|
Plagegeister aller Art und deren Bekämpfung: SweetIM & Websearch.mocaflix ...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.01.2013, 12:12 | #1 |
| SweetIM & Websearch.mocaflix ... HabedieEhre aus Niederbayern, hab mir seit Jahren nichts mehr "eingefangen", aber jetzt scheint es wieder soweit zu sein. Kam bisher nicht recht weiter ... Das nervige SweetIM (kann nicht normal über die Windows 7 Boardmittel deinstalliert werden) und die Suchmaschinenkrankheit websearch.mocaflix sind auf meinem Rechner vorhanden. Hijackthis hat auch beides angezeigt. Wahrscheinlich ist auch noch etwas mehr im Argen. Über Hilfe würde ich mich freuen, thanks ... Windows 7 Pro - 32Bit ... Cu Tom |
19.01.2013, 16:03 | #2 |
/// Malware-holic | SweetIM & Websearch.mocaflix ... hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
19.01.2013, 16:31 | #3 |
| SweetIM & Websearch.mocaflix ...Code:
ATTFilter OTL logfile created on: 19.01.2013 16:15:08 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\YuT666\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 62,06% Memory free 6,50 Gb Paging File | 5,26 Gb Available in Paging File | 80,99% Paging File free Paging file location(s): i:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 60,00 Gb Total Space | 10,79 Gb Free Space | 17,98% Space Free | Partition Type: NTFS Drive D: | 177,87 Gb Total Space | 18,18 Gb Free Space | 10,22% Space Free | Partition Type: NTFS Drive E: | 227,88 Gb Total Space | 19,60 Gb Free Space | 8,60% Space Free | Partition Type: NTFS Drive F: | 170,01 Gb Total Space | 74,33 Gb Free Space | 43,72% Space Free | Partition Type: NTFS Drive G: | 200,00 Gb Total Space | 112,07 Gb Free Space | 56,04% Space Free | Partition Type: NTFS Drive H: | 65,76 Gb Total Space | 65,54 Gb Free Space | 99,67% Space Free | Partition Type: NTFS Drive I: | 29,99 Gb Total Space | 26,62 Gb Free Space | 88,75% Space Free | Partition Type: NTFS Computer Name: YUT666-PC | User Name: YuT666 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.19 14:49:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\YuT666\Downloads\OTL.exe PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Tools\System\Security\Avast\AvastUI.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Tools\System\Security\Avast\AvastSvc.exe PRC - [2012.09.28 15:42:26 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe PRC - [2012.09.28 02:38:42 | 000,473,088 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2012.09.28 02:38:02 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2012.07.17 14:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2012.07.17 14:49:00 | 000,194,304 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 22:29:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.11.20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2013.01.09 15:47:12 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\86d50cfb9c655209d3fbbbe6071337b2\WindowsFormsIntegration.ni.dll MOD - [2013.01.09 15:44:57 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\a1b65a602c75409c0c1ce7fa1f2a0983\UIAutomationProvider.ni.dll MOD - [2013.01.09 15:44:56 | 000,762,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\569d22d5591f3d2d35bc64437011e919\System.Runtime.Remoting.ni.dll MOD - [2013.01.09 15:44:48 | 001,801,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\7256e28382f57416b828a0cc143b67b3\System.Xaml.ni.dll MOD - [2013.01.09 15:18:06 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\25884c52a01d74137ffacdb51d8f2d04\PresentationFramework.ni.dll MOD - [2013.01.09 15:17:50 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3ca69d589c23a0be94f3858f72e7a595\PresentationCore.ni.dll MOD - [2013.01.09 15:17:46 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\35296661bd979735d6afd036a104bfd6\PresentationFramework.Aero.ni.dll MOD - [2013.01.09 15:17:45 | 013,198,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\12f94ec43a0160ab9ddd755b0e1be881\System.Windows.Forms.ni.dll MOD - [2013.01.09 15:17:42 | 007,053,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll MOD - [2013.01.09 15:17:40 | 000,980,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\197761bb3230bf9d4f540305dcf6717c\System.Configuration.ni.dll MOD - [2013.01.09 15:17:39 | 005,618,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll MOD - [2013.01.09 15:17:39 | 003,856,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6133e360071a2fa7ba7deb483816e585\WindowsBase.ni.dll MOD - [2013.01.09 15:17:36 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll MOD - [2013.01.09 15:17:35 | 009,093,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll MOD - [2013.01.09 15:17:28 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll MOD - [2012.09.28 15:42:42 | 000,095,232 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll MOD - [2012.02.17 19:55:35 | 000,166,912 | ---- | M] () -- C:\Tools\Compression\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - [2013.01.19 10:58:53 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.09 22:00:13 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Tools\System\Security\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.09.28 15:42:26 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2012.09.28 02:38:02 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.09.12 15:58:46 | 001,512,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2012.07.17 14:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.26 14:03:36 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Programme\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135) DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.10.15 17:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2012.09.28 03:20:20 | 009,107,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012.09.28 02:12:10 | 000,370,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2012.07.20 13:15:20 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\androidusb.sys -- (androidusb) DRV - [2012.07.01 18:14:50 | 000,044,656 | ---- | M] (Fuzhou Rockchip Electronics Co,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rockusb.sys -- (Rockusb) DRV - [2012.05.14 07:12:28 | 000,086,656 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2012.04.09 10:13:58 | 000,048,256 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.2) DRV - [2012.01.18 14:55:56 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio) DRV - [2012.01.18 14:55:54 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio) DRV - [2011.10.13 12:06:14 | 000,441,608 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM) DRV - [2011.10.13 12:06:14 | 000,277,576 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_Vim.sys -- (Uim_Vim) DRV - [2011.10.13 12:06:14 | 000,045,240 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus) DRV - [2011.07.29 12:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv) DRV - [2011.07.29 12:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2011.06.15 20:09:42 | 000,012,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\ddmdrv.sys -- (ddmdrv) DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010.11.20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010.11.20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.08.25 18:39:00 | 000,013,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\prwntdrv.sys -- (prwntdrv) DRV - [2010.02.18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.13 23:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2009.07.13 23:02:53 | 000,347,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B) DRV - [2009.04.29 23:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86) DRV - [2009.04.29 23:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFilter) DRV - [2007.06.29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD) DRV - [2006.11.22 09:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock) DRV - [2006.11.22 09:01:48 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb) DRV - [2006.11.22 09:01:46 | 000,327,168 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.mocaflix.com/ IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://websearch.mocaflix.com/?l=1&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.mocaflix.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 81 AC 89 5D 24 CD 01 [binary data] IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CT2736476.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultenginename: "WebSearch" FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch" FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://websearch.mocaflix.com/?l=1&q=" FF - prefs.js..browser.search.order.1: "WebSearch" FF - prefs.js..browser.search.order.1,S: S", "WebSearch" FF - prefs.js..browser.search.selectedEngine: "Google Deutschland" FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.4 FF - prefs.js..extensions.enabledAddons: %7BDB9127A2-3381-41ec-82B3-1B6ED4C6F29A%7D:6.0 FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..keyword.URL: "hxxp://websearch.mocaflix.com/?l=1&q=" FF - prefs.js..network.proxy.http: "46.23.64.124" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\Binaries\NPMPDRM.dll ( ) FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Tools\System\Security\Avast\WebRep\FF [2012.11.04 18:31:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Tools\Internet\Firefox\components [2013.01.19 10:58:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Tools\Internet\Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Tools\Internet\Thunderbird\components [2013.01.08 21:19:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Tools\Internet\Thunderbird\plugins [2012.04.27 11:53:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\YuT666\AppData\Roaming\mozilla\Extensions [2013.01.10 21:02:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\YuT666\AppData\Roaming\mozilla\Firefox\Profiles\lt3hkzxi.default\extensions [2013.01.05 09:45:03 | 000,000,000 | ---D | M] (Flashget Downloader Extension) -- C:\Users\YuT666\AppData\Roaming\mozilla\Firefox\Profiles\lt3hkzxi.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} [2012.10.22 22:44:15 | 000,183,174 | ---- | M] () (No name found) -- C:\Users\YuT666\AppData\Roaming\mozilla\firefox\profiles\lt3hkzxi.default\extensions\stealthyextension@gmail.com.xpi [2013.01.10 21:02:06 | 000,347,812 | ---- | M] () (No name found) -- C:\Users\YuT666\AppData\Roaming\mozilla\firefox\profiles\lt3hkzxi.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012.11.23 15:41:44 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\YuT666\AppData\Roaming\mozilla\firefox\profiles\lt3hkzxi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.14 19:09:11 | 000,002,245 | ---- | M] () -- C:\Users\YuT666\AppData\Roaming\mozilla\firefox\profiles\lt3hkzxi.default\searchplugins\ebay-deutschland---kleinanzeigen.xml [2013.01.14 19:09:11 | 000,002,538 | ---- | M] () -- C:\Users\YuT666\AppData\Roaming\mozilla\firefox\profiles\lt3hkzxi.default\searchplugins\ebay-deutschland.xml [2013.01.17 10:38:42 | 000,002,400 | ---- | M] () -- C:\Users\YuT666\AppData\Roaming\mozilla\firefox\profiles\lt3hkzxi.default\searchplugins\google-deutschland.xml [2013.01.14 19:09:11 | 000,002,537 | ---- | M] () -- C:\Users\YuT666\AppData\Roaming\mozilla\firefox\profiles\lt3hkzxi.default\searchplugins\imdb.xml [2013.01.14 19:09:26 | 000,005,524 | ---- | M] () -- C:\Users\YuT666\AppData\Roaming\mozilla\firefox\profiles\lt3hkzxi.default\searchplugins\ofdb---alles.xml [2012.10.03 18:01:20 | 000,003,915 | ---- | M] () -- C:\Users\YuT666\AppData\Roaming\mozilla\firefox\profiles\lt3hkzxi.default\searchplugins\sweetim.xml [2012.11.10 11:52:42 | 000,000,544 | ---- | M] () -- C:\Users\YuT666\AppData\Roaming\mozilla\firefox\profiles\lt3hkzxi.default\searchplugins\WebSearch.xml ========== Chrome ========== CHR - homepage: hxxp://websearch.mocaflix.com/ CHR - Extension: No name found = C:\Users\YuT666\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: No name found = C:\Users\YuT666\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: No name found = C:\Users\YuT666\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\ CHR - Extension: No name found = C:\Users\YuT666\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: No name found = C:\Users\YuT666\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: No name found = C:\Users\YuT666\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: No name found = C:\Users\YuT666\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\ CHR - Extension: No name found = C:\Users\YuT666\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012.11.27 08:54:01 | 000,444,883 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15278 more lines... O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Tools\System\Security\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\YuT666\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll (Trend Media Group) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Tools\System\Security\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [avast] C:\Tools\System\Security\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Download all links by FlashGet3 - C:\Tools\Internet\FlashGet 3\BHO\fdgetallurl.htm () O8 - Extra context menu item: Download all videos by FlashGet3 - C:\Tools\Internet\FlashGet 3\BHO\fdgetallflvurl.htm () O8 - Extra context menu item: Download by FlashGet3 - C:\Tools\Internet\FlashGet 3\BHO\fdgeturl.htm () O8 - Extra context menu item: Download current video by FlashGet3 - C:\Tools\Internet\FlashGet 3\BHO\fdgetflvurl.htm () O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F46241AD-8CDA-4EC4-AF79-543C9AF31643}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBC6EF45-D9DA-4BF3-9D2C-892702771E1D}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.01.19 11:43:35 | 000,000,000 | ---D | C] -- C:\6 [2013.01.19 11:08:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.01.16 10:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSP ISO Compressor [2013.01.11 20:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com [2013.01.11 19:13:58 | 000,000,000 | ---D | C] -- C:\Users\YuT666\AppData\Local\Targem [2013.01.11 19:13:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Games [2013.01.09 21:50:05 | 000,000,000 | ---D | C] -- C:\Users\YuT666\Desktop\PSP [2013.01.09 21:32:10 | 000,000,000 | ---D | C] -- C:\Users\YuT666\Desktop\N64 [2013.01.09 19:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies [2013.01.09 19:13:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\AGEIA [2013.01.09 19:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GearGrinder [2013.01.05 09:43:44 | 000,000,000 | ---D | C] -- C:\Users\YuT666\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlashGet3.7 [2013.01.05 09:43:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashGet3.7 [2013.01.05 09:43:41 | 000,000,000 | ---D | C] -- C:\Users\YuT666\AppData\Roaming\FlashgetSetup [2013.01.05 09:43:41 | 000,000,000 | ---D | C] -- C:\Users\YuT666\AppData\Roaming\BITS [2013.01.05 09:43:37 | 000,000,000 | ---D | C] -- C:\Users\YuT666\AppData\Roaming\FlashGetBHO [2013.01.05 09:43:33 | 000,000,000 | ---D | C] -- C:\Users\YuT666\AppData\Roaming\FlashGet [2013.01.04 20:24:38 | 000,000,000 | ---D | C] -- C:\Users\YuT666\Desktop\PSX [2013.01.04 20:18:06 | 000,000,000 | ---D | C] -- C:\Users\YuT666\PSX [2013.01.02 20:00:20 | 000,000,000 | ---D | C] -- C:\Users\YuT666\Documents\Neuer Ordner [2012.12.31 11:50:20 | 000,000,000 | ---D | C] -- C:\Users\YuT666\Documents\Rockstar Games [2012.12.31 11:21:11 | 000,000,000 | ---D | C] -- C:\Users\YuT666\AppData\Local\Rockstar Games [2012.12.31 10:53:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2012.12.31 10:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games [2012.12.30 16:47:55 | 000,000,000 | ---D | C] -- C:\toolbarImages [2012.12.28 20:24:15 | 000,000,000 | ---D | C] -- C:\Users\YuT666\Desktop\Neuer Ordner [2012.12.28 11:54:23 | 000,000,000 | ---D | C] -- C:\Users\YuT666\AppData\Local\Programs [2012.12.27 19:42:45 | 000,000,000 | R--D | C] -- C:\Users\YuT666\Documents\HP Photo Creations [2012.12.27 19:42:45 | 000,000,000 | ---D | C] -- C:\Users\YuT666\AppData\Roaming\Visan [2012.12.27 19:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan [2012.12.21 21:10:48 | 000,000,000 | ---D | C] -- C:\Users\YuT666\AppData\Local\Fallout3 ========== Files - Modified Within 30 Days ========== [2013.01.19 16:13:41 | 000,000,380 | ---- | M] () -- C:\Windows\System32\secustat.dat [2013.01.19 16:03:45 | 000,001,184 | ---- | M] () -- C:\Windows\System32\secushr.dat [2013.01.19 15:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.19 15:41:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.19 14:57:26 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.19 14:44:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.19 12:17:27 | 000,031,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.19 12:17:27 | 000,031,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.19 11:31:25 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.19 11:31:25 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.19 11:31:25 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.19 11:31:25 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.19 09:12:04 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2013.01.19 09:12:03 | 000,000,408 | -H-- | M] () -- C:\Windows\tasks\OptimizerProUpdaterTask{6263A61B-8152-43AA-91DD-D1FB79FDCCA3}.job [2013.01.18 22:54:47 | 000,001,355 | ---- | M] () -- C:\Users\YuT666\Desktop\XMedia Recode - Verknüpfung.lnk [2013.01.15 08:51:40 | 000,015,249 | ---- | M] () -- C:\Users\YuT666\Desktop\OpenDocument Text (neu).odt [2013.01.11 20:22:39 | 000,000,579 | ---- | M] () -- C:\Users\Public\Desktop\Outcast.lnk [2013.01.11 19:51:22 | 000,021,456 | ---- | M] () -- C:\Users\YuT666\Documents\ESt2012_Nirschl_Thomas.elfo [2013.01.10 08:17:00 | 000,389,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.09 19:13:06 | 000,000,573 | ---- | M] () -- C:\Users\YuT666\Desktop\GearGrinder.lnk [2013.01.07 16:26:51 | 000,158,603 | ---- | M] () -- C:\Users\YuT666\Documents\ESt2011_Nirschl_Thomas.elfo [2013.01.05 09:44:22 | 000,001,446 | ---- | M] () -- C:\Users\YuT666\Desktop\FlashGet.lnk [2013.01.05 09:43:55 | 000,000,025 | ---- | M] () -- C:\Windows\emcore.INI [2013.01.05 09:43:47 | 000,000,945 | ---- | M] () -- C:\Users\YuT666\Desktop\FlashGet3.lnk [2012.12.31 11:53:01 | 000,000,938 | ---- | M] () -- C:\Users\YuT666\Desktop\GTAIV - Verknüpfung.lnk [2012.12.29 20:52:14 | 000,000,549 | ---- | M] () -- C:\Users\YuT666\Desktop\Minecraft (2).lnk [2012.12.28 14:51:00 | 000,001,608 | ---- | M] () -- C:\Users\YuT666\Desktop\Revouninstaller.lnk [2012.12.28 11:54:35 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk ========== Files Created - No Company Name ========== [2013.01.18 22:54:47 | 000,001,355 | ---- | C] () -- C:\Users\YuT666\Desktop\XMedia Recode - Verknüpfung.lnk [2013.01.11 20:22:39 | 000,000,579 | ---- | C] () -- C:\Users\Public\Desktop\Outcast.lnk [2013.01.11 19:51:11 | 000,021,456 | ---- | C] () -- C:\Users\YuT666\Documents\ESt2012_Nirschl_Thomas.elfo [2013.01.09 19:13:06 | 000,000,573 | ---- | C] () -- C:\Users\YuT666\Desktop\GearGrinder.lnk [2013.01.05 10:45:44 | 000,001,184 | ---- | C] () -- C:\Windows\System32\secushr.dat [2013.01.05 09:45:19 | 000,000,380 | ---- | C] () -- C:\Windows\System32\secustat.dat [2013.01.05 09:44:22 | 000,001,446 | ---- | C] () -- C:\Users\YuT666\Desktop\FlashGet.lnk [2013.01.05 09:43:55 | 000,000,025 | ---- | C] () -- C:\Windows\emcore.INI [2013.01.05 09:43:46 | 000,000,945 | ---- | C] () -- C:\Users\YuT666\Desktop\FlashGet3.lnk [2013.01.02 23:08:03 | 000,015,249 | ---- | C] () -- C:\Users\YuT666\Desktop\OpenDocument Text (neu).odt [2012.12.31 11:53:01 | 000,000,938 | ---- | C] () -- C:\Users\YuT666\Desktop\GTAIV - Verknüpfung.lnk [2012.12.29 20:52:14 | 000,000,549 | ---- | C] () -- C:\Users\YuT666\Desktop\Minecraft (2).lnk [2012.12.28 14:51:00 | 000,001,608 | ---- | C] () -- C:\Users\YuT666\Desktop\Revouninstaller.lnk [2012.10.21 14:28:09 | 000,028,672 | ---- | C] () -- C:\Windows\System32\hlduinst.exe [2012.10.21 14:28:08 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE [2012.10.21 14:28:08 | 000,006,836 | ---- | C] () -- C:\Windows\System32\UNWISE.INI [2012.09.28 15:36:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.09.03 18:26:56 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll [2012.08.29 10:28:39 | 000,148,992 | ---- | C] () -- C:\Windows\UNWISE32.EXE [2012.08.26 07:17:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.08.02 12:24:45 | 000,000,000 | ---- | C] () -- C:\Windows\SSCNCSrv.INI [2012.08.02 11:55:34 | 000,000,021 | ---- | C] () -- C:\Windows\CNCLogin.INI [2012.07.28 02:30:54 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012.07.28 02:30:54 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012.07.26 20:16:26 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2012.06.15 15:53:44 | 000,000,212 | ---- | C] () -- C:\Users\YuT666\.swfinfo [2012.05.25 18:11:33 | 002,468,520 | ---- | C] () -- C:\Windows\System32\BootMan.exe [2012.05.25 18:11:33 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe [2012.05.25 18:11:33 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll [2012.05.25 18:11:33 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys [2012.05.25 18:11:32 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys [2012.05.23 16:31:02 | 000,632,252 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2012.05.13 17:30:32 | 000,098,696 | ---- | C] () -- C:\Windows\System32\setupprwdrv03.exe [2012.05.13 17:30:32 | 000,013,704 | ---- | C] () -- C:\Windows\System32\prwntdrv.sys [2012.05.12 22:13:45 | 001,118,648 | ---- | C] () -- C:\Windows\ddmmain.exe [2012.05.12 22:13:45 | 000,012,728 | ---- | C] () -- C:\Windows\System32\ddmdrv.sys [2012.05.12 21:49:36 | 000,922,184 | ---- | C] () -- C:\Windows\System32\pwNative.exe [2012.05.12 21:49:35 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys [2012.05.12 21:49:34 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys [2012.05.11 20:52:51 | 000,003,072 | ---- | C] () -- C:\Users\YuT666\AppData\Local\file__0.localstorage [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2012.04.29 12:18:03 | 000,000,867 | ---- | C] () -- C:\Users\YuT666\.recently-used.xbel [2012.04.29 11:45:12 | 000,000,617 | ---- | C] () -- C:\Users\YuT666\AppData\Roaming\burnaware.ini [2012.04.27 22:40:16 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2012.04.27 20:45:31 | 000,000,362 | ---- | C] () -- C:\Users\YuT666\.jajuk_bootstrap.xml [2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.04.12 02:30:05 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.04.12 02:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.04.12 02:30:05 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.04.12 02:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.04.27 18:33:01 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\.kde [2012.12.30 11:12:47 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\.minecraft [2012.05.26 19:37:04 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\.minecraft_server [2012.06.01 16:26:13 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\Bioshock2 [2013.01.19 16:13:41 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\BITS [2012.09.30 09:43:07 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\CPC Loader [2012.07.26 20:16:24 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\DesktopIconForAmazon [2012.12.02 10:44:12 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\DVDVideoSoft [2012.05.18 18:16:23 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\elsterformular [2012.06.09 14:55:58 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\FFSJ [2013.01.05 12:43:51 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\FlashGet [2013.01.05 09:43:38 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\FlashGetBHO [2013.01.05 09:43:41 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\FlashgetSetup [2012.11.02 12:52:22 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\FreeFLVConverter [2012.06.13 19:37:01 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\GameFly [2012.06.09 19:05:11 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\GetRightToGo [2012.07.08 05:53:32 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\GlarySoft [2012.08.25 18:05:15 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\globalip [2012.04.29 12:18:03 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\gtk-2.0 [2012.04.29 11:58:44 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\ImgBurn [2012.05.03 11:13:03 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\Jaangle [2012.12.01 21:54:07 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\MAXON [2012.08.02 11:56:12 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\NJSTC [2012.05.13 14:19:15 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\OpenOffice.org [2012.04.27 15:55:26 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\PhotoFiltre [2012.10.06 19:41:34 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\ProtectDISC [2012.11.10 11:52:44 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\SendSpace [2012.04.29 11:48:40 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\Software Update [2012.05.04 09:26:04 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\T-Online [2012.04.27 11:58:37 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\Thunderbird [2012.12.02 00:50:18 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\TS3Client [2012.06.23 15:46:13 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\Ubisoft [2012.12.27 19:42:45 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\Visan [2012.12.23 20:16:43 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\XnView [2012.06.01 18:34:42 | 000,000,000 | ---D | M] -- C:\Users\YuT666\AppData\Roaming\ZombieDriver ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.08.25 05:34:24 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.07.14 11:21:10 | 000,000,000 | -H-D | M] -- C:\$WINDOWS.~BT [2013.01.19 11:43:35 | 000,000,000 | ---D | M] -- C:\6 [2012.08.26 07:11:09 | 000,000,000 | ---D | M] -- C:\AMD [2012.04.29 18:55:42 | 000,000,000 | ---D | M] -- C:\archive_db [2012.04.27 11:58:46 | 000,000,000 | -HSD | M] -- C:\Boot [2012.05.13 14:15:34 | 000,000,000 | ---D | M] -- C:\clean [2013.01.19 11:08:48 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.04.27 11:05:57 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2013.01.19 16:03:45 | 000,000,000 | --SD | M] -- C:\Downloads [2012.05.31 07:41:11 | 000,000,000 | ---D | M] -- C:\HbUser [2012.07.31 08:36:20 | 000,000,000 | ---D | M] -- C:\Infotext [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.01.19 10:59:24 | 000,000,000 | R--D | M] -- C:\Program Files [2012.12.28 11:49:45 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.04.27 11:05:57 | 000,000,000 | -HSD | M] -- C:\Programme [2012.04.27 11:05:57 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.01.19 16:16:58 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.10.05 15:39:49 | 000,000,000 | ---D | M] -- C:\T-Online Banking [2012.12.30 16:47:55 | 000,000,000 | ---D | M] -- C:\toolbarImages [2012.08.02 11:52:53 | 000,000,000 | ---D | M] -- C:\Tools [2012.04.27 11:06:08 | 000,000,000 | R--D | M] -- C:\Users [2013.01.09 19:14:01 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 22:29:06 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 05:53:46 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2012.04.27 11:09:01 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2012.04.27 15:19:58 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2012.04.27 15:20:00 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.04.29 11:37:28 | 000,000,336 | ---- | C] () -- C:\Windows\Tasks\GlaryInitialize.job [2012.11.10 11:52:34 | 000,000,408 | -H-- | C] () -- C:\Windows\Tasks\OptimizerProUpdaterTask{6263A61B-8152-43AA-91DD-D1FB79FDCCA3}.job < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2010.11.20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe [2010.11.20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys [2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll < MD5 for: NVSTOR.SYS > [2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys [2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 22:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 22:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe < MD5 for: WINLOGON.EXE > [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Tools\System\Security\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2012.09.28 02:39:14 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\atidemgy.dll [2009.07.14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll < %USERPROFILE%\*.* > [2012.04.27 20:45:32 | 000,000,362 | ---- | M] () -- C:\Users\YuT666\.jajuk_bootstrap.xml [2012.04.29 12:18:03 | 000,000,867 | ---- | M] () -- C:\Users\YuT666\.recently-used.xbel [2012.06.15 15:53:44 | 000,000,212 | ---- | M] () -- C:\Users\YuT666\.swfinfo [2013.01.19 16:16:48 | 007,864,320 | -HS- | M] () -- C:\Users\YuT666\NTUSER.DAT [2013.01.19 16:16:48 | 000,262,144 | -HS- | M] () -- C:\Users\YuT666\ntuser.dat.LOG1 [2012.04.27 11:06:31 | 000,000,000 | -HS- | M] () -- C:\Users\YuT666\ntuser.dat.LOG2 [2012.04.27 11:37:53 | 000,065,536 | -HS- | M] () -- C:\Users\YuT666\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2012.04.27 11:37:53 | 000,524,288 | -HS- | M] () -- C:\Users\YuT666\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2012.04.27 11:37:53 | 000,524,288 | -HS- | M] () -- C:\Users\YuT666\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2013.01.06 00:04:01 | 000,065,536 | -HS- | M] () -- C:\Users\YuT666\NTUSER.DAT{7ce805f6-5735-11e2-bd37-001f1f746886}.TM.blf [2013.01.06 00:04:01 | 000,524,288 | -HS- | M] () -- C:\Users\YuT666\NTUSER.DAT{7ce805f6-5735-11e2-bd37-001f1f746886}.TMContainer00000000000000000001.regtrans-ms [2013.01.06 00:04:01 | 000,524,288 | -HS- | M] () -- C:\Users\YuT666\NTUSER.DAT{7ce805f6-5735-11e2-bd37-001f1f746886}.TMContainer00000000000000000002.regtrans-ms [2012.04.27 11:06:31 | 000,000,020 | -HS- | M] () -- C:\Users\YuT666\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:373E1720 < End of report > Code:
ATTFilter OTL Extras logfile created on: 19.01.2013 14:51:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\YuT666\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 54,13% Memory free 6,50 Gb Paging File | 4,89 Gb Available in Paging File | 75,34% Paging File free Paging file location(s): i:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 60,00 Gb Total Space | 10,51 Gb Free Space | 17,51% Space Free | Partition Type: NTFS Drive D: | 177,87 Gb Total Space | 18,18 Gb Free Space | 10,22% Space Free | Partition Type: NTFS Drive E: | 227,88 Gb Total Space | 19,60 Gb Free Space | 8,60% Space Free | Partition Type: NTFS Drive F: | 170,01 Gb Total Space | 74,33 Gb Free Space | 43,72% Space Free | Partition Type: NTFS Drive G: | 200,00 Gb Total Space | 112,07 Gb Free Space | 56,04% Space Free | Partition Type: NTFS Drive H: | 65,76 Gb Total Space | 65,54 Gb Free Space | 99,67% Space Free | Partition Type: NTFS Drive I: | 29,99 Gb Total Space | 26,62 Gb Free Space | 88,75% Space Free | Partition Type: NTFS Drive O: | 1,86 Gb Total Space | 1,61 Gb Free Space | 86,22% Space Free | Partition Type: FAT32 Computer Name: YUT666-PC | User Name: YuT666 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [TNCremo] -- C:\Tools\CNC\TNCremo\TNCremoNT.exe -w "%1" (DR. JOHANNES HEIDENHAIN GmbH) Directory [TNCserver] -- C:\Tools\CNC\TNCremo\TNCserver.exe "%1" (DR. JOHANNES HEIDENHAIN GmbH) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Tools\Internet\FlashGet 3\FlashGet3.exe" = C:\Tools\Internet\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{17050D8F-8942-4893-849D-8918FF7BDA7A}" = lport=445 | protocol=6 | dir=in | app=system | "{1941F0FC-B24A-4E97-A5C3-C0823777B919}" = lport=2869 | protocol=6 | dir=in | app=system | "{2E2C8541-2F12-4469-812C-0870BDD806A1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{47A81665-1336-4B93-85E9-4C607A6F68CB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4F25FF83-4867-4215-B4F7-4B1AC4C37BC0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{500A4944-0B61-4A0D-A5CB-3CD1A58BD2DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{50A93EF8-7318-449F-8AF1-2B6291369B33}" = rport=139 | protocol=6 | dir=out | app=system | "{6712B8C2-EC46-4766-A106-AB182C5922CC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{77BC10D9-8A26-498E-96D3-C767D794A8D2}" = lport=139 | protocol=6 | dir=in | app=system | "{7C48D365-4A98-442A-8C2A-7DDFAC81CFAD}" = rport=10243 | protocol=6 | dir=out | app=system | "{7C9501BC-3B1A-4BFF-A16D-D22E99810663}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{82BE3E49-9939-4B06-B477-EB8070D876E6}" = rport=137 | protocol=17 | dir=out | app=system | "{8F9F594A-9DCA-4A82-B878-39753F37D7A7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{957E5C50-36D4-47C7-9A61-8BA9B7CE4C39}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A640F20A-608E-4FCC-A168-A790F3ED8095}" = rport=445 | protocol=6 | dir=out | app=system | "{A95D8C2C-3D11-476E-8924-8653D75E83CB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{BB3CA46A-A76B-43D2-9416-141189FE075E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BDD952C2-5077-43E7-ACCD-BEDEF458A3E5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C2F52610-6BB9-46E0-AC79-AC0752DA7A95}" = lport=137 | protocol=17 | dir=in | app=system | "{C6B24557-4C00-43B3-BF18-8B8BC9830486}" = lport=138 | protocol=17 | dir=in | app=system | "{E64AE0C8-E227-4BC4-90DC-6EFF7B43B826}" = rport=138 | protocol=17 | dir=out | app=system | "{EA018113-4995-47AB-BABA-E97187C9F313}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EF942EC5-764B-4432-81D0-5F18A9F00D38}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F4EC4266-1E83-4F78-AF0C-D2B9A93A6FFF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F7478F5F-463F-4A46-AE05-CA0D92DC832C}" = lport=10243 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{050B066A-032F-4B63-B1BC-4FF527B9FF4D}" = protocol=6 | dir=in | app=f:\grand theft auto iv\gtaiv.exe | "{0780131C-5E89-4346-AEF8-63520A15E0C9}" = protocol=17 | dir=in | app=f:\anno 2070\autopatcher.exe | "{0BA3C067-E8C6-4756-BE4C-B38441E8C788}" = protocol=6 | dir=in | app=f:\crysis\bin32\crysis.exe | "{0C319DD3-7235-42E3-AFCF-6975B90D3237}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\mafia ii\pc\mafia2.exe | "{0E24332B-0F54-4BC5-B54A-602E2B39015F}" = protocol=6 | dir=in | app=f:\grand theft auto iv\launchgtaiv.exe | "{0F4F8CBD-FEF4-4EDF-8941-DF26854144F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{11D627EB-AE8B-40A9-987B-62318F122BCE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{138256F6-8271-4735-8962-BB371FD01410}" = protocol=6 | dir=in | app=f:\anno 2070\autopatcher.exe | "{173182FA-2A90-4A56-BD01-F2C17756788D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{1A1EDDF1-6613-4C1E-BB56-75F6ACBA65A0}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\flatout ultimate carnage\launcher.exe | "{1B296A30-7097-4F92-9DAD-FD76C2FC4924}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\duke nukem forever\system\dukeforever.exe | "{1E0C5BB5-10F8-4C67-8324-7CB2E01FA0C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{202CBF28-8DA9-41E4-8924-1E5308A91ED9}" = protocol=6 | dir=in | app=f:\stronghold legends\strongholdlegends.exe | "{222EBA8A-0435-4701-8756-47E8FB5531B7}" = protocol=6 | dir=out | app=system | "{236031B9-C809-41A9-9355-6DDCFCEB5A47}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{24024999-1BC0-45FC-B8AD-D86ABAFFD472}" = protocol=6 | dir=in | app=f:\anno 2070\initengine.exe | "{2696187F-4BE6-4CA3-BED7-F290FB795D59}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\aliens versus predator classic\avp_classic.exe | "{2977D3DB-25EA-4438-9FB3-DF9266FFA4AE}" = protocol=17 | dir=in | app=f:\bioshock 2\sp\builds\binaries\bioshock2.exe | "{29DAF31D-3AEE-447B-88EE-36C706B8AC90}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | "{2B0506F9-A28E-437A-964E-DEBDF1AAFB69}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\aliens versus predator classic\avp_classic.exe | "{2FE555E4-5E0D-45A5-A017-0DC2AD317E4D}" = protocol=17 | dir=in | app=f:\bioshock 2\mp\builds\binaries\bioshock2.exe | "{38963E3E-6BA0-4696-8627-B3E3788AF9FA}" = protocol=17 | dir=in | app=f:\anno 2070\initengine.exe | "{39A49FBF-0270-4A9F-AB96-63FCA3CC6771}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{39F7326D-CFCC-4E2A-8B4E-F7AF4CC39AD8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3CD69AD2-DA24-4E11-9439-9A23CBFA804D}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\duke nukem forever\system\dukeforever.exe | "{43DE5A73-6B1F-43C1-B777-92007ED7103A}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{4625E41E-6ECB-49DB-9F4F-8E12D1FC52C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{479D38D8-BC4F-404B-947D-F7EB4DBCF701}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | "{48964CFE-B774-4DC0-85BB-70FCBCC814C7}" = protocol=6 | dir=in | app=f:\anno 2070\anno5.exe | "{4AA3F194-DE8B-4BC1-B5D1-C9A519A1F82F}" = protocol=6 | dir=in | app=f:\bioshock 2\sp\builds\binaries\bioshock2.exe | "{4B505131-5E58-40BC-BE83-089BC8AE8EC3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{4B89AB06-F6F0-4DC7-A197-EB3CC8FF6CF2}" = protocol=6 | dir=in | app=f:\tom clancy's h.a.w.x\hawx.exe | "{4EB3C91A-03B4-4D43-8B11-81E258FF0AD9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{52396B40-E58B-4A8F-BFD6-3E104E601D5D}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\flatout ultimate carnage\launcher.exe | "{5DEEC7E9-A94D-422C-BB90-9173F703417D}" = protocol=17 | dir=in | app=f:\anno 2070\anno5.exe | "{62F6C6A4-6C66-4FD4-9B44-4D93222376AE}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\fallout 3 goty\falloutlauncher.exe | "{66659ACF-762D-4876-BC14-A625F2A85F42}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | "{6B53B46E-000F-42D4-A8AF-0E76E9E23E5E}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\duke nukem forever\system\dukeforever.exe | "{719CFA65-CA7D-4E50-B193-1BDE5CD352D5}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\stalker clear sky\bin\xrengine.exe | "{8F9E9345-0DEA-4CA1-ADCA-95089B0F6863}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\post apocalyptic mayhem\pammaingame.exe | "{90A525E3-D223-4328-9D43-397071B8C9D6}" = dir=in | app=c:\users\yut666\appdata\local\microsoft\skydrive\skydrive.exe | "{923AD8E3-4516-4B00-88D3-740DDF44EEAE}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | "{95D2B8EF-5638-471E-8A82-2F9E8A57B574}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | "{95E860E6-1042-4721-9566-2498664E4E33}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{9668EE34-1178-421A-BD54-2C72FC6BA3E6}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{9A39FD85-A3D1-4752-93BE-B008CF1234E9}" = protocol=17 | dir=in | app=f:\tom clancy's h.a.w.x\hawx.exe | "{9D8683CD-F632-4C72-AD2D-34763EF87210}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | "{A1C02604-11B4-4747-88C5-05C52BF5B283}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{A2961EAB-15AE-4705-9D7B-831EFF7F471A}" = protocol=17 | dir=in | app=f:\stronghold legends\strongholdlegends.exe | "{A81580BC-D09F-4414-9764-2B3252DF4DD8}" = protocol=6 | dir=in | app=f:\crysis\bin32\crysisdedicatedserver.exe | "{AA2BAEAB-5D3C-4119-A683-66A9EA8A4EAB}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | "{ABAE9F60-B197-44A3-8A99-9E1A7B51B6EE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{AEC7CB68-3F45-4CCF-A3D3-7F9025128F4D}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\mafia ii\pc\mafia2.exe | "{B84F61D0-DBF2-4091-B0A3-649028BA02E7}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\alien swarm\swarm.exe | "{C4408D79-33D6-4183-BA21-F0AD3E27548D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C4F76B44-10F5-4B6B-94DF-CF8F357C8C42}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\post apocalyptic mayhem\pammaingame.exe | "{CA9A2041-96AF-4AAE-A313-DD0C65C24FFF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{CE0F719B-F14A-4972-BC53-409114D6B0EC}" = protocol=6 | dir=in | app=f:\tom clancy's h.a.w.x\hawx_dx10.exe | "{D1B7D94C-4897-46DD-9B38-29423EB2F60A}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\alien swarm\swarm.exe | "{D3980980-D4AC-466C-969C-452D155F471D}" = protocol=17 | dir=in | app=f:\tom clancy's h.a.w.x\hawx_dx10.exe | "{D51BA1B3-F450-4C9D-B468-6F9A6553F51B}" = protocol=6 | dir=in | app=f:\bioshock 2\mp\builds\binaries\bioshock2.exe | "{DB147C95-6BA3-427A-9A10-9764D749E42E}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{E02B660F-2CEB-40D1-BA8D-D63EECA7CD86}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\duke nukem forever\system\dukeforever.exe | "{E08F48A3-6CF1-4E40-A44E-6CBA8191AEB7}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\stalker clear sky\bin\xrengine.exe | "{E35529F0-C94A-4732-8611-F845AD7E09EE}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | "{EA4A4CDE-6E43-4CDB-9938-4C5065B2B4C6}" = protocol=17 | dir=in | app=f:\crysis\bin32\crysisdedicatedserver.exe | "{F18D08A7-D2F4-4484-A0FF-FAF9D4E991F8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{F27CEBB2-D90E-42C3-9057-59F506F8536A}" = protocol=17 | dir=in | app=f:\grand theft auto iv\gtaiv.exe | "{F2E7E1F5-6F9D-41A7-AB2D-66125F4057DF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F3AD664F-02D1-41F1-B56E-3003722581F3}" = protocol=17 | dir=in | app=f:\crysis\bin32\crysis.exe | "{F47302E3-267A-43A9-B1C1-C8944C6701B7}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\fallout 3 goty\falloutlauncher.exe | "{F59C56BD-FA01-476F-A88E-0D9AB3306D32}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FA1192DE-B448-4326-A055-08173783D14A}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{FD5AE02E-2352-4E24-8F3C-A75A1CBA8856}" = protocol=17 | dir=in | app=f:\grand theft auto iv\launchgtaiv.exe | "TCP Query User{0058429A-D71C-4DB8-9B23-2AFBA358767D}C:\tools\cnc\itnc530\sys\bin\ext.exe" = protocol=6 | dir=in | app=c:\tools\cnc\itnc530\sys\bin\ext.exe | "TCP Query User{08208DF5-DD90-436E-B4E2-3AAA85FE0A7F}C:\tools\cnc\itnc530\sys\bin\regel.exe" = protocol=6 | dir=in | app=c:\tools\cnc\itnc530\sys\bin\regel.exe | "TCP Query User{0EF63B95-CB01-4C06-9366-4C5543745113}F:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=f:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | "TCP Query User{0FF1ECF2-DA12-4EE2-B7E7-E783FF497580}C:\tools\internet\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\tools\internet\flashget 3\flashget3.exe | "TCP Query User{13ED96AE-EE6E-405A-ADE5-EE1C800AB5C0}F:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=f:\tmnationsforever\tmforever.exe | "TCP Query User{218894DC-5709-4652-BB48-D60EA250E1BE}C:\tools\cnc\itnc530\sys\bin\geo.exe" = protocol=6 | dir=in | app=c:\tools\cnc\itnc530\sys\bin\geo.exe | "TCP Query User{43EB4DBA-289D-4C30-A2AF-F25011319EBD}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{5315171F-927A-430B-92F4-D2DEEFEC60A2}C:\users\yut666\downloads\nanortmp\nanortmp\rtmpexplorer2\rtmpsuck.exe" = protocol=6 | dir=in | app=c:\users\yut666\downloads\nanortmp\nanortmp\rtmpexplorer2\rtmpsuck.exe | "TCP Query User{57B690B0-3671-440A-A4DB-185E710653B5}C:\tools\cnc\sscnc\server\sshttp.exe" = protocol=6 | dir=in | app=c:\tools\cnc\sscnc\server\sshttp.exe | "TCP Query User{58220C87-B887-4B46-B6FA-F5451F5ABB70}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "TCP Query User{7B3202E5-3125-4E1F-9BE2-BFCA697AC894}C:\tools\cnc\sscnc\server\sscncsrv.exe" = protocol=6 | dir=in | app=c:\tools\cnc\sscnc\server\sscncsrv.exe | "TCP Query User{9DFB57EC-D127-4F74-ADEB-57A73176D068}C:\tools\cnc\itnc530\xwin\bin\xwin.exe" = protocol=6 | dir=in | app=c:\tools\cnc\itnc530\xwin\bin\xwin.exe | "TCP Query User{9FED7081-F215-4B09-8A05-E88C6FCBD1B1}C:\Program Files\Java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | "TCP Query User{AB658A23-8000-4C0C-841C-17B5C227DA01}C:\tools\internet\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\tools\internet\flashget 3\flashget3.exe | "TCP Query User{B1E268A1-557E-4754-A11E-C087523A0A76}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{C4742F8B-22BD-42EB-B445-E01186BA0DF4}C:\tools\cnc\itnc530\sys\bin\plc.exe" = protocol=6 | dir=in | app=c:\tools\cnc\itnc530\sys\bin\plc.exe | "TCP Query User{E46E9F29-97B6-4C24-BCCD-79AA2FF20201}C:\users\yut666\downloads\nanortmp\nanortmp\rtmpexplorer2\rtmpsrv.exe" = protocol=6 | dir=in | app=c:\users\yut666\downloads\nanortmp\nanortmp\rtmpexplorer2\rtmpsrv.exe | "TCP Query User{EA8783B8-4389-4D15-8B44-EEEFE2372861}G:\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe" = protocol=6 | dir=in | app=g:\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe | "TCP Query User{F69E1B6C-E8AF-4789-822B-989CAED50FBB}C:\tools\cnc\sscnc\server\ssftp.exe" = protocol=6 | dir=in | app=c:\tools\cnc\sscnc\server\ssftp.exe | "UDP Query User{0F1CA0E2-BF82-4D50-B8BC-958CF17A7656}F:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=f:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | "UDP Query User{1C3C90DB-7FF6-4B11-B6F6-160F87080740}C:\tools\cnc\itnc530\sys\bin\plc.exe" = protocol=17 | dir=in | app=c:\tools\cnc\itnc530\sys\bin\plc.exe | "UDP Query User{1C4AF434-8AF7-40EA-9E11-4EB1BFB5515D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{37D6ECD9-827E-4A5B-866A-3FD15AD35688}C:\Program Files\Java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | "UDP Query User{4D098172-9BCB-4EE5-8E95-57A494C7165B}C:\tools\cnc\itnc530\xwin\bin\xwin.exe" = protocol=17 | dir=in | app=c:\tools\cnc\itnc530\xwin\bin\xwin.exe | "UDP Query User{5D6FABEE-58F9-4437-9803-3FAAC8DC4FEF}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{60307A55-2738-4B3C-A59A-4EC3EA9843A1}C:\tools\cnc\sscnc\server\sscncsrv.exe" = protocol=17 | dir=in | app=c:\tools\cnc\sscnc\server\sscncsrv.exe | "UDP Query User{84F3A718-CA3D-40D0-9680-2044F8589814}C:\tools\cnc\sscnc\server\ssftp.exe" = protocol=17 | dir=in | app=c:\tools\cnc\sscnc\server\ssftp.exe | "UDP Query User{986FF2A7-9D37-4E1E-B558-2380509B90C8}C:\tools\internet\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\tools\internet\flashget 3\flashget3.exe | "UDP Query User{A5DACD91-5EBD-48FA-A28D-E86037BF4A49}C:\tools\cnc\sscnc\server\sshttp.exe" = protocol=17 | dir=in | app=c:\tools\cnc\sscnc\server\sshttp.exe | "UDP Query User{B6283601-60B7-413D-98DA-F95AC636D4D4}C:\tools\cnc\itnc530\sys\bin\ext.exe" = protocol=17 | dir=in | app=c:\tools\cnc\itnc530\sys\bin\ext.exe | "UDP Query User{C6376DCC-D1BA-47F2-A8E6-BEAD79F0851D}C:\users\yut666\downloads\nanortmp\nanortmp\rtmpexplorer2\rtmpsuck.exe" = protocol=17 | dir=in | app=c:\users\yut666\downloads\nanortmp\nanortmp\rtmpexplorer2\rtmpsuck.exe | "UDP Query User{C7A2C5FA-5061-45C8-990E-BC872174E614}C:\tools\cnc\itnc530\sys\bin\geo.exe" = protocol=17 | dir=in | app=c:\tools\cnc\itnc530\sys\bin\geo.exe | "UDP Query User{CB929F9D-8510-4672-A778-2953205C1D19}G:\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe" = protocol=17 | dir=in | app=g:\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe | "UDP Query User{D4A7D45E-79AC-41B5-A111-A3CDC1314936}C:\tools\internet\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\tools\internet\flashget 3\flashget3.exe | "UDP Query User{E021CC2B-89CE-4A97-93EC-22C63B5F1DC8}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | "UDP Query User{E2BDC2E8-D531-4827-8FE6-58AE118CB09A}C:\tools\cnc\itnc530\sys\bin\regel.exe" = protocol=17 | dir=in | app=c:\tools\cnc\itnc530\sys\bin\regel.exe | "UDP Query User{E90B6AEC-A1F9-41A5-9737-716338EB00CD}C:\users\yut666\downloads\nanortmp\nanortmp\rtmpexplorer2\rtmpsrv.exe" = protocol=17 | dir=in | app=c:\users\yut666\downloads\nanortmp\nanortmp\rtmpexplorer2\rtmpsrv.exe | "UDP Query User{EB77801D-5194-48B8-AAA6-473CC79B9DA6}F:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=f:\tmnationsforever\tmforever.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R) "{00277C92-28A4-4A4F-828C-3C7C15732E9E}" = Banking "{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club "{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian "{1B947146-366B-42CD-86D5-219993CE3EE2}" = Windows Live MIME IFilter "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11 "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth "{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery "{34A153FE-6926-4C14-B48A-B71E68C672A8}_is1" = MiniTool Partition Wizard Home Edition 7.1 "{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer "{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{430912D2-51D8-1CB9-3B38-79D570F034DC}" = AMD Accelerated Video Transcoding "{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11 "{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy "{4926AA2D-3C66-443D-A456-53AE3FA44144}" = Windows Live Family Safety "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2 "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform "{4E31D9A6-245B-41A6-949D-C7B029A703D2}" = iTNC530 (340494) "{4F6B6582-B9F6-42B2-AAFC-48E097D07837}_is1" = Aurora 3D Text & Logo Maker version 11.12.22 "{5285F904-1577-5F06-FF04-4FA4EBA52966}" = AMD Media Foundation Decoders "{5454085C-129F-416C-9C0B-8B1000058301}" = BioShock 2 "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English "{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends "{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X "{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German "{74852D78-260B-0612-89EE-D414414CFF60}" = GameFly "{759E97EC-9E3D-4F55-C321-7819C93F0887}" = ccc-utility "{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese "{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant "{832BB2A2-F100-4CFE-8D8B-C1A143B8B6B6}_is1" = Condemned - Criminal Origins "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety "{86095E92-1959-8364-920E-82E81F64F8FB}" = AMD VISION Engine Control Center "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources "{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech "{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish "{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish "{97A8C4B4-2B50-42D1-AFE6-5E8433185436}_is1" = Cryostasis (Remove Only) "{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer "{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AD6518A-539D-8E0D-2C72-E51A62978096}" = AMD Drag and Drop Transcoding "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime "{A2EAE643-8804-9420-5DBE-2752D6957964}" = AMD Catalyst Install Manager "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A64240FF-9C31-4858-AE9D-65483C5DE63A}" = Living Hell Light "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese "{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard "{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070 "{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All "{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack "{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish "{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common "{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai "{D0D7FF19-F218-4783-B79F-01CD1EF19900}" = VPNAutoconnect "{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer "{D344E559-FA0B-44EC-AAD5-1BD6D464C5E2}" = TNCremo "{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean "{D47087E7-AA15-4D1D-8C0A-60F7E446D597}" = PSP ISO Compressor "{DEDF2885-0086-4534-9912-F9B97377ED07}" = AGEIA GAME System Software "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish "{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1 "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EE74D039-45D7-44E9-BF95-B9CFB015964F_P1Sec}_is1" = ArcaniA - Gothic 4 Patch "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger "{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish "{FA042EF2-5103-2F7E-C313-976C6F761EBE}" = AMD Fuel "{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171 "{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "5513-1208-7298-9440" = JDownloader 0.9 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Aomei Dynamic Disk Manager Home Edition_is1" = Aomei Dynamic Disk Manager Home Edition "ArcaniA" = ArcaniA - Gothic 4 "avast" = avast! Free Antivirus "Burn4Free DVD Burning_is1" = Burn4Free DVD Burning 6.0.0.0 "BurnAware Free_is1" = BurnAware Free 4.8 "CdCoverCreator" = CdCoverCreator 2.5.3 "DATAPILOT 4110 V642" = DataPilot 4110 (362834-05) "DesktopIconAmazon" = Desktop Icon für Amazon "EaseUS Partition Master Home Edition_is1" = EaseUS Partition Master 9.1.1 Home Edition "EASEUS Partition Recovery_is1" = EASEUS Partition Recovery 5.0.1 "ElsterFormular" = ElsterFormular "ESET Online Scanner" = ESET Online Scanner v3 "FlashGet3.7" = FlashGet3.7 "Free Audio Converter_is1" = Free Audio Converter version 5.0.20.1031 "Free FLV Converter_is1" = Free FLV Converter V 7.5.0 "GameFly" = GameFly "GearGrinder_is1" = GearGrinder "Glary Utilities_is1" = Glary Utilities 2.47.0.1539 "Google Chrome" = Google Chrome "Hardlock Gerätetreiber" = Hardlock Gerätetreiber "HD Tune_is1" = HD Tune 2.55 "HDD Capacity Restore_is1" = HDD Capacity Restore 1.2 "ImgBurn" = ImgBurn "Jaangle music management" = Jaangle music management "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de) "Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "OpenAL" = OpenAL "Outcast_is1" = Outcast "Recuva" = Recuva "Software Update" = Software Update 1.2.0.172 "Steam App 12360" = FlatOut: Ultimate Carnage "Steam App 20510" = S.T.A.L.K.E.R.: Clear Sky "Steam App 22370" = Fallout 3 - Game of the Year Edition "Steam App 22380" = Fallout: New Vegas "Steam App 50130" = Mafia II "Steam App 550" = Left 4 Dead 2 "Steam App 564" = Left 4 Dead 2 Add-on Support "Steam App 57900" = Duke Nukem Forever "Swansoft CNC Simulator" = Swansoft CNC Simulator 6.8.0.1 "TeamSpeak 3 Client" = TeamSpeak 3 Client "TmNationsForever_is1" = TmNationsForever "UnderCoverXP_is1" = UnderCoverXP 1.23 "Unigine Heaven DX11 Benchmark (Basic Edition)_is1" = Heaven DX11 Benchmark version 3.0 "Wildlife Park 3_is1" = Wildlife Park 3 v1.09 "WinGimp-2.0_is1" = GIMP 2.6.12-2 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.11 (32-Bit) "Zombie Driver" = Zombie Driver 1.2.2 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Living Hell Light" = Living Hell Light "PhotoFiltre" = PhotoFiltre "SkyDriveSetup.exe" = Microsoft SkyDrive ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 15.01.2013 11:38:33 | Computer Name = YuT666-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1131, Zeitstempel: 0x5064ffa2 Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1131, Zeitstempel: 0x5064ffa2 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000181fa ID des fehlerhaften Prozesses: 0x111c Startzeit der fehlerhaften Anwendung: 0x01cdf3365f995533 Pfad der fehlerhaften Anwendung: C:\Windows\system32\atieclxx.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\atieclxx.exe Berichtskennung: 9e38ac6f-5f29-11e2-954d-d33f135cc3c8 Error - 16.01.2013 03:41:02 | Computer Name = YuT666-PC | Source = WinMgmt | ID = 10 Description = Error - 17.01.2013 05:35:05 | Computer Name = YuT666-PC | Source = WinMgmt | ID = 10 Description = Error - 17.01.2013 08:36:23 | Computer Name = YuT666-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Tools\System\Security\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\Tools\System\Security\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 18.01.2013 03:01:24 | Computer Name = YuT666-PC | Source = WinMgmt | ID = 10 Description = Error - 18.01.2013 04:33:23 | Computer Name = YuT666-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Tools\System\Security\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\Tools\System\Security\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 18.01.2013 07:08:06 | Computer Name = YuT666-PC | Source = WinMgmt | ID = 10 Description = Error - 18.01.2013 13:21:01 | Computer Name = YuT666-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Banking.exe, Version: 6.9.3.3, Zeitstempel: 0x4f86ba74 Name des fehlerhaften Moduls: HAUPTA~1.OCX, Version: 6.9.3.2, Zeitstempel: 0x4f46317d Ausnahmecode: 0xc0000005 Fehleroffset: 0x000067fa ID des fehlerhaften Prozesses: 0x16a0 Startzeit der fehlerhaften Anwendung: 0x01cdf5a0205e9483 Pfad der fehlerhaften Anwendung: C:\Tools\Office\T-Online Banking\Banking.exe Pfad des fehlerhaften Moduls: C:\Tools\Office\T-ONLI~1\HAUPTA~1.OCX Berichtskennung: 6db60e0e-6193-11e2-8c06-f635a10d71f8 Error - 19.01.2013 04:13:43 | Computer Name = YuT666-PC | Source = WinMgmt | ID = 10 Description = Error - 19.01.2013 06:08:32 | Computer Name = YuT666-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457, Zeitstempel: 0x50a2f9e3 Name des fehlerhaften Moduls: aswWebRepIE.dll, Version: 7.0.1474.765, Zeitstempel: 0x50905939 Ausnahmecode: 0x40000015 Fehleroffset: 0x0001b14c ID des fehlerhaften Prozesses: 0xaa4 Startzeit der fehlerhaften Anwendung: 0x01cdf62cec9f5c30 Pfad der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Tools\System\Security\Avast\aswWebRepIE.dll Berichtskennung: 2d40dca7-6220-11e2-825e-bb03081995f7 [ System Events ] Error - 16.09.2012 11:59:50 | Computer Name = YuT666-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 19.09.2012 01:35:25 | Computer Name = YuT666-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 22.09.2012 02:35:22 | Computer Name = YuT666-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 23.09.2012 02:23:17 | Computer Name = YuT666-PC | Source = DCOM | ID = 10010 Description = Error - 25.09.2012 12:41:10 | Computer Name = YuT666-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 27.09.2012 04:29:20 | Computer Name = YuT666-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 30.09.2012 09:48:49 | Computer Name = YuT666-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 02.10.2012 05:24:57 | Computer Name = YuT666-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 03.10.2012 05:37:36 | Computer Name = YuT666-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 04.10.2012 03:19:26 | Computer Name = YuT666-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. < End of report > |
19.01.2013, 16:33 | #4 |
/// Malware-holic | SweetIM & Websearch.mocaflix ... Hi, download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
19.01.2013, 16:43 | #5 |
| SweetIM & Websearch.mocaflix ...Code:
ATTFilter 16:41:42.0041 1680 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 16:41:42.0415 1680 ============================================================ 16:41:42.0415 1680 Current date / time: 2013/01/19 16:41:42.0415 16:41:42.0415 1680 SystemInfo: 16:41:42.0415 1680 16:41:42.0415 1680 OS Version: 6.1.7601 ServicePack: 1.0 16:41:42.0415 1680 Product type: Workstation 16:41:42.0415 1680 ComputerName: YUT666-PC 16:41:42.0415 1680 UserName: YuT666 16:41:42.0415 1680 Windows directory: C:\Windows 16:41:42.0415 1680 System windows directory: C:\Windows 16:41:42.0415 1680 Processor architecture: Intel x86 16:41:42.0415 1680 Number of processors: 4 16:41:42.0415 1680 Page size: 0x1000 16:41:42.0415 1680 Boot type: Normal boot 16:41:42.0415 1680 ============================================================ 16:41:43.0632 1680 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 16:41:43.0647 1680 Drive \Device\Harddisk1\DR1 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 16:41:43.0663 1680 ============================================================ 16:41:43.0663 1680 \Device\Harddisk0\DR0: 16:41:43.0663 1680 MBR partitions: 16:41:43.0663 1680 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7801F1A 16:41:43.0679 1680 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7801F98, BlocksNum 0x163BF975 16:41:43.0694 1680 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1DBC194C, BlocksNum 0x1C7C32F5 16:41:43.0694 1680 \Device\Harddisk1\DR1: 16:41:43.0694 1680 MBR partitions: 16:41:43.0694 1680 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3BFB14C 16:41:43.0694 1680 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x3BFF048, BlocksNum 0x15403975 16:41:43.0710 1680 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x190029FC, BlocksNum 0x18FFEABD 16:41:43.0725 1680 \Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x320014F8, BlocksNum 0x8383749 16:41:43.0725 1680 ============================================================ 16:41:43.0725 1680 C: <-> \Device\Harddisk0\DR0\Partition1 16:41:43.0757 1680 D: <-> \Device\Harddisk0\DR0\Partition2 16:41:43.0788 1680 E: <-> \Device\Harddisk0\DR0\Partition3 16:41:43.0788 1680 G: <-> \Device\Harddisk1\DR1\Partition3 16:41:43.0819 1680 H: <-> \Device\Harddisk1\DR1\Partition4 16:41:43.0850 1680 F: <-> \Device\Harddisk1\DR1\Partition2 16:41:43.0866 1680 I: <-> \Device\Harddisk1\DR1\Partition1 16:41:43.0866 1680 ============================================================ 16:41:43.0866 1680 Initialize success 16:41:43.0866 1680 ============================================================ 16:42:14.0395 1772 ============================================================ 16:42:14.0395 1772 Scan started 16:42:14.0395 1772 Mode: Manual; SigCheck; TDLFS; 16:42:14.0395 1772 ============================================================ 16:42:15.0128 1772 ================ Scan system memory ======================== 16:42:15.0128 1772 System memory - ok 16:42:15.0128 1772 ================ Scan services ============================= 16:42:15.0269 1772 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 16:42:15.0393 1772 1394ohci - ok 16:42:15.0409 1772 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys 16:42:15.0425 1772 ACPI - ok 16:42:15.0440 1772 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 16:42:15.0471 1772 AcpiPmi - ok 16:42:15.0518 1772 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 16:42:15.0549 1772 AdobeFlashPlayerUpdateSvc - ok 16:42:15.0581 1772 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 16:42:15.0596 1772 adp94xx - ok 16:42:15.0612 1772 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys 16:42:15.0627 1772 adpahci - ok 16:42:15.0643 1772 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 16:42:15.0659 1772 adpu320 - ok 16:42:15.0690 1772 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 16:42:15.0721 1772 AeLookupSvc - ok 16:42:15.0768 1772 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys 16:42:15.0815 1772 AFD - ok 16:42:15.0830 1772 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys 16:42:15.0861 1772 agp440 - ok 16:42:15.0877 1772 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys 16:42:15.0893 1772 aic78xx - ok 16:42:15.0939 1772 [ 3F9F42085AB5B6A55498A539C54575AB ] akshasp C:\Windows\system32\DRIVERS\akshasp.sys 16:42:15.0971 1772 akshasp - ok 16:42:16.0002 1772 [ D2B95315CC47F9230006FDBCBA394D8D ] aksusb C:\Windows\system32\DRIVERS\aksusb.sys 16:42:16.0033 1772 aksusb - ok 16:42:16.0064 1772 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe 16:42:16.0095 1772 ALG - ok 16:42:16.0111 1772 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys 16:42:16.0142 1772 aliide - ok 16:42:16.0189 1772 [ E608D708EFE1F8AE7160DB7C0DE4D8E6 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 16:42:16.0236 1772 AMD External Events Utility - ok 16:42:16.0329 1772 AMD FUEL Service - ok 16:42:16.0345 1772 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys 16:42:16.0361 1772 amdagp - ok 16:42:16.0376 1772 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys 16:42:16.0392 1772 amdide - ok 16:42:16.0423 1772 [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86 C:\Windows\system32\DRIVERS\amdiox86.sys 16:42:16.0439 1772 amdiox86 - ok 16:42:16.0470 1772 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 16:42:16.0501 1772 AmdK8 - ok 16:42:16.0719 1772 [ F611C341A8B0926D6C2D6417464BD11E ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 16:42:16.0829 1772 amdkmdag - ok 16:42:16.0860 1772 [ C08F6E9987D2AACFF9653ADB30C4DA3D ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 16:42:16.0891 1772 amdkmdap - ok 16:42:16.0938 1772 [ AD8FA28D8ED0D0A689A0559085CE0F18 ] AmdLLD C:\Windows\system32\DRIVERS\AmdLLD.sys 16:42:16.0969 1772 AmdLLD - ok 16:42:16.0985 1772 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 16:42:17.0016 1772 AmdPPM - ok 16:42:17.0047 1772 [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata C:\Windows\system32\drivers\amdsata.sys 16:42:17.0063 1772 amdsata - ok 16:42:17.0094 1772 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 16:42:17.0109 1772 amdsbs - ok 16:42:17.0125 1772 [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata C:\Windows\system32\drivers\amdxata.sys 16:42:17.0141 1772 amdxata - ok 16:42:17.0172 1772 [ E94E2EA7FAAA05C776A711EDB198B9FD ] androidusb C:\Windows\system32\Drivers\androidusb.sys 16:42:17.0187 1772 androidusb - ok 16:42:17.0234 1772 [ 66F4DE5876DC1A47BA1ACE909FA9AEEF ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys 16:42:17.0250 1772 AODDriver4.2 - ok 16:42:17.0265 1772 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys 16:42:17.0328 1772 AppID - ok 16:42:17.0359 1772 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 16:42:17.0421 1772 AppIDSvc - ok 16:42:17.0437 1772 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll 16:42:17.0484 1772 Appinfo - ok 16:42:17.0499 1772 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll 16:42:17.0531 1772 AppMgmt - ok 16:42:17.0562 1772 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys 16:42:17.0577 1772 arc - ok 16:42:17.0593 1772 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys 16:42:17.0609 1772 arcsas - ok 16:42:17.0640 1772 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys 16:42:17.0640 1772 aswFsBlk - ok 16:42:17.0687 1772 [ 62F9DCEC95F91B8E0203E85D344A7E65 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys 16:42:17.0702 1772 aswMonFlt - ok 16:42:17.0718 1772 [ 81F638A2DD94ABBF0B43880AB38D8DBD ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys 16:42:17.0733 1772 aswRdr - ok 16:42:17.0749 1772 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys 16:42:17.0765 1772 aswSnx - ok 16:42:17.0796 1772 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\Windows\system32\drivers\aswSP.sys 16:42:17.0811 1772 aswSP - ok 16:42:17.0811 1772 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\Windows\system32\drivers\aswTdi.sys 16:42:17.0827 1772 aswTdi - ok 16:42:17.0843 1772 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 16:42:17.0889 1772 AsyncMac - ok 16:42:17.0905 1772 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys 16:42:17.0921 1772 atapi - ok 16:42:17.0967 1772 [ 434192D027A6A11E32E1C74C7C43E1ED ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys 16:42:17.0983 1772 AtiHDAudioService - ok 16:42:18.0030 1772 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 16:42:18.0077 1772 AudioEndpointBuilder - ok 16:42:18.0092 1772 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll 16:42:18.0123 1772 Audiosrv - ok 16:42:18.0217 1772 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Tools\System\Security\Avast\AvastSvc.exe 16:42:18.0233 1772 avast! Antivirus - ok 16:42:18.0264 1772 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll 16:42:18.0311 1772 AxInstSV - ok 16:42:18.0357 1772 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys 16:42:18.0389 1772 b06bdrv - ok 16:42:18.0404 1772 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 16:42:18.0435 1772 b57nd60x - ok 16:42:18.0451 1772 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll 16:42:18.0482 1772 BDESVC - ok 16:42:18.0498 1772 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys 16:42:18.0545 1772 Beep - ok 16:42:18.0576 1772 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll 16:42:18.0654 1772 BFE - ok 16:42:18.0685 1772 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll 16:42:18.0732 1772 BITS - ok 16:42:18.0747 1772 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 16:42:18.0763 1772 blbdrive - ok 16:42:18.0794 1772 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 16:42:18.0825 1772 bowser - ok 16:42:18.0841 1772 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 16:42:18.0872 1772 BrFiltLo - ok 16:42:18.0888 1772 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 16:42:18.0935 1772 BrFiltUp - ok 16:42:18.0966 1772 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll 16:42:18.0981 1772 Browser - ok 16:42:18.0997 1772 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys 16:42:19.0028 1772 Brserid - ok 16:42:19.0028 1772 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 16:42:19.0044 1772 BrSerWdm - ok 16:42:19.0059 1772 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 16:42:19.0091 1772 BrUsbMdm - ok 16:42:19.0106 1772 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 16:42:19.0137 1772 BrUsbSer - ok 16:42:19.0169 1772 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys 16:42:19.0200 1772 BthEnum - ok 16:42:19.0215 1772 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 16:42:19.0262 1772 BTHMODEM - ok 16:42:19.0278 1772 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 16:42:19.0293 1772 BthPan - ok 16:42:19.0371 1772 [ C2FBF6D271D9A94D839C416BF186EAD9 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 16:42:19.0403 1772 BTHPORT - ok 16:42:19.0434 1772 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll 16:42:19.0465 1772 bthserv - ok 16:42:19.0481 1772 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 16:42:19.0512 1772 BTHUSB - ok 16:42:19.0527 1772 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 16:42:19.0574 1772 cdfs - ok 16:42:19.0590 1772 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 16:42:19.0621 1772 cdrom - ok 16:42:19.0637 1772 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll 16:42:19.0683 1772 CertPropSvc - ok 16:42:19.0699 1772 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys 16:42:19.0715 1772 circlass - ok 16:42:19.0730 1772 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys 16:42:19.0746 1772 CLFS - ok 16:42:19.0824 1772 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:42:19.0839 1772 clr_optimization_v2.0.50727_32 - ok 16:42:19.0917 1772 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 16:42:19.0949 1772 clr_optimization_v4.0.30319_32 - ok 16:42:19.0964 1772 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 16:42:19.0980 1772 CmBatt - ok 16:42:19.0995 1772 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys 16:42:20.0011 1772 cmdide - ok 16:42:20.0042 1772 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys 16:42:20.0073 1772 CNG - ok 16:42:20.0073 1772 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys 16:42:20.0089 1772 Compbatt - ok 16:42:20.0120 1772 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 16:42:20.0136 1772 CompositeBus - ok 16:42:20.0151 1772 COMSysApp - ok 16:42:20.0198 1772 cpuz135 - ok 16:42:20.0214 1772 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 16:42:20.0229 1772 crcdisk - ok 16:42:20.0261 1772 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll 16:42:20.0292 1772 CryptSvc - ok 16:42:20.0323 1772 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys 16:42:20.0339 1772 CSC - ok 16:42:20.0385 1772 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll 16:42:20.0417 1772 CscService - ok 16:42:20.0448 1772 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll 16:42:20.0479 1772 DcomLaunch - ok 16:42:20.0510 1772 [ 7F75C697F0947FFB7E2B1B91395206A1 ] ddmdrv C:\Windows\system32\ddmdrv.sys 16:42:20.0526 1772 ddmdrv - ok 16:42:20.0557 1772 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll 16:42:20.0588 1772 defragsvc - ok 16:42:20.0604 1772 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 16:42:20.0635 1772 DfsC - ok 16:42:20.0666 1772 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll 16:42:20.0697 1772 Dhcp - ok 16:42:20.0713 1772 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys 16:42:20.0744 1772 discache - ok 16:42:20.0791 1772 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys 16:42:20.0807 1772 Disk - ok 16:42:20.0838 1772 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 16:42:20.0853 1772 dmvsc - ok 16:42:20.0885 1772 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 16:42:20.0916 1772 Dnscache - ok 16:42:20.0931 1772 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll 16:42:20.0978 1772 dot3svc - ok 16:42:20.0994 1772 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll 16:42:21.0025 1772 DPS - ok 16:42:21.0041 1772 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 16:42:21.0056 1772 drmkaud - ok 16:42:21.0087 1772 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 16:42:21.0119 1772 DXGKrnl - ok 16:42:21.0134 1772 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll 16:42:21.0181 1772 EapHost - ok 16:42:21.0275 1772 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys 16:42:21.0337 1772 ebdrv - ok 16:42:21.0353 1772 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe 16:42:21.0384 1772 EFS - ok 16:42:21.0431 1772 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 16:42:21.0477 1772 ehRecvr - ok 16:42:21.0477 1772 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe 16:42:21.0509 1772 ehSched - ok 16:42:21.0540 1772 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys 16:42:21.0555 1772 elxstor - ok 16:42:21.0602 1772 [ 539CA34FBC74EC366A0D751028C32A08 ] epmntdrv C:\Windows\system32\epmntdrv.sys 16:42:21.0618 1772 epmntdrv ( UnsignedFile.Multi.Generic ) - warning 16:42:21.0618 1772 epmntdrv - detected UnsignedFile.Multi.Generic (1) 16:42:21.0633 1772 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys 16:42:21.0665 1772 ErrDev - ok 16:42:21.0727 1772 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys 16:42:21.0743 1772 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning 16:42:21.0743 1772 EuGdiDrv - detected UnsignedFile.Multi.Generic (1) 16:42:21.0774 1772 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll 16:42:21.0836 1772 EventSystem - ok 16:42:21.0852 1772 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys 16:42:21.0883 1772 exfat - ok 16:42:21.0899 1772 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 16:42:21.0930 1772 fastfat - ok 16:42:21.0961 1772 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe 16:42:21.0992 1772 Fax - ok 16:42:22.0023 1772 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys 16:42:22.0023 1772 fdc - ok 16:42:22.0039 1772 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll 16:42:22.0070 1772 fdPHost - ok 16:42:22.0086 1772 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll 16:42:22.0117 1772 FDResPub - ok 16:42:22.0133 1772 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 16:42:22.0133 1772 FileInfo - ok 16:42:22.0148 1772 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 16:42:22.0179 1772 Filetrace - ok 16:42:22.0195 1772 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 16:42:22.0211 1772 flpydisk - ok 16:42:22.0242 1772 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 16:42:22.0257 1772 FltMgr - ok 16:42:22.0273 1772 [ FA6C66E4364D7DA57AADE5DCC03BB999 ] FontCache C:\Windows\system32\FntCache.dll 16:42:22.0335 1772 FontCache - ok 16:42:22.0398 1772 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 16:42:22.0413 1772 FontCache3.0.0.0 - ok 16:42:22.0429 1772 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 16:42:22.0460 1772 FsDepends - ok 16:42:22.0491 1772 [ 2ED0BABD4CD98ED820FD0D0BCBE96721 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 16:42:22.0507 1772 fssfltr - ok 16:42:22.0616 1772 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe 16:42:22.0694 1772 fsssvc - ok 16:42:22.0710 1772 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 16:42:22.0725 1772 Fs_Rec - ok 16:42:22.0788 1772 [ AE6F0A6562D3ECCD613DE1FD8612AC4E ] Futuremark SystemInfo Service C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe 16:42:22.0819 1772 Futuremark SystemInfo Service - ok 16:42:22.0850 1772 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 16:42:22.0881 