| |
| |||||||
Log-Analyse und Auswertung: Trojan-Downloader.JS.Expack.ack / Exploit.Java.CVE-2012-4681.genWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.01.2013, 22:37
| #1 |
 |  Trojan-Downloader.JS.Expack.ack / Exploit.Java.CVE-2012-4681.gen Hallo zusammen, ich habe mal wieder einen Rechner eines Bekannten da, der sich laut der Kaspersky Rescue CD folgendes eingefangen hat: Unten auch noch weitere Logs. Danke schon mal für die HILFE und Arbeit!! Das Log vom TDSSKiller passt leider von den Zeichen nicht mehr in den Text, deshalb als Anhang (sorry). Log Kaspersky: Code:
ATTFilter 22.01.13 21:17 Nicht gefunden trojanisches Programm Trojan-Downloader.JS.Expack.ack C:/Users/****/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/GXAG6HW0/main[1].htm Hoch
22.01.13 21:17 Nicht gefunden trojanisches Programm Trojan-Downloader.JS.Expack.ack C:/Users/****/AppData/Local/Microsoft/Windows/Temporary Internet Files/Low/Content.IE5/GXAG6HW0/main[1].htm//JIM Hoch
22.01.13 21:17 Nicht gefunden trojanisches Programm HEUR:Exploit.Java.CVE-2012-4681.gen C:/Users/****/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/25/59cfe4d9-57efc477 Hoch
22.01.13 21:17 Nicht gefunden trojanisches Programm HEUR:Exploit.Java.CVE-2013-0422.gen C:/Users/****/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/49/ce8a7b1-43db2616 Hoch
22.01.13 21:17 Nicht gefunden trojanisches Programm Exploit.Java.Agent.ic C:/Users/****/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/49/ce8a7b1-43db2616//ewjvaiwebvhtuai124a.class Hoch
22.01.13 21:17 Nicht gefunden trojanisches Programm Exploit.Java.Agent.ic C:/Users/****/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/49/ce8a7b1-43db2616//hw.class Hoch
22.01.13 21:17 Nicht gefunden trojanisches Programm Exploit.Java.Agent.ic C:/Users/****/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/49/ce8a7b1-43db2616//test.class Hoch
Status: Gelöscht (Ereignisse: 7)
Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.21.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 **** :: ****-PC [Administrator] 21.01.2013 21:59:45 mbam-log-2013-01-21 (21-59-45).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 347403 Laufzeit: 33 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 23.01.2013 21:36:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = G:\ 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,73 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 68,17% Memory free 7,45 Gb Paging File | 5,96 Gb Available in Paging File | 79,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 674,53 Gb Free Space | 72,42% Space Free | Partition Type: NTFS Drive F: | 465,63 Gb Total Space | 459,95 Gb Free Space | 98,78% Space Free | Partition Type: NTFS Drive G: | 7,45 Gb Total Space | 2,52 Gb Free Space | 33,87% Space Free | Partition Type: NTFS Computer Name: ****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.23 21:31:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\OTL.exe PRC - [2013.01.08 01:06:24 | 001,248,360 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.03.07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.01.19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe ========== Modules (No Company Name) ========== MOD - [2013.01.08 01:06:22 | 000,460,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll MOD - [2013.01.08 01:06:19 | 004,012,648 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll MOD - [2013.01.08 01:05:29 | 000,598,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\libglesv2.dll MOD - [2013.01.08 01:05:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\libegl.dll MOD - [2013.01.08 01:05:25 | 001,553,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.07.28 22:35:35 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.07.28 17:43:58 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2011.06.14 14:42:48 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService) SRV - [2013.01.09 18:43:42 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.02.10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate) SRV - [2012.02.10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc) SRV - [2012.01.19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.28 16:10:48 | 000,088,888 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.07 00:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.03.07 00:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.03.07 00:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.03.07 00:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.03.07 00:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.03.07 00:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.07.28 23:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.07.28 21:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.06.14 14:42:44 | 002,159,728 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2011.06.06 23:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.04.21 19:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.04.15 19:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2011.04.15 19:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2011.03.18 13:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:64bit: - [2011.03.18 13:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K) DRV:64bit: - [2011.03.18 01:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc) DRV:64bit: - [2011.03.18 01:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 12:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd) DRV:64bit: - [2010.11.20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.09.12 14:21:38 | 000,651,776 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA) DRV:64bit: - [2008.09.12 14:21:00 | 000,539,520 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM) DRV:64bit: - [2008.07.26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64) DRV:64bit: - [2008.07.26 15:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2008.07.26 15:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) DRV:64bit: - [2008.07.26 15:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{274daec0-c4e8-4f30-9e5c-9424990769b9}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^0D^xdm251^YY^de&si=CL7fg_O6wrQCFY-6zAodOWwADQ&ptb=05EEFEBB-CF12-4A7D-8641-C6F511D43474&ind=2012123010&n=77ee8f82&psa=&st=sb&searchfor={searchTerms} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4243094397-2814157007-3080163014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKU\S-1-5-21-4243094397-2814157007-3080163014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4243094397-2814157007-3080163014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-4243094397-2814157007-3080163014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5B 82 17 1B D7 77 CD 01 [binary data] IE - HKU\S-1-5-21-4243094397-2814157007-3080163014-1000\..\SearchScopes,DefaultScope = {DB3F746F-0601-4CA6-A141-88C7AFFED3F2} IE - HKU\S-1-5-21-4243094397-2814157007-3080163014-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4243094397-2814157007-3080163014-1000\..\SearchScopes\{274daec0-c4e8-4f30-9e5c-9424990769b9}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^0D^xdm251^YY^de&si=CL7fg_O6wrQCFY-6zAodOWwADQ&ptb=05EEFEBB-CF12-4A7D-8641-C6F511D43474&ind=2012123010&n=77ee8f82&psa=&st=sb&searchfor={searchTerms} IE - HKU\S-1-5-21-4243094397-2814157007-3080163014-1000\..\SearchScopes\{DB3F746F-0601-4CA6-A141-88C7AFFED3F2}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7AURU_deDE516 IE - HKU\S-1-5-21-4243094397-2814157007-3080163014-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.) ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: YouTube = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: avast! WebRep = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\ CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\ CHR - Extension: Google Mail = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKU\S-1-5-21-4243094397-2814157007-3080163014-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4243094397-2814157007-3080163014-1000..\Run: [GoogleChromeAutoLaunch_40AE7F145B50623686C3E11138281541] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-4243094397-2814157007-3080163014-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-4243094397-2814157007-3080163014-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.99.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{069F1B6E-280A-4CD6-A7B9-6A1F27DE97E9}: DhcpNameServer = 192.168.99.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{5df4133b-4664-11e1-a693-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5df4133b-4664-11e1-a693-806e6f6e6963}\Shell\AutoRun\command - "" = D:\ASRSetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.22 20:11:14 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2013.01.21 21:46:21 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2013.01.21 21:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.21 21:46:11 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.21 21:46:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.21 21:46:02 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Programs [2013.01.21 21:45:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.17 19:26:18 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.01.17 19:26:18 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.01.17 19:26:18 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.01.14 20:12:42 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.01.14 20:12:41 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.01.14 20:12:38 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.01.14 20:12:06 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.01.14 20:12:02 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.01.14 20:12:02 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.01.14 20:12:02 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.01.14 20:12:02 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.01.14 20:12:02 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.01.14 20:12:02 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.01.14 20:12:02 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.01.14 20:12:02 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.01.14 20:12:02 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.01.14 20:12:02 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.01.14 20:12:01 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.01.14 20:12:01 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.01.14 20:12:01 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.01.14 20:12:01 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.01.14 20:12:01 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.01.14 20:12:01 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.01.14 20:12:01 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.01.14 20:12:01 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.01.14 20:12:01 