|
Plagegeister aller Art und deren Bekämpfung: EXP/JS.Expack.DXWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.02.2013, 19:49 | #1 |
| EXP/JS.Expack.DX Hallo liebes Trojanerboard Team, ich habe heute mit Avira einen Virenscan durchgeführt und es wurde ein Virus gefunden. Avira zeigt also diesen Virus an: EXP/JS.Expack.DX Ich habe den Virus in die Quarantäne verschoben. Danach habe ich mich zwar über Google schlau gemacht wie ich den Virus entfernen kann, jedoch wäre es mir lieber nach einer individuellen fachmännischen Beschreibung vorzugehen. Wie muss ich also vorgehen und wie "schadhaft" ist der Virus? Ich habe leider auf dem Gebiet keine Erfahrung und würde mich sehr freuen, wenn mir hier jemand helfen würde. Vielen Dank schon mal im Voraus. |
13.02.2013, 13:07 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | EXP/JS.Expack.DX Hallo und
__________________Zitat:
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Bevor wir uns an weitere die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ |
13.02.2013, 18:55 | #3 |
| EXP/JS.Expack.DX Hallo und danke für die schnelle Antwort,
__________________hier der Suchlauf mit dem Fund: Code:
ATTFilter Avira Free Antivirus Erstellungsdatum der Reportdatei: Dienstag, 12. Februar 2013 18:40 Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Ultimate Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : JULIAN-PC Versionsinformationen: BUILD.DAT : 13.0.0.3185 47702 Bytes 30.01.2013 10:05:00 AVSCAN.EXE : 13.6.0.584 640224 Bytes 12.02.2013 14:58:59 AVSCANRC.DLL : 13.4.0.360 64800 Bytes 11.12.2012 19:40:22 LUKE.DLL : 13.6.0.602 67808 Bytes 12.02.2013 14:59:06 AVSCPLR.DLL : 13.6.0.628 94432 Bytes 05.02.2013 16:14:18 AVREG.DLL : 13.6.0.600 250592 Bytes 05.02.2013 16:14:18 avlode.dll : 13.6.2.624 434912 Bytes 05.02.2013 16:14:18 avlode.rdf : 13.0.0.36 10917 Bytes 29.01.2013 17:50:46 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 14:50:29 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 14:50:31 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 14:50:34 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 14:50:36 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 14:50:37 VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 14:42:40 VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 14:42:40 VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 17:56:03 VBASE008.VDF : 7.11.60.10 6627328 Bytes 07.02.2013 15:33:53 VBASE009.VDF : 7.11.60.11 2048 Bytes 07.02.2013 15:33:53 VBASE010.VDF : 7.11.60.12 2048 Bytes 07.02.2013 15:33:53 VBASE011.VDF : 7.11.60.13 2048 Bytes 07.02.2013 15:33:55 VBASE012.VDF : 7.11.60.14 2048 Bytes 07.02.2013 15:33:55 VBASE013.VDF : 7.11.60.62 351232 Bytes 08.02.2013 15:33:56 VBASE014.VDF : 7.11.60.115 190976 Bytes 09.02.2013 18:13:59 VBASE015.VDF : 7.11.60.177 282624 Bytes 11.02.2013 17:33:59 VBASE016.VDF : 7.11.60.178 2048 Bytes 11.02.2013 17:33:59 VBASE017.VDF : 7.11.60.179 2048 Bytes 11.02.2013 17:33:59 VBASE018.VDF : 7.11.60.180 2048 Bytes 11.02.2013 17:33:59 VBASE019.VDF : 7.11.60.181 2048 Bytes 11.02.2013 17:33:59 VBASE020.VDF : 7.11.60.182 2048 Bytes 11.02.2013 17:33:59 VBASE021.VDF : 7.11.60.183 2048 Bytes 11.02.2013 17:33:59 VBASE022.VDF : 7.11.60.184 2048 Bytes 11.02.2013 17:34:00 VBASE023.VDF : 7.11.60.185 2048 Bytes 11.02.2013 17:34:00 VBASE024.VDF : 7.11.60.186 2048 Bytes 11.02.2013 17:34:00 VBASE025.VDF : 7.11.60.187 2048 Bytes 11.02.2013 17:34:00 VBASE026.VDF : 7.11.60.188 2048 Bytes 11.02.2013 17:34:00 VBASE027.VDF : 7.11.60.189 2048 Bytes 11.02.2013 17:34:00 VBASE028.VDF : 7.11.60.190 2048 Bytes 11.02.2013 17:34:00 VBASE029.VDF : 7.11.60.191 2048 Bytes 11.02.2013 17:34:00 VBASE030.VDF : 7.11.60.192 2048 Bytes 11.02.2013 17:34:00 VBASE031.VDF : 7.11.60.220 116224 Bytes 12.02.2013 14:58:56 Engineversion : 8.2.10.250 AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 14:42:55 AESCRIPT.DLL : 8.1.4.88 471417 Bytes 08.02.2013 15:34:22 AESCN.DLL : 8.1.10.0 131445 Bytes 13.12.2012 16:53:18 AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 16:58:06 AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 15:09:33 AEPACK.DLL : 8.3.1.2 819574 Bytes 21.12.2012 18:19:13 AEOFFICE.DLL : 8.1.2.50 201084 Bytes 10.11.2012 18:36:18 AEHEUR.DLL : 8.1.4.198 5751159 Bytes 08.02.2013 15:34:20 AEHELP.DLL : 8.1.25.2 258423 Bytes 12.10.2012 15:52:32 AEGEN.DLL : 8.1.6.16 434549 Bytes 24.01.2013 18:42:12 AEEXP.DLL : 8.3.0.24 188787 Bytes 09.02.2013 12:14:01 AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 14:42:55 AECORE.DLL : 8.1.30.0 201079 Bytes 13.12.2012 16:53:18 AEBB.DLL : 8.1.1.4 53619 Bytes 10.11.2012 18:36:16 AVWINLL.DLL : 13.6.0.480 26480 Bytes 12.02.2013 14:58:56 AVPREF.DLL : 13.6.0.480 51056 Bytes 12.02.2013 14:58:58 AVREP.DLL : 13.6.0.480 178544 Bytes 05.02.2013 16:14:18 AVARKT.DLL : 13.6.0.624 260832 Bytes 12.02.2013 14:58:57 AVEVTLOG.DLL : 13.6.0.600 167648 Bytes 12.02.2013 14:58:58 SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 18:17:40 AVSMTP.DLL : 13.6.0.480 62832 Bytes 12.02.2013 14:58:59 NETNT.DLL : 13.6.0.480 16240 Bytes 12.02.2013 14:59:06 RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 11.12.2012 19:40:18 RCTEXT.DLL : 13.6.0.480 68976 Bytes 12.02.2013 14:58:56 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Dienstag, 12. Februar 2013 18:40 Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf nach versteckten Objekten wird begonnen. Beim Laden des Moduls (AVARKT.DLL) ist folgender Fehler aufgetreten: Die Datei existiert nicht! AVARKT.DLL Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '83' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '108' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '147' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'atieclxx.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '75' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '171' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '76' Modul(e) wurden durchsucht Durchsuche Prozess 'taskhost.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'PnkBstrA.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'RtkNGUI64.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'HydraDM.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'HydraDM64.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'MOM.exe' - '67' Modul(e) wurden durchsucht Durchsuche Prozess 'CCC.exe' - '224' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '66' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '20' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '88' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '89' Modul(e) wurden durchsucht Durchsuche Prozess 'LMS.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'UNS.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'Origin.exe' - '125' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '105' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '69' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'PnkBstrB.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchProtocolHost.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchFilterHost.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '91' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '112' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '1458' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\dd9gwamk.default\Cache\2\CA\88101d01 [FUND] Enthält Erkennungsmuster des Exploits EXP/JS.Expack.DX Beginne mit der Desinfektion: C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\dd9gwamk.default\Cache\2\CA\88101d01 [FUND] Enthält Erkennungsmuster des Exploits EXP/JS.Expack.DX [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '587f2838.qua' verschoben! Ende des Suchlaufs: Dienstag, 12. Februar 2013 19:24 Benötigte Zeit: 44:15 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 27933 Verzeichnisse wurden überprüft 495365 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 495364 Dateien ohne Befall 6237 Archive wurden durchsucht 0 Warnungen 1 Hinweise |
14.02.2013, 10:56 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | EXP/JS.Expack.DX Hast du mein Posting komplett gelesen? Was ist mit OTL?
