnahmsweise denn die Logs sollen grundsätzlich direkt gepostet werden in CODE-Tags!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.01.2013, 13:42
| #5 |
| | Topic Torch Tollbar --> Virus? Hier das Logfile |
|
14.01.2013, 14:12
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Topic Torch Tollbar --> Virus? Ok. Hatte Malwarebytes denn nie etwas gefunden? Wie siehts mit anderen Virenscannern aus? Gab es wirklich niemals Funde?
__________________ --> Topic Torch Tollbar --> Virus? |
|
14.01.2013, 14:29
| #7 |
| | Topic Torch Tollbar --> Virus? Nein was mich auch wundert nur bei kasperky kammen ab und an gefährlicher link und auch 2 oder 3 Virus Wahrnungen wobei ich dann auch nichts angeklickt habe. Hab denn PC ja auch erst seit Mitte Nov. |
|
14.01.2013, 15:02
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Topic Torch Tollbar --> Virus? Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.01.2013, 15:37
| #9 |
| | Topic Torch Tollbar --> Virus? Erstes Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org
Database version: v2013.01.14.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bernhard :: BERNHARD-PC [administrator]
14.01.2013 15:24:01
mbar-log-2013-01-14 (15-24-01).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29839
Time elapsed: 2 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
c:\Windows\System32\fsvk.exe.exe (Worm.Zhelatin) -> Delete on reboot.
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org
Database version: v2013.01.14.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bernhard :: BERNHARD-PC [administrator]
14.01.2013 15:33:08
mbar-log-2013-01-14 (15-33-08).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29748
Time elapsed: 2 minute(s), 15 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Gruß Shilo |
|
14.01.2013, 15:47
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Topic Torch Tollbar --> Virus? 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.01.2013, 16:07
| #11 |
| | Topic Torch Tollbar --> Virus?Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-14 15:56:17
-----------------------------
15:56:17.480 OS Version: Windows x64 6.1.7601 Service Pack 1
15:56:17.480 Number of processors: 4 586 0x3A09
15:56:17.480 ComputerName: BERNHARD-PC UserName: Bernhard
15:56:17.636 Initialize success
16:00:35.683 AVAST engine defs: 13011400
16:01:59.440 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:01:59.440 Disk 0 Vendor: Corsair_ 5.02 Size: 57241MB BusType: 3
16:01:59.440 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
16:01:59.440 Disk 1 Vendor: Hitachi_ MS2O Size: 953869MB BusType: 3
16:01:59.440 Disk 0 MBR read successfully
16:01:59.440 Disk 0 MBR scan
16:01:59.440 Disk 0 Windows 7 default MBR code
16:01:59.440 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57239 MB offset 2048
16:01:59.456 Disk 0 scanning C:\Windows\system32\drivers
16:02:01.406 Service scanning
16:02:06.413 Modules scanning
16:02:06.413 Disk 0 trace - called modules:
16:02:06.413 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
16:02:06.912 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800ec1c060]
16:02:06.912 3 CLASSPNP.SYS[fffff88001e0143f] -> nt!IofCallDriver -> [0xfffffa800c794b10]
16:02:06.912 5 ACPI.sys[fffff88000f147a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800c790050]
16:02:07.068 AVAST engine scan C:\Windows
16:02:07.349 AVAST engine scan C:\Windows\system32
16:02:54.898 AVAST engine scan C:\Windows\system32\drivers
16:02:57.347 AVAST engine scan C:\Users\Bernhard
16:03:12.978 AVAST engine scan C:\ProgramData
16:03:17.643 Scan finished successfully
16:03:27.221 Disk 0 MBR has been saved successfully to "D:\Users\Bernhard\Desktop\MBR.dat"
16:03:27.237 The log file has been saved successfully to "D:\Users\Bernhard\Desktop\aswMBR.txt"
Code:
ATTFilter 16:04:39.0040 4592 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:04:39.0352 4592 ============================================================
16:04:39.0352 4592 Current date / time: 2013/01/14 16:04:39.0352
16:04:39.0352 4592 SystemInfo:
16:04:39.0352 4592
16:04:39.0352 4592 OS Version: 6.1.7601 ServicePack: 1.0
16:04:39.0352 4592 Product type: Workstation
16:04:39.0352 4592 ComputerName: BERNHARD-PC
16:04:39.0352 4592 UserName: Bernhard
16:04:39.0352 4592 Windows directory: C:\Windows
16:04:39.0352 4592 System windows directory: C:\Windows
16:04:39.0352 4592 Running under WOW64
16:04:39.0352 4592 Processor architecture: Intel x64
16:04:39.0352 4592 Number of processors: 4
16:04:39.0352 4592 Page size: 0x1000
16:04:39.0352 4592 Boot type: Normal boot
16:04:39.0352 4592 ============================================================
16:04:39.0508 4592 Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:04:39.0508 4592 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:04:39.0524 4592 ============================================================
16:04:39.0524 4592 \Device\Harddisk0\DR0:
16:04:39.0524 4592 MBR partitions:
16:04:39.0524 4592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6FCBF30
16:04:39.0524 4592 \Device\Harddisk1\DR1:
16:04:39.0524 4592 MBR partitions:
16:04:39.0524 4592 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
16:04:39.0524 4592 ============================================================
16:04:39.0524 4592 C: <-> \Device\Harddisk0\DR0\Partition1
16:04:39.0524 4592 D: <-> \Device\Harddisk1\DR1\Partition1
16:04:39.0524 4592 ============================================================
16:04:39.0524 4592 Initialize success
16:04:39.0524 4592 ============================================================
16:05:09.0179 0160 ============================================================
16:05:09.0179 0160 Scan started
16:05:09.0179 0160 Mode: Manual; SigCheck; TDLFS;
16:05:09.0179 0160 ============================================================
16:05:09.0367 0160 ================ Scan system memory ========================
16:05:09.0367 0160 System memory - ok
16:05:09.0367 0160 ================ Scan services =============================
16:05:09.0382 0160 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:05:09.0429 0160 1394ohci - ok
16:05:09.0429 0160 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:05:09.0445 0160 ACPI - ok
16:05:09.0445 0160 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:05:09.0445 0160 AcpiPmi - ok
16:05:09.0460 0160 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:05:09.0460 0160 AdobeARMservice - ok
16:05:09.0476 0160 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:05:09.0491 0160 AdobeFlashPlayerUpdateSvc - ok
16:05:09.0491 0160 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:05:09.0507 0160 adp94xx - ok
16:05:09.0507 0160 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:05:09.0523 0160 adpahci - ok
16:05:09.0523 0160 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:05:09.0523 0160 adpu320 - ok
16:05:09.0538 0160 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:05:09.0554 0160 AeLookupSvc - ok
16:05:09.0554 0160 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:05:09.0569 0160 AFD - ok
16:05:09.0569 0160 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:05:09.0585 0160 agp440 - ok
16:05:09.0585 0160 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:05:09.0585 0160 ALG - ok
16:05:09.0601 0160 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:05:09.0601 0160 aliide - ok
16:05:09.0601 0160 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:05:09.0601 0160 amdide - ok