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.01.14 20:12:01 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.01.14 20:12:01 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.01.14 20:12:01 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.01.14 20:12:01 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.01.14 20:12:00 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.01.14 20:12:00 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.01.14 20:12:00 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.01.14 20:11:59 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.01.14 20:11:59 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.01.14 20:11:59 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.01.14 20:11:59 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.01.14 20:11:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.01.14 20:11:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.01.14 20:11:28 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.01.14 20:11:27 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.01.14 20:11:27 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.01.14 20:11:27 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.01.14 20:11:27 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.01.14 20:11:27 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.01.14 20:11:27 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.01.14 20:11:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.01.14 20:11:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.01.14 20:11:27 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.14 20:11:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.14 20:11:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.14 20:11:27 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.01.14 20:11:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.14 20:11:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.14 20:11:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.14 20:11:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.14 20:11:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.14 20:11:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.14 20:11:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.14 20:11:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.14 20:11:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.14 20:11:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.14 20:11:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.14 20:11:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.14 20:11:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.14 20:11:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.14 20:11:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.14 20:11:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.14 20:11:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.14 20:11:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.14 20:11:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.14 20:11:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.14 20:11:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.14 20:11:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.14 20:11:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.14 20:11:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.14 20:11:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.14 20:11:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.14 20:11:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.14 20:11:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.14 20:11:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.14 20:11:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.14 20:11:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.14 20:11:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.14 20:11:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.14 20:11:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.14 20:11:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.14 20:11:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.14 20:11:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.14 20:11:25 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.01.14 20:11:25 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.01.14 20:11:25 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.14 20:11:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.14 20:11:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.14 20:11:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.14 20:11:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.14 20:11:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.14 20:11:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.14 20:11:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.14 20:11:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.14 20:11:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.14 20:11:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.14 20:11:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.14 20:11:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.14 20:11:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.14 20:11:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.14 20:11:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.14 20:11:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.01.14 20:10:56 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2012.12.30 17:06:18 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Google [2012.12.30 16:50:25 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Marine Aquarium Lite [2012.12.30 16:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SereneScreen [2012.12.30 16:49:26 | 006,037,504 | ---- | C] (SereneScreen) -- C:\Windows\SysWow64\MarineAquariumLite.scr [2012.12.30 16:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SereneScreen [2012.02.03 12:55:07 | 007,370,976 | ---- | C] (Igor Pavlov) -- C:\Users\****\CommunicatorPlugin_301.exe [2012.02.03 12:55:06 | 007,370,976 | ---- | C] (Igor Pavlov) -- C:\Users\****\CommunicatorPlugin_301 (1).exe ========== Files - Modified Within 30 Days ========== [2013.01.23 20:58:06 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.23 20:58:06 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.23 20:50:39 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.23 20:50:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.23 20:50:24 | 3002,306,560 | -HS- | M] () -- C:\hiberfil.sys [2013.01.22 21:47:10 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.22 21:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.21 21:49:35 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.21 21:49:35 | 000,656,044 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.21 21:49:35 | 000,616,590 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.21 21:49:35 | 000,130,676 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.21 21:49:35 | 000,106,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.21 21:46:13 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.16 18:30:00 | 000,412,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.14 20:01:55 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.01.14 20:01:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.01.12 03:30:18 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.01.12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.01.12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.01.09 18:43:41 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.09 18:43:41 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.12.30 16:07:16 | 000,755,734 | ---- | M] () -- C:\Users\****\Documents\Beko WMB 71443 PTER Waschmaschine Frontlader - A+++B - 171 kWh-Jahr - 1400 UpM- 7 kg - Pet Hair Removal - großes Display - rot Amazon_de Elektro-Großgeräte.mht ========== Files Created - No Company Name ========== [2013.01.21 21:46:13 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.30 16:07:14 | 000,755,734 | ---- | C] () -- C:\Users\****\Documents\Beko WMB 71443 PTER Waschmaschine Frontlader - A+++B - 171 kWh-Jahr - 1400 UpM- 7 kg - Pet Hair Removal - großes Display - rot Amazon_de Elektro-Großgeräte.mht [2012.02.17 17:59:11 | 000,451,072 | ---- | C] () -- C:\Windows\emunist.exe [2012.02.17 17:59:11 | 000,001,610 | ---- | C] () -- C:\Windows\TVEpaDrv.ini [2012.02.06 17:54:55 | 000,356,352 | ---- | C] () -- C:\Windows\MeerwasserAquarium3DUninstaller.exe [2012.02.03 12:55:07 | 009,960,881 | ---- | C] () -- C:\Users\****\MeerwasserAquarium3D_227450752.exe [2012.02.03 12:55:06 | 006,726,910 | ---- | C] () -- C:\Users\****\Bedienung MyDrive.pdf [2012.01.24 11:08:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.01.24 10:58:43 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.07.28 17:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.06.17 16:09:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Amazon [2012.02.03 13:13:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canneverbe Limited [2012.02.04 11:40:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canon [2012.09.30 13:36:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoft [2012.09.30 13:35:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers [2012.02.18 13:57:55 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FRITZ! [2012.02.03 10:37:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Garmin [2012.12.30 16:50:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Marine Aquarium Lite [2012.03.10 14:17:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamViewer ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.01.2013 21:36:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = G:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,73 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 68,17% Memory free
7,45 Gb Paging File | 5,96 Gb Available in Paging File | 79,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 674,53 Gb Free Space | 72,42% Space Free | Partition Type: NTFS
Drive F: | 465,63 Gb Total Space | 459,95 Gb Free Space | 98,78% Space Free | Partition Type: NTFS
Drive G: | 7,45 Gb Total Space | 2,52 Gb Free Space | 33,87% Space Free | Partition Type: NTFS
Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-4243094397-2814157007-3080163014-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FCD637-D568-471B-BE03-B21F57163528}" = lport=445 | protocol=6 | dir=in | app=system |
"{1F7440F9-A645-4F09-BAF1-3C85BAA4B062}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{22E05383-BCCE-4B6B-A7F3-BA205D88519B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{26B8ED58-43E3-460D-973C-C6FEDECE7CCB}" = rport=138 | protocol=17 | dir=out | app=system |
"{4377CE27-2B03-4238-9B47-C19F2CA724A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{489E3DCB-DC95-4E15-B0C1-61C5E0B80345}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4A5BCC0A-673E-4DB8-A782-91EE58F6DCD5}" = rport=137 | protocol=17 | dir=out | app=system |