1772 fvevol - ok 16:42:22.0897 1772 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 16:42:22.0913 1772 gagp30kx - ok 16:42:22.0944 1772 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll 16:42:22.0991 1772 gpsvc - ok 16:42:23.0037 1772 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 16:42:23.0069 1772 gupdate - ok 16:42:23.0084 1772 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 16:42:23.0100 1772 gupdatem - ok 16:42:23.0147 1772 [ D95554949082FD29A04D351B58396718 ] Hardlock C:\Windows\system32\drivers\hardlock.sys 16:42:23.0178 1772 Hardlock - ok 16:42:23.0193 1772 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 16:42:23.0225 1772 hcw85cir - ok 16:42:23.0256 1772 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 16:42:23.0271 1772 HdAudAddService - ok 16:42:23.0303 1772 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 16:42:23.0318 1772 HDAudBus - ok 16:42:23.0334 1772 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 16:42:23.0349 1772 HidBatt - ok 16:42:23.0365 1772 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys 16:42:23.0396 1772 HidBth - ok 16:42:23.0412 1772 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys 16:42:23.0443 1772 HidIr - ok 16:42:23.0459 1772 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll 16:42:23.0490 1772 hidserv - ok 16:42:23.0521 1772 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 16:42:23.0537 1772 HidUsb - ok 16:42:23.0568 1772 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll 16:42:23.0583 1772 hkmsvc - ok 16:42:23.0599 1772 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 16:42:23.0630 1772 HomeGroupListener - ok 16:42:23.0661 1772 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 16:42:23.0693 1772 HomeGroupProvider - ok 16:42:23.0708 1772 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 16:42:23.0724 1772 HpSAMD - ok 16:42:23.0739 1772 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys 16:42:23.0771 1772 HTTP - ok 16:42:23.0786 1772 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 16:42:23.0802 1772 hwpolicy - ok 16:42:23.0802 1772 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 16:42:23.0833 1772 i8042prt - ok 16:42:23.0849 1772 [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 16:42:23.0864 1772 iaStorV - ok 16:42:23.0927 1772 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 16:42:23.0973 1772 idsvc - ok 16:42:24.0005 1772 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys 16:42:24.0036 1772 iirsp - ok 16:42:24.0083 1772 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll 16:42:24.0145 1772 IKEEXT - ok 16:42:24.0176 1772 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys 16:42:24.0176 1772 intelide - ok 16:42:24.0207 1772 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\drivers\intelppm.sys 16:42:24.0223 1772 intelppm - ok 16:42:24.0223 1772 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 16:42:24.0270 1772 IPBusEnum - ok 16:42:24.0270 1772 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:42:24.0301 1772 IpFilterDriver - ok 16:42:24.0317 1772 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 16:42:24.0379 1772 iphlpsvc - ok 16:42:24.0410 1772 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 16:42:24.0426 1772 IPMIDRV - ok 16:42:24.0473 1772 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys 16:42:24.0504 1772 IPNAT - ok 16:42:24.0535 1772 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys 16:42:24.0551 1772 IRENUM - ok 16:42:24.0582 1772 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys 16:42:24.0582 1772 isapnp - ok 16:42:24.0613 1772 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 16:42:24.0629 1772 iScsiPrt - ok 16:42:24.0644 1772 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 16:42:24.0660 1772 kbdclass - ok 16:42:24.0675 1772 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 16:42:24.0691 1772 kbdhid - ok 16:42:24.0707 1772 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe 16:42:24.0722 1772 KeyIso - ok 16:42:24.0769 1772 [ 4476FE98AAF505ACDCD3EE6360AABEC1 ] KMWDFilter C:\Windows\System32\Drivers\KMWDFilter.SYS 16:42:24.0785 1772 KMWDFilter - ok 16:42:24.0816 1772 [ 4476FE98AAF505ACDCD3EE6360AABEC1 ] KMWDFILTERx86 C:\Windows\system32\DRIVERS\KMWDFILTER.sys 16:42:24.0831 1772 KMWDFILTERx86 - ok 16:42:24.0863 1772 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 16:42:24.0878 1772 KSecDD - ok 16:42:24.0894 1772 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 16:42:24.0909 1772 KSecPkg - ok 16:42:24.0941 1772 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll 16:42:24.0972 1772 KtmRm - ok 16:42:25.0003 1772 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll 16:42:25.0034 1772 LanmanServer - ok 16:42:25.0050 1772 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 16:42:25.0081 1772 LanmanWorkstation - ok 16:42:25.0097 1772 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 16:42:25.0143 1772 lltdio - ok 16:42:25.0159 1772 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 16:42:25.0190 1772 lltdsvc - ok 16:42:25.0206 1772 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll 16:42:25.0237 1772 lmhosts - ok 16:42:25.0268 1772 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 16:42:25.0284 1772 LSI_FC - ok 16:42:25.0299 1772 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 16:42:25.0315 1772 LSI_SAS - ok 16:42:25.0331 1772 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 16:42:25.0346 1772 LSI_SAS2 - ok 16:42:25.0362 1772 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 16:42:25.0377 1772 LSI_SCSI - ok 16:42:25.0393 1772 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys 16:42:25.0409 1772 luafv - ok 16:42:25.0440 1772 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 16:42:25.0455 1772 Mcx2Svc - ok 16:42:25.0471 1772 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys 16:42:25.0487 1772 megasas - ok 16:42:25.0518 1772 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 16:42:25.0549 1772 MegaSR - ok 16:42:25.0565 1772 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll 16:42:25.0596 1772 MMCSS - ok 16:42:25.0611 1772 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys 16:42:25.0643 1772 Modem - ok 16:42:25.0674 1772 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 16:42:25.0689 1772 monitor - ok 16:42:25.0705 1772 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 16:42:25.0721 1772 mouclass - ok 16:42:25.0736 1772 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 16:42:25.0752 1772 mouhid - ok 16:42:25.0767 1772 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 16:42:25.0783 1772 mountmgr - ok 16:42:25.0845 1772 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 16:42:25.0877 1772 MozillaMaintenance - ok 16:42:25.0877 1772 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys 16:42:25.0908 1772 mpio - ok 16:42:25.0923 1772 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 16:42:25.0970 1772 mpsdrv - ok 16:42:25.0986 1772 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll 16:42:26.0048 1772 MpsSvc - ok 16:42:26.0079 1772 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 16:42:26.0095 1772 MRxDAV - ok 16:42:26.0157 1772 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 16:42:26.0173 1772 mrxsmb - ok 16:42:26.0220 1772 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:42:26.0251 1772 mrxsmb10 - ok 16:42:26.0267 1772 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:42:26.0282 1772 mrxsmb20 - ok 16:42:26.0298 1772 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys 16:42:26.0313 1772 msahci - ok 16:42:26.0345 1772 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys 16:42:26.0345 1772 msdsm - ok 16:42:26.0376 1772 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe 16:42:26.0391 1772 MSDTC - ok 16:42:26.0423 1772 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys 16:42:26.0454 1772 Msfs - ok 16:42:26.0469 1772 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 16:42:26.0485 1772 mshidkmdf - ok 16:42:26.0501 1772 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 16:42:26.0516 1772 msisadrv - ok 16:42:26.0547 1772 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 16:42:26.0579 1772 MSiSCSI - ok 16:42:26.0594 1772 msiserver - ok 16:42:26.0610 1772 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 16:42:26.0641 1772 MSKSSRV - ok 16:42:26.0657 1772 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 16:42:26.0703 1772 MSPCLOCK - ok 16:42:26.0719 1772 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 16:42:26.0750 1772 MSPQM - ok 16:42:26.0766 1772 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 16:42:26.0781 1772 MsRPC - ok 16:42:26.0797 1772 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 16:42:26.0813 1772 mssmbios - ok 16:42:26.0828 1772 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 16:42:26.0859 1772 MSTEE - ok 16:42:26.0875 1772 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 16:42:26.0891 1772 MTConfig - ok 16:42:26.0906 1772 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys 16:42:26.0922 1772 Mup - ok 16:42:26.0953 1772 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll 16:42:26.0984 1772 napagent - ok 16:42:27.0015 1772 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 16:42:27.0047 1772 NativeWifiP - ok 16:42:27.0062 1772 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys 16:42:27.0093 1772 NDIS - ok 16:42:27.0109 1772 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 16:42:27.0140 1772 NdisCap - ok 16:42:27.0171 1772 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 16:42:27.0203 1772 NdisTapi - ok 16:42:27.0218 1772 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 16:42:27.0249 1772 Ndisuio - ok 16:42:27.0265 1772 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 16:42:27.0296 1772 NdisWan - ok 16:42:27.0312 1772 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 16:42:27.0343 1772 NDProxy - ok 16:42:27.0359 1772 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 16:42:27.0390 1772 NetBIOS - ok 16:42:27.0405 1772 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 16:42:27.0452 1772 NetBT - ok 16:42:27.0468 1772 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe 16:42:27.0483 1772 Netlogon - ok 16:42:27.0530 1772 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll 16:42:27.0577 1772 Netman - ok 16:42:27.0593 1772 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll 16:42:27.0639 1772 netprofm - ok 16:42:27.0671 1772 [ 27EE4B406E2F26F6117A9A420BD4CB65 ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys 16:42:27.0702 1772 netr28u - ok 16:42:27.0733 1772 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 16:42:27.0749 1772 NetTcpPortSharing - ok 16:42:27.0749 1772 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 16:42:27.0764 1772 nfrd960 - ok 16:42:27.0780 1772 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll 16:42:27.0827 1772 NlaSvc - ok 16:42:27.0842 1772 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys 16:42:27.0858 1772 Npfs - ok 16:42:27.0873 1772 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll 16:42:27.0905 1772 nsi - ok 16:42:27.0905 1772 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 16:42:27.0936 1772 nsiproxy - ok 16:42:27.0983 1772 [ 33C3093D09017CFE2E219F2472BFF6EB ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 16:42:28.0014 1772 Ntfs - ok 16:42:28.0029 1772 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys 16:42:28.0076 1772 Null - ok 16:42:28.0092 1772 [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid C:\Windows\system32\drivers\nvraid.sys 16:42:28.0123 1772 nvraid - ok 16:42:28.0139 1772 [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor C:\Windows\system32\drivers\nvstor.sys 16:42:28.0154 1772 nvstor - ok 16:42:28.0154 1772 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 16:42:28.0170 1772 nv_agp - ok 16:42:28.0185 1772 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 16:42:28.0217 1772 ohci1394 - ok 16:42:28.0232 1772 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 16:42:28.0279 1772 p2pimsvc - ok 16:42:28.0295 1772 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll 16:42:28.0326 1772 p2psvc - ok 16:42:28.0357 1772 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys 16:42:28.0357 1772 Parport - ok 16:42:28.0388 1772 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys 16:42:28.0404 1772 partmgr - ok 16:42:28.0404 1772 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys 16:42:28.0419 1772 Parvdm - ok 16:42:28.0435 1772 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll 16:42:28.0466 1772 PcaSvc - ok 16:42:28.0466 1772 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys 16:42:28.0482 1772 pci - ok 16:42:28.0497 1772 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys 16:42:28.0513 1772 pciide - ok 16:42:28.0529 1772 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 16:42:28.0544 1772 pcmcia - ok 16:42:28.0560 1772 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys 16:42:28.0575 1772 pcw - ok 16:42:28.0607 1772 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys 16:42:28.0653 1772 PEAUTH - ok 16:42:28.0685 1772 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 16:42:28.0731 1772 PeerDistSvc - ok 16:42:28.0778 1772 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll 16:42:28.0841 1772 pla - ok 16:42:28.0872 1772 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll 16:42:28.0903 1772 PlugPlay - ok 16:42:28.0919 1772 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 16:42:28.0934 1772 PNRPAutoReg - ok 16:42:28.0965 1772 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 16:42:28.0981 1772 PNRPsvc - ok 16:42:29.0012 1772 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 16:42:29.0043 1772 PolicyAgent - ok 16:42:29.0075 1772 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll 16:42:29.0121 1772 Power - ok 16:42:29.0137 1772 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 16:42:29.0184 1772 PptpMiniport - ok 16:42:29.0199 1772 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys 16:42:29.0231 1772 Processor - ok 16:42:29.0262 1772 [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc C:\Windows\system32\profsvc.dll 16:42:29.0293 1772 ProfSvc - ok 16:42:29.0293 1772 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe 16:42:29.0324 1772 ProtectedStorage - ok 16:42:29.0371 1772 [ 5504B63DCC7F980EED7EFF8F2593D60E ] prwntdrv C:\Windows\system32\prwntdrv.sys 16:42:29.0402 1772 prwntdrv ( UnsignedFile.Multi.Generic ) - warning 16:42:29.0402 1772 prwntdrv - detected UnsignedFile.Multi.Generic (1) 16:42:29.0433 1772 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys 16:42:29.0480 1772 Psched - ok 16:42:29.0527 1772 [ 681AE4F1927FE0FDEEE2863F1684088D ] pwdrvio C:\Windows\system32\pwdrvio.sys 16:42:29.0543 1772 pwdrvio - ok 16:42:29.0558 1772 [ BC60895CE021309EBD887D2F22055654 ] pwdspio C:\Windows\system32\pwdspio.sys 16:42:29.0574 1772 pwdspio - ok 16:42:29.0621 1772 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 16:42:29.0652 1772 ql2300 - ok 16:42:29.0683 1772 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 16:42:29.0699 1772 ql40xx - ok 16:42:29.0714 1772 