16:05:09.0616 0160 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:05:09.0616 0160 AmdK8 - ok
16:05:09.0616 0160 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:05:09.0632 0160 AmdPPM - ok
16:05:09.0632 0160 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:05:09.0632 0160 amdsata - ok
16:05:09.0647 0160 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:05:09.0647 0160 amdsbs - ok
16:05:09.0647 0160 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:05:09.0663 0160 amdxata - ok
16:05:09.0663 0160 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:05:09.0679 0160 AppID - ok
16:05:09.0679 0160 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:05:09.0710 0160 AppIDSvc - ok
16:05:09.0710 0160 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:05:09.0725 0160 Appinfo - ok
16:05:09.0725 0160 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
16:05:09.0741 0160 arc - ok
16:05:09.0741 0160 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:05:09.0741 0160 arcsas - ok
16:05:09.0757 0160 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:05:09.0757 0160 aspnet_state - ok
16:05:09.0757 0160 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:05:09.0788 0160 AsyncMac - ok
16:05:09.0788 0160 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:05:09.0788 0160 atapi - ok
16:05:09.0803 0160 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:05:09.0835 0160 AudioEndpointBuilder - ok
16:05:09.0835 0160 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:05:09.0866 0160 AudioSrv - ok
16:05:09.0866 0160 [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
16:05:09.0881 0160 AVP - ok
16:05:09.0881 0160 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:05:09.0897 0160 AxInstSV - ok
16:05:09.0897 0160 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:05:09.0913 0160 b06bdrv - ok
16:05:09.0913 0160 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:05:09.0928 0160 b57nd60a - ok
16:05:09.0928 0160 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:05:09.0944 0160 BDESVC - ok
16:05:09.0944 0160 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:05:09.0959 0160 Beep - ok
16:05:09.0975 0160 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:05:09.0991 0160 BFE - ok
16:05:10.0006 0160 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:05:10.0037 0160 BITS - ok
16:05:10.0037 0160 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:05:10.0037 0160 blbdrive - ok
16:05:10.0037 0160 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:05:10.0053 0160 bowser - ok
16:05:10.0053 0160 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:05:10.0069 0160 BrFiltLo - ok
16:05:10.0069 0160 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:05:10.0069 0160 BrFiltUp - ok
16:05:10.0084 0160 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:05:10.0084 0160 Browser - ok
16:05:10.0084 0160 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:05:10.0100 0160 Brserid - ok
16:05:10.0100 0160 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:05:10.0115 0160 BrSerWdm - ok
16:05:10.0115 0160 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:05:10.0115 0160 BrUsbMdm - ok
16:05:10.0131 0160 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:05:10.0131 0160 BrUsbSer - ok
16:05:10.0131 0160 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:05:10.0147 0160 BTHMODEM - ok
16:05:10.0147 0160 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:05:10.0162 0160 bthserv - ok
16:05:10.0178 0160 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:05:10.0193 0160 cdfs - ok
16:05:10.0193 0160 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
16:05:10.0209 0160 cdrom - ok
16:05:10.0209 0160 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:05:10.0225 0160 CertPropSvc - ok
16:05:10.0225 0160 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
16:05:10.0240 0160 circlass - ok
16:05:10.0240 0160 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:05:10.0256 0160 CLFS - ok
16:05:10.0256 0160 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:05:10.0271 0160 clr_optimization_v2.0.50727_32 - ok
16:05:10.0271 0160 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:05:10.0271 0160 clr_optimization_v2.0.50727_64 - ok
16:05:10.0287 0160 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:05:10.0287 0160 clr_optimization_v4.0.30319_32 - ok
16:05:10.0287 0160 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:05:10.0303 0160 clr_optimization_v4.0.30319_64 - ok
16:05:10.0303 0160 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
16:05:10.0303 0160 CmBatt - ok
16:05:10.0303 0160 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:05:10.0318 0160 cmdide - ok
16:05:10.0318 0160 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:05:10.0334 0160 CNG - ok
16:05:10.0334 0160 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:05:10.0334 0160 Compbatt - ok
16:05:10.0349 0160 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:05:10.0349 0160 CompositeBus - ok
16:05:10.0349 0160 COMSysApp - ok
16:05:10.0365 0160 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:05:10.0365 0160 crcdisk - ok
16:05:10.0381 0160 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:05:10.0381 0160 CryptSvc - ok
16:05:10.0396 0160 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:05:10.0412 0160 DcomLaunch - ok
16:05:10.0412 0160 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:05:10.0443 0160 defragsvc - ok
16:05:10.0443 0160 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:05:10.0459 0160 DfsC - ok
16:05:10.0474 0160 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:05:10.0490 0160 Dhcp - ok
16:05:10.0490 0160 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:05:10.0521 0160 discache - ok
16:05:10.0521 0160 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
16:05:10.0521 0160 Disk - ok
16:05:10.0521 0160 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:05:10.0537 0160 Dnscache - ok
16:05:10.0537 0160 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:05:10.0568 0160 dot3svc - ok
16:05:10.0568 0160 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:05:10.0583 0160 DPS - ok
16:05:10.0583 0160 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:05:10.0599 0160 drmkaud - ok
16:05:10.0615 0160 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:05:10.0630 0160 DXGKrnl - ok
16:05:10.0630 0160 [ A6DB3A7828B456A574243066E2E77D8C ] E100B C:\Windows\system32\DRIVERS\efe5b32e.sys
16:05:10.0630 0160 E100B - ok
16:05:10.0646 0160 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:05:10.0661 0160 EapHost - ok
16:05:10.0693 0160 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:05:10.0724 0160 ebdrv - ok
16:05:10.0724 0160 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:05:10.0724 0160 EFS - ok
16:05:10.0739 0160 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:05:10.0755 0160 ehRecvr - ok
16:05:10.0755 0160 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:05:10.0755 0160 ehSched - ok
16:05:10.0771 0160 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:05:10.0771 0160 elxstor - ok
16:05:10.0771 0160 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:05:10.0786 0160 ErrDev - ok
16:05:10.0786 0160 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:05:10.0817 0160 EventSystem - ok
16:05:10.0817 0160 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:05:10.0849 0160 exfat - ok