__________________ Logfiles bitte immer in CODE-Tags posten |
16.02.2013, 11:14 | #5 |
| EXP/JS.Expack.DX Tut mir Leid, habe ich übersehen. Hier der OTL Report: Code:
ATTFilter OTL logfile created on: 16.02.2013 11:00:29 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julian\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 59,00% Memory free 7,96 Gb Paging File | 5,89 Gb Available in Paging File | 73,94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 596,16 Gb Total Space | 440,20 Gb Free Space | 73,84% Space Free | Partition Type: NTFS Drive D: | 6,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: JULIAN-PC | User Name: Julian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Julian\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc) DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-228806359-1359040479-2071317650-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-228806359-1359040479-2071317650-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-228806359-1359040479-2071317650-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C 2C C2 C5 50 BF CD 01 [binary data] IE - HKU\S-1-5-21-228806359-1359040479-2071317650-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-228806359-1359040479-2071317650-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-228806359-1359040479-2071317650-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "bild.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.10 13:04:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.10 13:04:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.10 13:04:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.10 13:04:54 | 000,000,000 | ---D | M] [2012.11.10 15:39:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Extensions [2013.02.10 13:04:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.10 13:04:55 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.12 11:41:04 | 000,171,136 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll CHR - Extension: Google Docs = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.11.10 18:04:53 | 000,000,864 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-228806359-1359040479-2071317650-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D9EBE58-8BC2-42C3-9E0D-413E3BE1F83D}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F3E3984-095F-4E41-9D1B-BE267FD20723}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.08.13 19:01:35 | 000,348,080 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - D:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2012.08.13 19:01:35 | 000,000,047 | R--- | M] () - D:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{fa00f51e-2b40-11e2-9162-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{fa00f51e-2b40-11e2-9162-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2012.08.13 19:01:35 | 000,348,080 | R--- | M] (Konami Digital Entertainment Co., Ltd.) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.13 18:57:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.13 18:57:25 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.13 18:57:25 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.13 18:57:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.13 18:57:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.13 18:57:24 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.13 18:57:24 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.13 18:57:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.13 18:57:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.13 18:57:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.13 18:57:23 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.13 18:57:23 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.13 18:57:22 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.13 18:57:22 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.13 18:57:22 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.13 18:28:40 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.13 18:28:40 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.13 18:28:39 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.13 18:28:16 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.13 18:28:15 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.13 18:28:15 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.13 18:28:15 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.13 18:28:15 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.13 18:28:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.13 18:28:04 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.02.10 13:04:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.09 13:55:26 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\Patch103 [2013.02.09 13:52:10 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\KONAMI [2013.02.09 13:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\KONAMI [2013.02.09 13:41:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KONAMI [2013.02.03 13:41:40 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.01.29 19:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.01.29 19:12:27 | 000,780,192 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.01.29 19:12:26 | 000,859,552 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.01.20 11:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.01.20 11:43:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013.01.20 11:42:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2013.01.20 11:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2013.01.18 19:04:09 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\My Games [2013.01.18 18:25:20 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\Ubisoft Game Launcher [2013.01.18 15:10:50 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [2013.01.18 14:52:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2013.01.17 20:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.01.17 20:19:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.01.17 20:19:44 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\Google ========== Files - Modified Within 30 Days ========== [2013.02.16 11:00:47 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.16 11:00:47 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.16 10:57:53 | 001,527,504 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.16 10:57:53 | 000,664,396 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.16 10:57:53 | 000,624,578 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.16 10:57:53 | 000,134,564 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.16 10:57:53 | 000,110,216 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.16 10:53:57 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.16 10:53:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.16 10:53:15 | 000,412,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.16 10:52:47 | 3206,184,960 | -HS- | M] () -- C:\hiberfil.sys [2013.02.13 18:24:17 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.13 18:24:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.12 18:32:04 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.02.12 18:32:04 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.02.12 18:31:50 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.02.08 17:25:20 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.08 17:25:20 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.29 19:12:06 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.01.29 19:12:06 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.01.18 15:10:53 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.01.18 15:10:50 | 000,001,201 | ---- | M] () -- C:\Users\Julian\Desktop\Uplay.lnk [2013.01.17 20:21:04 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2013.01.18 15:10:50 | 000,001,201 | ---- | C] () -- C:\Users\Julian\Desktop\Uplay.lnk [2013.01.17 20:21:04 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.01.17 20:19:49 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.17 20:19:48 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.25 18:01:06 | 000,000,094 | ---- | C] () -- C:\Users\Julian\AppData\Local\fusioncache.dat [2012.11.25 17:59:44 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.11.25 17:59:43 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.11.25 17:59:43 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.11.25 17:36:41 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.11.10 15:37:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.09.28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.09.28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 16.02.2013 11:00:29 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julian\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 59,00% Memory free 7,96 Gb Paging File | 5,89 Gb Available in Paging File | 73,94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 596,16 Gb Total Space | 440,20 Gb Free Space | 73,84% Space Free | Partition Type: NTFS Drive D: | 6,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: JULIAN-PC | User Name: Julian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-228806359-1359040479-2071317650-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{764B9FE6-59E2-4BF9-9285-79F0932A15C6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04EB910E-B485-46BE-BC35-8B1891C145A2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{0FED62F5-CDF9-4E7C-870C-3CF035C6C818}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe | "{1F4E305C-8777-4BBF-9F92-8EF0CA2B4405}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{1FD5CBDA-D3E1-4B41-A1D1-BC1264931950}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe | "{3C60DFF7-92D2-4FD9-BB9F-45AF4A324C63}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{3FB30FEA-C540-4DC2-8273-2D9088CCAA8B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{41596BF2-4435-4A43-BBA1-227FB57C92C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe | "{44E2BFAC-29F4-439C-924A-59FEFF558902}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe | "{4623B8EC-A5E3-464B-9D41-2927CECEB740}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | "{4B45D513-0F64-40AF-A76E-3D81F5BBD497}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | "{4C18CCC4-3608-4891-B869-8B2E01DFCCA5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "{5B557045-54E7-493C-B9F9-EE22E9F24193}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{69069B61-828A-4FF8-B2AA-B96930F2EA28}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{6DC129DB-BD8A-490D-B0B2-14F362F310FD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{724E6F2D-1370-49CD-97AD-F319AFFD7F74}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{8264AB1F-0EF5-4EED-9093-8585992EC417}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{84FF03F5-F85E-41A4-9A50-CC7DDBF3C4A6}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe | "{8C6CDA65-E4AA-45AD-9412-461FD5A6D9C1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{91A5C526-07FF-462D-BA4D-1346522B8214}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe | "{986E065A-1BF9-4639-9D66-9BF009A56B7F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe | "{9A87C0C5-6B8C-43FA-9FDA-C0A06FE0FDDF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | "{9D4A5B2E-A2DA-4D96-BE24-07D877C65365}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe | "{AC9E26A1-FD70-4504-BDB2-21FCD33468B8}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe | "{BC9AE8A4-AA26-4E78-B79D-542F22D0DFAD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "{C18DB78F-7CFE-42C6-A932-FD80F2057CEB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{C9FBCD5B-082C-4E13-8ABC-53479EC54499}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe | "{CE8ED20E-AD2F-4392-A63D-9915B8B1D0E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe | "{D0394EDC-B043-4711-9BC1-7DF817A2C8EB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{D626B1B1-DF9C-46E7-A5BF-13128149C295}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe | "{DD65198C-20F2-4075-B27E-758516E793C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{DE2C9D16-9957-4ECB-9F83-158E859FE502}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{E2E09399-0A80-4618-A76B-A8C565755938}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{EA88316D-0948-4C6C-BF2C-E145DC70D95A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe | "{F72564CB-B743-4C46-A367-30CF545F28C9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{FC343670-DD5F-4507-B2D7-F6E25925B436}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe | "{FC3C64CA-4E1A-4269-B18F-974BE6DF09C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | "TCP Query User{316D5F1C-0A78-43E5-A65A-ED1517DE052F}C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "TCP Query User{B0DF8C95-3B06-4CBE-8864-6BA2D898FD66}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | "TCP Query User{D54D851B-5ACB-4E8F-B8D3-59429C10F914}C:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe | "UDP Query User{BF0673AC-7B11-40CC-B953-FD1A4EAB61F7}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | "UDP Query User{CDB5E9AF-B66B-4D11-8D80-DB39EDB405BD}C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "UDP Query User{E6AC22FF-E428-4312-801A-97545C9D00C1}C:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{116C20CC-0843-1FC0-2AE8-BD3535911B36}" = AMD Drag and Drop Transcoding "{20384EBF-4F10-13F0-07C6-7A6C87FD83DF}" = AMD Catalyst Install Manager "{30CAD3B3-7EF6-4087-2A50-97EF66966776}" = ATI AVIVO64 Codecs "{477D05CA-C151-9CF5-22A1-9DF6DF543CD4}" = AMD Media Foundation Decoders "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{C1ACBDBF-6F86-185A-E158-AB07893968FC}" = AMD Accelerated Video Transcoding "{D61EB116-6878-9676-F28F-54F6B647023C}" = ccc-utility64 "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Greenshot_is1" = Greenshot 1.0.6.2228 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{009B1E9D-38AB-8B9E-DB07-8318DAAE1941}" = CCC Help Greek "{022BC727-ACB7-4C1D-109C-177515714A32}" = Catalyst