"{4CC41C11-DCE8-4D0F-B0DA-B9183080493F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4F7ACAEC-141E-42DB-A240-35FC3621EE6D}" = lport=138 | protocol=17 | dir=in | app=system |
"{5041DF5B-F28B-465C-BF36-466D725937B2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{620A0BA0-2B1F-41E4-B952-9BFDE39255AA}" = rport=139 | protocol=6 | dir=out | app=system |
"{62107D2C-ADA6-4D86-A084-B62AF132A457}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{62F812FA-E0B5-435C-B2F7-FABE9554AA7F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7261E11B-29AB-4177-AB44-A56CEF67C2C1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{89538804-293D-4714-A64D-B9AE276431E8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{8BE009FB-E832-4CC9-A6C3-DA6D96701AB7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9614BBA2-67C4-4A08-9C06-53F2E62653FE}" = rport=445 | protocol=6 | dir=out | app=system |
"{A0355CE4-A5D2-4D75-A133-1D3FBBE7A9D4}" = lport=139 | protocol=6 | dir=in | app=system |
"{A68EFDB7-17C9-4150-946C-A83CB8D81ABB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B070CBEF-F20B-4AF9-A4A9-EDA1413D349B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B1086FFF-49B3-4805-BE92-20F4DC932E66}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B142F378-836E-4509-9CE9-D5B2F0238EBC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B4807BB6-8BAB-4AA8-B213-891F311BBFA9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CA7764A5-F906-49B6-B477-2382489CEBAD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CFD5D818-3D2F-440B-8040-E623F4E42C06}" = lport=137 | protocol=17 | dir=in | app=system |
"{DA7DE651-1117-49ED-B8C7-214EB3EBBE4F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DBDDB985-9DED-4D92-AD61-5238F484C067}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DF84EA93-6014-4313-B58C-539900C258A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF87AC0D-68F6-44CA-953A-A93F54D1F4E7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DFB7390B-6E36-4697-B213-97E4064A6795}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E6431149-832B-4994-99C8-FFA5CE0B4D10}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E8713B2F-29FF-4E8E-954B-0D75592107ED}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{047AE519-2B87-406B-8E04-4EC6CEDDAA89}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{06AFBE31-67E8-4074-B510-5CAE9C393B70}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{0DFC3A1D-AD11-435D-9884-CED1AACB2D38}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1D018B82-6E3C-4886-B053-53E1E868F844}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1D33161F-D52E-4C6B-ADE3-7175850EC797}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1FDEE917-E635-464E-8B0E-A3318D47331B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{20AF12F6-C1ED-4BFC-9D30-CC29837A2109}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{20FC936C-E33B-4D15-B818-96D82EB833F2}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{2625B7E8-D30A-4D16-9AE9-1E37D8994E69}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{33ED311E-2EBE-48F5-A94B-7C3A9EACD52E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{378F8634-DF93-44A0-B2D0-3F4AE608D788}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3DE41A40-FC74-4C2B-BA2D-D660B658C831}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{3F797AAA-D276-4394-9F43-858C73946EBF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{51F4EC90-D3F5-4B6D-8C77-B2166F90F530}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{71CCA956-096C-4E83-8901-FF042A9EC444}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{78C76A9E-2007-48F2-A9B3-D7009E80BFF3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7D47E686-B36F-47BB-A593-B00CF70650F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{93BEE76E-0E20-4A24-AACE-8F7CEDF4DF9B}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{9D108BCB-198B-420C-982D-9EE4E1E66F37}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F0B0399-C295-4A64-9006-4CC751087D81}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{A1DF0B48-4D35-4767-9200-0D4FA925430E}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{B6CB5843-6CB7-4A87-9F90-9781770EC883}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B890E9FB-AFBE-4320-B680-8705D1A8CBF5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BA126026-2471-4F5D-8073-F175F5531D00}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{BCA78384-130F-46DA-959B-554C6BFD6011}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{C1FC624C-14EF-4053-B00B-11BA14B9909D}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{D21123DC-274C-4980-968A-06A7F5EA1BC2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DC2FFD2A-FE81-44D0-B10F-EB706040E750}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DD4543C5-5B0A-46A6-B8BD-26B9A4ACF336}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DE693614-5F79-43B8-B0D7-3F13316AECD3}" = protocol=6 | dir=out | app=system |
"{E3A7D2F0-9C81-4409-A349-77EEA33AAB0C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E6B0E1F9-DBFE-4329-B4EF-F419BAC24387}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F93F03CC-9775-4016-AF38-3DA3C1F2906B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{F967ACFE-29A3-4C22-8FE3-CD08E6A195DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{2D5D9603-22CF-4B99-83F6-0CD20330F62E}" = FRITZ!DSL64
"{41968390-377D-0119-5AA9-755B8AF0DA80}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6F00292A-7A89-4FC3-AA45-4DA3A4BB593C}" = HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AE196FD4-5109-21C4-6B2D-C8B60E188EC7}" = AMD Catalyst Install Manager
"{BA3E917A-7DBE-4760-7407-BD6E0EB3CFB2}" = AMD Fuel
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F21DA788-229C-4B4E-A3D2-64188805CF58}" = Studie zur Verbesserung von HP Deskjet 1000 J110 series Produkten
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B5F055F-0D34-C0E0-7E34-45789E958BCE}" = CCC Help English
"{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}" = Garmin Lifetime Updater
"{16F4BFFB-6A79-7A40-A591-23C63FC4D595}" = Catalyst Control Center Localization All
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A7D2CE-1A04-41D6-96A9-65D897E86DC2}" = CCC Help Czech
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11
"{34E23470-E328-BFCD-B3EF-E6E74E87FEDD}" = AMD VISION Engine Control Center
"{3A1EBEF3-9BDC-FFCD-8144-265FD2FD1D33}" = CCC Help Swedish
"{42F965F4-EABA-A9E4-C4B6-38C12EC34FBC}" = CCC Help Polish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E8EDE0A-E97B-2475-BF6B-C8FEEC4F4482}" = CCC Help Thai
"{66E4187B-991A-A4BE-933B-08B3BEBC0EE6}" = CCC Help Chinese Standard
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6EB3C538-B9B8-F2BB-AEC4-865AC2DF2EE0}" = CCC Help Finnish
"{70F9C054-B713-B704-2E37-7F78439D5FA8}" = CCC Help Turkish
"{716A2D35-F0D5-3BE4-D02A-0C0A2FCDF7BB}" = CCC Help Danish
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CEED00F-11AC-9C5C-F500-AF86D4C67E40}" = Catalyst Control Center Profiles Mobile
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{831C848D-F785-F9AF-693B-9BD2C9ED5D0B}" = CCC Help Portuguese
"{84374801-0EEE-9A50-6F79-17E2057CC6C9}" = CCC Help Korean
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8F10F574-9C09-CEE0-DCC9-317DB01190FC}" = Catalyst Control Center InstallProxy
"{8FAA57C5-7BD1-4285-B4B1-36D7337D7BE5}" = Vhd Resizer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{98097DB0-38DE-E2E8-D8F2-97F2816D5D4A}" = CCC Help Russian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3B31093-3C8E-3D69-A4EF-2EA950720590}" = CCC Help Japanese
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AD053B60-BC7C-D749-0D5B-4ADE932AF931}" = CCC Help Hungarian
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 16.0.950.0
"{D3D3A52A-BD2B-BC1E-903F-A47E00F31AF8}" = CCC Help Greek
"{D541F7BE-3CAC-18C6-43B3-CEAEA5887296}" = CCC Help French
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D93CC12C-4C40-C463-3463-9E025C277D3C}" = CCC Help Italian
"{DBCB47B1-235E-C4A8-C481-DDA01B49C9A7}" = CCC Help Spanish
"{DD899638-B3F5-A6D0-E263-44D5704A080C}" = CCC Help German
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Hilfe
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FAEA976B-4C36-141F-C7D8-889E0B067CE0}" = CCC Help Chinese Traditional
"{FCF0E04F-B459-61BE-66B5-B7D02112605F}" = CCC Help Dutch
"{FE7989B2-9F10-977F-3ABD-AF441E38AA41}" = CCC Help Norwegian
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"avast" = avast! Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MeerwasserAquarium3D" = Meerwasser-Aquarium 3D
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
"SereneScreen Marine Aquarium Lite_is1" = SereneScreen Marine Aquarium Lite
"TeamViewer 7" = TeamViewer 7
"TVEpaDrv" = Roxio Video Capture USB Driver
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.01.2013 12:28:28 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.01.2013 13:31:22 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.01.2013 13:57:39 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.01.2013 13:09:55 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 19.01.2013 01:18:14 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 19.01.2013 06:32:15 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 19.01.2013 06:41:31 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 19.01.2013 10:06:00 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.01.2013 16:28:04 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.01.2013 16:30:17 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.01.2013 15:52:13 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 19.09.2012 10:57:50 | Computer Name = ****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 33
seconds with 0 seconds of active time. This session ended with a crash.
Error - 22.12.2012 13:01:01 | Computer Name = ****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 21.01.2013 16:45:07 | Computer Name = ****-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error - 21.01.2013 16:45:07 | Computer Name = ****-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error - 21.01.2013 16:45:08 | Computer Name = ****-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error - 21.01.2013 21:06:59 | Computer Name = ****-PC | Source = DCOM | ID = 10010
Description =
Error - 22.01.2013 17:17:25 | Computer Name = ****-PC | Source = DCOM | ID = 10010
Description =
Error - 23.01.2013 15:53:46 | Computer Name = ****-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error - 23.01.2013 15:53:46 | Computer Name = ****-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error - 23.01.2013 15:53:47 | Computer Name = ****-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error - 23.01.2013 15:53:47 | Computer Name = ****-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error - 23.01.2013 15:53:48 | Computer Name = ****-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
< End of report >
Code:
ATTFilter # AdwCleaner v2.107 - Datei am 23/01/2013 um 22:05:26 erstellt
# Aktualisiert am 21/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : **** - ****-PC
# Bootmodus : Normal
# Ausgeführt unter : G:\AdwCleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v24.0.1312.52
Datei : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Chromium v {
show_on_all_tabs: true
}
Datei : C:\Users\****\AppData\Local\Chromium\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [961 octets] - [23/01/2013 22:05:26]
########## EOF - C:\AdwCleaner[R1].txt - [1020 octets] ##########
|
|
24.01.2013, 11:09
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojan-Downloader.JS.Expack.ack / Exploit.Java.CVE-2012-4681.gen Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
24.01.2013, 14:04
| #3 |
| | Trojan-Downloader.JS.Expack.ack / Exploit.Java.CVE-2012-4681.gen Hallo cosinus,
__________________ursprünglich wurde der Virus vom Avast Scanner entdeckt. und als Trojan-Downloader.JS.Expack.ack identifiziert, nur finde ich leider keine Möglichkeit ein log als txt oder ähnlich zu sichern. Malwarebytes ist ja bei den oben genannten logs ja schon dabei und hat keine Funde angezeit, der Scan mit Malwarebytes ist vor dem scan mit kaspersky und der Löschung geschehen. |
|
24.01.2013, 14:11
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan-Downloader.JS.Expack.ack / Exploit.Java.CVE-2012-4681.gen Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.01.2013, 17:57
| #5 |
| | Trojan-Downloader.JS.Expack.ack / Exploit.Java.CVE-2012-4681.genCode:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org
Database version: v2013.01.24.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
**** :: ****-PC [administrator]
24.01.2013 18:09:52
mbar-log-2013-01-24 (18-09-52).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28871
Time elapsed: 7 minute(s), 32 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Geändert von ischDD (24.01.2013 um 18:12 Uhr) |
|
24.01.2013, 22:04
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan-Downloader.JS.Expack.ack / Exploit.Java.CVE-2012-4681.gen 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> Trojan-Downloader.JS.Expack.ack / Exploit.Java.CVE-2012-4681.gen |
|
24.01.2013, 23:00
| #7 |
| | Trojan-Downloader.JS.Expack.ack / Exploit.Java.CVE-2012-4681.genCode:
ATTFilter 21:48:40.0826 5116 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:48:40.0857 5116 ============================================================
21:48:40.0857 5116 Current date / time: 2013/01/23 21:48:40.0857
21:48:40.0857 5116 SystemInfo:
21:48:40.0857 5116
21:48:40.0857 5116 OS Version: 6.1.7601 ServicePack: 1.0
21:48:40.0857 5116 Product type: Workstation
21:48:40.0857 5116 ComputerName: ****-PC
21:48:40.0857 5116 UserName: ****
21:48:40.0857 5116 Windows directory: C:\Windows
21:48:40.0857 5116 System windows directory: C:\Windows
21:48:40.0857 5116 Running under WOW64
21:48:40.0857 5116 Processor architecture: Intel x64
21:48:40.0857 5116 Number of processors: 4
21:48:40.0857 5116 Page size: 0x1000
21:48:40.0857 5116 Boot type: Normal boot
21:48:40.0857 5116 ============================================================
21:48:41.0731 5116 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:48:45.0459 5116 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:48:45.0491 5116 Drive \Device\Harddisk3\DR4 - Size: 0x1DD800000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:48:45.0491 5116 ============================================================
21:48:45.0491 5116 \Device\Harddisk0\DR0:
21:48:45.0491 5116 MBR partitions:
21:48:45.0491 5116 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:48:45.0491 5116 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
21:48:45.0491 5116 \Device\Harddisk1\DR1:
21:48:45.0491 5116 GPT partitions:
21:48:45.0491 5116 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {6506EF9D-52A3-41D4-AEFC-0171AA65906B}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
21:48:45.0491 5116 \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {3097FD07-468C-4A17-A58F-4B9F159BD22E}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x3A345000
21:48:45.0491 5116 MBR partitions:
21:48:45.0491 5116 \Device\Harddisk3\DR4:
21:48:45.0491 5116 MBR partitions:
21:48:45.0491 5116 \Device\Harddisk3\DR4\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xEE834E
21:48:45.0491 5116 ============================================================
21:48:45.0522 5116 C: <-> \Device\Harddisk0\DR0\Partition2
21:48:45.0553 5116 F: <-> \Device\Harddisk1\DR1\Partition2
21:48:45.0553 5116 ============================================================
21:48:45.0553 5116 Initialize success
21:48:45.0553 5116 ============================================================
21:49:28.0780 2548 ============================================================
21:49:28.0781 2548 Scan started
21:49:28.0781 2548 Mode: Manual; SigCheck; TDLFS;
21:49:28.0781 2548 ============================================================
21:49:29.0116 2548 ================ Scan system memory ========================
21:49:29.0116 2548 System memory - ok
21:49:29.0116 2548 ================ Scan services =============================
21:49:29.0212 2548 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:49:29.0306 2548 1394ohci - ok
21:49:29.0338 2548 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:49:29.0355 2548 ACPI - ok
21:49:29.0367 2548 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:49:29.0399 2548 AcpiPmi - ok
21:49:29.0498 2548 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:49:29.0509 2548 AdobeARMservice - ok
21:49:29.0638 2548 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:49:29.0651 2548 AdobeFlashPlayerUpdateSvc - ok
21:49:29.0676 2548 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:49:29.0696 2548 adp94xx - ok
21:49:29.0704 2548 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:49:29.0720 2548 adpahci - ok
21:49:29.0726 2548 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:49:29.0740 2548 adpu320 - ok
21:49:29.0766 2548 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:49:29.0800 2548 AeLookupSvc - ok
21:49:29.0855 2548 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:49:29.0897 2548 AFD - ok
21:49:29.0918 2548 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:49:29.0931 2548 agp440 - ok
21:49:29.0942 2548 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:49:29.0985 2548 ALG - ok
21:49:30.0010 2548 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:49:30.0021 2548 aliide - ok
21:49:30.0066 2548 [ A2F5BEA5B45A8E7C4776F39C25E8699D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:49:30.0116 2548 AMD External Events Utility - ok
21:49:30.0166 2548 AMD FUEL Service - ok
21:49:30.0193 2548 [ 30BFEEE0DFFD5BD79D29157CF080DEED ] amdhub30 C:\Windows\system32\DRIVERS\amdhub30.sys
21:49:30.0215 2548 amdhub30 - ok
21:49:30.0233 2548 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:49:30.0244 2548 amdide - ok
21:49:30.0259 2548 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
21:49:30.0275 2548 amdiox64 - ok
21:49:30.0290 2548 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:49:30.0304 2548 AmdK8 - ok
21:49:30.0468 2548 [ 5B03217859B014B090CB5060C1D96875 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:49:30.0700 2548 amdkmdag - ok
21:49:30.0729 2548 [ 35D2184A99AD4CD5D17284D6C9F382C9 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
21:49:30.0764 2548 amdkmdap - ok
21:49:30.0806 2548 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:49:30.0833 2548 AmdPPM - ok
21:49:30.0874 2548 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:49:30.0887 2548 amdsata - ok
21:49:30.0899 2548 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:49:30.0914 2548 amdsbs - ok
21:49:30.0918 2548 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:49:30.0930 2548 amdxata - ok
21:49:30.0956 2548 [ 321533578132C811EC834A1B741C994C ] amdxhc C:\Windows\system32\DRIVERS\amdxhc.sys
21:49:30.0974 2548 amdxhc - ok
21:49:30.0993 2548 [ F9D46B6B322708BD5AFCC8767EBDC901 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
21:49:31.0009 2548 amd_sata - ok
21:49:31.0021 2548 [ 329CC9C7E20DEEBCD4CD10816193EF14 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
21:49:31.0037 2548 amd_xata - ok
21:49:31.0064 2548 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:49:31.0121 2548 AppID - ok
21:49:31.0151 2548 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:49:31.0184 2548 AppIDSvc - ok
21:49:31.0192 2548 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:49:31.0253 2548 Appinfo - ok
21:49:31.0278 2548 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
21:49:31.0290 2548 arc - ok
21:49:31.0305 2548 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:49:31.0318 2548 arcsas - ok
21:49:31.0354 2548 [ B9DA213B5271DB5FCE962D827E6D620D ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
21:49:31.0370 2548 aswFsBlk - ok
21:49:31.0386 2548 [ 21C9835D0E5AD2FF0F16134BCB32CC71 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
21:49:31.0403 2548 aswMonFlt - ok
21:49:31.0426 2548 [ 1B96A5867ABD4FA6135D8298FCCCF9C6 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
21:49:31.0442 2548 aswRdr - ok
21:49:31.0467 2548 [ 6E98BB288696777A3A8A07A52B0EAEE9 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
21:49:31.0497 2548 aswSnx - ok
21:49:31.0512 2548 [ D9FB49F16E4EB02EFECAE8CBFE4BCB4C ] aswSP C:\Windows\system32\drivers\aswSP.sys
21:49:31.0533 2548 aswSP - ok
21:49:31.0541 2548 [ 7352BB9A564B94BBD7C9CBF165F55006 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
21:49:31.0558 2548 aswTdi - ok
21:49:31.0568 2548 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:49:31.0624 2548 AsyncMac - ok
21:49:31.0645 2548 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:49:31.0656 2548 atapi - ok
21:49:31.0686 2548 [ DBB487D09F56C674430AC454FD8BCAB9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
21:49:31.0706 2548 AtiHDAudioService - ok
21:49:31.0725 2548 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:49:31.0788 2548 AudioEndpointBuilder - ok
21:49:31.0798 2548 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:49:31.0836 2548 AudioSrv - ok
21:49:31.0900 2548 [ 4041D31508A2A084DFB42C595854090F ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:49:31.0916 2548 avast! Antivirus - ok
21:49:31.0952 2548 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:49:31.0990 2548 AxInstSV - ok
21:49:32.0024 2548 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:49:32.0063 2548 b06bdrv - ok
21:49:32.0110 2548 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:49:32.0148 2548 b57nd60a - ok
21:49:32.0291 2548 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
21:49:32.0306 2548 BBSvc - ok
21:49:32.0342 2548 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
21:49:32.0355 2548 BBUpdate - ok
21:49:32.0370 2548 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:49:32.0400 2548 BDESVC - ok