16:05:10.0849 0160 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:05:10.0864 0160 fastfat - ok
16:05:10.0880 0160 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:05:10.0880 0160 Fax - ok
16:05:10.0895 0160 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
16:05:10.0895 0160 fdc - ok
16:05:10.0895 0160 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:05:10.0927 0160 fdPHost - ok
16:05:10.0927 0160 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:05:10.0942 0160 FDResPub - ok
16:05:10.0942 0160 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:05:10.0958 0160 FileInfo - ok
16:05:10.0958 0160 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:05:10.0973 0160 Filetrace - ok
16:05:10.0973 0160 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:05:10.0989 0160 flpydisk - ok
16:05:10.0989 0160 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:05:11.0005 0160 FltMgr - ok
16:05:11.0005 0160 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:05:11.0020 0160 FontCache - ok
16:05:11.0020 0160 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:05:11.0036 0160 FontCache3.0.0.0 - ok
16:05:11.0036 0160 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:05:11.0036 0160 FsDepends - ok
16:05:11.0051 0160 [ B16B626996C74B564005BA855C5DEE90 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
16:05:11.0051 0160 fssfltr - ok
16:05:11.0067 0160 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
16:05:11.0083 0160 fsssvc - ok
16:05:11.0083 0160 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:05:11.0098 0160 Fs_Rec - ok
16:05:11.0098 0160 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:05:11.0114 0160 fvevol - ok
16:05:11.0114 0160 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:05:11.0114 0160 gagp30kx - ok
16:05:11.0129 0160 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:05:11.0145 0160 gpsvc - ok
16:05:11.0161 0160 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:05:11.0161 0160 gupdate - ok
16:05:11.0161 0160 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:05:11.0161 0160 gupdatem - ok
16:05:11.0176 0160 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:05:11.0176 0160 gusvc - ok
16:05:11.0176 0160 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:05:11.0192 0160 hcw85cir - ok
16:05:11.0192 0160 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:05:11.0207 0160 HdAudAddService - ok
16:05:11.0207 0160 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:05:11.0207 0160 HDAudBus - ok
16:05:11.0223 0160 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:05:11.0223 0160 HidBatt - ok
16:05:11.0223 0160 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:05:11.0239 0160 HidBth - ok
16:05:11.0239 0160 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:05:11.0239 0160 HidIr - ok
16:05:11.0254 0160 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:05:11.0270 0160 hidserv - ok
16:05:11.0270 0160 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:05:11.0285 0160 HidUsb - ok
16:05:11.0285 0160 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:05:11.0301 0160 hkmsvc - ok
16:05:11.0301 0160 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:05:11.0317 0160 HomeGroupListener - ok
16:05:11.0317 0160 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:05:11.0332 0160 HomeGroupProvider - ok
16:05:11.0332 0160 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:05:11.0332 0160 HpSAMD - ok
16:05:11.0332 0160 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
16:05:11.0348 0160 HTCAND64 - ok
16:05:11.0348 0160 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:05:11.0379 0160 HTTP - ok
16:05:11.0379 0160 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:05:11.0395 0160 hwpolicy - ok
16:05:11.0395 0160 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:05:11.0395 0160 i8042prt - ok
16:05:11.0410 0160 [ D1753C06EE17E29352B065EACF3F10D0 ] iaStor C:\Windows\system32\drivers\iaStor.sys
16:05:11.0410 0160 iaStor - ok
16:05:11.0426 0160 [ 545462D0DBE24AF379BA869B7C185CCD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:05:11.0426 0160 IAStorDataMgrSvc - ok
16:05:11.0426 0160 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:05:11.0441 0160 iaStorV - ok
16:05:11.0457 0160 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:05:11.0457 0160 idsvc - ok
16:05:11.0473 0160 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:05:11.0473 0160 iirsp - ok
16:05:11.0488 0160 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:05:11.0504 0160 IKEEXT - ok
16:05:11.0551 0160 [ DC052337C24A87AA1ACC8FCE4F2D5C7F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:05:11.0597 0160 IntcAzAudAddService - ok
16:05:11.0597 0160 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:05:11.0597 0160 intelide - ok
16:05:11.0597 0160 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
16:05:11.0613 0160 intelppm - ok
16:05:11.0613 0160 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:05:11.0629 0160 IPBusEnum - ok
16:05:11.0644 0160 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:05:11.0660 0160 IpFilterDriver - ok
16:05:11.0660 0160 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:05:11.0691 0160 iphlpsvc - ok
16:05:11.0691 0160 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:05:11.0707 0160 IPMIDRV - ok
16:05:11.0707 0160 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:05:11.0722 0160 IPNAT - ok
16:05:11.0722 0160 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:05:11.0738 0160 IRENUM - ok
16:05:11.0738 0160 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:05:11.0753 0160 isapnp - ok
16:05:11.0753 0160 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:05:11.0753 0160 iScsiPrt - ok
16:05:11.0769 0160 [ 023896E23B61543A15A230EED996D911 ] iusb3hub C:\Windows\system32\drivers\iusb3hub.sys
16:05:11.0769 0160 iusb3hub - ok
16:05:11.0785 0160 [ 7FAEC13F1ADD619F4B5B2D2CBF841E8E ] iusb3xhc C:\Windows\system32\drivers\iusb3xhc.sys
16:05:11.0800 0160 iusb3xhc - ok
16:05:11.0800 0160 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:05:11.0800 0160 kbdclass - ok
16:05:11.0800 0160 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:05:11.0816 0160 kbdhid - ok
16:05:11.0816 0160 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:05:11.0816 0160 KeyIso - ok
16:05:11.0831 0160 [ 8B5219318DF5895ABD230C373F2DF18A ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
16:05:11.0831 0160 kl1 - ok
16:05:11.0847 0160 [ 65F3B81FA285EAB641F5E6EF7AEB984D ] KLIF C:\Windows\system32\DRIVERS\klif.sys
16:05:11.0863 0160 KLIF - ok
16:05:11.0863 0160 [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
16:05:11.0863 0160 KLIM6 - ok
16:05:11.0863 0160 [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
16:05:11.0878 0160 klkbdflt - ok
16:05:11.0878 0160 [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
16:05:11.0878 0160 klmouflt - ok
16:05:11.0878 0160 [ A8081ED8D48FA611D11DB97F49A5343D ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
16:05:11.0894 0160 kltdi - ok
16:05:11.0894 0160 [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
16:05:11.0894 0160 kneps - ok
16:05:11.0909 0160 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:05:11.0909 0160 KSecDD - ok
16:05:11.0909 0160 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:05:11.0925 0160 KSecPkg - ok