Control Center "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{07E46A4A-F2BA-FE48-9464-E11250502C6A}" = CCC Help Swedish "{07E5C16F-9194-E31B-BB6C-C3E8FBD79C30}" = CCC Help English "{0F2CF890-D101-6CFA-8D99-0CFBF7EF4AD0}" = CCC Help Chinese Standard "{10CFB5DF-985A-8320-B4D8-461CC1F83CBF}" = CCC Help Japanese "{22D071EF-A06A-6341-DFDA-FE448659A63C}" = CCC Help Portuguese "{30909F74-4B46-2842-DECF-1C66F355338C}" = CCC Help Turkish "{365E16A2-FE3B-EA13-4EE0-88D570F82497}" = CCC Help Korean "{3D8AB6C1-3932-F551-2AF0-ED0612AD4B26}" = CCC Help Dutch "{40AD5E62-A31A-C414-01BA-310100577C7E}" = CCC Help Chinese Traditional "{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX "{4F9E0D27-5525-E8C8-43D0-BA15C1A22E03}" = CCC Help Czech "{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = ISY USB Wireless Adapter "{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2 "{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver "{647E62F0-F1BC-E0C3-EDF5-67716EE75014}" = CCC Help Hungarian "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{667DB2C0-AF52-021A-7CF6-DA8DD27AC215}" = CCC Help Italian "{6A4C6C0F-8791-B753-742E-06C40A6E023C}" = CCC Help Polish "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R) "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{79C61902-F44E-4190-A2B9-9B467B0380CE}" = CCC Help French "{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1" = Winki "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91A3CEFE-A2C1-3E83-3789-F2BF8EC82106}" = CCC Help Thai "{96CAEB1D-7BFB-2A98-EBB2-414C894F694F}" = CCC Help Danish "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A48CE6DE-1E75-EBE2-8EF7-6E6EA51962AC}" = HydraVision "{A664A708-E454-4416-7D19-D0F10879522C}" = CCC Help German "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}" = Pro Evolution Soccer 2013 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D6F46E2D-4FE2-5FAB-5C30-230E99563DEE}" = Catalyst Control Center InstallProxy "{D9DA23F5-CE0B-EE04-B498-7EC8AFC9F232}" = CCC Help Finnish "{DF5182CB-192B-A6C8-9707-D7214557691C}" = CCC Help Norwegian "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3 "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{E6757654-CE6A-0D0B-BBE6-F6247F05B7CD}" = Catalyst Control Center Localization All "{E8759AD8-3A58-77F1-D16D-F3C8F9E98722}" = Catalyst Control Center Graphics Previews Common "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1C39CBE-4521-BEC8-5238-4A8B55FEB6B7}" = CCC Help Russian "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{FBFA39D2-C55A-56DC-7EBB-767FC31B04A3}" = CCC Help Spanish "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "Battlelog Web Plugins" = Battlelog Web Plugins "Crysis WARHEAD(R)" = Crysis WARHEAD(R) "ENTERPRISE" = Microsoft Office Enterprise 2007 "ESN Sonar-0.70.4" = ESN Sonar "Google Chrome" = Google Chrome "InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = ISY USB Wireless Adapter "Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Origin" = Origin "PunkBusterSvc" = PunkBuster Services "Steam App 17300" = Crysis "Steam App 205100" = Dishonored "Steam App 28050" = Deus Ex: Human Revolution "Steam App 49520" = Borderlands 2 "Steam App 50300" = Spec Ops: The Line "Uplay" = Uplay "WinRAR archiver" = WinRAR 4.20 (32-Bit) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 13.12.2012 18:12:12 | Computer Name = Julian-PC | Source = Windows Search Service | ID = 3007 Description = Error - 16.12.2012 15:20:07 | Computer Name = Julian-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: cb4 Startzeit: 01cddbbfea6a2875 Endzeit: 13 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: Error - 19.12.2012 04:15:49 | Computer Name = Julian-PC | Source = VSS | ID = 12305 Description = Error - 21.12.2012 14:16:41 | Computer Name = Julian-PC | Source = ESENT | ID = 215 Description = WinMail (592) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde. Error - 21.12.2012 14:16:47 | Computer Name = Julian-PC | Source = ESENT | ID = 215 Description = WinMail (780) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde. Error - 21.12.2012 14:43:32 | Computer Name = Julian-PC | Source = Application Hang | ID = 1002 Description = Programm avscan.exe, Version 13.6.0.402 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: bdc Startzeit: 01cddfa7bf2292d6 Endzeit: 60000 Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe Berichts-ID: 27abb6f8-4b9e-11e2-aa01-8c89a5833592 Error - 23.12.2012 11:52:57 | Computer Name = Julian-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.5.0.0, Zeitstempel: 0x50c39964 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x106c Startzeit der fehlerhaften Anwendung: 0x01cde1258795f40c Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: d1589b23-4d18-11e2-b2f2-8c89a5833592 Error - 18.01.2013 20:50:30 | Computer Name = Julian-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: farcry3_d3d11.exe, Version: 0.1.0.1, Zeitstempel: 0x50d1e5f6 Name des fehlerhaften Moduls: FC3_d3d11.dll, Version: 0.1.0.1, Zeitstempel: 0x50d1e5b3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x01150116 ID des fehlerhaften Prozesses: 0x564 Startzeit der fehlerhaften Anwendung: 0x01cdf5c389d39ae2 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3_d3d11.dll Berichtskennung: 38dfb744-61d2-11e2-9587-8c89a5833592 Error - 05.02.2013 14:22:55 | Computer Name = Julian-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.5.0.0, Zeitstempel: 0x50c39964 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0xcd4 Startzeit der fehlerhaften Anwendung: 0x01ce03ca115db74a Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 0eeaf18f-6fc1-11e2-97a8-8c89a5833592 Error - 12.02.2013 13:29:26 | Computer Name = Julian-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.5.0.0, Zeitstempel: 0x50c39964 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0xab0 Startzeit der fehlerhaften Anwendung: 0x01ce09447dd84c88 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: bee501dc-7539-11e2-9e75-8c89a5833592 [ System Events ] Error - 21.12.2012 14:09:51 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Software Protection" wurde aufgrund folgenden Fehlers nicht gestartet: %%32 Error - 21.12.2012 14:09:55 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error - 21.12.2012 14:09:55 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 21.12.2012 14:09:55 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: %%32 Error - 21.12.2012 14:45:42 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 21.12.2012 14:45:42 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 30.12.2012 15:52:43 | Computer Name = Julian-PC | Source = DCOM | ID = 10010 Description = Error - 18.01.2013 17:31:21 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 18.01.2013 17:31:21 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 02.02.2013 15:24:30 | Computer Name = Julian-PC | Source = DCOM | ID = 10010 Description = < End of report > |
16.02.2013, 18:23 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | EXP/JS.Expack.DX Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus. Anleitung MBAR Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> EXP/JS.Expack.DX |
17.02.2013, 14:45 | #7 |
| EXP/JS.Expack.DX Hallo, hier das Log von GMER: Code:
ATTFilter GMER 2.1.18952 - hxxp://www.gmer.net Rootkit scan 2013-02-17 14:43:30 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-8 WDC_WD6400AAKS-65A7B2 rev.01.03B01 596,17GB Running: GMER_2.1.18952.exe; Driver: C:\Users\Julian\AppData\Local\Temp\uxdiqpod.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\PnkBstrA.exe[1884] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072801a22 2 bytes [80, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1884] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072801ad0 2 bytes [80, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1884] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072801b08 2 bytes [80, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1884] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072801bba 2 bytes [80, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1884] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072801bda 2 bytes [80, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000770b1465 2 bytes [0B, 77] .text C:\Windows\SysWOW64\PnkBstrA.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770b14bb 2 bytes [0B, 77] .text ... * 2 ---- EOF - GMER 2.1 ---- Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020 www.malwarebytes.org Database version: v2013.02.17.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Julian :: JULIAN-PC [administrator] 17.02.2013 14:55:48 mbar-log-2013-02-17 (14-55-48).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 26784 Time elapsed: 7 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
19.02.2013, 17:20 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | EXP/JS.Expack.DX aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
20.02.2013, 20:56 | #9 |
| EXP/JS.Expack.DX Hallo, hier das Log vom aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-02-20 20:38:48 ----------------------------- 20:38:48.053 OS Version: Windows x64 6.1.7601 Service Pack 1 20:38:48.053 Number of processors: 4 586 0x2A07 20:38:48.053 ComputerName: JULIAN-PC UserName: Julian 20:38:49.082 Initialize success 20:38:54.230 AVAST engine defs: 13022000 20:38:58.474 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-8 20:38:58.474 Disk 0 Vendor: WDC_WD6400AAKS-65A7B2 01.03B01 Size: 610480MB BusType: 11 20:38:58.474 Disk 0 MBR read successfully 20:38:58.474 Disk 0 MBR scan 20:38:58.489 Disk 0 Windows 7 default MBR code 20:38:58.489 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 610469 MB offset 63 20:38:58.505 Disk 0 scanning C:\Windows\system32\drivers 20:39:07.522 Service scanning 20:39:22.373 Modules scanning 20:39:22.373 Disk 0 trace - called modules: 20:39:22.388 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll asahci64.sys 20:39:22.388 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d31060] 20:39:22.388 3 CLASSPNP.SYS[fffff8800194443f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-8[0xfffffa8004830680] 20:39:23.995 AVAST engine scan C:\Windows 20:39:26.351 AVAST engine scan C:\Windows\system32 20:41:29.731 AVAST engine scan C:\Windows\system32\drivers 20:41:39.154 AVAST engine scan C:\Users\Julian 20:47:27.378 AVAST engine scan C:\ProgramData 20:47:37.393 Scan finished successfully 20:48:06.003 Disk 0 MBR has been saved successfully to "C:\Users\Julian\Desktop\MBR.dat" 20:48:06.003 The log file has been saved successfully to "C:\Users\Julian\Desktop\aswMBR.txt" Code:
ATTFilter 20:50:45.0021 3724 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 20:50:45.0185 3724 ============================================================ 20:50:45.0185 3724 Current date / time: 2013/02/20 20:50:45.0185 20:50:45.0185 3724 SystemInfo: 20:50:45.0185 3724 20:50:45.0185 3724 OS Version: 6.1.7601 ServicePack: 1.0 20:50:45.0185 3724 Product type: Workstation 20:50:45.0185 3724 ComputerName: JULIAN-PC 20:50:45.0185 3724 UserName: Julian 20:50:45.0185 3724 Windows directory: C:\Windows 20:50:45.0185 3724 System windows directory: C:\Windows 20:50:45.0185 3724 Running under WOW64 20:50:45.0185 3724 Processor architecture: Intel x64 20:50:45.0185 3724 Number of processors: 4 20:50:45.0186 3724 Page size: 0x1000 20:50:45.0186 3724 Boot type: Normal boot 20:50:45.0186 3724 ============================================================ 20:50:46.0111 3724 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:50:46.0116 3724 ============================================================ 20:50:46.0116 3724 \Device\Harddisk0\DR0: 20:50:46.0116 3724 MBR partitions: 20:50:46.0116 3724 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852FC1 20:50:46.0116 3724 ============================================================ 20:50:46.0143 3724 C: <-> \Device\Harddisk0\DR0\Partition1 20:50:46.0143 3724 ============================================================ 20:50:46.0143 3724 Initialize success 20:50:46.0143 3724 ============================================================ 20:51:23.0147 3536 ============================================================ 20:51:23.0147 3536 Scan started 20:51:23.0147 3536 Mode: Manual; 20:51:23.0147 3536 ============================================================ 20:51:23.0836 3536 ================ Scan system memory ======================== 20:51:23.0836 3536 System memory - ok 20:51:23.0837 3536 ================ Scan services ============================= 20:51:23.0957 3536 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 20:51:23.0974 3536 1394ohci - ok 20:51:24.0074 3536 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 20:51:24.0095 3536 ACPI - ok 20:51:24.0115 3536 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 20:51:24.0118 3536 AcpiPmi - ok 20:51:24.0212 3536 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 20:51:24.0224 3536 AdobeFlashPlayerUpdateSvc - ok 20:51:24.0264 3536 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 20:51:24.0281 3536 adp94xx - ok 20:51:24.0300 3536 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 20:51:24.0316 3536 adpahci - ok 20:51:24.0328 3536 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 20:51:24.0335 3536 adpu320 - ok 20:51:24.0360 3536 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 20:51:24.0367 3536 AeLookupSvc - ok 20:51:24.0400 3536 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 20:51:24.0424 3536 AFD - ok 20:51:24.0466 3536 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 20:51:24.0471 3536 agp440 - ok 20:51:24.0490 3536 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 20:51:24.0496 3536 ALG - ok 20:51:24.0533 3536 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 20:51:24.0536 3536 aliide - ok 20:51:24.0569 3536 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 20:51:24.0579 3536 AMD External Events Utility - ok 20:51:24.0583 3536 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 