21:49:32.0435 2548 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:49:32.0469 2548 Beep - ok
21:49:32.0493 2548 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:49:32.0556 2548 BFE - ok
21:49:32.0594 2548 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:49:32.0655 2548 BITS - ok
21:49:32.0682 2548 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:49:32.0712 2548 blbdrive - ok
21:49:32.0755 2548 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:49:32.0784 2548 bowser - ok
21:49:32.0819 2548 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:49:32.0834 2548 BrFiltLo - ok
21:49:32.0851 2548 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:49:32.0866 2548 BrFiltUp - ok
21:49:32.0903 2548 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:49:32.0916 2548 Browser - ok
21:49:32.0936 2548 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:49:32.0976 2548 Brserid - ok
21:49:32.0996 2548 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:49:33.0030 2548 BrSerWdm - ok
21:49:33.0050 2548 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:49:33.0067 2548 BrUsbMdm - ok
21:49:33.0079 2548 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:49:33.0093 2548 BrUsbSer - ok
21:49:33.0107 2548 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:49:33.0143 2548 BTHMODEM - ok
21:49:33.0171 2548 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:49:33.0205 2548 bthserv - ok
21:49:33.0211 2548 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:49:33.0245 2548 cdfs - ok
21:49:33.0261 2548 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:49:33.0275 2548 cdrom - ok
21:49:33.0295 2548 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:49:33.0328 2548 CertPropSvc - ok
21:49:33.0342 2548 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
21:49:33.0359 2548 circlass - ok
21:49:33.0380 2548 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:49:33.0398 2548 CLFS - ok
21:49:33.0451 2548 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:49:33.0462 2548 clr_optimization_v2.0.50727_32 - ok
21:49:33.0499 2548 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:49:33.0511 2548 clr_optimization_v2.0.50727_64 - ok
21:49:33.0591 2548 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:49:33.0603 2548 clr_optimization_v4.0.30319_32 - ok
21:49:33.0622 2548 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:49:33.0635 2548 clr_optimization_v4.0.30319_64 - ok
21:49:33.0652 2548 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
21:49:33.0682 2548 CmBatt - ok
21:49:33.0704 2548 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:49:33.0715 2548 cmdide - ok
21:49:33.0758 2548 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:49:33.0782 2548 CNG - ok
21:49:33.0794 2548 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
21:49:33.0806 2548 Compbatt - ok
21:49:33.0823 2548 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:49:33.0859 2548 CompositeBus - ok
21:49:33.0864 2548 COMSysApp - ok
21:49:33.0885 2548 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:49:33.0897 2548 crcdisk - ok
21:49:33.0942 2548 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:49:33.0971 2548 CryptSvc - ok
21:49:34.0008 2548 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:49:34.0067 2548 DcomLaunch - ok
21:49:34.0105 2548 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:49:34.0142 2548 defragsvc - ok
21:49:34.0155 2548 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:49:34.0211 2548 DfsC - ok
21:49:34.0251 2548 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:49:34.0287 2548 Dhcp - ok
21:49:34.0292 2548 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:49:34.0333 2548 discache - ok
21:49:34.0392 2548 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
21:49:34.0403 2548 Disk - ok
21:49:34.0442 2548 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:49:34.0483 2548 Dnscache - ok
21:49:34.0490 2548 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:49:34.0530 2548 dot3svc - ok
21:49:34.0557 2548 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:49:34.0611 2548 DPS - ok
21:49:34.0652 2548 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:49:34.0687 2548 drmkaud - ok
21:49:34.0719 2548 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:49:34.0747 2548 DXGKrnl - ok
21:49:34.0774 2548 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:49:34.0808 2548 EapHost - ok
21:49:34.0869 2548 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:49:34.0966 2548 ebdrv - ok
21:49:35.0003 2548 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:49:35.0047 2548 EFS - ok
21:49:35.0103 2548 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:49:35.0126 2548 ehRecvr - ok
21:49:35.0142 2548 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:49:35.0175 2548 ehSched - ok
21:49:35.0219 2548 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:49:35.0239 2548 elxstor - ok
21:49:35.0251 2548 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:49:35.0284 2548 ErrDev - ok
21:49:35.0316 2548 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:49:35.0369 2548 EventSystem - ok
21:49:35.0394 2548 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:49:35.0430 2548 exfat - ok
21:49:35.0444 2548 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:49:35.0502 2548 fastfat - ok
21:49:35.0547 2548 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:49:35.0590 2548 Fax - ok
21:49:35.0612 2548 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
21:49:35.0625 2548 fdc - ok
21:49:35.0650 2548 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:49:35.0702 2548 fdPHost - ok
21:49:35.0724 2548 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:49:35.0774 2548 FDResPub - ok
21:49:35.0797 2548 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:49:35.0810 2548 FileInfo - ok
21:49:35.0825 2548 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:49:35.0880 2548 Filetrace - ok
21:49:35.0906 2548 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
21:49:35.0920 2548 flpydisk - ok
21:49:35.0935 2548 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:49:35.0951 2548 FltMgr - ok
21:49:36.0001 2548 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:49:36.0026 2548 FontCache - ok
21:49:36.0065 2548 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:49:36.0075 2548 FontCache3.0.0.0 - ok
21:49:36.0079 2548 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:49:36.0091 2548 FsDepends - ok
21:49:36.0125 2548 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:49:36.0137 2548 Fs_Rec - ok
21:49:36.0179 2548 [ FA169871D8FADCC6539C4E8726610286 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys
21:49:36.0189 2548 FTDIBUS - ok
21:49:36.0212 2548 [ 24237091348D1EFB5635A1CF9649E311 ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys
21:49:36.0222 2548 FTSER2K - ok
21:49:36.0243 2548 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:49:36.0261 2548 fvevol - ok
21:49:36.0282 2548 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:49:36.0295 2548 gagp30kx - ok
21:49:36.0317 2548 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:49:36.0359 2548 gpsvc - ok
21:49:36.0452 2548 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:49:36.0463 2548 gupdate - ok
21:49:36.0467 2548 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:49:36.0478 2548 gupdatem - ok
21:49:36.0515 2548 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:49:36.0528 2548 gusvc - ok
21:49:36.0546 2548 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:49:36.0577 2548 hcw85cir - ok
21:49:36.0622 2548 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:49:36.0665 2548 HdAudAddService - ok
21:49:36.0697 2548 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:49:36.0731 2548 HDAudBus - ok
21:49:36.0755 2548 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:49:36.0786 2548 HidBatt - ok
21:49:36.0811 2548 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:49:36.0844 2548 HidBth - ok
21:49:36.0868 2548 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
21:49:36.0884 2548 HidIr - ok
21:49:36.0894 2548 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:49:36.0929 2548 hidserv - ok
21:49:36.0957 2548 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:49:36.0969 2548 HidUsb - ok
21:49:36.0992 2548 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:49:37.0048 2548 hkmsvc - ok
21:49:37.0072 2548 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:49:37.0089 2548 HomeGroupListener - ok
21:49:37.0115 2548 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:49:37.0146 2548 HomeGroupProvider - ok
21:49:37.0186 2548 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:49:37.0199 2548 HpSAMD - ok
21:49:37.0229 2548 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:49:37.0290 2548 HTTP - ok
21:49:37.0302 2548 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:49:37.0313 2548 hwpolicy - ok
21:49:37.0324 2548 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:49:37.0338 2548 i8042prt - ok
21:49:37.0386 2548 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:49:37.0405 2548 iaStorV - ok
21:49:37.0448 2548 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:49:37.0473 2548 idsvc - ok
21:49:37.0519 2548 [ AC9EBDE25DB39A35E1CEB0441BA7A464 ] IGDCTRL C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
21:49:37.0529 2548 IGDCTRL - ok
21:49:37.0542 2548 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:49:37.0554 2548 iirsp - ok
21:49:37.0579 2548 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:49:37.0643 2548 IKEEXT - ok
21:49:37.0672 2548 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:49:37.0684 2548 intelide - ok
21:49:37.0709 2548 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
21:49:37.0739 2548 intelppm - ok
21:49:37.0772 2548 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:49:37.0829 2548 IPBusEnum - ok
21:49:37.0853 2548 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:49:37.0904 2548 IpFilterDriver - ok
21:49:37.0950 2548 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:49:37.0972 2548 iphlpsvc - ok
21:49:37.0977 2548 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:49:38.0007 2548 IPMIDRV - ok
21:49:38.0028 2548 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:49:38.0084 2548 IPNAT - ok
21:49:38.0119 2548 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:49:38.0156 2548 IRENUM - ok
21:49:38.0180 2548 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:49:38.0192 2548 isapnp - ok
21:49:38.0209 2548 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:49:38.0225 2548 iScsiPrt - ok
21:49:38.0242 2548 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:49:38.0254 2548 kbdclass - ok
21:49:38.0270 2548 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:49:38.0285 2548 kbdhid - ok
21:49:38.0301 2548 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:49:38.0314 2548 KeyIso - ok