16:05:11.0925 0160 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:05:11.0941 0160 ksthunk - ok
16:05:11.0941 0160 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:05:11.0972 0160 KtmRm - ok
16:05:11.0972 0160 [ B8040D3B97B16B89701E31A17353856C ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
16:05:11.0972 0160 L1C - ok
16:05:11.0987 0160 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:05:12.0003 0160 LanmanServer - ok
16:05:12.0003 0160 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:05:12.0034 0160 LanmanWorkstation - ok
16:05:12.0034 0160 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
16:05:12.0034 0160 LGBusEnum - ok
16:05:12.0034 0160 [ F7205E939F50B1C8D16F895916BE6756 ] LGSHidFilt C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
16:05:12.0050 0160 LGSHidFilt - ok
16:05:12.0050 0160 [ 09521A95BEAB989F1A3E003ACD4E914A ] LGSUsbFilt C:\Windows\system32\DRIVERS\LGSUsbFilt.Sys
16:05:12.0050 0160 LGSUsbFilt - ok
16:05:12.0050 0160 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
16:05:12.0065 0160 LGVirHid - ok
16:05:12.0065 0160 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:05:12.0081 0160 lltdio - ok
16:05:12.0097 0160 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:05:12.0112 0160 lltdsvc - ok
16:05:12.0112 0160 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:05:12.0143 0160 lmhosts - ok
16:05:12.0143 0160 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:05:12.0143 0160 LSI_FC - ok
16:05:12.0143 0160 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:05:12.0159 0160 LSI_SAS - ok
16:05:12.0159 0160 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:05:12.0159 0160 LSI_SAS2 - ok
16:05:12.0175 0160 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:05:12.0175 0160 LSI_SCSI - ok
16:05:12.0175 0160 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:05:12.0206 0160 luafv - ok
16:05:12.0206 0160 massfilter - ok
16:05:12.0206 0160 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:05:12.0206 0160 MBAMProtector - ok
16:05:12.0253 0160 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:05:12.0268 0160 MBAMScheduler - ok
16:05:12.0284 0160 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:05:12.0299 0160 MBAMService - ok
16:05:12.0299 0160 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:05:12.0315 0160 Mcx2Svc - ok
16:05:12.0315 0160 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
16:05:12.0315 0160 megasas - ok
16:05:12.0331 0160 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:05:12.0331 0160 MegaSR - ok
16:05:12.0331 0160 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
16:05:12.0346 0160 MEIx64 - ok
16:05:12.0346 0160 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
16:05:12.0362 0160 Microsoft Office Groove Audit Service - ok
16:05:12.0362 0160 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:05:12.0377 0160 MMCSS - ok
16:05:12.0377 0160 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:05:12.0409 0160 Modem - ok
16:05:12.0409 0160 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:05:12.0409 0160 monitor - ok
16:05:12.0424 0160 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:05:12.0424 0160 mouclass - ok
16:05:12.0424 0160 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:05:12.0440 0160 mouhid - ok
16:05:12.0440 0160 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:05:12.0440 0160 mountmgr - ok
16:05:12.0440 0160 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:05:12.0455 0160 mpio - ok
16:05:12.0455 0160 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:05:12.0471 0160 mpsdrv - ok
16:05:12.0487 0160 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:05:12.0502 0160 MpsSvc - ok
16:05:12.0518 0160 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:05:12.0518 0160 MRxDAV - ok
16:05:12.0533 0160 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:05:12.0533 0160 mrxsmb - ok
16:05:12.0533 0160 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:05:12.0549 0160 mrxsmb10 - ok
16:05:12.0549 0160 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:05:12.0565 0160 mrxsmb20 - ok
16:05:12.0565 0160 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:05:12.0565 0160 msahci - ok
16:05:12.0565 0160 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:05:12.0580 0160 msdsm - ok
16:05:12.0580 0160 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:05:12.0596 0160 MSDTC - ok
16:05:12.0596 0160 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:05:12.0611 0160 Msfs - ok
16:05:12.0611 0160 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:05:12.0643 0160 mshidkmdf - ok
16:05:12.0643 0160 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:05:12.0643 0160 msisadrv - ok
16:05:12.0643 0160 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:05:12.0674 0160 MSiSCSI - ok
16:05:12.0674 0160 msiserver - ok
16:05:12.0674 0160 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:05:12.0689 0160 MSKSSRV - ok
16:05:12.0705 0160 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:05:12.0721 0160 MSPCLOCK - ok
16:05:12.0721 0160 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:05:12.0736 0160 MSPQM - ok
16:05:12.0752 0160 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:05:12.0752 0160 MsRPC - ok
16:05:12.0752 0160 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:05:12.0767 0160 mssmbios - ok
16:05:12.0767 0160 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:05:12.0783 0160 MSTEE - ok
16:05:12.0783 0160 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:05:12.0799 0160 MTConfig - ok
16:05:12.0799 0160 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:05:12.0799 0160 Mup - ok
16:05:12.0814 0160 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:05:12.0830 0160 napagent - ok
16:05:12.0845 0160 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:05:12.0845 0160 NativeWifiP - ok
16:05:12.0861 0160 [ E0E4A1F81A7D69C595A8A9DDAD084C19 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
16:05:12.0877 0160 NAUpdate - ok
16:05:12.0877 0160 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:05:12.0892 0160 NDIS - ok
16:05:12.0892 0160 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:05:12.0923 0160 NdisCap - ok
16:05:12.0923 0160 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:05:12.0939 0160 NdisTapi - ok
16:05:12.0939 0160 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:05:12.0970 0160 Ndisuio - ok
16:05:12.0970 0160 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:05:12.0986 0160 NdisWan - ok
16:05:12.0986 0160 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:05:13.0017 0160 NDProxy - ok
16:05:13.0017 0160 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:05:13.0033 0160 NetBIOS - ok
16:05:13.0033 0160 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:05:13.0064 0160 NetBT - ok
16:05:13.0064 0160 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:05:13.0064 0160 Netlogon - ok
16:05:13.0079 0160 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:05:13.0095 0160 Netman - ok
16:05:13.0095 0160 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:05:13.0111 0160 NetMsmqActivator - ok
16:05:13.0111 0160 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:05:13.0111 0160 NetPipeActivator - ok
16:05:13.0126 0160 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:05:13.0142 0160 netprofm - ok
16:05:13.0142 0160 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:05:13.0157 0160 NetTcpActivator - ok