20:51:24.0587 3536 amdide - ok 20:51:24.0606 3536 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 20:51:24.0612 3536 AmdK8 - ok 20:51:24.0801 3536 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 20:51:24.0975 3536 amdkmdag - ok 20:51:24.0996 3536 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 20:51:25.0010 3536 amdkmdap - ok 20:51:25.0024 3536 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 20:51:25.0030 3536 AmdPPM - ok 20:51:25.0051 3536 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys 20:51:25.0057 3536 amdsata - ok 20:51:25.0071 3536 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 20:51:25.0079 3536 amdsbs - ok 20:51:25.0091 3536 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys 20:51:25.0094 3536 amdxata - ok 20:51:25.0174 3536 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 20:51:25.0182 3536 AntiVirSchedulerService - ok 20:51:25.0209 3536 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 20:51:25.0218 3536 AntiVirService - ok 20:51:25.0265 3536 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 20:51:25.0270 3536 AppID - ok 20:51:25.0299 3536 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 20:51:25.0304 3536 AppIDSvc - ok 20:51:25.0346 3536 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 20:51:25.0354 3536 Appinfo - ok 20:51:25.0392 3536 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 20:51:25.0400 3536 AppMgmt - ok 20:51:25.0410 3536 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 20:51:25.0416 3536 arc - ok 20:51:25.0421 3536 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 20:51:25.0427 3536 arcsas - ok 20:51:25.0462 3536 [ 10E9A8034C6843CA516BDB79D5D57B02 ] asahci64 C:\Windows\system32\DRIVERS\asahci64.sys 20:51:25.0467 3536 asahci64 - ok 20:51:25.0498 3536 [ 6FE3237C1177E66437E7AD0E8AC1A6E5 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys 20:51:25.0504 3536 asmthub3 - ok 20:51:25.0522 3536 [ C4043E39A2ABBC56581CA25DF161E9F7 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys 20:51:25.0538 3536 asmtxhci - ok 20:51:25.0572 3536 aspnet_state - ok 20:51:25.0590 3536 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 20:51:25.0593 3536 AsyncMac - ok 20:51:25.0624 3536 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 20:51:25.0625 3536 atapi - ok 20:51:25.0653 3536 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 20:51:25.0659 3536 AtiHDAudioService - ok 20:51:25.0709 3536 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 20:51:25.0733 3536 AudioEndpointBuilder - ok 20:51:25.0749 3536 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 20:51:25.0754 3536 AudioSrv - ok 20:51:25.0763 3536 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 20:51:25.0769 3536 avgntflt - ok 20:51:25.0789 3536 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 20:51:25.0797 3536 avipbb - ok 20:51:25.0804 3536 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 20:51:25.0808 3536 avkmgr - ok 20:51:25.0856 3536 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 20:51:25.0863 3536 AxInstSV - ok 20:51:25.0946 3536 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 20:51:25.0967 3536 b06bdrv - ok 20:51:26.0034 3536 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 20:51:26.0050 3536 b57nd60a - ok 20:51:26.0088 3536 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 20:51:26.0094 3536 BDESVC - ok 20:51:26.0107 3536 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 20:51:26.0110 3536 Beep - ok 20:51:26.0175 3536 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 20:51:26.0200 3536 BFE - ok 20:51:26.0225 3536 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 20:51:26.0249 3536 BITS - ok 20:51:26.0262 3536 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 20:51:26.0267 3536 blbdrive - ok 20:51:26.0291 3536 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 20:51:26.0296 3536 bowser - ok 20:51:26.0305 3536 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 20:51:26.0308 3536 BrFiltLo - ok 20:51:26.0312 3536 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 20:51:26.0315 3536 BrFiltUp - ok 20:51:26.0348 3536 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 20:51:26.0356 3536 Browser - ok 20:51:26.0373 3536 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 20:51:26.0382 3536 Brserid - ok 20:51:26.0394 3536 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 20:51:26.0399 3536 BrSerWdm - ok 20:51:26.0416 3536 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 20:51:26.0419 3536 BrUsbMdm - ok 20:51:26.0423 3536 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 20:51:26.0427 3536 BrUsbSer - ok 20:51:26.0437 3536 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 20:51:26.0442 3536 BTHMODEM - ok 20:51:26.0453 3536 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 20:51:26.0460 3536 bthserv - ok 20:51:26.0484 3536 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 20:51:26.0489 3536 cdfs - ok 20:51:26.0534 3536 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 20:51:26.0542 3536 cdrom - ok 20:51:26.0584 3536 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 20:51:26.0590 3536 CertPropSvc - ok 20:51:26.0614 3536 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 20:51:26.0619 3536 circlass - ok 20:51:26.0642 3536 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 20:51:26.0658 3536 CLFS - ok 20:51:26.0684 3536 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:51:26.0692 3536 clr_optimization_v2.0.50727_32 - ok 20:51:26.0735 3536 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 20:51:26.0741 3536 clr_optimization_v2.0.50727_64 - ok 20:51:26.0803 3536 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:51:26.0812 3536 clr_optimization_v4.0.30319_32 - ok 20:51:26.0846 3536 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 20:51:26.0854 3536 clr_optimization_v4.0.30319_64 - ok 20:51:26.0883 3536 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 20:51:26.0886 3536 CmBatt - ok 20:51:26.0921 3536 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 20:51:26.0925 3536 cmdide - ok 20:51:26.0956 3536 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 20:51:26.0972 3536 CNG - ok 20:51:26.0988 3536 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 20:51:26.0993 3536 Compbatt - ok 20:51:27.0032 3536 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 20:51:27.0037 3536 CompositeBus - ok 20:51:27.0041 3536 COMSysApp - ok 20:51:27.0068 3536 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 20:51:27.0073 3536 crcdisk - ok 20:51:27.0114 3536 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 20:51:27.0124 3536 CryptSvc - ok 20:51:27.0163 3536 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 20:51:27.0180 3536 CSC - ok 20:51:27.0228 3536 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 20:51:27.0253 3536 CscService - ok 20:51:27.0298 3536 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 20:51:27.0314 3536 DcomLaunch - ok 20:51:27.0338 3536 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 20:51:27.0353 3536 defragsvc - ok 20:51:27.0389 3536 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 20:51:27.0395 3536 DfsC - ok 20:51:27.0416 3536 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 20:51:27.0433 3536 Dhcp - ok 20:51:27.0444 3536 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 20:51:27.0449 3536 discache - ok 20:51:27.0469 3536 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 20:51:27.0475 3536 Disk - ok 20:51:27.0504 3536 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 20:51:27.0514 3536 Dnscache - ok 20:51:27.0552 3536 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 20:51:27.0568 3536 dot3svc - ok 20:51:27.0601 3536 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 20:51:27.0611 3536 DPS - ok 20:51:27.0635 3536 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 20:51:27.0637 3536 drmkaud - ok 20:51:27.0690 3536 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 20:51:27.0716 3536 DXGKrnl - ok 20:51:27.0741 3536 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 20:51:27.0747 3536 EapHost - ok 20:51:27.0816 3536 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 20:51:27.0883 3536 ebdrv - ok 20:51:27.0909 3536 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 20:51:27.0912 3536 EFS - ok 20:51:27.0942 3536 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 20:51:27.0960 3536 ehRecvr - ok 20:51:27.0987 3536 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 20:51:27.0995 3536 ehSched - ok 20:51:28.0026 3536 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 20:51:28.0042 3536 elxstor - ok 20:51:28.0074 3536 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 20:51:28.0077 3536 ErrDev - ok 20:51:28.0115 3536 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 20:51:28.0131 3536 EventSystem - ok 20:51:28.0156 3536 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 20:51:28.0173 3536 exfat - ok 20:51:28.0188 3536 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 20:51:28.0194 3536 fastfat - ok 20:51:28.0250 3536 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 20:51:28.0274 3536 Fax - ok 20:51:28.0283 3536 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 20:51:28.0287 3536 fdc - ok 20:51:28.0310 3536 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 20:51:28.0314 3536 fdPHost - ok 20:51:28.0320 3536 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 20:51:28.0326 3536 FDResPub - ok 20:51:28.0339 3536 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 20:51:28.0345 3536 FileInfo - ok 20:51:28.0354 3536 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 20:51:28.0358 3536 Filetrace - ok 20:51:28.0370 3536 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 20:51:28.0374 3536 flpydisk - ok 20:51:28.0416 3536 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 20:51:28.0432 3536 FltMgr - ok 20:51:28.0482 3536 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll 20:51:28.0523 3536 FontCache - ok 20:51:28.0567 3536 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:51:28.0572 3536 FontCache3.0.0.0 - ok 20:51:28.0590 3536 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 20:51:28.0595 3536 FsDepends - ok 20:51:28.0614 3536 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 20:51:28.0619 3536 Fs_Rec - ok 20:51:28.0649 3536 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 20:51:28.0666 3536 fvevol - ok 20:51:28.0690 3536 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 20:51:28.0696 3536 gagp30kx - ok 20:51:28.0717 3536 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 20:51:28.0742 3536 gpsvc - ok 20:51:28.0805 3536 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 20:51:28.0816 3536 gupdate - ok 20:51:28.0821 3536 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 20:51:28.0822 3536 gupdatem - ok 20:51:28.0837 3536 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 20:51:28.0842 3536 hcw85cir - ok 20:51:28.0889 3536 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 20:51:28.0905 3536 HdAudAddService - ok 20:51:28.0926 3536 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 20:51:28.0933 3536 HDAudBus - ok 20:51:28.0945 3536 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 20:51:28.0949 3536 HidBatt - ok 20:51:28.0963 3536 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 20:51:28.0968 3536 HidBth - ok 20:51:28.0988 3536 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 20:51:28.0993 3536 HidIr - ok 20:51:29.0012 3536 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 20:51:29.0018 3536 hidserv - ok 20:51:29.0057 3536 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 20:51:29.0061 3536 HidUsb - ok 20:51:29.0098 3536 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 20:51:29.0106 3536 hkmsvc - ok 20:51:29.0159 3536 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 20:51:29.0176 3536 HomeGroupListener - ok 20:51:29.0211 3536 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 20:51:29.0221 3536 HomeGroupProvider - ok 20:51:29.0251 3536 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 20:51:29.0257 3536 HpSAMD - ok 20:51:29.0311 3536 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 20:51:29.0336 3536 HTTP - ok 20:51:29.0369 3536 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 20:51:29.0373 3536 hwpolicy - ok 20:51:29.0412 3536 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 20:51:29.0419 3536 i8042prt - ok 20:51:29.0448 3536 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 20:51:29.0464 3536 iaStorV - ok 20:51:29.0492 3536 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 20:51:29.0525 3536 idsvc - ok 20:51:29.0553 3536 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 20:51:29.0558 3536 iirsp - ok 20:51:29.0586 3536 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 20:51:29.0611 3536 IKEEXT - ok 20:51:29.0697 3536 [ 254FAAE42AFC641C0BE628DE123EA9DE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 20:51:29.0765 3536 IntcAzAudAddService - ok 20:51:29.0783 3536 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 20:51:29.0787 3536 intelide - ok 20:51:29.0811 3536 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 20:51:29.0817 3536 intelppm - ok 20:51:29.0838 3536 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 20:51:29.0845 3536 IPBusEnum - ok 20:51:29.0886 3536 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:51:29.0892 3536 IpFilterDriver - ok 20:51:29.0945 3536 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 20:51:29.0970 3536 iphlpsvc - ok 20:51:30.0003 3536 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 20:51:30.0010 3536 IPMIDRV - ok 20:51:30.0021 3536 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 20:51:30.0027 3536 IPNAT - ok 20:51:30.0048 3536 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 20:51:30.0052 3536 IRENUM - ok 20:51:30.0087 3536 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 20:51:30.0091 3536 isapnp - ok 20:51:30.0127 3536 