| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Gvu trojaner 2013 mit webcam infiziertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.02.2013, 13:08
| #1 |
 |  Gvu trojaner 2013 mit webcam infiziert GVU TROJANER 2013 MIT WEBCAM Guten Morgen, Ich habe mir gestern Nacht den GVU TROJANER mit Webcam eingefangen. Die "Notfall CD" lässt sich über das BIOS nicht starten. Ich habe es dann mit der Systemwiederherstellung probiert. Der Bildschirm mit der Forderung ist verschwunden, dennoch habe ich kein Zugriff auf das Internet nur im abgesicherten Modus. Gestern Abend hat Malwarebytes Anti-Malware zwei infizierte Objekte in die Quarantäne gesteckt, habe ihn vor 10 Minuten nochmal durchsuchen lassen, kein Fund. Könnte dringen Hilfe gebrauchen diesen Trojaner loszuwerden. VIELEN DANK!  OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 13.02.2013 13:10:56 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pascal\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 78,83% Memory free 6,00 Gb Paging File | 5,42 Gb Available in Paging File | 90,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,76 Gb Total Space | 157,85 Gb Free Space | 33,89% Space Free | Partition Type: NTFS Drive D: | 264,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: PASCAL-PC | User Name: Pascal | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.13 13:10:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pascal\Downloads\OTL.exe PRC - [2012.11.16 17:33:24 | 000,757,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - [2013.02.09 17:27:23 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.26 17:31:23 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.10.10 20:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.07.21 14:50:52 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.20 13:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) [Auto | Stopped] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service) SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2011.04.13 14:39:50 | 000,387,696 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe -- (AVP) SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.01.13 18:14:00 | 000,247,296 | ---- | M] () [Auto | Stopped] -- C:\Programme\Mobile Partner Manager\AssistantServices.exe -- (UI Assistant Service) SRV - [2009.08.24 21:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [Auto | Stopped] -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 8\DfSdkS.exe -- (DfSdkS) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.04.19 07:33:38 | 000,387,616 | ---- | M] () [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) SRV - [2009.04.19 07:33:38 | 000,178,720 | ---- | M] () [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV - [2003.07.28 19:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- D:\CDriver.sys -- (MSICDSetup) DRV - [2012.10.10 20:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.10.08 19:53:56 | 000,026,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice) DRV - [2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011.11.28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011.08.31 20:23:12 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2011.08.01 14:56:42 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) DRV - [2011.06.07 11:32:01 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.06.06 17:49:48 | 000,029,248 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305) DRV - [2011.06.06 17:44:55 | 000,014,656 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\FNETURPX.SYS -- (FNETURPX) DRV - [2011.05.25 08:25:04 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.01 05:08:46 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Programme\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0) DRV - [2010.09.16 16:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3) DRV - [2010.08.12 11:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET) DRV - [2010.07.08 14:17:56 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2010.06.11 13:37:04 | 000,013,832 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\AsrAppCharger.sys -- (AsrAppCharger) DRV - [2010.06.09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2) DRV - [2010.06.09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1) DRV - [2010.04.22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2010.01.25 06:11:32 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps) DRV - [2010.01.25 06:11:30 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag) DRV - [2010.01.25 06:11:24 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem) DRV - [2010.01.25 06:11:22 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus) DRV - [2010.01.11 10:29:36 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandadb.sys -- (androidusb) DRV - [2009.12.07 18:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.12.07 18:36:48 | 000,201,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.11.25 14:02:46 | 001,108,480 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2009.11.02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009.10.29 18:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.10.29 18:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.10.29 18:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.10.29 18:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2009.10.12 14:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009.07.13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009.06.30 10:32:54 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2005.05.09 19:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cledx.sys -- (CLEDX) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Programme\NCH_EN\prxtbNCH_.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 0B 92 16 C7 46 CC 01 [binary data] IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Programme\NCH_EN\prxtbNCH_.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0A7C8B4E-A7AB-46CF-898F-9C093B798333}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{34F6E3FD-A231-441A-8F85-DA39992B2FD9}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKCU\..\SearchScopes\{3DB9F006-E73E-4648-A5AF-31EB1D2C7439}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MXGB_deDE510 IE - HKCU\..\SearchScopes\{FDC14845-92E0-4300-BE4C-BB33F1F0F4BB}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.8 FF - prefs.js..network.proxy.type: 0 FF - user.js..browser.search.openintab: false FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Pascal\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pascal\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pascal\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.12.06 22:23:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.23 13:22:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.13 18:36:53 | 000,000,000 | ---D | M] [2011.06.07 10:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pascal\AppData\Roaming\mozilla\Extensions [2012.10.30 11:38:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pascal\AppData\Roaming\mozilla\Firefox\Profiles\nni4695t.default\extensions [2012.05.31 11:17:16 | 000,000,000 | ---D | M] (DealBulldog Toolbar) -- C:\Users\Pascal\AppData\Roaming\mozilla\Firefox\Profiles\nni4695t.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC} [2011.09.02 20:16:38 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Pascal\AppData\Roaming\mozilla\Firefox\Profiles\nni4695t.default\extensions\support@predictad.com [2012.07.21 14:50:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.08.31 20:35:12 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2011.08.31 20:35:06 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2012.07.21 14:50:53 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.08.16 20:42:07 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.07.21 14:50:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.21 14:50:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.21 14:50:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.21 14:50:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.21 14:50:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.21 14:50:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Pascal\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Pascal\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Pascal\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Pascal\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files\Battlelog Web Plugins\1.118.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\Pascal\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: AutocompletePro plugin for chrome = C:\Users\Pascal\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.0_0\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programme\AutocompletePro\AutocompletePro.dll (SimplyGen) O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O2 - BHO: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Programme\NCH_EN\prxtbNCH_.dll (Conduit Ltd.) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programme\DealBulldog Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKLM\..\Toolbar: (DealBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\DealBulldog Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Programme\NCH_EN\prxtbNCH_.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (DealBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\DealBulldog Toolbar\tbcore3.dll () O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics) O4 - HKLM..