16:05:13.0157 0160 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:05:13.0157 0160 NetTcpPortSharing - ok
16:05:13.0173 0160 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:05:13.0173 0160 nfrd960 - ok
16:05:13.0173 0160 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:05:13.0204 0160 NlaSvc - ok
16:05:13.0204 0160 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:05:13.0220 0160 Npfs - ok
16:05:13.0220 0160 [ 95A2AB418251A3B2A2571CDE880B80D0 ] npusbio C:\Windows\system32\Drivers\npusbio_x64.sys
16:05:13.0235 0160 npusbio - ok
16:05:13.0235 0160 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:05:13.0251 0160 nsi - ok
16:05:13.0251 0160 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:05:13.0282 0160 nsiproxy - ok
16:05:13.0298 0160 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:05:13.0313 0160 Ntfs - ok
16:05:13.0313 0160 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:05:13.0345 0160 Null - ok
16:05:13.0345 0160 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
16:05:13.0345 0160 NVHDA - ok
16:05:13.0469 0160 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:05:13.0610 0160 nvlddmkm - ok
16:05:13.0610 0160 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:05:13.0625 0160 nvraid - ok
16:05:13.0625 0160 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:05:13.0641 0160 nvstor - ok
16:05:13.0641 0160 [ 84948366BDC2D86EC4316A6FCC0C8561 ] NvStUSB C:\Windows\system32\drivers\nvstusb.sys
16:05:13.0657 0160 NvStUSB - ok
16:05:13.0657 0160 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
16:05:13.0672 0160 nvsvc - ok
16:05:13.0688 0160 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:05:13.0703 0160 nvUpdatusService - ok
16:05:13.0703 0160 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:05:13.0703 0160 nv_agp - ok
16:05:13.0719 0160 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:05:13.0735 0160 odserv - ok
16:05:13.0735 0160 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:05:13.0735 0160 ohci1394 - ok
16:05:13.0750 0160 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:05:13.0750 0160 ose - ok
16:05:13.0750 0160 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:05:13.0766 0160 p2pimsvc - ok
16:05:13.0766 0160 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:05:13.0781 0160 p2psvc - ok
16:05:13.0781 0160 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
16:05:13.0797 0160 Parport - ok
16:05:13.0797 0160 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:05:13.0797 0160 partmgr - ok
16:05:13.0797 0160 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:05:13.0813 0160 PcaSvc - ok
16:05:13.0813 0160 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:05:13.0828 0160 pci - ok
16:05:13.0828 0160 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:05:13.0844 0160 pciide - ok
16:05:13.0844 0160 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:05:13.0844 0160 pcmcia - ok
16:05:13.0844 0160 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:05:13.0859 0160 pcw - ok
16:05:13.0859 0160 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:05:13.0891 0160 PEAUTH - ok
16:05:13.0906 0160 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:05:13.0922 0160 PerfHost - ok
16:05:13.0937 0160 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:05:13.0953 0160 pla - ok
16:05:13.0969 0160 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:05:13.0984 0160 PlugPlay - ok
16:05:13.0984 0160 PnkBstrA - ok
16:05:13.0984 0160 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:05:13.0984 0160 PNRPAutoReg - ok
16:05:14.0000 0160 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:05:14.0000 0160 PNRPsvc - ok
16:05:14.0015 0160 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:05:14.0031 0160 PolicyAgent - ok
16:05:14.0031 0160 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:05:14.0062 0160 Power - ok
16:05:14.0062 0160 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:05:14.0078 0160 PptpMiniport - ok
16:05:14.0078 0160 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
16:05:14.0093 0160 Processor - ok
16:05:14.0093 0160 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:05:14.0109 0160 ProfSvc - ok
16:05:14.0109 0160 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:05:14.0109 0160 ProtectedStorage - ok
16:05:14.0125 0160 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:05:14.0140 0160 Psched - ok
16:05:14.0156 0160 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:05:14.0171 0160 ql2300 - ok
16:05:14.0171 0160 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:05:14.0187 0160 ql40xx - ok
16:05:14.0187 0160 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:05:14.0203 0160 QWAVE - ok
16:05:14.0203 0160 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:05:14.0218 0160 QWAVEdrv - ok
16:05:14.0218 0160 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:05:14.0234 0160 RasAcd - ok
16:05:14.0234 0160 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:05:14.0249 0160 RasAgileVpn - ok
16:05:14.0265 0160 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:05:14.0281 0160 RasAuto - ok
16:05:14.0281 0160 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:05:14.0312 0160 Rasl2tp - ok
16:05:14.0312 0160 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:05:14.0327 0160 RasMan - ok
16:05:14.0327 0160 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:05:14.0374 0160 RasPppoe - ok
16:05:14.0374 0160 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:05:14.0390 0160 RasSstp - ok
16:05:14.0390 0160 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:05:14.0421 0160 rdbss - ok
16:05:14.0421 0160 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
16:05:14.0437 0160 rdpbus - ok
16:05:14.0437 0160 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:05:14.0452 0160 RDPCDD - ok
16:05:14.0452 0160 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:05:14.0483 0160 RDPENCDD - ok
16:05:14.0483 0160 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:05:14.0499 0160 RDPREFMP - ok
16:05:14.0499 0160 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:05:14.0515 0160 RDPWD - ok
16:05:14.0515 0160 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:05:14.0530 0160 rdyboost - ok
16:05:14.0530 0160 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:05:14.0546 0160 RemoteAccess - ok
16:05:14.0546 0160 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:05:14.0577 0160 RemoteRegistry - ok
16:05:14.0577 0160 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:05:14.0593 0160 RpcEptMapper - ok
16:05:14.0608 0160 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:05:14.0608 0160 RpcLocator - ok
16:05:14.0608 0160 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:05:14.0639 0160 RpcSs - ok
16:05:14.0639 0160 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:05:14.0655 0160 rspndr - ok
16:05:14.0671 0160 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:05:14.0671 0160 SamSs - ok
16:05:14.0671 0160 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:05:14.0686 0160 sbp2port - ok
16:05:14.0686 0160 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:05:14.0702 0160 SCardSvr - ok
16:05:14.0702 0160 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:05:14.0733 0160 scfilter - ok
16:05:14.0733 0160 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:05:14.0764 0160 Schedule - ok