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 20:51:30.0142 3536 iScsiPrt - ok 20:51:30.0158 3536 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 20:51:30.0164 3536 kbdclass - ok 20:51:30.0183 3536 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 20:51:30.0188 3536 kbdhid - ok 20:51:30.0209 3536 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 20:51:30.0211 3536 KeyIso - ok 20:51:30.0230 3536 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 20:51:30.0236 3536 KSecDD - ok 20:51:30.0247 3536 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 20:51:30.0255 3536 KSecPkg - ok 20:51:30.0263 3536 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 20:51:30.0265 3536 ksthunk - ok 20:51:30.0290 3536 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 20:51:30.0307 3536 KtmRm - ok 20:51:30.0327 3536 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 20:51:30.0343 3536 LanmanServer - ok 20:51:30.0381 3536 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 20:51:30.0391 3536 LanmanWorkstation - ok 20:51:30.0423 3536 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 20:51:30.0428 3536 lltdio - ok 20:51:30.0457 3536 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 20:51:30.0474 3536 lltdsvc - ok 20:51:30.0491 3536 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 20:51:30.0496 3536 lmhosts - ok 20:51:30.0534 3536 [ DF86570FFC4F8A7E38595CC072B19A5B ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 20:51:30.0544 3536 LMS - ok 20:51:30.0560 3536 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 20:51:30.0566 3536 LSI_FC - ok 20:51:30.0579 3536 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 20:51:30.0585 3536 LSI_SAS - ok 20:51:30.0596 3536 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 20:51:30.0600 3536 LSI_SAS2 - ok 20:51:30.0610 3536 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 20:51:30.0614 3536 LSI_SCSI - ok 20:51:30.0626 3536 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 20:51:30.0630 3536 luafv - ok 20:51:30.0660 3536 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 20:51:30.0664 3536 Mcx2Svc - ok 20:51:30.0680 3536 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 20:51:30.0683 3536 megasas - ok 20:51:30.0696 3536 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 20:51:30.0702 3536 MegaSR - ok 20:51:30.0720 3536 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 20:51:30.0723 3536 MEIx64 - ok 20:51:30.0794 3536 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 20:51:30.0802 3536 Microsoft Office Groove Audit Service - ok 20:51:30.0833 3536 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 20:51:30.0839 3536 MMCSS - ok 20:51:30.0859 3536 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 20:51:30.0864 3536 Modem - ok 20:51:30.0956 3536 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 20:51:30.0962 3536 monitor - ok 20:51:31.0003 3536 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys 20:51:31.0009 3536 mouclass - ok 20:51:31.0048 3536 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 20:51:31.0053 3536 mouhid - ok 20:51:31.0099 3536 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 20:51:31.0105 3536 mountmgr - ok 20:51:31.0137 3536 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 20:51:31.0146 3536 MozillaMaintenance - ok 20:51:31.0170 3536 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 20:51:31.0179 3536 mpio - ok 20:51:31.0196 3536 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 20:51:31.0201 3536 mpsdrv - ok 20:51:31.0251 3536 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 20:51:31.0275 3536 MpsSvc - ok 20:51:31.0306 3536 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 20:51:31.0313 3536 MRxDAV - ok 20:51:31.0345 3536 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 20:51:31.0351 3536 mrxsmb - ok 20:51:31.0367 3536 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:51:31.0383 3536 mrxsmb10 - ok 20:51:31.0397 3536 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:51:31.0403 3536 mrxsmb20 - ok 20:51:31.0420 3536 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 20:51:31.0425 3536 msahci - ok 20:51:31.0441 3536 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 20:51:31.0448 3536 msdsm - ok 20:51:31.0462 3536 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 20:51:31.0471 3536 MSDTC - ok 20:51:31.0496 3536 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 20:51:31.0500 3536 Msfs - ok 20:51:31.0525 3536 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 20:51:31.0528 3536 mshidkmdf - ok 20:51:31.0565 3536 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 20:51:31.0569 3536 msisadrv - ok 20:51:31.0594 3536 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 20:51:31.0601 3536 MSiSCSI - ok 20:51:31.0605 3536 msiserver - ok 20:51:31.0635 3536 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 20:51:31.0638 3536 MSKSSRV - ok 20:51:31.0647 3536 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 20:51:31.0650 3536 MSPCLOCK - ok 20:51:31.0654 3536 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 20:51:31.0657 3536 MSPQM - ok 20:51:31.0692 3536 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 20:51:31.0709 3536 MsRPC - ok 20:51:31.0746 3536 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 20:51:31.0751 3536 mssmbios - ok 20:51:31.0764 3536 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 20:51:31.0767 3536 MSTEE - ok 20:51:31.0774 3536 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 20:51:31.0777 3536 MTConfig - ok 20:51:31.0794 3536 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 20:51:31.0800 3536 Mup - ok 20:51:31.0843 3536 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 20:51:31.0867 3536 napagent - ok 20:51:31.0899 3536 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 20:51:31.0915 3536 NativeWifiP - ok 20:51:31.0950 3536 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys 20:51:31.0982 3536 NDIS - ok 20:51:31.0996 3536 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 20:51:32.0001 3536 NdisCap - ok 20:51:32.0023 3536 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 20:51:32.0026 3536 NdisTapi - ok 20:51:32.0068 3536 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 20:51:32.0073 3536 Ndisuio - ok 20:51:32.0107 3536 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 20:51:32.0114 3536 NdisWan - ok 20:51:32.0147 3536 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 20:51:32.0152 3536 NDProxy - ok 20:51:32.0158 3536 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 20:51:32.0163 3536 NetBIOS - ok 20:51:32.0205 3536 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 20:51:32.0221 3536 NetBT - ok 20:51:32.0234 3536 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 20:51:32.0236 3536 Netlogon - ok 20:51:32.0273 3536 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 20:51:32.0289 3536 Netman - ok 20:51:32.0316 3536 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 20:51:32.0340 3536 netprofm - ok 20:51:32.0364 3536 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:51:32.0373 3536 NetTcpPortSharing - ok 20:51:32.0398 3536 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 20:51:32.0403 3536 nfrd960 - ok 20:51:32.0442 3536 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 20:51:32.0458 3536 NlaSvc - ok 20:51:32.0473 3536 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 20:51:32.0477 3536 Npfs - ok 20:51:32.0491 3536 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 20:51:32.0496 3536 nsi - ok 20:51:32.0500 3536 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 20:51:32.0503 3536 nsiproxy - ok 20:51:32.0565 3536 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 20:51:32.0606 3536 Ntfs - ok 20:51:32.0618 3536 NTIOLib_1_0_C - ok 20:51:32.0623 3536 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 20:51:32.0626 3536 Null - ok 20:51:32.0656 3536 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys 20:51:32.0662 3536 nvraid - ok 20:51:32.0704 3536 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys 20:51:32.0711 3536 nvstor - ok 20:51:32.0734 3536 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 20:51:32.0741 3536 nv_agp - ok 20:51:32.0817 3536 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 20:51:32.0858 3536 odserv - ok 20:51:32.0882 3536 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 20:51:32.0888 3536 ohci1394 - ok 20:51:32.0933 3536 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:51:32.0941 3536 ose - ok 20:51:32.0968 3536 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 20:51:32.0985 3536 p2pimsvc - ok 20:51:33.0002 3536 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 20:51:33.0018 3536 p2psvc - ok 20:51:33.0028 3536 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 20:51:33.0034 3536 Parport - ok 20:51:33.0062 3536 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 20:51:33.0069 3536 partmgr - ok 20:51:33.0083 3536 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 20:51:33.0094 3536 PcaSvc - ok 20:51:33.0107 3536 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 20:51:33.0123 3536 pci - ok 20:51:33.0132 3536 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 20:51:33.0136 3536 pciide - ok 20:51:33.0152 3536 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 20:51:33.0161 3536 pcmcia - ok 20:51:33.0174 3536 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 20:51:33.0180 3536 pcw - ok 20:51:33.0202 3536 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 20:51:33.0226 3536 PEAUTH - ok 20:51:33.0281 3536 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 20:51:33.0315 3536 PeerDistSvc - ok 20:51:33.0376 3536 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 20:51:33.0381 3536 PerfHost - ok 20:51:33.0441 3536 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 20:51:33.0473 3536 pla - ok 20:51:33.0526 3536 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 20:51:33.0550 3536 PlugPlay - ok 20:51:33.0567 3536 PnkBstrA - ok 20:51:33.0581 3536 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 20:51:33.0587 3536 PNRPAutoReg - ok 20:51:33.0601 3536 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 20:51:33.0605 3536 PNRPsvc - ok 20:51:33.0628 3536 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 20:51:33.0653 3536 PolicyAgent - ok 20:51:33.0681 3536 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 20:51:33.0690 3536 Power - ok 20:51:33.0719 3536 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 20:51:33.0726 3536 PptpMiniport - ok 20:51:33.0737 3536 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 20:51:33.0743 3536 Processor - ok 20:51:33.0757 3536 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll 20:51:33.0773 3536 ProfSvc - ok 20:51:33.0784 3536 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 20:51:33.0785 3536 ProtectedStorage - ok 20:51:33.0828 3536 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 20:51:33.0836 3536 Psched - ok 20:51:33.0887 3536 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 20:51:33.0921 3536 ql2300 - ok 20:51:33.0936 3536 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 20:51:33.0944 3536 ql40xx - ok 20:51:33.0968 3536 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 20:51:33.0984 3536 QWAVE - ok 20:51:33.0999 3536 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 20:51:34.0004 3536 QWAVEdrv - ok 20:51:34.0017 3536 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 20:51:34.0020 3536 RasAcd - ok 20:51:34.0041 3536 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 20:51:34.0047 3536 RasAgileVpn - ok 20:51:34.0056 3536 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 20:51:34.0063 3536 RasAuto - ok 20:51:34.0102 3536 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 20:51:34.0108 3536 Rasl2tp - ok 20:51:34.0164 3536 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 20:51:34.0181 3536 RasMan - ok 20:51:34.0194 3536 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 20:51:34.0200 3536 RasPppoe - ok 20:51:34.0209 3536 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 20:51:34.0215 3536 RasSstp - ok 20:51:34.0231 3536 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 20:51:34.0248 3536 rdbss - ok 20:51:34.0261 3536 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 20:51:34.0265 3536 rdpbus - ok 20:51:34.0285 3536 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 20:51:34.0287 3536 RDPCDD - ok 20:51:34.0320 3536 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 20:51:34.0326 3536 RDPDR - ok 20:51:34.0342 3536 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 20:51:34.0345 3536 RDPENCDD - ok 20:51:34.0356 3536 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 20:51:34.0359 3536 RDPREFMP - ok 20:51:34.0399 3536 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 20:51:34.0403 3536 RdpVideoMiniport - ok 20:51:34.0415 3536 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 20:51:34.0423 3536 RDPWD - ok 20:51:34.0460 3536 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 20:51:34.0468 3536 rdyboost - ok 20:51:34.0494 3536 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 20:51:34.0501 3536 RemoteAccess - ok 20:51:34.0527 3536 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 20:51:34.0537 3536 RemoteRegistry - ok 20:51:34.0543 3536 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 20:51:34.0551 3536 RpcEptMapper - ok 20:51:34.0571 3536 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 20:51:34.0575 3536 RpcLocator - ok 20:51:34.0614 3536 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 20:51:34.0619 3536 RpcSs - ok 20:51:34.0630 3536 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 20:51:34.0635 3536 rspndr - ok 20:51:34.0672 3536 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 20:51:34.0689 3536 RTL8167 - ok 20:51:34.0746 3536 [ 5EDFCEE5682237607082880338415AA6 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys 20:51:34.0788 3536 RTL8192su - ok 20:51:34.0827 3536 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 