\Run: [FILSHtray] C:\Program Files\FILSHtray\FILSHtray.exe (FILSH Media GmbH) O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O) O4 - HKLM..\Run: [UIExec] C:\Program Files\Mobile Partner Manager\UIExec.exe () O4 - HKLM..\Run: [XFastUsb] C:\Programme\XFastUsb\XFastUsb.exe (FNet Co., Ltd.) O4 - HKCU..\Run: [AshSnap] C:\Program Files\Ashampoo\Ashampoo Snap 4\ashsnap.exe File not found O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Pascal\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 0 O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\ie_banner_deny.htm () O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.196.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.80.2.cab (Battlefield Play4Free Updater) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4005449D-608D-4766-86BE-D3619A65B178}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EC166F5-11BE-4B20-A332-F9BE4608AD23}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD8D62F5-4B09-46B2-A88F-EEBE97EFE6EC}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~2\AVP11\mzvkbd3.dll) - C:\ProgramData\AVP11\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~2\AVP11\kloehk.dll) - C:\ProgramData\AVP11\kloehk.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{15bbf239-b0bc-11e0-8659-89b88005e800}\Shell - "" = AutoRun O33 - MountPoints2\{15bbf239-b0bc-11e0-8659-89b88005e800}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{33ea3f4b-c364-11e0-8ae1-002522a97b50}\Shell - "" = AutoRun O33 - MountPoints2\{33ea3f4b-c364-11e0-8ae1-002522a97b50}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\{4effda4e-90d6-11e0-9821-ebfb136c693e}\Shell - "" = AutoRun O33 - MountPoints2\{4effda4e-90d6-11e0-9821-ebfb136c693e}\Shell\AutoRun\command - "" = E:\Autorun.exe O33 - MountPoints2\{a099b41d-ae52-11e0-bac1-c84484135861}\Shell - "" = AutoRun O33 - MountPoints2\{a099b41d-ae52-11e0-bac1-c84484135861}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{c18f9267-99cb-11e0-8cf0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c18f9267-99cb-11e0-8cf0-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.13 12:51:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.13 12:51:39 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.02.13 02:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\Astroburn Lite [2013.02.13 02:59:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Astroburn Lite [2013.02.13 01:33:54 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Malwarebytes [2013.02.13 01:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.02.13 01:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.04 21:57:04 | 000,000,000 | ---D | C] -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments Massive [2013.02.04 21:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments Massive [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.13 13:09:42 | 000,000,156 | ---- | M] () -- C:\Users\Pascal\defogger_reenable [2013.02.13 12:51:41 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.13 12:45:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.13 12:38:58 | 000,018,688 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.13 12:38:58 | 000,018,688 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.13 12:34:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.13 12:31:32 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2013.02.13 12:31:31 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.13 12:26:26 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.13 12:00:35 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3180806219-2987136475-2523560488-1000UA.job [2013.02.13 11:56:48 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.13 11:56:48 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.13 11:56:48 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.13 11:56:48 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.13 03:57:56 | 000,024,064 | ---- | M] (Gerhard Schlager) -- C:\Windows\System32\ctfmon.exe [2013.02.13 01:11:46 | 095,023,320 | ---- | M] () -- C:\ProgramData\7084724.pad [2013.02.12 18:48:47 | 000,437,618 | ---- | M] () -- C:\Users\Pascal\Desktop\southside+track.png [2013.02.12 18:35:48 | 009,104,265 | ---- | M] () -- C:\Users\Pascal\Desktop\untitled.mp3 [2013.02.12 15:35:31 | 010,425,016 | ---- | M] () -- C:\Users\Pascal\Desktop\m,..mp3 [2013.02.07 20:00:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3180806219-2987136475-2523560488-1000Core.job [2013.02.03 18:50:03 | 000,036,104 | ---- | M] () -- C:\Users\Pascal\Documents\not-sure-if-meme-hipster.jpg [2013.02.03 13:17:40 | 000,113,768 | ---- | M] () -- C:\Users\Pascal\Documents\deadmau5.jpg [2013.01.30 20:04:26 | 000,049,902 | ---- | M] () -- C:\Users\Pascal\Documents\1281462591_51vtryqyvvl__ss500_.jpg [2013.01.29 12:55:36 | 000,001,019 | ---- | M] () -- C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.01.26 10:14:50 | 000,204,871 | ---- | M] () -- C:\Users\Pascal\Documents\73387_425298960871872_1425311602_n.jpg [2013.01.23 10:36:09 | 000,063,344 | ---- | M] () -- C:\Users\Pascal\Documents\43858944.jpg [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.13 13:09:40 | 000,000,156 | ---- | C] () -- C:\Users\Pascal\defogger_reenable [2013.02.13 12:51:41 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.13 00:21:21 | 095,023,320 | ---- | C] () -- C:\ProgramData\7084724.pad [2013.02.12 18:48:47 | 000,437,618 | ---- | C] () -- C:\Users\Pascal\Desktop\southside+track.png [2013.02.12 18:34:26 | 009,104,265 | ---- | C] () -- C:\Users\Pascal\Desktop\untitled.mp3 [2013.02.12 15:33:18 | 010,425,016 | ---- | C] () -- C:\Users\Pascal\Desktop\m,..mp3 [2013.02.03 18:50:09 | 000,036,104 | ---- | C] () -- C:\Users\Pascal\Documents\not-sure-if-meme-hipster.jpg [2013.02.03 13:17:56 | 000,113,768 | ---- | C] () -- C:\Users\Pascal\Documents\deadmau5.jpg [2013.01.30 20:04:30 | 000,049,902 | ---- | C] () -- C:\Users\Pascal\Documents\1281462591_51vtryqyvvl__ss500_.jpg [2013.01.26 10:15:20 | 000,204,871 | ---- | C] () -- C:\Users\Pascal\Documents\73387_425298960871872_1425311602_n.jpg [2013.01.23 10:36:14 | 000,063,344 | ---- | C] () -- C:\Users\Pascal\Documents\43858944.jpg [2012.12.05 15:41:37 | 000,065,536 | -H-- | C] () -- C:\Windows\System32\WebCamLib.dll [2012.11.18 22:58:34 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.11.18 22:58:34 | 000,138,056 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\PnkBstrK.sys [2012.11.18 22:58:11 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2012.11.18 22:58:10 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2012.11.02 20:15:33 | 000,828,671 | ---- | C] () -- C:\Users\Pascal\AppData\Local\Tempmusic.ogg [2012.10.26 18:40:44 | 003,536,817 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2012.10.08 20:26:10 | 000,001,467 | ---- | C] () -- C:\Users\Pascal\.recently-used.xbel [2012.05.19 16:14:18 | 000,001,206 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\CamStudio.Producer.ini [2012.05.19 16:14:18 | 000,000,000 | ---- | C] () -- C:\Users\Pascal\AppData\Roaming\CamStudio.Producer.Data.ini [2012.05.03 20:30:40 | 000,000,001 | ---- | C] () -- C:\Users\Pascal\0.cdat [2012.01.30 22:35:09 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2012.01.30 22:35:09 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2011.12.07 18:24:28 | 000,000,280 | ---- | C] () -- C:\Windows\game.ini [2011.09.02 19:44:44 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2011.08.31 20:34:46 | 000,115,267 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2011.08.31 20:34:46 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2011.08.13 14:01:33 | 000,000,313 | ---- | C] () -- C:\Windows\System32\aptmp.exe [2011.08.10 17:09:08 | 000,000,604 | ---- | C] () -- C:\Windows\Edofma.INI [2011.06.07 12:44:38 | 000,000,550 | ---- | C] () -- C:\Windows\eReg.dat [2011.06.06 21:30:49 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2011.06.06 21:30:49 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2011.06.06 17:36:20 | 000,704,512 | R--- | C] () -- C:\Windows\System32\cohelper.dll [2011.06.06 17:36:20 | 000,005,940 | R--- | C] () -- C:\Windows\System32\drivers\nvphy.bin ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.05.20 13:11:43 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\.minecraft [2012.10.06 16:34:21 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\1&1 Mail & Media GmbH [2013.01.08 13:07:29 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Amazon [2012.12.05 15:41:37 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Apowersoft [2011.08.16 19:29:28 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Canneverbe Limited [2011.08.14 17:24:36 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2011.06.07 11:34:53 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\DAEMON Tools Lite [2013.02.13 12:45:15 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Dropbox [2012.03.11 21:25:17 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\DVDVideoSoft [2011.06.22 12:31:25 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\FFSJ [2011.09.02 21:08:49 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\FreeAudioPack [2011.06.21 21:41:39 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\GlarySoft [2012.10.08 20:26:10 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\gtk-2.0 [2013.02.04 20:54:56 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\ICQ [2012.12.08 17:12:54 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\MAGIX [2011.12.04 17:11:41 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Nik