16:05:14.0764 0160 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:05:14.0795 0160 SCPolicySvc - ok
16:05:14.0795 0160 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:05:14.0795 0160 SDRSVC - ok
16:05:14.0811 0160 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:05:14.0827 0160 secdrv - ok
16:05:14.0827 0160 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:05:14.0842 0160 seclogon - ok
16:05:14.0842 0160 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:05:14.0873 0160 SENS - ok
16:05:14.0873 0160 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:05:14.0889 0160 SensrSvc - ok
16:05:14.0889 0160 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
16:05:14.0889 0160 Serenum - ok
16:05:14.0889 0160 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
16:05:14.0905 0160 Serial - ok
16:05:14.0905 0160 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:05:14.0920 0160 sermouse - ok
16:05:14.0920 0160 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:05:14.0936 0160 SessionEnv - ok
16:05:14.0936 0160 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:05:14.0951 0160 sffdisk - ok
16:05:14.0951 0160 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:05:14.0967 0160 sffp_mmc - ok
16:05:14.0967 0160 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:05:14.0983 0160 sffp_sd - ok
16:05:14.0983 0160 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:05:14.0983 0160 sfloppy - ok
16:05:14.0998 0160 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:05:15.0014 0160 SharedAccess - ok
16:05:15.0014 0160 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:05:15.0045 0160 ShellHWDetection - ok
16:05:15.0045 0160 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:05:15.0045 0160 SiSRaid2 - ok
16:05:15.0061 0160 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:05:15.0061 0160 SiSRaid4 - ok
16:05:15.0061 0160 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:05:15.0092 0160 Smb - ok
16:05:15.0092 0160 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:05:15.0092 0160 SNMPTRAP - ok
16:05:15.0092 0160 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:05:15.0107 0160 spldr - ok
16:05:15.0107 0160 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:05:15.0123 0160 Spooler - ok
16:05:15.0154 0160 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:05:15.0201 0160 sppsvc - ok
16:05:15.0201 0160 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:05:15.0232 0160 sppuinotify - ok
16:05:15.0232 0160 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:05:15.0248 0160 srv - ok
16:05:15.0248 0160 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:05:15.0263 0160 srv2 - ok
16:05:15.0263 0160 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:05:15.0263 0160 srvnet - ok
16:05:15.0263 0160 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:05:15.0295 0160 SSDPSRV - ok
16:05:15.0295 0160 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:05:15.0326 0160 SstpSvc - ok
16:05:15.0326 0160 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:05:15.0341 0160 Stereo Service - ok
16:05:15.0341 0160 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:05:15.0341 0160 stexstor - ok
16:05:15.0357 0160 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:05:15.0373 0160 stisvc - ok
16:05:15.0373 0160 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:05:15.0373 0160 swenum - ok
16:05:15.0373 0160 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:05:15.0404 0160 swprv - ok
16:05:15.0419 0160 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:05:15.0435 0160 SysMain - ok
16:05:15.0451 0160 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:05:15.0451 0160 TabletInputService - ok
16:05:15.0466 0160 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:05:15.0482 0160 TapiSrv - ok
16:05:15.0482 0160 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:05:15.0513 0160 TBS - ok
16:05:15.0529 0160 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:05:15.0544 0160 Tcpip - ok
16:05:15.0560 0160 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:05:15.0591 0160 TCPIP6 - ok
16:05:15.0591 0160 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:05:15.0607 0160 tcpipreg - ok
16:05:15.0607 0160 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:05:15.0622 0160 TDPIPE - ok
16:05:15.0622 0160 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:05:15.0622 0160 TDTCP - ok
16:05:15.0638 0160 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:05:15.0653 0160 tdx - ok
16:05:15.0653 0160 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:05:15.0653 0160 TermDD - ok
16:05:15.0669 0160 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:05:15.0685 0160 TermService - ok
16:05:15.0700 0160 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:05:15.0700 0160 Themes - ok
16:05:15.0700 0160 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:05:15.0731 0160 THREADORDER - ok
16:05:15.0731 0160 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
16:05:15.0747 0160 TPM - ok
16:05:15.0747 0160 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:05:15.0763 0160 TrkWks - ok
16:05:15.0763 0160 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:05:15.0794 0160 TrustedInstaller - ok
16:05:15.0794 0160 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:05:15.0809 0160 tssecsrv - ok
16:05:15.0809 0160 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:05:15.0825 0160 TsUsbFlt - ok
16:05:15.0825 0160 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:05:15.0825 0160 TsUsbGD - ok
16:05:15.0841 0160 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:05:15.0856 0160 tunnel - ok
16:05:15.0856 0160 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:05:15.0856 0160 uagp35 - ok
16:05:15.0872 0160 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:05:15.0887 0160 udfs - ok
16:05:15.0887 0160 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:05:15.0903 0160 UI0Detect - ok
16:05:15.0903 0160 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:05:15.0919 0160 uliagpkx - ok
16:05:15.0919 0160 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:05:15.0919 0160 umbus - ok
16:05:15.0919 0160 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
16:05:15.0934 0160 UmPass - ok
16:05:15.0934 0160 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:05:15.0965 0160 upnphost - ok
16:05:15.0965 0160 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:05:15.0965 0160 usbccgp - ok
16:05:15.0981 0160 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:05:15.0981 0160 usbcir - ok
16:05:15.0981 0160 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:05:15.0997 0160 usbehci - ok
16:05:15.0997 0160 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:05:16.0012 0160 usbhub - ok
16:05:16.0012 0160 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:05:16.0012 0160 usbohci - ok
16:05:16.0012 0160 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
16:05:16.0028 0160 usbprint - ok
16:05:16.0028 0160 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:05:16.0043 0160 USBSTOR - ok
16:05:16.0043 0160 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:05:16.0043 0160 usbuhci - ok
16:05:16.0043 0160 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:05:16.0075 0160 UxSms - ok
16:05:16.0075 0160 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:05:16.0075 0160 VaultSvc - ok
16:05:16.0090 0160 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:05:16.0090 0160 vdrvroot - ok