20:51:34.0830 3536 s3cap - ok 20:51:34.0842 3536 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 20:51:34.0844 3536 SamSs - ok 20:51:34.0864 3536 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 20:51:34.0870 3536 sbp2port - ok 20:51:34.0880 3536 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 20:51:34.0888 3536 SCardSvr - ok 20:51:34.0918 3536 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 20:51:34.0923 3536 scfilter - ok 20:51:34.0950 3536 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 20:51:34.0982 3536 Schedule - ok 20:51:35.0017 3536 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 20:51:35.0018 3536 SCPolicySvc - ok 20:51:35.0061 3536 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 20:51:35.0077 3536 SDRSVC - ok 20:51:35.0092 3536 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 20:51:35.0096 3536 secdrv - ok 20:51:35.0123 3536 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 20:51:35.0130 3536 seclogon - ok 20:51:35.0145 3536 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 20:51:35.0153 3536 SENS - ok 20:51:35.0163 3536 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 20:51:35.0169 3536 SensrSvc - ok 20:51:35.0181 3536 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 20:51:35.0185 3536 Serenum - ok 20:51:35.0213 3536 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 20:51:35.0219 3536 Serial - ok 20:51:35.0257 3536 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 20:51:35.0261 3536 sermouse - ok 20:51:35.0303 3536 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 20:51:35.0312 3536 SessionEnv - ok 20:51:35.0340 3536 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 20:51:35.0343 3536 sffdisk - ok 20:51:35.0364 3536 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 20:51:35.0368 3536 sffp_mmc - ok 20:51:35.0383 3536 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 20:51:35.0386 3536 sffp_sd - ok 20:51:35.0397 3536 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 20:51:35.0400 3536 sfloppy - ok 20:51:35.0424 3536 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 20:51:35.0439 3536 SharedAccess - ok 20:51:35.0484 3536 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 20:51:35.0496 3536 ShellHWDetection - ok 20:51:35.0521 3536 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 20:51:35.0526 3536 SiSRaid2 - ok 20:51:35.0537 3536 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 20:51:35.0543 3536 SiSRaid4 - ok 20:51:35.0565 3536 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 20:51:35.0571 3536 Smb - ok 20:51:35.0609 3536 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 20:51:35.0614 3536 SNMPTRAP - ok 20:51:35.0623 3536 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 20:51:35.0627 3536 spldr - ok 20:51:35.0671 3536 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe 20:51:35.0686 3536 Spooler - ok 20:51:35.0773 3536 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 20:51:35.0843 3536 sppsvc - ok 20:51:35.0851 3536 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 20:51:35.0855 3536 sppuinotify - ok 20:51:35.0881 3536 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 20:51:35.0898 3536 srv - ok 20:51:35.0911 3536 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 20:51:35.0926 3536 srv2 - ok 20:51:35.0940 3536 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 20:51:35.0948 3536 srvnet - ok 20:51:35.0975 3536 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 20:51:35.0992 3536 SSDPSRV - ok 20:51:36.0004 3536 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 20:51:36.0010 3536 SstpSvc - ok 20:51:36.0020 3536 Steam Client Service - ok 20:51:36.0030 3536 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 20:51:36.0033 3536 stexstor - ok 20:51:36.0079 3536 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 20:51:36.0105 3536 stisvc - ok 20:51:36.0142 3536 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 20:51:36.0147 3536 storflt - ok 20:51:36.0182 3536 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 20:51:36.0187 3536 storvsc - ok 20:51:36.0219 3536 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 20:51:36.0223 3536 swenum - ok 20:51:36.0237 3536 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 20:51:36.0254 3536 swprv - ok 20:51:36.0262 3536 Synth3dVsc - ok 20:51:36.0302 3536 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 20:51:36.0341 3536 SysMain - ok 20:51:36.0370 3536 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 20:51:36.0378 3536 TabletInputService - ok 20:51:36.0418 3536 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 20:51:36.0435 3536 TapiSrv - ok 20:51:36.0448 3536 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 20:51:36.0455 3536 TBS - ok 20:51:36.0525 3536 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 20:51:36.0574 3536 Tcpip - ok 20:51:36.0622 3536 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 20:51:36.0636 3536 TCPIP6 - ok 20:51:36.0671 3536 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 20:51:36.0674 3536 tcpipreg - ok 20:51:36.0696 3536 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 20:51:36.0700 3536 TDPIPE - ok 20:51:36.0723 3536 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 20:51:36.0726 3536 TDTCP - ok 20:51:36.0776 3536 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 20:51:36.0782 3536 tdx - ok 20:51:36.0786 3536 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 20:51:36.0792 3536 TermDD - ok 20:51:36.0837 3536 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 20:51:36.0878 3536 TermService - ok 20:51:36.0906 3536 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 20:51:36.0913 3536 Themes - ok 20:51:36.0924 3536 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 20:51:36.0926 3536 THREADORDER - ok 20:51:36.0940 3536 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 20:51:36.0950 3536 TrkWks - ok 20:51:37.0011 3536 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 20:51:37.0017 3536 TrustedInstaller - ok 20:51:37.0045 3536 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 20:51:37.0049 3536 tssecsrv - ok 20:51:37.0089 3536 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 20:51:37.0095 3536 TsUsbFlt - ok 20:51:37.0098 3536 tsusbhub - ok 20:51:37.0150 3536 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 20:51:37.0157 3536 tunnel - ok 20:51:37.0170 3536 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 20:51:37.0175 3536 uagp35 - ok 20:51:37.0216 3536 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 20:51:37.0232 3536 udfs - ok 20:51:37.0247 3536 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 20:51:37.0255 3536 UI0Detect - ok 20:51:37.0282 3536 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 20:51:37.0288 3536 uliagpkx - ok 20:51:37.0316 3536 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 20:51:37.0321 3536 umbus - ok 20:51:37.0344 3536 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 20:51:37.0347 3536 UmPass - ok 20:51:37.0394 3536 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 20:51:37.0406 3536 UmRdpService - ok 20:51:37.0487 3536 [ 1D2596FE2D7CF36C6F5F0D6B71E90E1E ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 20:51:37.0541 3536 UNS - ok 20:51:37.0552 3536 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 20:51:37.0568 3536 upnphost - ok 20:51:37.0618 3536 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys 20:51:37.0624 3536 usbccgp - ok 20:51:37.0642 3536 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 20:51:37.0650 3536 usbcir - ok 20:51:37.0686 3536 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys 20:51:37.0691 3536 usbehci - ok 20:51:37.0717 3536 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys 20:51:37.0732 3536 usbhub - ok 20:51:37.0769 3536 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys 20:51:37.0773 3536 usbohci - ok 20:51:37.0787 3536 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 20:51:37.0791 3536 usbprint - ok 20:51:37.0814 3536 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:51:37.0820 3536 USBSTOR - ok 20:51:37.0834 3536 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 20:51:37.0838 3536 usbuhci - ok 20:51:37.0854 3536 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 20:51:37.0861 3536 UxSms - ok 20:51:37.0875 3536 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 20:51:37.0877 3536 VaultSvc - ok 20:51:37.0913 3536 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 20:51:37.0918 3536 vdrvroot - ok 20:51:37.0961 3536 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 20:51:37.0987 3536 vds - ok 20:51:37.0991 3536 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 20:51:37.0995 3536 vga - ok 20:51:38.0004 3536 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 20:51:38.0008 3536 VgaSave - ok 20:51:38.0011 3536 VGPU - ok 20:51:38.0043 3536 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 20:51:38.0052 3536 vhdmp - ok 20:51:38.0083 3536 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 20:51:38.0087 3536 viaide - ok 20:51:38.0124 3536 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 20:51:38.0140 3536 vmbus - ok 20:51:38.0183 3536 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 20:51:38.0186 3536 VMBusHID - ok 20:51:38.0213 3536 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 20:51:38.0219 3536 volmgr - ok 20:51:38.0254 3536 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 20:51:38.0270 3536 volmgrx - ok 20:51:38.0293 3536 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 20:51:38.0309 3536 volsnap - ok 20:51:38.0340 3536 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 20:51:38.0347 3536 vsmraid - ok 20:51:38.0406 3536 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 20:51:38.0442 3536 VSS - ok 20:51:38.0457 3536 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 20:51:38.0461 3536 vwifibus - ok 20:51:38.0481 3536 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 20:51:38.0486 3536 vwififlt - ok 20:51:38.0522 3536 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 20:51:38.0538 3536 W32Time - ok 20:51:38.0557 3536 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 20:51:38.0561 3536 WacomPen - ok 20:51:38.0581 3536 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 20:51:38.0586 3536 WANARP - ok 20:51:38.0590 3536 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 20:51:38.0592 3536 Wanarpv6 - ok 20:51:38.0644 3536 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 20:51:38.0677 3536 wbengine - ok 20:51:38.0691 3536 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 20:51:38.0707 3536 WbioSrvc - ok 20:51:38.0747 3536 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 20:51:38.0764 3536 wcncsvc - ok 20:51:38.0782 3536 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 20:51:38.0788 3536 WcsPlugInService - ok 20:51:38.0813 3536 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 20:51:38.0817 3536 Wd - ok 20:51:38.0838 3536 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 20:51:38.0871 3536 Wdf01000 - ok 20:51:38.0898 3536 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 20:51:38.0907 3536 WdiServiceHost - ok 20:51:38.0911 3536 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 20:51:38.0913 3536 WdiSystemHost - ok 20:51:38.0962 3536 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 20:51:38.0978 3536 WebClient - ok 20:51:38.0995 3536 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 20:51:39.0012 3536 Wecsvc - ok 20:51:39.0020 3536 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 20:51:39.0027 3536 wercplsupport - ok 20:51:39.0036 3536 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 20:51:39.0044 3536 WerSvc - ok 20:51:39.0052 3536 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 20:51:39.0055 3536 WfpLwf - ok 20:51:39.0066 3536 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 20:51:39.0070 3536 WIMMount - ok 20:51:39.0080 3536 WinDefend - ok 20:51:39.0085 3536 WinHttpAutoProxySvc - ok 20:51:39.0127 3536 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 20:51:39.0144 3536 Winmgmt - ok 20:51:39.0208 3536 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 20:51:39.0259 3536 WinRM - ok 20:51:39.0286 3536 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 20:51:39.0292 3536 WinUsb - ok 20:51:39.0323 3536 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 20:51:39.0347 3536 Wlansvc - ok 20:51:39.0364 3536 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 20:51:39.0367 3536 WmiAcpi - ok 20:51:39.0383 3536 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 20:51:39.0391 3536 wmiApSrv - ok 20:51:39.0397 3536 WMPNetworkSvc - ok 20:51:39.0410 3536 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 20:51:39.0415 3536 WPCSvc - ok 20:51:39.0455 3536 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 20:51:39.0465 3536 WPDBusEnum - ok 20:51:39.0489 3536 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 20:51:39.0493 3536 ws2ifsl - ok 20:51:39.0508 3536 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 20:51:39.0517 3536 wscsvc - ok 20:51:39.0520 3536 WSearch - ok 20:51:39.0580 3536 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 20:51:39.0639 3536 wuauserv - ok 20:51:39.0653 3536 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 20:51:39.0657 3536 WudfPf - ok 20:51:39.0691 3536 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 20:51:39.0698 3536 WUDFRd - ok 20:51:39.0734 3536 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 20:51:39.0742 3536 wudfsvc - ok 20:51:39.0763 3536 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 20:51:39.0779 3536 WwanSvc - ok 20:51:39.0836 3536 [ 4A5CE13408945E525503B5F73D29B9C5 ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys 20:51:39.0860 3536 xnacc - ok 20:51:39.0876 3536 ================ Scan global =============================== 20:51:39.0904 3536 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 20:51:39.0941 3536 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 20:51:39.0966 3536 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 20:51:39.0991 3536 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 20:51:40.0022 3536 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 20:51:40.0035 3536 [Global] - ok 20:51:40.0036 3536 ================ Scan MBR ================================== 20:51:40.0043 3536 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 20:51:40.0395 3536 \Device\Harddisk0\DR0 - ok 20:51:40.0396 3536 ================ Scan VBR ================================== 20:51:40.0397 3536 [ BD3DBC1AEC01C2590B07D5A3898A32AD ] \Device\Harddisk0\DR0\Partition1 20:51:40.0398 3536 \Device\Harddisk0\DR0\Partition1 - ok 20:51:40.0398 3536 ============================================================ 20:51:40.0398 3536 Scan finished 20:51:40.0398 3536 ============================================================ 20:51:40.0404 2036 Detected object count: 0 20:51:40.0404 2036 Actual detected object count: 0 |