21:49:38.0352 2548 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:49:38.0366 2548 KSecDD - ok
21:49:38.0388 2548 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:49:38.0402 2548 KSecPkg - ok
21:49:38.0423 2548 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:49:38.0473 2548 ksthunk - ok
21:49:38.0488 2548 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:49:38.0543 2548 KtmRm - ok
21:49:38.0573 2548 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:49:38.0631 2548 LanmanServer - ok
21:49:38.0658 2548 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:49:38.0694 2548 LanmanWorkstation - ok
21:49:38.0710 2548 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:49:38.0762 2548 lltdio - ok
21:49:38.0787 2548 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:49:38.0844 2548 lltdsvc - ok
21:49:38.0866 2548 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:49:38.0920 2548 lmhosts - ok
21:49:38.0961 2548 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:49:38.0975 2548 LSI_FC - ok
21:49:38.0980 2548 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:49:38.0993 2548 LSI_SAS - ok
21:49:39.0007 2548 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:49:39.0020 2548 LSI_SAS2 - ok
21:49:39.0030 2548 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:49:39.0043 2548 LSI_SCSI - ok
21:49:39.0063 2548 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:49:39.0116 2548 luafv - ok
21:49:39.0166 2548 [ 07389F6925E490D2DB7882110E99921C ] lvpepf64 C:\Windows\system32\DRIVERS\lv302a64.sys
21:49:39.0182 2548 lvpepf64 - ok
21:49:39.0212 2548 [ 7F0BA3A6E8996F15693C6B7D81DA049E ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
21:49:39.0241 2548 LVRS64 - ok
21:49:39.0263 2548 [ 5C3FF68267A5D242EE79EE01B993D6CE ] LVUSBS64 C:\Windows\system32\drivers\LVUSBS64.sys
21:49:39.0279 2548 LVUSBS64 - ok
21:49:39.0298 2548 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:49:39.0315 2548 Mcx2Svc - ok
21:49:39.0328 2548 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
21:49:39.0340 2548 megasas - ok
21:49:39.0357 2548 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:49:39.0374 2548 MegaSR - ok
21:49:39.0398 2548 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:49:39.0455 2548 MMCSS - ok
21:49:39.0479 2548 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:49:39.0526 2548 Modem - ok
21:49:39.0560 2548 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:49:39.0575 2548 monitor - ok
21:49:39.0585 2548 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:49:39.0597 2548 mouclass - ok
21:49:39.0610 2548 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:49:39.0623 2548 mouhid - ok
21:49:39.0650 2548 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:49:39.0664 2548 mountmgr - ok
21:49:39.0680 2548 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:49:39.0694 2548 mpio - ok
21:49:39.0709 2548 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:49:39.0742 2548 mpsdrv - ok
21:49:39.0764 2548 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:49:39.0808 2548 MpsSvc - ok
21:49:39.0815 2548 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:49:39.0853 2548 MRxDAV - ok
21:49:39.0896 2548 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:49:39.0911 2548 mrxsmb - ok
21:49:39.0923 2548 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:49:39.0939 2548 mrxsmb10 - ok
21:49:39.0977 2548 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:49:39.0991 2548 mrxsmb20 - ok
21:49:39.0998 2548 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:49:40.0009 2548 msahci - ok
21:49:40.0029 2548 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:49:40.0042 2548 msdsm - ok
21:49:40.0058 2548 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:49:40.0093 2548 MSDTC - ok
21:49:40.0124 2548 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:49:40.0176 2548 Msfs - ok
21:49:40.0200 2548 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:49:40.0249 2548 mshidkmdf - ok
21:49:40.0275 2548 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:49:40.0286 2548 msisadrv - ok
21:49:40.0315 2548 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:49:40.0372 2548 MSiSCSI - ok
21:49:40.0377 2548 msiserver - ok
21:49:40.0406 2548 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:49:40.0459 2548 MSKSSRV - ok
21:49:40.0492 2548 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:49:40.0543 2548 MSPCLOCK - ok
21:49:40.0568 2548 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:49:40.0602 2548 MSPQM - ok
21:49:40.0618 2548 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:49:40.0636 2548 MsRPC - ok
21:49:40.0651 2548 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:49:40.0663 2548 mssmbios - ok
21:49:40.0676 2548 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:49:40.0709 2548 MSTEE - ok
21:49:40.0723 2548 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:49:40.0737 2548 MTConfig - ok
21:49:40.0754 2548 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:49:40.0767 2548 Mup - ok
21:49:40.0786 2548 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:49:40.0845 2548 napagent - ok
21:49:40.0869 2548 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:49:40.0908 2548 NativeWifiP - ok
21:49:40.0979 2548 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:49:41.0007 2548 NDIS - ok
21:49:41.0019 2548 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:49:41.0053 2548 NdisCap - ok
21:49:41.0080 2548 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:49:41.0113 2548 NdisTapi - ok
21:49:41.0139 2548 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:49:41.0171 2548 Ndisuio - ok
21:49:41.0184 2548 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:49:41.0235 2548 NdisWan - ok
21:49:41.0257 2548 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:49:41.0290 2548 NDProxy - ok
21:49:41.0290 2548 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:49:41.0352 2548 NetBIOS - ok
21:49:41.0383 2548 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:49:41.0415 2548 NetBT - ok
21:49:41.0430 2548 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:49:41.0430 2548 Netlogon - ok
21:49:41.0461 2548 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:49:41.0508 2548 Netman - ok
21:49:41.0524 2548 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:49:41.0586 2548 netprofm - ok
21:49:41.0617 2548 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:49:41.0633 2548 NetTcpPortSharing - ok
21:49:41.0664 2548 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:49:41.0664 2548 nfrd960 - ok
21:49:41.0711 2548 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:49:41.0727 2548 NlaSvc - ok
21:49:41.0758 2548 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:49:41.0789 2548 Npfs - ok
21:49:41.0805 2548 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:49:41.0836 2548 nsi - ok
21:49:41.0836 2548 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:49:41.0898 2548 nsiproxy - ok
21:49:41.0961 2548 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:49:42.0007 2548 Ntfs - ok
21:49:42.0023 2548 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:49:42.0070 2548 Null - ok
21:49:42.0132 2548 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:49:42.0132 2548 nvraid - ok
21:49:42.0148 2548 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:49:42.0163 2548 nvstor - ok
21:49:42.0195 2548 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:49:42.0210 2548 nv_agp - ok
21:49:42.0288 2548 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:49:42.0304 2548 odserv - ok
21:49:42.0319 2548 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:49:42.0351 2548 ohci1394 - ok
21:49:42.0397 2548 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:49:42.0413 2548 ose - ok
21:49:42.0444 2548 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:49:42.0475 2548 p2pimsvc - ok
21:49:42.0522 2548 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:49:42.0538 2548 p2psvc - ok
21:49:42.0553 2548 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:49:42.0585 2548 Parport - ok
21:49:42.0616 2548 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:49:42.0631 2548 partmgr - ok
21:49:42.0647 2548 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:49:42.0694 2548 PcaSvc - ok
21:49:42.0709 2548 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:49:42.0725 2548 pci - ok
21:49:42.0741 2548 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:49:42.0756 2548 pciide - ok
21:49:42.0772 2548 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:49:42.0787 2548 pcmcia - ok
21:49:42.0803 2548 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:49:42.0803 2548 pcw - ok
21:49:42.0834 2548 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:49:42.0897 2548 PEAUTH - ok
21:49:42.0959 2548 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:49:42.0990 2548 PerfHost - ok
21:49:43.0068 2548 [ 087A343DFC337F37723DD7912DE6B6CD ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V64.SYS
21:49:43.0146 2548 PID_PEPI - ok
21:49:43.0193 2548 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:49:43.0287 2548 pla - ok
21:49:43.0349 2548 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:49:43.0396 2548 PlugPlay - ok
21:49:43.0411 2548 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:49:43.0427 2548 PNRPAutoReg - ok
21:49:43.0443 2548 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:49:43.0458 2548 PNRPsvc - ok
21:49:43.0474 2548 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:49:43.0536 2548 PolicyAgent - ok
21:49:43.0567 2548 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:49:43.0630 2548 Power - ok
21:49:43.0661 2548 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:49:43.0692 2548 PptpMiniport - ok
21:49:43.0708 2548 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
21:49:43.0755 2548 Processor - ok
21:49:43.0817 2548 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:49:43.0848 2548 ProfSvc - ok
21:49:43.0864 2548 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:49:43.0879 2548 ProtectedStorage - ok
21:49:43.0911 2548 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:49:43.0957 2548 Psched - ok
21:49:44.0004 2548 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:49:44.0051 2548 ql2300 - ok
21:49:44.0051 2548 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:49:44.0067 2548 ql40xx - ok
21:49:44.0098 2548 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:49:44.0113 2548 QWAVE - ok
21:49:44.0129 2548 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:49:44.0145 2548 QWAVEdrv - ok
21:49:44.0160 2548 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:49:44.0191 2548 RasAcd - ok
21:49:44.0223 2548 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:49:44.0254 2548 RasAgileVpn - ok
21:49:44.0269 2548 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:49:44.0301 2548 RasAuto - ok
21:49:44.0316 2548 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:49:44.0363 2548 Rasl2tp - ok