16:05:16.0090 0160 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:05:16.0121 0160 vds - ok
16:05:16.0121 0160 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:05:16.0137 0160 vga - ok
16:05:16.0137 0160 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:05:16.0153 0160 VgaSave - ok
16:05:16.0153 0160 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:05:16.0168 0160 vhdmp - ok
16:05:16.0168 0160 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:05:16.0168 0160 viaide - ok
16:05:16.0184 0160 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:05:16.0184 0160 volmgr - ok
16:05:16.0184 0160 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:05:16.0199 0160 volmgrx - ok
16:05:16.0199 0160 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:05:16.0215 0160 volsnap - ok
16:05:16.0215 0160 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:05:16.0215 0160 vsmraid - ok
16:05:16.0231 0160 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:05:16.0262 0160 VSS - ok
16:05:16.0262 0160 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:05:16.0277 0160 vwifibus - ok
16:05:16.0277 0160 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:05:16.0309 0160 W32Time - ok
16:05:16.0309 0160 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:05:16.0324 0160 WacomPen - ok
16:05:16.0324 0160 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:05:16.0340 0160 WANARP - ok
16:05:16.0340 0160 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:05:16.0355 0160 Wanarpv6 - ok
16:05:16.0371 0160 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:05:16.0387 0160 WatAdminSvc - ok
16:05:16.0402 0160 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:05:16.0433 0160 wbengine - ok
16:05:16.0433 0160 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:05:16.0449 0160 WbioSrvc - ok
16:05:16.0449 0160 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:05:16.0465 0160 wcncsvc - ok
16:05:16.0465 0160 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:05:16.0465 0160 WcsPlugInService - ok
16:05:16.0480 0160 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
16:05:16.0480 0160 Wd - ok
16:05:16.0480 0160 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:05:16.0496 0160 Wdf01000 - ok
16:05:16.0496 0160 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:05:16.0511 0160 WdiServiceHost - ok
16:05:16.0511 0160 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:05:16.0527 0160 WdiSystemHost - ok
16:05:16.0527 0160 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:05:16.0543 0160 WebClient - ok
16:05:16.0543 0160 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:05:16.0574 0160 Wecsvc - ok
16:05:16.0574 0160 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:05:16.0589 0160 wercplsupport - ok
16:05:16.0589 0160 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:05:16.0621 0160 WerSvc - ok
16:05:16.0621 0160 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:05:16.0636 0160 WfpLwf - ok
16:05:16.0636 0160 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:05:16.0652 0160 WIMMount - ok
16:05:16.0652 0160 WinDefend - ok
16:05:16.0652 0160 WinHttpAutoProxySvc - ok
16:05:16.0667 0160 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:05:16.0683 0160 Winmgmt - ok
16:05:16.0699 0160 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:05:16.0730 0160 WinRM - ok
16:05:16.0745 0160 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:05:16.0761 0160 Wlansvc - ok
16:05:16.0777 0160 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:05:16.0808 0160 wlidsvc - ok
16:05:16.0808 0160 [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
16:05:16.0823 0160 WmBEnum - ok
16:05:16.0823 0160 [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
16:05:16.0823 0160 WmFilter - ok
16:05:16.0823 0160 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:05:16.0839 0160 WmiAcpi - ok
16:05:16.0839 0160 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:05:16.0855 0160 wmiApSrv - ok
16:05:16.0855 0160 WMPNetworkSvc - ok
16:05:16.0855 0160 [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
16:05:16.0855 0160 WmVirHid - ok
16:05:16.0855 0160 [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
16:05:16.0870 0160 WmXlCore - ok
16:05:16.0870 0160 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:05:16.0870 0160 WPCSvc - ok
16:05:16.0886 0160 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:05:16.0886 0160 WPDBusEnum - ok
16:05:16.0886 0160 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:05:16.0917 0160 ws2ifsl - ok
16:05:16.0917 0160 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
16:05:16.0917 0160 wscsvc - ok
16:05:16.0933 0160 WSearch - ok
16:05:16.0948 0160 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:05:16.0979 0160 wuauserv - ok
16:05:16.0979 0160 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:05:16.0995 0160 WudfPf - ok
16:05:17.0011 0160 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:05:17.0026 0160 WUDFRd - ok
16:05:17.0026 0160 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:05:17.0042 0160 wudfsvc - ok
16:05:17.0057 0160 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:05:17.0073 0160 WwanSvc - ok
16:05:17.0073 0160 ================ Scan global ===============================
16:05:17.0073 0160 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:05:17.0073 0160 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
16:05:17.0073 0160 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
16:05:17.0089 0160 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:05:17.0089 0160 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:05:17.0089 0160 [Global] - ok
16:05:17.0089 0160 ================ Scan MBR ==================================
16:05:17.0089 0160 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:05:17.0182 0160 \Device\Harddisk0\DR0 - ok
16:05:17.0198 0160 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:05:17.0354 0160 \Device\Harddisk1\DR1 - ok
16:05:17.0354 0160 ================ Scan VBR ==================================
16:05:17.0354 0160 [ 26202A2B12BC7A1F83B47D2EA7B4B98D ] \Device\Harddisk0\DR0\Partition1
16:05:17.0354 0160 \Device\Harddisk0\DR0\Partition1 - ok
16:05:17.0354 0160 [ F8CC40FC7035DD243500E8CF16A09DB5 ] \Device\Harddisk1\DR1\Partition1
16:05:17.0354 0160 \Device\Harddisk1\DR1\Partition1 - ok
16:05:17.0354 0160 ============================================================
16:05:17.0354 0160 Scan finished
16:05:17.0354 0160 ============================================================
16:05:17.0354 4984 Detected object count: 0
16:05:17.0354 4984 Actual detected object count: 0
|
|
14.01.2013, 16:25
| #12 |
| | Topic Torch Tollbar --> Virus? Doppelpost Geändert von Shilo (14.01.2013 um 16:47 Uhr) |
|
14.01.2013, 21:32
| #13 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Topic Torch Tollbar --> Virus? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.01.2013, 22:49
| #14 |
| | Topic Torch Tollbar --> Virus? Erledigt Code:
ATTFilter ComboFix 13-01-14.01 - Bernhard 14.01.2013 22:44:18.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.15849.14210 [GMT 1:00]
ausgeführt von:: d:\users\Bernhard\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\tmp6029.tmp
c:\windows\SysWow64\tmp602A.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-14 bis 2013-01-14 ))))))))))))))))))))))))))))))
.
.