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll 16:42:29.0777 1772 QWAVE - ok 16:42:29.0792 1772 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 16:42:29.0808 1772 QWAVEdrv - ok 16:42:29.0808 1772 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 16:42:29.0855 1772 RasAcd - ok 16:42:29.0870 1772 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 16:42:29.0901 1772 RasAgileVpn - ok 16:42:29.0917 1772 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll 16:42:29.0948 1772 RasAuto - ok 16:42:29.0964 1772 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 16:42:30.0011 1772 Rasl2tp - ok 16:42:30.0026 1772 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll 16:42:30.0073 1772 RasMan - ok 16:42:30.0089 1772 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 16:42:30.0104 1772 RasPppoe - ok 16:42:30.0135 1772 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 16:42:30.0167 1772 RasSstp - ok 16:42:30.0182 1772 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 16:42:30.0213 1772 rdbss - ok 16:42:30.0245 1772 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 16:42:30.0260 1772 rdpbus - ok 16:42:30.0260 1772 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 16:42:30.0291 1772 RDPCDD - ok 16:42:30.0323 1772 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 16:42:30.0369 1772 RDPDR - ok 16:42:30.0385 1772 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 16:42:30.0416 1772 RDPENCDD - ok 16:42:30.0432 1772 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 16:42:30.0479 1772 RDPREFMP - ok 16:42:30.0510 1772 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 16:42:30.0525 1772 RDPWD - ok 16:42:30.0541 1772 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 16:42:30.0557 1772 rdyboost - ok 16:42:30.0572 1772 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll 16:42:30.0603 1772 RemoteAccess - ok 16:42:30.0635 1772 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 16:42:30.0681 1772 RemoteRegistry - ok 16:42:30.0713 1772 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 16:42:30.0744 1772 RFCOMM - ok 16:42:30.0759 1772 [ C294B6E61B9989EC6FFF9F5D6951919D ] Rockusb C:\Windows\system32\DRIVERS\rockusb.sys 16:42:30.0775 1772 Rockusb - ok 16:42:30.0791 1772 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 16:42:30.0837 1772 RpcEptMapper - ok 16:42:30.0853 1772 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe 16:42:30.0884 1772 RpcLocator - ok 16:42:30.0900 1772 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll 16:42:30.0931 1772 RpcSs - ok 16:42:30.0947 1772 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 16:42:30.0993 1772 rspndr - ok 16:42:31.0025 1772 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys 16:42:31.0040 1772 RTL8167 - ok 16:42:31.0087 1772 [ CA5A4FBFE341F13733955B8AAC98F0B5 ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys 16:42:31.0103 1772 RTL8187B - ok 16:42:31.0134 1772 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 16:42:31.0149 1772 s3cap - ok 16:42:31.0165 1772 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe 16:42:31.0181 1772 SamSs - ok 16:42:31.0196 1772 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 16:42:31.0212 1772 sbp2port - ok 16:42:31.0243 1772 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 16:42:31.0274 1772 SCardSvr - ok 16:42:31.0274 1772 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 16:42:31.0321 1772 scfilter - ok 16:42:31.0352 1772 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll 16:42:31.0399 1772 Schedule - ok 16:42:31.0415 1772 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll 16:42:31.0446 1772 SCPolicySvc - ok 16:42:31.0446 1772 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll 16:42:31.0477 1772 SDRSVC - ok 16:42:31.0493 1772 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 16:42:31.0524 1772 secdrv - ok 16:42:31.0539 1772 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll 16:42:31.0586 1772 seclogon - ok 16:42:31.0602 1772 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll 16:42:31.0649 1772 SENS - ok 16:42:31.0664 1772 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll 16:42:31.0680 1772 SensrSvc - ok 16:42:31.0695 1772 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys 16:42:31.0711 1772 Serenum - ok 16:42:31.0727 1772 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys 16:42:31.0742 1772 Serial - ok 16:42:31.0742 1772 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys 16:42:31.0758 1772 sermouse - ok 16:42:31.0789 1772 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll 16:42:31.0805 1772 SessionEnv - ok 16:42:31.0820 1772 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 16:42:31.0851 1772 sffdisk - ok 16:42:31.0867 1772 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 16:42:31.0883 1772 sffp_mmc - ok 16:42:31.0898 1772 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 16:42:31.0914 1772 sffp_sd - ok 16:42:31.0929 1772 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 16:42:31.0961 1772 sfloppy - ok 16:42:31.0976 1772 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll 16:42:32.0023 1772 SharedAccess - ok 16:42:32.0039 1772 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 16:42:32.0085 1772 ShellHWDetection - ok 16:42:32.0101 1772 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys 16:42:32.0117 1772 sisagp - ok 16:42:32.0132 1772 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 16:42:32.0148 1772 SiSRaid2 - ok 16:42:32.0163 1772 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 16:42:32.0179 1772 SiSRaid4 - ok 16:42:32.0210 1772 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 16:42:32.0241 1772 SkypeUpdate - ok 16:42:32.0273 1772 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys 16:42:32.0304 1772 Smb - ok 16:42:32.0335 1772 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 16:42:32.0351 1772 SNMPTRAP - ok 16:42:32.0366 1772 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys 16:42:32.0382 1772 spldr - ok 16:42:32.0397 1772 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe 16:42:32.0429 1772 Spooler - ok 16:42:32.0522 1772 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe 16:42:32.0647 1772 sppsvc - ok 16:42:32.0663 1772 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll 16:42:32.0709 1772 sppuinotify - ok 16:42:32.0741 1772 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys 16:42:32.0756 1772 srv - ok 16:42:32.0772 1772 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 16:42:32.0787 1772 srv2 - ok 16:42:32.0819 1772 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 16:42:32.0834 1772 srvnet - ok 16:42:32.0850 1772 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 16:42:32.0881 1772 SSDPSRV - ok 16:42:32.0897 1772 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 16:42:32.0928 1772 SstpSvc - ok 16:42:32.0943 1772 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys 16:42:32.0959 1772 stexstor - ok 16:42:33.0006 1772 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll 16:42:33.0037 1772 StiSvc - ok 16:42:33.0053 1772 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 16:42:33.0068 1772 storflt - ok 16:42:33.0084 1772 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll 16:42:33.0099 1772 StorSvc - ok 16:42:33.0115 1772 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys 16:42:33.0131 1772 storvsc - ok 16:42:33.0146 1772 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 16:42:33.0162 1772 swenum - ok 16:42:33.0177 1772 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll 16:42:33.0209 1772 swprv - ok 16:42:33.0255 1772 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll 16:42:33.0287 1772 SysMain - ok 16:42:33.0302 1772 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll 16:42:33.0333 1772 TabletInputService - ok 16:42:33.0349 1772 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll 16:42:33.0396 1772 TapiSrv - ok 16:42:33.0411 1772 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll 16:42:33.0443 1772 TBS - ok 16:42:33.0505 1772 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys 16:42:33.0552 1772 Tcpip - ok 16:42:33.0583 1772 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 16:42:33.0614 1772 TCPIP6 - ok 16:42:33.0630 1772 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 16:42:33.0677 1772 tcpipreg - ok 16:42:33.0692 1772 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 16:42:33.0708 1772 TDPIPE - ok 16:42:33.0723 1772 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 16:42:33.0739 1772 TDTCP - ok 16:42:33.0755 1772 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 16:42:33.0786 1772 tdx - ok 16:42:33.0786 1772 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 16:42:33.0801 1772 TermDD - ok 16:42:33.0833 1772 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll 16:42:33.0864 1772 TermService - ok 16:42:33.0879 1772 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll 16:42:33.0895 1772 Themes - ok 16:42:33.0911 1772 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll 16:42:33.0942 1772 THREADORDER - ok 16:42:33.0957 1772 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll 16:42:34.0004 1772 TrkWks - ok 16:42:34.0051 1772 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 16:42:34.0098 1772 TrustedInstaller - ok 16:42:34.0098 1772 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 16:42:34.0145 1772 tssecsrv - ok 16:42:34.0160 1772 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 16:42:34.0176 1772 TsUsbFlt - ok 16:42:34.0191 1772 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 16:42:34.0207 1772 TsUsbGD - ok 16:42:34.0238 1772 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 16:42:34.0269 1772 tunnel - ok 16:42:34.0285 1772 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys 16:42:34.0301 1772 uagp35 - ok 16:42:34.0316 1772 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys 16:42:34.0363 1772 udfs - ok 16:42:34.0379 1772 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 16:42:34.0394 1772 UI0Detect - ok 16:42:34.0441 1772 [ 0A1822D12CF103633893CAF9CAE4E69D ] UimBus C:\Windows\system32\DRIVERS\UimBus.sys 16:42:34.0457 1772 UimBus - ok 16:42:34.0472 1772 [ 42F7398A76D279E0F63FC600920AB90C ] Uim_IM C:\Windows\system32\Drivers\Uim_IM.sys 16:42:34.0488 1772 Uim_IM - ok 16:42:34.0503 1772 [ 48AD04132FCAC71E0EEC3DE5FB22D66E ] Uim_Vim C:\Windows\system32\Drivers\Uim_Vim.sys 16:42:34.0519 1772 Uim_Vim - ok 16:42:34.0535 1772 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 16:42:34.0550 1772 uliagpkx - ok 16:42:34.0566 1772 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys 16:42:34.0581 1772 umbus - ok 16:42:34.0613 1772 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys 16:42:34.0675 1772 UmPass - ok 16:42:34.0706 1772 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll 16:42:34.0769 1772 UmRdpService - ok 16:42:34.0800 1772 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll 16:42:34.0847 1772 upnphost - ok 16:42:34.0862 1772 [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 16:42:34.0893 1772 usbccgp - ok 16:42:34.0909 1772 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys 16:42:34.0925 1772 usbcir - ok 16:42:34.0925 1772 [ CFBCE999C057D78979A181C9C60F208E ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 16:42:34.0940 1772 usbehci - ok 16:42:34.0971 1772 [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 16:42:34.0987 1772 usbhub - ok 16:42:34.0987 1772 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 16:42:35.0003 1772 usbohci - ok 16:42:35.0018 1772 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 16:42:35.0049 1772 usbprint - ok 16:42:35.0065 1772 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 16:42:35.0081 1772 usbscan - ok 16:42:35.0096 1772 [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:42:35.0112 1772 USBSTOR - ok 16:42:35.0127 1772 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 16:42:35.0143 1772 usbuhci - ok 16:42:35.0159 1772 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll 16:42:35.0205 1772 UxSms - ok 16:42:35.0221 1772 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe 16:42:35.0237 1772 VaultSvc - ok 16:42:35.0252 1772 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 16:42:35.0268 1772 vdrvroot - ok 16:42:35.0283 1772 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe 16:42:35.0330 1772 vds - ok 16:42:35.0346 1772 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 16:42:35.0377 1772 vga - ok 16:42:35.0393 1772 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys 16:42:35.0424 1772 VgaSave - ok 16:42:35.0424 1772 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 16:42:35.0439 1772 vhdmp - ok 16:42:35.0455 1772 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys 16:42:35.0471 1772 viaagp - ok 16:42:35.0486 1772 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys 16:42:35.0517 1772 ViaC7 - ok 16:42:35.0533 1772 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys 16:42:35.0549 1772 viaide - ok 16:42:35.0564 1772 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys 16:42:35.0580 1772 vmbus - ok 16:42:35.0595 1772 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 16:42:35.0611 1772 VMBusHID - ok 16:42:35.0627 1772 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys 16:42:35.0627 1772 volmgr - ok 16:42:35.0658 1772 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 16:42:35.0673 1772 volmgrx - ok 16:42:35.0689 1772 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys 16:42:35.0705 1772 volsnap - ok 16:42:35.0736 1772 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 16:42:35.0751 1772 vsmraid - ok 16:42:35.0798 1772 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe 16:42:35.0892 1772 VSS - ok 16:42:35.0892 1772 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 16:42:35.0907 1772 vwifibus - ok 16:42:35.0939 1772 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 16:42:35.0954 1772 vwififlt - ok 16:42:35.0985 1772 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 16:42:36.0001 1772 vwifimp - ok 16:42:36.0032 1772 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll 16:42:36.0063 1772 W32Time - ok 16:42:36.0079 1772 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 16:42:36.0095 1772 WacomPen - ok 16:42:36.0126 1772 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 16:42:36.0173 1772 WANARP - ok 16:42:36.0173 1772 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 16:42:36.0188 1772 Wanarpv6 - ok 16:42:36.0235 1772 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe 16:42:36.0282 1772 wbengine - ok 16:42:36.0297 1772 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 16:42:36.0329 1772 WbioSrvc - ok 16:42:36.0344 1772 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll 16:42:36.0360 1772 wcncsvc - ok 16:42:36.0375 1772 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 16:42:36.0407 1772 WcsPlugInService - ok 16:42:36.0422 1772 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys 16:42:36.0438 1772 Wd - ok 16:42:36.0469 1772 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 16:42:36.0485 1772 Wdf01000 - ok 16:42:36.0500 1772 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll 16:42:36.0531 1772 