21:49:44.0394 2548 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:49:44.0441 2548 RasMan - ok
21:49:44.0441 2548 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:49:44.0503 2548 RasPppoe - ok
21:49:44.0519 2548 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:49:44.0550 2548 RasSstp - ok
21:49:44.0566 2548 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:49:44.0628 2548 rdbss - ok
21:49:44.0628 2548 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
21:49:44.0644 2548 rdpbus - ok
21:49:44.0659 2548 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:49:44.0691 2548 RDPCDD - ok
21:49:44.0722 2548 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:49:44.0769 2548 RDPENCDD - ok
21:49:44.0784 2548 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:49:44.0831 2548 RDPREFMP - ok
21:49:44.0862 2548 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:49:44.0893 2548 RDPWD - ok
21:49:44.0925 2548 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:49:44.0940 2548 rdyboost - ok
21:49:44.0956 2548 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:49:44.0987 2548 RemoteAccess - ok
21:49:45.0003 2548 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:49:45.0065 2548 RemoteRegistry - ok
21:49:45.0081 2548 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:49:45.0127 2548 RpcEptMapper - ok
21:49:45.0159 2548 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:49:45.0190 2548 RpcLocator - ok
21:49:45.0221 2548 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:49:45.0268 2548 RpcSs - ok
21:49:45.0283 2548 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:49:45.0315 2548 rspndr - ok
21:49:45.0361 2548 [ F4C374B1C46DE294B573BB43723AC3F6 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:49:45.0377 2548 RTL8167 - ok
21:49:45.0393 2548 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:49:45.0408 2548 SamSs - ok
21:49:45.0424 2548 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:49:45.0439 2548 sbp2port - ok
21:49:45.0455 2548 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:49:45.0486 2548 SCardSvr - ok
21:49:45.0502 2548 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:49:45.0564 2548 scfilter - ok
21:49:45.0595 2548 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:49:45.0658 2548 Schedule - ok
21:49:45.0673 2548 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:49:45.0705 2548 SCPolicySvc - ok
21:49:45.0720 2548 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:49:45.0736 2548 SDRSVC - ok
21:49:45.0751 2548 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:49:45.0798 2548 secdrv - ok
21:49:45.0829 2548 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:49:45.0861 2548 seclogon - ok
21:49:45.0876 2548 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:49:45.0939 2548 SENS - ok
21:49:45.0939 2548 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:49:45.0954 2548 SensrSvc - ok
21:49:45.0985 2548 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:49:46.0017 2548 Serenum - ok
21:49:46.0048 2548 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:49:46.0079 2548 Serial - ok
21:49:46.0110 2548 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:49:46.0141 2548 sermouse - ok
21:49:46.0173 2548 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:49:46.0235 2548 SessionEnv - ok
21:49:46.0266 2548 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:49:46.0282 2548 sffdisk - ok
21:49:46.0282 2548 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:49:46.0297 2548 sffp_mmc - ok
21:49:46.0313 2548 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:49:46.0344 2548 sffp_sd - ok
21:49:46.0375 2548 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:49:46.0391 2548 sfloppy - ok
21:49:46.0407 2548 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:49:46.0453 2548 SharedAccess - ok
21:49:46.0469 2548 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:49:46.0500 2548 ShellHWDetection - ok
21:49:46.0531 2548 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:49:46.0547 2548 SiSRaid2 - ok
21:49:46.0563 2548 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:49:46.0578 2548 SiSRaid4 - ok
21:49:46.0625 2548 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:49:46.0641 2548 SkypeUpdate - ok
21:49:46.0641 2548 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:49:46.0703 2548 Smb - ok
21:49:46.0734 2548 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:49:46.0765 2548 SNMPTRAP - ok
21:49:46.0781 2548 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:49:46.0797 2548 spldr - ok
21:49:46.0843 2548 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:49:46.0875 2548 Spooler - ok
21:49:46.0921 2548 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:49:46.0999 2548 sppsvc - ok
21:49:47.0015 2548 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:49:47.0046 2548 sppuinotify - ok
21:49:47.0093 2548 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:49:47.0124 2548 srv - ok
21:49:47.0155 2548 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:49:47.0187 2548 srv2 - ok
21:49:47.0218 2548 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:49:47.0233 2548 srvnet - ok
21:49:47.0265 2548 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:49:47.0296 2548 SSDPSRV - ok
21:49:47.0311 2548 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:49:47.0343 2548 SstpSvc - ok
21:49:47.0358 2548 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:49:47.0374 2548 stexstor - ok
21:49:47.0405 2548 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:49:47.0452 2548 stisvc - ok
21:49:47.0483 2548 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:49:47.0483 2548 swenum - ok
21:49:47.0514 2548 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:49:47.0561 2548 swprv - ok
21:49:47.0592 2548 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:49:47.0670 2548 SysMain - ok
21:49:47.0701 2548 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:49:47.0717 2548 TabletInputService - ok
21:49:47.0733 2548 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:49:47.0795 2548 TapiSrv - ok
21:49:47.0811 2548 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:49:47.0842 2548 TBS - ok
21:49:47.0904 2548 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:49:47.0967 2548 Tcpip - ok
21:49:48.0013 2548 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:49:48.0060 2548 TCPIP6 - ok
21:49:48.0091 2548 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:49:48.0107 2548 tcpipreg - ok
21:49:48.0123 2548 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:49:48.0154 2548 TDPIPE - ok
21:49:48.0185 2548 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:49:48.0216 2548 TDTCP - ok
21:49:48.0247 2548 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:49:48.0279 2548 tdx - ok
21:49:48.0372 2548 [ 3E85BDD019E3DB66D9471DAD7FD6A887 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
21:49:48.0419 2548 TeamViewer7 - ok
21:49:48.0435 2548 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:49:48.0450 2548 TermDD - ok
21:49:48.0466 2548 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:49:48.0513 2548 TermService - ok
21:49:48.0544 2548 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:49:48.0559 2548 Themes - ok
21:49:48.0575 2548 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:49:48.0606 2548 THREADORDER - ok
21:49:48.0622 2548 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:49:48.0669 2548 TrkWks - ok
21:49:48.0731 2548 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:49:48.0762 2548 TrustedInstaller - ok
21:49:48.0778 2548 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:49:48.0825 2548 tssecsrv - ok
21:49:48.0856 2548 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:49:48.0871 2548 TsUsbFlt - ok
21:49:48.0871 2548 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
21:49:48.0887 2548 TsUsbGD - ok
21:49:48.0918 2548 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:49:48.0965 2548 tunnel - ok
21:49:48.0996 2548 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:49:49.0012 2548 uagp35 - ok
21:49:49.0012 2548 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:49:49.0059 2548 udfs - ok
21:49:49.0074 2548 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:49:49.0105 2548 UI0Detect - ok
21:49:49.0137 2548 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:49:49.0152 2548 uliagpkx - ok
21:49:49.0168 2548 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:49:49.0183 2548 umbus - ok
21:49:49.0199 2548 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
21:49:49.0215 2548 UmPass - ok
21:49:49.0246 2548 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:49:49.0308 2548 upnphost - ok
21:49:49.0355 2548 [ 5F8B92C514B2189829988019923B182F ] USB28xxBGA C:\Windows\system32\DRIVERS\emBDA64.sys
21:49:49.0386 2548 USB28xxBGA - ok
21:49:49.0402 2548 [ 44F21CDC25F1F5986D5A703BBB37B172 ] USB28xxOEM C:\Windows\system32\DRIVERS\emOEM64.sys
21:49:49.0433 2548 USB28xxOEM - ok
21:49:49.0464 2548 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:49:49.0511 2548 usbaudio - ok
21:49:49.0542 2548 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:49:49.0558 2548 usbccgp - ok
21:49:49.0573 2548 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:49:49.0589 2548 usbcir - ok
21:49:49.0636 2548 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:49:49.0667 2548 usbehci - ok
21:49:49.0683 2548 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:49:49.0729 2548 usbhub - ok
21:49:49.0745 2548 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:49:49.0761 2548 usbohci - ok
21:49:49.0792 2548 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:49:49.0823 2548 usbprint - ok
21:49:49.0885 2548 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:49:49.0901 2548 usbscan - ok
21:49:49.0932 2548 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:49:49.0963 2548 USBSTOR - ok
21:49:49.0979 2548 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:49:50.0010 2548 usbuhci - ok
21:49:50.0041 2548 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:49:50.0104 2548 UxSms - ok
21:49:50.0119 2548 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:49:50.0135 2548 VaultSvc - ok
21:49:50.0151 2548 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:49:50.0166 2548 vdrvroot - ok
21:49:50.0182 2548 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:49:50.0244 2548 vds - ok
21:49:50.0260 2548 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:49:50.0275 2548 vga - ok
21:49:50.0291 2548 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:49:50.0322 2548 VgaSave - ok
21:49:50.0353 2548 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
21:49:50.0369 2548 vhdmp - ok
21:49:50.0447 2548 [ F41D49D99A12057841547FF4224FB580 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
21:49:50.0525 2548 VIAHdAudAddService - ok
21:49:50.0525 2548 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:49:50.0541 2548 viaide - ok