2013-01-13 22:29 . 2013-01-13 22:29 -------- d-----w- c:\users\Bernhard\AppData\Roaming\Sony Online Entertainment
2013-01-13 20:38 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{085BE292-6F25-4802-A9F6-5D77E8E932AD}\mpengine.dll
2013-01-13 20:30 . 2013-01-13 20:30 -------- d-----w- c:\users\Bernhard\AppData\Local\Diagnostics
2013-01-11 16:05 . 2013-01-11 16:04 49262 ----a-w- c:\windows\SysWow64\jpicpl32.cpl
2013-01-11 16:04 . 2013-01-11 16:04 -------- d-----w- c:\program files (x86)\Java
2013-01-11 16:04 . 2013-01-11 16:04 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-01-08 21:38 . 2013-01-08 21:38 -------- d-----w- C:\Driver_Win8_Win7
2013-01-08 16:27 . 2013-01-08 16:27 -------- d-----w- c:\program files (x86)\Realtek
2013-01-07 01:26 . 2013-01-13 19:09 -------- d-----w- c:\programdata\Tarma Installer
2013-01-07 01:26 . 2013-01-07 01:26 -------- d-----w- c:\users\Bernhard\AppData\Local\PutLockerDownloader
2012-12-25 17:38 . 2012-12-25 17:38 -------- d-----w- c:\program files\Logitech
2012-12-25 17:38 . 2012-12-25 17:38 -------- d-----w- c:\program files\Common Files\Logitech
2012-12-25 17:32 . 2012-12-25 17:32 -------- d-----w- c:\users\Bernhard\AppData\Roaming\Leadertech
2012-12-25 17:32 . 2012-12-25 17:32 -------- d-----w- c:\users\Bernhard\AppData\Local\Logitech
2012-12-25 17:32 . 2012-12-25 17:32 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-12-25 17:32 . 2012-12-25 17:32 -------- d-----w- c:\programdata\LogiShrd
2012-12-25 17:32 . 2012-12-25 17:32 -------- d-----w- c:\program files\Logitech Gaming Software
2012-12-25 17:32 . 2012-12-25 17:32 -------- d-----w- c:\users\Bernhard\AppData\Roaming\Logitech
2012-12-25 17:32 . 2012-12-25 17:32 -------- d-----w- c:\users\Bernhard\AppData\Roaming\Logishrd
2012-12-25 17:11 . 2000-01-05 05:35 208896 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2012-12-25 17:11 . 2000-01-04 05:44 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\IScript.dll
2012-12-25 17:11 . 2000-01-04 05:39 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2012-12-25 17:11 . 2000-01-04 05:39 212992 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2012-12-22 20:36 . 2012-12-22 20:36 -------- d-----w- c:\users\Bernhard\AppData\Roaming\NVIDIA
2012-12-22 20:36 . 2009-12-17 15:49 45600 ----a-w- c:\windows\system32\drivers\npusbio_x64.sys
2012-12-22 20:34 . 2000-01-04 04:44 151552 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2012-12-18 19:01 . 2012-12-18 19:18 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-12-18 19:01 . 2012-12-18 19:18 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-12-18 19:01 . 2012-12-18 19:18 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-12-18 19:01 . 2012-12-18 19:18 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-12-18 19:01 . 2012-12-18 19:16 -------- d-----w- c:\program files (x86)\OpenAL
2012-12-16 18:55 . 2012-12-16 18:55 -------- d-----w- C:\Games
2012-12-16 04:09 . 2012-12-16 04:09 -------- d-----w- c:\users\Bernhard\AppData\Roaming\ArmA II Launcher
2012-12-16 04:08 . 2012-12-18 19:23 -------- d-----w- c:\users\Bernhard\AppData\Local\ArmA
2012-12-16 03:01 . 2013-01-13 17:30 -------- d-----w- c:\program files\CCleaner
2012-12-16 02:18 . 2010-03-15 10:31 165376 ----a-w- c:\windows\SysWow64\unrar.dll
2012-12-16 02:18 . 2012-12-16 02:18 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2012-12-16 02:17 . 2012-12-16 02:17 -------- d-----w- c:\program files\Open Freely
2012-12-16 01:31 . 2012-12-16 01:32 -------- d-----w- c:\users\Bernhard\AppData\Roaming\Notepad++
2012-12-15 22:25 . 2012-12-15 22:25 -------- d-----w- c:\users\Bernhard\AppData\Roaming\Nero
2012-12-15 22:25 . 2012-12-16 02:06 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-12-15 22:25 . 2012-12-15 22:25 -------- d--h--w- c:\programdata\Common Files
2012-12-15 22:23 . 2012-12-15 22:23 -------- d-----w- c:\program files (x86)\Nero
2012-12-15 22:22 . 2012-12-15 22:23 -------- d-----w- c:\programdata\Nero
2012-12-15 22:15 . 2012-12-15 22:23 -------- d-----w- c:\program files (x86)\Common Files\Nero
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-12 12:49 . 2012-11-11 10:44 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-12 12:49 . 2012-11-11 10:44 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-14 15:49 . 2012-11-30 05:12 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-17 18:30 . 2012-11-17 18:30 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-17 18:30 . 2012-11-17 18:30 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-16 02:32 . 2012-11-12 02:27 613720 ----a-w- c:\windows\system32\drivers\klif.sys
2012-11-16 02:32 . 2012-06-08 10:38 54104 ----a-w- c:\windows\system32\drivers\kltdi.sys
2012-11-12 02:56 . 2012-07-25 13:53 29528 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-11-12 02:56 . 2012-05-25 18:38 29016 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2012-11-11 23:42 . 2012-11-11 23:42 5 ----a-w- c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-10 21:18 220632 ----a-w- c:\users\Bernhard\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-10 21:18 220632 ----a-w- c:\users\Bernhard\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-10 21:18 220632 ----a-w- c:\users\Bernhard\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-11-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-11-16 356376]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2012-10-02 445800]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-11 1255736]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-11-16 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
S2 MBAMScheduler;MBAMScheduler;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\drivers\iusb3hub.sys [2012-06-14 357184]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\drivers\iusb3xhc.sys [2012-06-14 789824]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-11-12 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-11-12 29528]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2012-10-02 66360]
S3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;c:\windows\system32\DRIVERS\LGSUsbFilt.Sys [2012-10-02 43832]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 npusbio;npusbio;c:\windows\system32\Drivers\npusbio_x64.sys [2009-12-17 45600]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-11 12:49]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-12 03:02]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-12 03:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-10 21:18 244696 ----a-w- c:\users\Bernhard\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-10 21:18 244696 ----a-w- c:\users\Bernhard\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-10 21:18 244696 ----a-w- c:\users\Bernhard\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-20 13192848]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://h1681442.stratoserver.net/board/index.php?page=Portal
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=AT&userid=53436c9e-893b-49b4-878f-7e89fa261913&searchtype=ds&q={searchTerms}
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 10.0.0.138
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-14 22:47:42
ComboFix-quarantined-files.txt 2013-01-14 21:47
.
Vor Suchlauf: 11 Verzeichnis(se), 14.080.425.984 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 14.094.368.768 Bytes frei
.
- - End Of File - - F63A4E3B70EE6F878AE5AE90ACB9BD02
|
|
14.01.2013, 23:41
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Topic Torch Tollbar --> Virus? adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Topic Torch Tollbar --> Virus? |
| addlyrics, adobe reader xi, avp.exe, bho, browser, ebanking, entfernen, error, fehler, firefox, flash player, google, helper, home, install.exe, internet security 2013, intranet, kaspersky internet security 2013, logfile, msvcrt, nvidia update, office 2007, plug-in, programm, realtek, registry, rundll, scan, security, senden, software, svchost.exe, tarma, tastatur, usb, viel werbung, virus, werbung, windows |
Linear-Darstellung