WdiServiceHost - ok 16:42:36.0531 1772 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll 16:42:36.0563 1772 WdiSystemHost - ok 16:42:36.0578 1772 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll 16:42:36.0609 1772 WebClient - ok 16:42:36.0625 1772 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll 16:42:36.0656 1772 Wecsvc - ok 16:42:36.0672 1772 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll 16:42:36.0703 1772 wercplsupport - ok 16:42:36.0719 1772 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll 16:42:36.0765 1772 WerSvc - ok 16:42:36.0797 1772 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 16:42:36.0828 1772 WfpLwf - ok 16:42:36.0859 1772 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys 16:42:36.0859 1772 WIMMount - ok 16:42:36.0906 1772 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 16:42:36.0968 1772 WinDefend - ok 16:42:36.0984 1772 WinHttpAutoProxySvc - ok 16:42:37.0046 1772 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 16:42:37.0077 1772 Winmgmt - ok 16:42:37.0124 1772 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll 16:42:37.0171 1772 WinRM - ok 16:42:37.0218 1772 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 16:42:37.0265 1772 WinUsb - ok 16:42:37.0311 1772 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll 16:42:37.0358 1772 Wlansvc - ok 16:42:37.0467 1772 [ 5E7C103F8475C4289847D15E129C20F7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 16:42:37.0545 1772 wlidsvc - ok 16:42:37.0561 1772 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 16:42:37.0592 1772 WmiAcpi - ok 16:42:37.0623 1772 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 16:42:37.0655 1772 wmiApSrv - ok 16:42:37.0701 1772 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 16:42:37.0764 1772 WMPNetworkSvc - ok 16:42:37.0795 1772 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll 16:42:37.0826 1772 WPCSvc - ok 16:42:37.0842 1772 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 16:42:37.0857 1772 WPDBusEnum - ok 16:42:37.0873 1772 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 16:42:37.0904 1772 ws2ifsl - ok 16:42:37.0920 1772 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll 16:42:37.0951 1772 wscsvc - ok 16:42:37.0951 1772 WSearch - ok 16:42:38.0029 1772 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 16:42:38.0091 1772 wuauserv - ok 16:42:38.0107 1772 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 16:42:38.0154 1772 WudfPf - ok 16:42:38.0201 1772 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 16:42:38.0247 1772 WUDFRd - ok 16:42:38.0263 1772 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 16:42:38.0294 1772 wudfsvc - ok 16:42:38.0310 1772 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll 16:42:38.0341 1772 WwanSvc - ok 16:42:38.0388 1772 [ CE0C846127D6ABB1E2A22E59682B2527 ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys 16:42:38.0435 1772 xnacc - ok 16:42:38.0481 1772 ================ Scan global =============================== 16:42:38.0513 1772 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll 16:42:38.0544 1772 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll 16:42:38.0575 1772 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll 16:42:38.0606 1772 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll 16:42:38.0637 1772 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe 16:42:38.0653 1772 [Global] - ok 16:42:38.0653 1772 ================ Scan MBR ================================== 16:42:38.0669 1772 [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk0\DR0 16:42:39.0121 1772 \Device\Harddisk0\DR0 - ok 16:42:39.0121 1772 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1 16:42:39.0246 1772 \Device\Harddisk1\DR1 - ok 16:42:39.0261 1772 ================ Scan VBR ================================== 16:42:39.0261 1772 [ E1F25B6A7CCCBA4E9D9CF6D00199464B ] \Device\Harddisk0\DR0\Partition1 16:42:39.0261 1772 \Device\Harddisk0\DR0\Partition1 - ok 16:42:39.0277 1772 [ D9166F201828BA8FAFFAE0B0D6E84FBE ] \Device\Harddisk0\DR0\Partition2 16:42:39.0293 1772 \Device\Harddisk0\DR0\Partition2 - ok 16:42:39.0308 1772 [ 4CD763AAFDB03E99D47E42AF9C83B0D1 ] \Device\Harddisk0\DR0\Partition3 16:42:39.0308 1772 \Device\Harddisk0\DR0\Partition3 - ok 16:42:39.0308 1772 [ F6A121C282FC44BE66F7902DE7CC765E ] \Device\Harddisk1\DR1\Partition1 16:42:39.0324 1772 \Device\Harddisk1\DR1\Partition1 - ok 16:42:39.0339 1772 [ BB14EE8B6B8D3D00031A872143D4BF73 ] \Device\Harddisk1\DR1\Partition2 16:42:39.0339 1772 \Device\Harddisk1\DR1\Partition2 - ok 16:42:39.0355 1772 [ 0B8756B550103ADB62ED76DAE40C2D16 ] \Device\Harddisk1\DR1\Partition3 16:42:39.0355 1772 \Device\Harddisk1\DR1\Partition3 - ok 16:42:39.0371 1772 [ 8EEA17A9A50F726DD4CF41A838A27ACF ] \Device\Harddisk1\DR1\Partition4 16:42:39.0371 1772 \Device\Harddisk1\DR1\Partition4 - ok 16:42:39.0371 1772 ============================================================ 16:42:39.0371 1772 Scan finished 16:42:39.0371 1772 ============================================================ 16:42:39.0433 2360 Detected object count: 3 16:42:39.0433 2360 Actual detected object count: 3 16:42:58.0559 2360 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user 16:42:58.0559 2360 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:42:58.0559 2360 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user 16:42:58.0559 2360 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:42:58.0574 2360 prwntdrv ( UnsignedFile.Multi.Generic ) - skipped by user 16:42:58.0574 2360 prwntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:43:01.0398 5748 Deinitialize success |
19.01.2013, 19:03 | #6 | |
/// Malware-holic | SweetIM & Websearch.mocaflix ... Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> SweetIM & Websearch.mocaflix ... |
19.01.2013, 19:29 | #7 |
| SweetIM & Websearch.mocaflix ...Code:
ATTFilter ComboFix 13-01-17.04 - YuT666 19.01.2013 19:20:48.1.4 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3326.1581 [GMT 1:00] ausgeführt von:: c:\users\YuT666\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\YuT666\AppData\Local\TempDIR c:\users\YuT666\AppData\Local\TempDIR\BetterInstaller.exe c:\windows\system32\UNWISE.EXE E:\install.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-12-19 bis 2013-01-19 )))))))))))))))))))))))))))))) . . 2013-01-19 18:26 . 2013-01-19 18:27 -------- d-----w- c:\users\YuT666\AppData\Local\temp 2013-01-19 18:26 . 2013-01-19 18:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-19 10:43 . 2013-01-19 10:43 -------- d-----w- C:\6 2013-01-18 09:16 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3825030-E88A-4952-BC4F-6A4EE628970A}\mpengine.dll 2013-01-17 22:17 . 2013-01-12 02:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-01-11 18:13 . 2013-01-11 18:13 -------- d-----w- c:\users\YuT666\AppData\Local\Targem 2013-01-09 18:13 . 2013-01-09 18:14 -------- d-----w- c:\program files\AGEIA Technologies 2013-01-09 18:13 . 2013-01-09 18:13 -------- d-----w- c:\windows\system32\AGEIA 2013-01-09 14:12 . 2012-11-23 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys 2013-01-09 14:12 . 2012-11-23 02:48 49152 ----a-w- c:\windows\system32\taskhost.exe 2013-01-09 14:12 . 2012-11-09 04:43 492032 ----a-w- c:\windows\system32\win32spl.dll 2013-01-09 14:12 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 14:12 . 2012-11-20 04:51 220160 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-05 08:43 . 2013-01-19 15:13 -------- d-----w- c:\users\YuT666\AppData\Roaming\BITS 2013-01-05 08:43 . 2013-01-05 08:43 -------- d-----w- c:\users\YuT666\AppData\Roaming\FlashgetSetup 2013-01-05 08:43 . 2013-01-05 11:43 -------- d-----w- c:\users\YuT666\AppData\Roaming\FlashGet 2013-01-04 19:18 . 2013-01-04 19:21 -------- d-----w- c:\users\YuT666\PSX 2012-12-31 10:21 . 2012-12-31 10:47 -------- d-----w- c:\users\YuT666\AppData\Local\Rockstar Games 2012-12-31 09:53 . 2012-12-31 09:53 -------- d-----w- c:\program files\Rockstar Games 2012-12-30 15:47 . 2012-12-30 15:47 -------- d-----w- C:\toolbarImages 2012-12-28 10:54 . 2012-12-28 10:54 -------- d-----w- c:\users\YuT666\AppData\Local\Programs 2012-12-27 18:42 . 2012-12-27 18:42 -------- d-----w- c:\users\YuT666\AppData\Roaming\Visan 2012-12-27 18:42 . 2012-12-27 18:42 -------- d-----w- c:\programdata\Visan 2012-12-21 20:10 . 2012-12-21 20:10 -------- d-----w- c:\users\YuT666\AppData\Local\Fallout3 2012-12-21 09:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 09:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-09 21:00 . 2012-04-27 10:09 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-09 21:00 . 2012-04-27 10:09 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-14 15:49 . 2012-05-15 20:02 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-14 02:09 . 2012-12-13 18:11 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 01:58 . 2012-12-13 18:11 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 01:57 . 2012-12-13 18:11 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 01:49 . 2012-12-13 18:11 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 01:48 . 2012-12-13 18:11 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 01:44 . 2012-12-13 18:11 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-09 04:42 . 2012-12-13 18:08 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-02 05:11 . 2012-12-13 18:08 376832 ----a-w- c:\windows\system32\dpnet.dll 2012-10-30 22:51 . 2012-04-27 14:19 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 22:51 . 2012-04-27 14:19 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51 . 2012-04-27 14:19 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 22:51 . 2012-04-27 14:19 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 22:51 . 2012-04-27 14:19 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 22:51 . 2012-04-27 14:19 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 22:50 . 2012-04-27 14:19 227648 ----a-w- c:\windows\system32\aswBoot.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-12-21 09:01 222712 ----a-w- c:\users\YuT666\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-12-21 09:01 222712 ----a-w- c:\users\YuT666\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-12-21 09:01 222712 ----a-w- c:\users\YuT666\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 121528 ----a-w- c:\tools\System\Security\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\tools\System\Security\Avast\avastUI.exe" [2012-10-30 4297136] "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv] @="" . R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x32.sys [x] R3 ddmdrv;ddmdrv;c:\windows\system32\ddmdrv.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x] R3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [x] R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x] R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x] R3 Rockusb;Driver for Rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys [x] R3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [x] R3 RTL8187B;RTL8187B Drahtlos-802.11b/g-USB 2.0-Netzwerkadapter (54 MBit/s) von Realtek;c:\windows\system32\DRIVERS\RTL8187B.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\Drivers\Uim_Vim.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x] S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [x] S3 netr28u;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28u.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 15446761 *Deregistered* - 15446761 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-12 17:41 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe . Inhalt des "geplante Tasks" Ordners . 2013-01-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 21:00] . 2013-01-19 c:\windows\Tasks\GlaryInitialize.job - c:\tools\System\Optimizing\Glary Utilities\initialize.exe [2012-04-29 20:16] . 2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-27 14:19] . 2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-27 14:19] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://websearch.mocaflix.com/ mStart Page = hxxp://websearch.mocaflix.com/ IE: Download all links by FlashGet3 - c:\tools\Internet\FlashGet 3\BHO\fdgetallurl.htm IE: Download all videos by FlashGet3 - c:\tools\Internet\FlashGet 3\BHO\fdgetallflvurl.htm IE: Download by FlashGet3 - c:\tools\Internet\FlashGet 3\BHO\fdgeturl.htm IE: Download current video by FlashGet3 - c:\tools\Internet\FlashGet 3\BHO\fdgetflvurl.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\YuT666\AppData\Roaming\Mozilla\Firefox\Profiles\lt3hkzxi.default\ FF - prefs.js: browser.search.defaulturl - hxxp://websearch.mocaflix.com/?l=1&q= FF - prefs.js: browser.search.selectedEngine - Google Deutschland FF - prefs.js: browser.startup.homepage - www.google.de FF - prefs.js: keyword.URL - hxxp://websearch.mocaflix.com/?l=1&q= FF - prefs.js: network.proxy.http - 46.23.64.124 FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2013-01-05 09:45; {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}; c:\users\YuT666\AppData\Roaming\Mozilla\Firefox\Profiles\lt3hkzxi.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} . - - - - Entfernte verwaiste Registrierungseinträge - - - - . URLSearchHooks-{40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file) URLSearchHooks-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file) AddRemove-Hardlock Gerätetreiber - c:\windows\system32\UNWISE.EXE AddRemove-Steam App 22380 - f:\steam\steam.exe AddRemove-Steam App 57900 - f:\steam\steam.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-3886202293-2860333877-1283190225-1000\Software\SecuROM\License information*] "datasecu"=hex:5f,18,ca,d6,ab,4e,cc,fa,d6,a8,9c,66,d5,39,23,9b,cc,78,12,98,2f, a2,c1,21,a3,d5,5d,0f,66,15,5a,43,4e,77,9a,21,9f,dd,00,f2,cb,bf,99,77,74,72,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\mpDRM\LicenseStore*] "CheckValue"=dword:dbf75170 "8FD6CB82"="232F7327" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-01-19 19:28:52 ComboFix-quarantined-files.txt 2013-01-19 18:28 . Vor Suchlauf: 14 Verzeichnis(se), 11.818.655.744 Bytes frei Nach Suchlauf: 22 Verzeichnis(se), 11.674.546.176 Bytes frei . - - End Of File - - 24D009F25A19AE505346F9070A81C8A4 |
19.01.2013, 19:31 | #8 |
/// Malware-holic | SweetIM & Websearch.mocaflix ... Hi malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
19.01.2013, 20:33 | #9 |
| SweetIM & Websearch.mocaflix ...Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.19.09 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 YuT666 :: YUT666-PC [Administrator] 19.01.2013 19:40:02 mbam-log-2013-01-19 (19-40-02).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 337221 Laufzeit: 43 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Tools\Grafik\PhotoshopPortable\App\PhotoshopCS6\amtlib.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
20.01.2013, 20:42 | #10 |
/// Malware-holic | SweetIM & Websearch.mocaflix ... hi lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu SweetIM & Websearch.mocaflix ... |
32bit, deinstalliert, eingefangen, freue, gefangen, gen, hijack, hijackthis, jahre, nervige, nichts, pup.riskwaretool.ck, rechner, recht, schei, suchmaschine, sweetim, thanks, wahrscheinlich, windows, windows 7, würde |