21.02.2013, 00:02 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | EXP/JS.Expack.DX JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
22.02.2013, 20:29 | #11 |
| EXP/JS.Expack.DX Hallo, Hier einmal das Logfile vom JRT: Code:
ATTFilter Junkware Removal Tool (JRT) by Thisisu Version: 4.6.5 (02.18.2013:1) OS: Windows 7 Ultimate x64 Ran by Julian on 22.02.2013 at 20:04:56,74 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\eula.1028.txt Successfully deleted: [File] C:\eula.1031.txt Successfully deleted: [File] C:\eula.1033.txt Successfully deleted: [File] C:\eula.1036.txt Successfully deleted: [File] C:\eula.1040.txt Successfully deleted: [File] C:\eula.1041.txt Successfully deleted: [File] C:\eula.1042.txt Successfully deleted: [File] C:\eula.2052.txt Successfully deleted: [File] C:\install.res.1028.dll Successfully deleted: [File] C:\install.res.1031.dll Successfully deleted: [File] C:\install.res.1033.dll Successfully deleted: [File] C:\install.res.1036.dll Successfully deleted: [File] C:\install.res.1040.dll Successfully deleted: [File] C:\install.res.1041.dll Successfully deleted: [File] C:\install.res.1042.dll Successfully deleted: [File] C:\install.res.2052.dll Successfully deleted: [File] C:\install.res.3082.dll ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\dd9gwamk.default\minidumps [39 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 22.02.2013 at 20:09:34,35 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter # AdwCleaner v2.112 - Datei am 22/02/2013 um 20:12:36 erstellt # Aktualisiert am 10/02/2013 von Xplode # Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits) # Benutzer : Julian - JULIAN-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Julian\Downloads\adwcleaner0.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16464 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v18.0.2 (de) Datei : C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\dd9gwamk.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v24.0.1312.57 Datei : C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [1003 octets] - [22/02/2013 20:12:07] AdwCleaner[S1].txt - [938 octets] - [22/02/2013 20:12:36] ########## EOF - C:\AdwCleaner[S1].txt - [997 octets] ########## Code:
ATTFilter OTL logfile created on: 22.02.2013 20:18:11 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julian\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 61,02% Memory free 7,96 Gb Paging File | 6,13 Gb Available in Paging File | 77,06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 596,16 Gb Total Space | 438,38 Gb Free Space | 73,53% Space Free | Partition Type: NTFS Drive D: | 6,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: JULIAN-PC | User Name: Julian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Julian\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) ========== Modules (No Company Name) ========== MOD - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc) DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-228806359-1359040479-2071317650-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-228806359-1359040479-2071317650-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-228806359-1359040479-2071317650-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C 2C C2 C5 50 BF CD 01 [binary data] IE - HKU\S-1-5-21-228806359-1359040479-2071317650-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-228806359-1359040479-2071317650-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-228806359-1359040479-2071317650-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "bild.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.10 13:04:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.10 13:04:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.10 13:04:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.10 13:04:54 | 000,000,000 | ---D | M] [2012.11.10 15:39:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Extensions [2013.02.10 13:04:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.10 13:04:55 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.12 11:41:04 | 000,171,136 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll CHR - Extension: Google Docs = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.11.10 18:04:53 | 000,000,864 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-228806359-1359040479-2071317650-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D9EBE58-8BC2-42C3-9E0D-413E3BE1F83D}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F3E3984-095F-4E41-9D1B-BE267FD20723}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.08.13 19:01:35 | 000,348,080 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - D:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2012.08.13 19:01:35 | 000,000,047 | R--- | M] () - D:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{fa00f51e-2b40-11e2-9162-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{fa00f51e-2b40-11e2-9162-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2012.08.13 19:01:35 | 000,348,080 | R--- | M] (Konami Digital Entertainment Co., Ltd.) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.22 20:04:54 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.02.22 20:04:31 | 000,000,000 | ---D | C] -- C:\JRT [2013.02.20 20:30:37 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Julian\Desktop\aswMBR.exe [2013.02.17 14:36:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.17 14:35:32 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\mbar [2013.02.13 18:57:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.13 18:57:25 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.13 18:57:25 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.13 18:57:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.13 18:57:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.13 18:57:24 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.13 18:57:24 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.13 18:57:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.13 18:57:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.13 18:57:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.13 18:57:23 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.13 18:57:23 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.13 18:57:22 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.13 18:57:22 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.13 18:57:22 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.13 18:28:40 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.13 18:28:40 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.13 18:28:39 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.13 18:28:16 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.13 18:28:15 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.13 18:28:15 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.13 18:28:15 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.13 18:28:15 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.13 18:28:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.13 18:28:04 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.02.10 13:04:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.09 13:55:26 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\Patch103 [2013.02.09 13:52:10 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\KONAMI [2013.02.09 13:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\KONAMI [2013.02.09 13:41:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KONAMI [2013.02.03 13:41:40 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.01.29 19:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.01.29 19:12:27 | 000,780,192 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.01.29 19:12:26 | 000,859,552 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll ========== Files - Modified Within 30 Days ========== [2013.02.22 20:21:28 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.22 20:21:28 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.22 20:20:02 | 001,527,504 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.22 20:20:02 | 000,664,396 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.22 20:20:02 | 000,624,578 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.22 20:20:02 | 000,134,564 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.22 20:20:02 | 000,110,216 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.22 20:14:11 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.22 20:14:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.22 20:14:02 | 3206,184,960 | -HS- | M] () -- C:\hiberfil.sys [2013.02.20 21:29:11 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.20 21:24:08 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.20 20:48:06 | 000,000,512 | ---- | M] () -- C:\Users\Julian\Desktop\MBR.dat [2013.02.20 20:23:56 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Julian\Desktop\aswMBR.exe [2013.02.16 10:53:15 | 000,412,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.12 18:32:04 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.02.12 18:32:04 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.02.12 18:31:50 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.02.08 17:25:20 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.08 17:25:20 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.29 19:12:06 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.01.29 19:12:06 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll ========== Files Created - No Company Name ========== [2013.02.20 20:35:36 | 000,000,512 | ---- | C] () -- C:\Users\Julian\Desktop\MBR.dat [2012.11.25 18:01:06 | 000,000,094 | ---- | C] () -- C:\Users\Julian\AppData\Local\fusioncache.dat [2012.11.25 17:59:44 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.11.25 17:59:43 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.11.25 17:59:43 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.11.25 17:36:41 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.11.10 15:37:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.09.28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.09.28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 22.02.2013 20:18:11 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julian\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 61,02% Memory free 7,96 Gb Paging File | 6,13 Gb Available in Paging File | 77,06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 596,16 Gb Total Space | 438,38 Gb Free Space | 73,53% Space Free | Partition Type: NTFS Drive D: | 6,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: JULIAN-PC | User Name: Julian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-228806359-1359040479-2071317650-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{764B9FE6-59E2-4BF9-9285-79F0932A15C6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04EB910E-B485-46BE-BC35-8B1891C145A2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{0FED62F5-CDF9-4E7C-870C-3CF035C6C818}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe | "{1F4E305C-8777-4BBF-9F92-8EF0CA2B4405}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{1FD5CBDA-D3E1-4B41-A1D1-BC1264931950}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe | "{3C60DFF7-92D2-4FD9-BB9F-45AF4A324C63}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{3FB30FEA-C540-4DC2-8273-2D9088CCAA8B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{41596BF2-4435-4A43-BBA1-227FB57C92C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe | "{44E2BFAC-29F4-439C-924A-59FEFF558902}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe | "{4623B8EC-A5E3-464B-9D41-2927CECEB740}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | "{4B45D513-0F64-40AF-A76E-3D81F5BBD497}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | "{4C18CCC4-3608-4891-B869-8B2E01DFCCA5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "{5B557045-54E7-493C-B9F9-EE22E9F24193}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{69069B61-828A-4FF8-B2AA-B96930F2EA28}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{6DC129DB-BD8A-490D-B0B2-14F362F310FD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{724E6F2D-1370-49CD-97AD-F319AFFD7F74}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{8264AB1F-0EF5-4EED-9093-8585992EC417}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{84FF03F5-F85E-41A4-9A50-CC7DDBF3C4A6}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe | "{8C6CDA65-E4AA-45AD-9412-461FD5A6D9C1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{91A5C526-07FF-462D-BA4D-1346522B8214}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe | "{986E065A-1BF9-4639-9D66-9BF009A56B7F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe | "{9A87C0C5-6B8C-43FA-9FDA-C0A06FE0FDDF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | "{9D4A5B2E-A2DA-4D96-BE24-07D877C65365}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe | "{AC9E26A1-FD70-4504-BDB2-21FCD33468B8}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe | "{BC9AE8A4-AA26-4E78-B79D-542F22D0DFAD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "{C18DB78F-7CFE-42C6-A932-FD80F2057CEB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{C9FBCD5B-082C-4E13-8ABC-53479EC54499}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe | "{CE8ED20E-AD2F-4392-A63D-9915B8B1D0E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe | "{D0394EDC-B043-4711-9BC1-7DF817A2C8EB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{D626B1B1-DF9C-46E7-A5BF-13128149C295}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe | "{DD65198C-20F2-4075-B27E-758516E793C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{DE2C9D16-9957-4ECB-9F83-158E859FE502}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{E2E09399-0A80-4618-A76B-A8C565755938}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{EA88316D-0948-4C6C-BF2C-E145DC70D95A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe | "{F72564CB-B743-4C46-A367-30CF545F28C9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{FC343670-DD5F-4507-B2D7-F6E25925B436}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe | "{FC3C64CA-4E1A-4269-B18F-974BE6DF09C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | "TCP Query User{316D5F1C-0A78-43E5-A65A-ED1517DE052F}C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "TCP Query User{B0DF8C95-3B06-4CBE-8864-6BA2D898FD66}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | "TCP Query User{D54D851B-5ACB-4E8F-B8D3-59429C10F914}C:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe | "UDP Query User{BF0673AC-7B11-40CC-B953-FD1A4EAB61F7}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | "UDP Query User{CDB5E9AF-B66B-4D11-8D80-DB39EDB405BD}C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "UDP Query User{E6AC22FF-E428-4312-801A-97545C9D00C1}C:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{116C20CC-0843-1FC0-2AE8-BD3535911B36}" = AMD Drag and Drop Transcoding "{20384EBF-4F10-13F0-07C6-7A6C87FD83DF}" = AMD Catalyst Install Manager "{30CAD3B3-7EF6-4087-2A50-97EF66966776}" = ATI AVIVO64 Codecs "{477D05CA-C151-9CF5-22A1-9DF6DF543CD4}" = AMD Media Foundation Decoders "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{C1ACBDBF-6F86-185A-E158-AB07893968FC}" = AMD Accelerated Video Transcoding "{D61EB116-6878-9676-F28F-54F6B647023C}" = ccc-utility64 "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Greenshot_is1" = Greenshot 1.0.6.2228 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{009B1E9D-38AB-8B9E-DB07-8318DAAE1941}" = CCC Help Greek "{022BC727-ACB7-4C1D-109C-177515714A32}" = Catalyst Control Center "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{07E46A4A-F2BA-FE48-9464-E11250502C6A}" = CCC Help Swedish "{07E5C16F-9194-E31B-BB6C-C3E8FBD79C30}" = CCC Help English "{0F2CF890-D101-6CFA-8D99-0CFBF7EF4AD0}" = CCC Help Chinese Standard "{10CFB5DF-985A-8320-B4D8-461CC1F83CBF}" = CCC Help Japanese "{22D071EF-A06A-6341-DFDA-FE448659A63C}" = CCC Help Portuguese "{30909F74-4B46-2842-DECF-1C66F355338C}" = CCC Help Turkish "{365E16A2-FE3B-EA13-4EE0-88D570F82497}" = CCC Help Korean "{3D8AB6C1-3932-F551-2AF0-ED0612AD4B26}" = CCC Help Dutch "{40AD5E62-A31A-C414-01BA-310100577C7E}" = CCC Help Chinese Traditional "{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX "{4F9E0D27-5525-E8C8-43D0-BA15C1A22E03}" = CCC Help Czech "{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = ISY USB Wireless Adapter "{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2 "{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver "{647E62F0-F1BC-E0C3-EDF5-67716EE75014}" = CCC Help Hungarian "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{667DB2C0-AF52-021A-7CF6-DA8DD27AC215}" = CCC Help Italian "{6A4C6C0F-8791-B753-742E-06C40A6E023C}" = CCC Help Polish "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R) "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{79C61902-F44E-4190-A2B9-9B467B0380CE}" = CCC Help French "{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1" = Winki "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91A3CEFE-A2C1-3E83-3789-F2BF8EC82106}" = CCC Help Thai "{96CAEB1D-7BFB-2A98-EBB2-414C894F694F}" = CCC Help Danish "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A48CE6DE-1E75-EBE2-8EF7-6E6EA51962AC}" = HydraVision "{A664A708-E454-4416-7D19-D0F10879522C}" = CCC Help German "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}" = Pro Evolution Soccer 2013 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D6F46E2D-4FE2-5FAB-5C30-230E99563DEE}" = Catalyst Control Center InstallProxy "{D9DA23F5-CE0B-EE04-B498-7EC8AFC9F232}" = CCC Help Finnish "{DF5182CB-192B-A6C8-9707-D7214557691C}" = CCC Help Norwegian "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3 "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{E6757654-CE6A-0D0B-BBE6-F6247F05B7CD}" = Catalyst Control Center Localization All "{E8759AD8-3A58-77F1-D16D-F3C8F9E98722}" = Catalyst Control Center Graphics Previews Common "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1C39CBE-4521-BEC8-5238-4A8B55FEB6B7}" = CCC Help Russian "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{FBFA39D2-C55A-56DC-7EBB-767FC31B04A3}" = CCC Help Spanish "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "Battlelog Web Plugins" = Battlelog Web Plugins "Crysis WARHEAD(R)" = Crysis WARHEAD(R) "ENTERPRISE" = Microsoft Office Enterprise 2007 "ESN Sonar-0.70.4" = ESN Sonar "Google Chrome" = Google Chrome "InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = ISY USB Wireless Adapter "Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Origin" = Origin "PunkBusterSvc" = PunkBuster Services "Steam App 17300" = Crysis "Steam App 205100" = Dishonored "Steam App 28050" = Deus Ex: Human Revolution "Steam App 49520" = Borderlands 2 "Steam App 50300" = Spec Ops: The Line "Uplay" = Uplay "WinRAR archiver" = WinRAR 4.20 (32-Bit) < End of report > |
22.02.2013, 23:40 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | EXP/JS.Expack.DX Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
23.02.2013, 12:36 | #13 |
| EXP/JS.Expack.DX Hallo, gut, dass wir schon fast am Ende sind ;-). Hier ist das Logfile von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.22.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Julian :: JULIAN-PC [Administrator] Schutz: Aktiviert 23.02.2013 00:24:25 mbam-log-2013-02-23 (00-24-25).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 204088 Laufzeit: 1 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Vielen Dank für deine Hilfe. |
24.02.2013, 21:17 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | EXP/JS.Expack.DX Wieso findest du das Log nicht, es ist doch bebildert!
__________________ Logfiles bitte immer in CODE-Tags posten |
24.02.2013, 22:31 | #15 |
| EXP/JS.Expack.DX So hier ist das Log von ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=dc60ba9c4cef3043896955ce0f31e462 # engine=13233 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-02-24 09:27:12 # local_time=2013-02-24 10:27:12 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 96 10541 227160922 3328 0 # compatibility_mode=5893 16776574 66 85 5631368 113371082 0 0 # scanned=142291 # found=0 # cleaned=0 # scan_time=2903 Code:
ATTFilter Avira Free Antivirus Erstellungsdatum der Reportdatei: Samstag, 23. Februar 2013 11:36 Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Ultimate Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : JULIAN-PC Versionsinformationen: BUILD.DAT : 13.0.0.3185 47702 Bytes 30.01.2013 10:05:00 AVSCAN.EXE : 13.6.0.584 640224 Bytes 12.02.2013 14:58:59 AVSCANRC.DLL : 13.4.0.360 64800 Bytes 11.12.2012 19:40:22 LUKE.DLL : 13.6.0.602 67808 Bytes 12.02.2013 14:59:06 AVSCPLR.DLL : 13.6.0.628 94432 Bytes 05.02.2013 16:14:18 AVREG.DLL : 13.6.0.600 250592 Bytes 05.02.2013 16:14:18 avlode.dll : 13.6.2.624 434912 Bytes 05.02.2013 16:14:18 avlode.rdf : 13.0.0.38 15231 Bytes 13.02.2013 16:58:12 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 14:50:29 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 14:50:31 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 14:50:34 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 14:50:36 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 14:50:37 VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 14:42:40 VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 14:42:40 VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 17:56:03 VBASE008.VDF : 7.11.60.10 6627328 Bytes 07.02.2013 15:33:53 VBASE009.VDF : 7.11.60.11 2048 Bytes 07.02.2013 15:33:53 VBASE010.VDF : 7.11.60.12 2048 Bytes 07.02.2013 15:33:53 VBASE011.VDF : 7.11.60.13 2048 Bytes 07.02.2013 15:33:55 VBASE012.VDF : 7.11.60.14 2048 Bytes 07.02.2013 15:33:55 VBASE013.VDF : 7.11.60.62 351232 Bytes 08.02.2013 15:33:56 VBASE014.VDF : 7.11.60.115 190976 Bytes 09.02.2013 18:13:59 VBASE015.VDF : 7.11.60.177 282624 Bytes 11.02.2013 17:33:59 VBASE016.VDF : 7.11.60.249 215552 Bytes 13.02.2013 16:58:03 VBASE017.VDF : 7.11.61.65 151040 Bytes 15.02.2013 09:58:33 VBASE018.VDF : 7.11.61.135 159232 Bytes 18.02.2013 13:38:54 VBASE019.VDF : 7.11.61.163 152064 Bytes 18.02.2013 14:26:40 VBASE020.VDF : 7.11.61.207 164352 Bytes 19.02.2013 14:26:40 VBASE021.VDF : 7.11.62.43 206336 Bytes 21.02.2013 19:00:47 VBASE022.VDF : 7.11.62.44 2048 Bytes 21.02.2013 19:00:48 VBASE023.VDF : 7.11.62.45 2048 Bytes 21.02.2013 19:00:48 VBASE024.VDF : 7.11.62.46 2048 Bytes 21.02.2013 19:00:48 VBASE025.VDF : 7.11.62.47 2048 Bytes 21.02.2013 19:00:48 VBASE026.VDF : 7.11.62.48 2048 Bytes 21.02.2013 19:00:48 VBASE027.VDF : 7.11.62.49 2048 Bytes 21.02.2013 19:00:48 VBASE028.VDF : 7.11.62.50 2048 Bytes 21.02.2013 19:00:48 VBASE029.VDF : 7.11.62.51 2048 Bytes 21.02.2013 19:00:48 VBASE030.VDF : 7.11.62.52 2048 Bytes 21.02.2013 19:00:48 VBASE031.VDF : 7.11.62.96 103424 Bytes 22.02.2013 19:00:48 Engineversion : 8.2.12.8 AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 14:42:55 AESCRIPT.DLL : 8.1.4.94 467324 Bytes 22.02.2013 19:00:53 AESCN.DLL : 8.1.10.0 131445 Bytes 13.12.2012 16:53:18 AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 16:58:06 AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 15:09:33 AEPACK.DLL : 8.3.1.10 815480 Bytes 19.02.2013 14:26:44 AEOFFICE.DLL : 8.1.2.50 201084 Bytes 10.11.2012 18:36:18 AEHEUR.DLL : 8.1.4.218 5792121 Bytes 22.02.2013 19:00:53 AEHELP.DLL : 8.1.25.2 258423 Bytes 12.10.2012 15:52:32 AEGEN.DLL : 8.1.6.16 434549 Bytes 24.01.2013 18:42:12 AEEXP.DLL : 8.4.0.4 188789 Bytes 22.02.2013 19:00:53 AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 14:42:55 AECORE.DLL : 8.1.31.2 201080 Bytes 19.02.2013 14:26:42 AEBB.DLL : 8.1.1.4 53619 Bytes 10.11.2012 18:36:16 AVWINLL.DLL : 13.6.0.480 26480 Bytes 12.02.2013 14:58:56 AVPREF.DLL : 13.6.0.480 51056 Bytes 12.02.2013 14:58:58 AVREP.DLL : 13.6.0.480 178544 Bytes 05.02.2013 16:14:18 AVARKT.DLL : 13.6.0.624 260832 Bytes 12.02.2013 14:58:57 AVEVTLOG.DLL : 13.6.0.600 167648 Bytes 12.02.2013 14:58:58 SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 18:17:40 AVSMTP.DLL : 13.6.0.480 62832 Bytes 12.02.2013 14:58:59 NETNT.DLL : 13.6.0.480 16240 Bytes 12.02.2013 14:59:06 RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 11.12.2012 19:40:18 RCTEXT.DLL : 13.6.0.480 68976 Bytes 12.02.2013 14:58:56 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Samstag, 23. Februar 2013 11:36 Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf nach versteckten Objekten wird begonnen. HKEY_USERS\S-1-5-21-228806359-1359040479-2071317650-1000\Software\ATI\ACE\Settings\Runtime\Runtime Platform Caste Constructor ProcTime [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_USERS\S-1-5-21-228806359-1359040479-2071317650-1000\Software\Avira\AntiVir Desktop\profDataStr [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '111' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '139' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht Durchsuche Prozess 'atieclxx.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '71' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'taskhost.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '158' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '76' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '77' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamscheduler.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamservice.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamgui.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'PnkBstrA.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'RtkNGUI64.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'HydraDM.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '89' Modul(e) wurden durchsucht Durchsuche Prozess 'MOM.exe' - '67' Modul(e) wurden durchsucht Durchsuche Prozess 'HydraDM64.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'CCC.exe' - '225' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '55' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '91' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '122' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '20' Modul(e) wurden durchsucht Durchsuche Prozess 'LMS.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'UNS.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'TrustedInstaller.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '1590' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' Ende des Suchlaufs: Samstag, 23. Februar 2013 12:28 Benötigte Zeit: 52:48 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 28235 Verzeichnisse wurden überprüft 499111 Dateien wurden geprüft 0 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 499111 Dateien ohne Befall 6367 Archive wurden durchsucht 0 Warnungen 2 Hinweise 678469 Objekte wurden beim Rootkitscan durchsucht 2 Versteckte Objekte wurden gefunden |
Themen zu EXP/JS.Expack.DX |
avira, beschreibung, durchgeführt, entferne, entfernen, erfahrung, exp/js.expack.dx, freue, gefunde, google, heute, individuelle, lieber, nischen, quarantäne, scan, schlau, troja, trojanerboard, virenscan, virus, virus entfernen, vorgehen, würde |