21:49:50.0556 2548 [ D60ED94BA878FEE30810FC17A798C290 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
21:49:50.0572 2548 VIAKaraokeService - ok
21:49:50.0587 2548 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:49:50.0603 2548 volmgr - ok
21:49:50.0619 2548 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:49:50.0634 2548 volmgrx - ok
21:49:50.0665 2548 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:49:50.0681 2548 volsnap - ok
21:49:50.0697 2548 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
21:49:50.0712 2548 vpcbus - ok
21:49:50.0743 2548 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
21:49:50.0759 2548 vpcnfltr - ok
21:49:50.0775 2548 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
21:49:50.0790 2548 vpcusb - ok
21:49:50.0837 2548 [ 63F4E10873BEB4124028C6D1A66B0968 ] vpcuxd C:\Windows\system32\DRIVERS\vpcuxd.sys
21:49:50.0853 2548 vpcuxd - ok
21:49:50.0899 2548 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
21:49:50.0915 2548 vpcvmm - ok
21:49:50.0946 2548 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:49:50.0962 2548 vsmraid - ok
21:49:51.0009 2548 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:49:51.0102 2548 VSS - ok
21:49:51.0133 2548 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:49:51.0165 2548 vwifibus - ok
21:49:51.0211 2548 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:49:51.0243 2548 W32Time - ok
21:49:51.0258 2548 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:49:51.0305 2548 WacomPen - ok
21:49:51.0336 2548 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:49:51.0383 2548 WANARP - ok
21:49:51.0399 2548 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:49:51.0430 2548 Wanarpv6 - ok
21:49:51.0461 2548 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:49:51.0539 2548 wbengine - ok
21:49:51.0570 2548 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:49:51.0586 2548 WbioSrvc - ok
21:49:51.0601 2548 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:49:51.0648 2548 wcncsvc - ok
21:49:51.0679 2548 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:49:51.0711 2548 WcsPlugInService - ok
21:49:51.0726 2548 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
21:49:51.0742 2548 Wd - ok
21:49:51.0789 2548 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:49:51.0820 2548 Wdf01000 - ok
21:49:51.0835 2548 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:49:51.0867 2548 WdiServiceHost - ok
21:49:51.0867 2548 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:49:51.0898 2548 WdiSystemHost - ok
21:49:51.0913 2548 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:49:51.0960 2548 WebClient - ok
21:49:51.0991 2548 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:49:52.0038 2548 Wecsvc - ok
21:49:52.0069 2548 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:49:52.0101 2548 wercplsupport - ok
21:49:52.0132 2548 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:49:52.0163 2548 WerSvc - ok
21:49:52.0194 2548 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:49:52.0225 2548 WfpLwf - ok
21:49:52.0241 2548 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:49:52.0241 2548 WIMMount - ok
21:49:52.0257 2548 WinDefend - ok
21:49:52.0272 2548 WinHttpAutoProxySvc - ok
21:49:52.0303 2548 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:49:52.0350 2548 Winmgmt - ok
21:49:52.0381 2548 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:49:52.0459 2548 WinRM - ok
21:49:52.0522 2548 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:49:52.0553 2548 WinUsb - ok
21:49:52.0600 2548 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:49:52.0647 2548 Wlansvc - ok
21:49:52.0771 2548 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:49:52.0849 2548 wlidsvc - ok
21:49:52.0865 2548 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:49:52.0881 2548 WmiAcpi - ok
21:49:52.0896 2548 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:49:52.0927 2548 wmiApSrv - ok
21:49:52.0943 2548 WMPNetworkSvc - ok
21:49:52.0959 2548 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:49:52.0974 2548 WPCSvc - ok
21:49:52.0990 2548 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:49:53.0005 2548 WPDBusEnum - ok
21:49:53.0021 2548 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:49:53.0068 2548 ws2ifsl - ok
21:49:53.0068 2548 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:49:53.0115 2548 wscsvc - ok
21:49:53.0115 2548 WSearch - ok
21:49:53.0193 2548 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:49:53.0239 2548 wuauserv - ok
21:49:53.0271 2548 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:49:53.0286 2548 WudfPf - ok
21:49:53.0317 2548 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:49:53.0349 2548 WUDFRd - ok
21:49:53.0380 2548 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:49:53.0427 2548 wudfsvc - ok
21:49:53.0442 2548 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:49:53.0489 2548 WwanSvc - ok
21:49:53.0505 2548 ================ Scan global ===============================
21:49:53.0536 2548 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:49:53.0583 2548 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
21:49:53.0598 2548 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
21:49:53.0614 2548 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:49:53.0629 2548 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:49:53.0629 2548 [Global] - ok
21:49:53.0629 2548 ================ Scan MBR ==================================
21:49:53.0645 2548 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:49:53.0863 2548 \Device\Harddisk0\DR0 - ok
21:49:53.0863 2548 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
21:49:53.0957 2548 \Device\Harddisk1\DR1 - ok
21:49:53.0957 2548 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR4
21:49:54.0066 2548 \Device\Harddisk3\DR4 - ok
21:49:54.0082 2548 ================ Scan VBR ==================================
21:49:54.0097 2548 [ 71D64A9C649581D24DC84C3B079696D0 ] \Device\Harddisk0\DR0\Partition1
21:49:54.0097 2548 \Device\Harddisk0\DR0\Partition1 - ok
21:49:54.0113 2548 [ 655FBB7B476369336BFD8D561AB9C696 ] \Device\Harddisk0\DR0\Partition2
21:49:54.0113 2548 \Device\Harddisk0\DR0\Partition2 - ok
21:49:54.0113 2548 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
21:49:54.0113 2548 \Device\Harddisk1\DR1\Partition1 - ok
21:49:54.0129 2548 [ CAB5D2C1D91F659F09F871F5E2AB6C69 ] \Device\Harddisk1\DR1\Partition2
21:49:54.0129 2548 \Device\Harddisk1\DR1\Partition2 - ok
21:49:54.0129 2548 [ FB4E6009610532E125A36F520936007A ] \Device\Harddisk3\DR4\Partition1
21:49:54.0129 2548 \Device\Harddisk3\DR4\Partition1 - ok
21:49:54.0129 2548 ============================================================
21:49:54.0129 2548 Scan finished
21:49:54.0129 2548 ============================================================
21:49:54.0144 3680 Detected object count: 0
21:49:54.0144 3680 Actual detected object count: 0
|
|
25.01.2013, 11:17
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan-Downloader.JS.Expack.ack / Exploit.Java.CVE-2012-4681.gen Was ist mit aswMBR?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.01.2013, 19:53
| #9 |
| | Trojan-Downloader.JS.Expack.ack / Exploit.Java.CVE-2012-4681.genCode:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-25 19:37:56
-----------------------------
19:37:56.633 OS Version: Windows x64 6.1.7601 Service Pack 1
19:37:56.649 Number of processors: 4 586 0x100
19:37:56.649 ComputerName: ****-PC UserName: ****
19:38:01.360 Initialize success
19:38:01.469 AVAST engine defs: 13011900
19:38:07.023 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:38:07.023 Disk 0 Vendor: ST31000524AS JC4B Size: 953869MB BusType: 3
19:38:07.039 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3
19:38:07.039 Disk 1 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 3
19:38:07.054 Disk 0 MBR read successfully
19:38:07.054 Disk 0 MBR scan
19:38:07.054 Disk 0 Windows 7 default MBR code
19:38:07.070 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:38:07.070 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
19:38:07.101 Disk 0 scanning C:\Windows\system32\drivers
19:38:16.633 Service scanning
19:38:31.531 Modules scanning
19:38:31.531 Disk 0 trace - called modules:
19:38:31.546 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
19:38:31.577 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046c0060]
19:38:31.577 3 CLASSPNP.SYS[fffff8800197e43f] -> nt!IofCallDriver -> [0xfffffa80043b5cf0]
19:38:31.577 5 ACPI.sys[fffff88000f0d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80043c4060]
19:38:35.103 AVAST engine scan C:\Windows
19:38:57.255 AVAST engine scan C:\Windows\system32
19:41:27.639 AVAST engine scan C:\Windows\system32\drivers
19:42:01.632 AVAST engine scan C:\Users\****
19:48:17.082 AVAST engine scan C:\ProgramData
19:48:47.721 Scan finished successfully
19:51:55.764 Disk 0 MBR has been saved successfully to "G:\MBR.dat"
19:51:55.810 The log file has been saved successfully to "G:\aswMBR.txt"
|
|
27.01.2013, 16:34
| #11 |
| | Trojan-Downloader.JS.Expack.ack / Exploit.Java.CVE-2012-4681.gen bekomme die Meldung: Der Text, den Sie eingegeben haben, besteht aus 498198 Zeichen und ist damit zu lang. Bitte kürzen Sie den Text auf die maximale Länge von 120000 Zeichen. und als txt kommt hoch laden kommt. Die Datei, die Sie anhängen möchten, ist zu groß. Die maximale Dateigröße für diesen Dateityp beträgt 97,7 KB. Ihre Datei ist 486,5 KB groß. Haben einen vollen scan von C: gemacht, soll ich einen quickscan machen?? |
|
28.01.2013, 11:20
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan-Downloader.JS.Expack.ack / Exploit.Java.CVE-2012-4681.gen Log zippen und hier anhängen Das aber als Ausnahme! Sonst sollen die Logs grundsätzlich direkt gepostet werden in CODE-Tags!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.01.2013, 21:25
| #13 |
| | Trojan-Downloader.JS.Expack.ack / Exploit.Java.CVE-2012-4681.gen Anbei das log als zip. Danke schon mal. |
|
29.01.2013, 11:59
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan-Downloader.JS.Expack.ack / Exploit.Java.CVE-2012-4681.gen Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.01.2013, 14:26
| #15 |
| | Trojan-Downloader.JS.Expack.ack / Exploit.Java.CVE-2012-4681.gen Gibt es einen alternativen Download? Link geht nicht, auch der im Leitfaden nicht. Gibt es einen Anhaltspunkt im Log warum Combofix benötigt wird? Geändert von ischDD (30.01.2013 um 14:43 Uhr) |
|
| Themen zu Trojan-Downloader.JS.Expack.ack / Exploit.Java.CVE-2012-4681.gen |
| adobe, antivirus, autorun, bho, bingbar, browser, chromium, dsl, firefox, flash player, format, google, helper, heur, home, homepage, install.exe, internet, internet browser, intranet, kaspersky, logfile, office 2007, plug-in, programm, realtek, registrierungsdatenbank, registry, rundll, scan, software, svchost.exe, vdeck.exe |
Linear-Darstellung