Software [2012.05.22 19:29:05 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\OpenOffice.org [2012.11.11 17:17:11 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Origin [2012.11.30 23:58:48 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\pokerth [2011.07.31 17:20:31 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\ProtectDisc [2011.07.14 22:35:03 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Reviversoft [2011.08.11 08:43:59 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Sierra [2011.08.16 19:45:00 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\Steinberg [2011.07.26 20:41:26 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\TW7Booster [2013.02.13 12:41:37 | 000,000,000 | ---D | M] -- C:\Users\Pascal\AppData\Roaming\uTorrent ========== Purity Check ========== < End of report > Extras.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.02.2013 13:10:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pascal\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 78,83% Memory free
6,00 Gb Paging File | 5,42 Gb Available in Paging File | 90,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 157,85 Gb Free Space | 33,89% Space Free | Partition Type: NTFS
Drive D: | 264,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: PASCAL-PC | User Name: Pascal | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DE06E1C-72A2-4658-B707-1906837ED91B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3107194F-24E8-4460-88F7-B232E65D6DAE}" = lport=138 | protocol=17 | dir=in | app=system |
"{353BA680-E2A4-44E1-81C9-9A7B81EFA9B7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{76A10545-3C38-4F0E-99BC-79D1B7BBF047}" = rport=138 | protocol=17 | dir=out | app=system |
"{77977981-9C9B-4E08-9116-2558F6554D61}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7E568506-1C74-4B46-9C17-6A1C25F4F561}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{86F83E5E-1B10-48FA-9CB1-113C9CAE9EB9}" = lport=137 | protocol=17 | dir=in | app=system |
"{A6825819-2EFA-410B-8734-6749691F1B49}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B39A7E4E-EE49-4E2A-9E55-10F995F12867}" = rport=139 | protocol=6 | dir=out | app=system |
"{B8FE9BDC-FB13-4549-AFA1-FB593B100B86}" = lport=139 | protocol=6 | dir=in | app=system |
"{D8CEA302-CF4D-4185-8394-F4AA7B3E5FAE}" = rport=445 | protocol=6 | dir=out | app=system |
"{E1403F13-7383-428C-B8CB-B451EB2A1043}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E881C05E-2D2E-4151-81B5-30B8C4A838D1}" = rport=137 | protocol=17 | dir=out | app=system |
"{EE5A7302-0665-4B92-A030-14D02B4A03D6}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0359E3BF-4328-4868-AB04-DCA8F7728F12}" = protocol=6 | dir=in | app=c:\program files\ubisoft\world in conflict\wic.exe |
"{0406422B-E2BD-4854-B536-BABB469B33B4}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{0597DAC2-EDA8-4DA3-B6BB-B7A0BD921FAB}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{0856CAA2-5BBA-433E-B0E8-F32DD0D5A44B}" = protocol=17 | dir=in | app=c:\program files\rockstar games\eflc\launcheflc.exe |
"{0C8B7CB3-2971-457E-A2C5-DD3499D5F4AB}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{0D7A9C9A-06B6-42B6-B844-0B26B5400B59}" = protocol=6 | dir=in | app=c:\program files\rockstar games\eflc\launcheflc.exe |
"{0F8FD49F-5F01-4E1B-BE93-58A22D10FC55}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\lexusluger\counter-strike source\hl2.exe |
"{11E10E45-FE36-4AB3-ABAE-F328933AFCC0}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2.exe |
"{1638D10E-D7B0-4AF3-A4B4-A1FF076C9638}" = protocol=17 | dir=in | app=c:\program files\ubisoft\world in conflict\wic.exe |
"{192A9B63-F900-4747-B7FE-2A05C8276D60}" = protocol=17 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe |
"{1FDC2394-2CE8-4DEA-A657-4E04D5D18D80}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{20FD62CD-62D5-41E9-A54D-74E8FF7EB220}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{2111D42D-09F1-46E2-805C-935C2F0FE4D0}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"{23B66CF0-B1F9-474A-804E-F1A5284D9D04}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{317EA025-5DDD-47D1-B293-F2B4C78DF1A2}" = protocol=17 | dir=in | app=c:\program files\ubisoft\world in conflict\wic_ds.exe |
"{32F7863C-03A0-46FC-AD0A-4B515FAF070C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\world in conflict\wic_online.exe |
"{35E53B8E-2D9E-4E1A-8BE9-BBD5356D55AB}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's h.a.w.x\hawx.exe |
"{38B87E17-E494-4497-A892-E8B39EC21442}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter 2\graw2_dedicated.exe |
"{44B40EFD-8F7C-42BF-B868-580C5FEAF7E5}" = protocol=17 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe |
"{48BDE269-0346-413B-ABBB-9E1D4C3BF070}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{4BB3551E-8BD2-4466-B97E-7791180F94F9}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{4E1E7D20-7C2D-4CF8-9333-CF7E44E51A85}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4E2E0BE6-B43B-4ADE-8C9C-AEF899411184}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{544241BD-143F-44A3-890A-D656F9B9D337}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{5596AEA6-0FC4-4215-AF36-621D6190174C}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steam.exe |
"{57782BCF-B4F7-4D34-A78E-A45C4B922C54}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\lexusluger\day of defeat source\hl2.exe |
"{57C255AF-76B3-432C-A794-708D28ED5734}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{6374BA1A-A706-4B58-A544-7D60361A82E5}" = protocol=6 | dir=in | app=c:\users\pascal\appdata\roaming\dropbox\bin\dropbox.exe |
"{6742D14A-682E-41AC-B32F-F0FF35B0A444}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{677C3915-1459-46A7-97B3-B5846A800CBC}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{6896FDCE-09FA-42CC-90E1-408FFBDD69E5}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe |
"{6A856107-E0F2-46E1-8D3F-5911EA75E8D9}" = protocol=17 | dir=in | app=c:\users\pascal\appdata\roaming\dropbox\bin\dropbox.exe |
"{6F9FC5B7-188A-46DF-BEE5-18F373378819}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter 2\graw2_dedicated.exe |
"{6FA43757-7268-4BB6-888C-6AC18E830B40}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{730AE2A4-4784-42A4-A2BF-E432734D28B6}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{77B59D61-591A-45B7-8389-F72AF6C301B9}" = dir=in | app=c:\program files\apowersoft\screen recording suite\screen-recording-suite.exe |
"{7AB5C482-8E89-408E-BB31-EFAEC923FA57}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe |
"{7B8B1CC0-1CDC-42BA-BD89-F9976E76220A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{7C870BEF-6779-4B47-B2E2-101AA453AB31}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{84B6F821-5111-4ACB-AE78-272E10680ACA}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2.exe |
"{8E67F54F-A0BE-45D0-A11B-90CFF83FAF85}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{963643A9-8F5F-4BB7-BD4E-5D4A0EED1640}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe |
"{96CA6A62-9313-4856-8AC0-237DDE4074D1}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{998C8197-EDE0-402A-BDEF-E28493062A37}" = protocol=17 | dir=in | app=c:\program files\ubisoft\world in conflict\wic_online.exe |
"{9DB07269-A3D6-4DC5-A931-1DD088C2FE16}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{9F032C83-0FFE-4428-8D09-7F3CFA2920D6}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9FCD7B25-86DB-487E-9829-467F2F13DDE7}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{9FD87759-A00D-47C1-AFFF-8B4D38F870F6}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{A14EF884-1F4D-44CE-AA1D-936244CB4F94}" = protocol=6 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe |
"{ACEAFE3E-49F4-4763-A061-7AE397A4632F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's h.a.w.x\hawx.exe |
"{AFF81E3D-594A-432E-B98F-9BB512779FC7}" = protocol=17 | dir=in | app=c:\program files\reality pump\earth 2160\earth2160_no_sse.exe |
"{B72C7430-78A0-45F0-9BFE-83E3C69A0FE7}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steam.exe |
"{BB21FBBD-DFDF-4C67-9614-C54868DFE2A0}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{BB9AF177-7D03-47C3-BCFB-CCD017D4B4F9}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{C424638E-76D4-454D-AC74-C2E857A863C5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{C9E6FC7E-2F93-479B-BEFF-D12F16C04E0A}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{D093524A-B325-42D1-908A-87DE17FB28C9}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{D9037877-97D9-4ACD-9C75-5D696CDD53D8}" = dir=in | app=c:\program files\apowersoft\screen recording suite\screenrecordingsuite.exe |
"{DA828283-DCC9-442B-A5B8-17B880868EDF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\metro 2033\metro2033.exe |
"{DA82D65F-3376-4A3F-989D-10F03C8AF3CA}" = protocol=6 | dir=in | app=c:\program files\reality pump\earth 2160\earth2160_sse.exe |
"{DD1EAA7B-A289-4315-B384-FA628B69FD5E}" = protocol=6 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe |
"{DE0FCFDA-B84D-4FD6-AB76-643BA2693791}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\r.u.s.e\ruse.exe |
"{DF4C2C86-0F9A-4EA2-A4B5-ED012678BD13}" = protocol=6 | dir=in | app=c:\program files\ubisoft\world in conflict\wic_ds.exe |
"{E21960A6-7B79-4F78-9EC6-6002A90AAF38}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\metro 2033\metro2033.exe |
"{E7B56168-278A-4F21-9B55-08C26007A4AA}" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 1942\bf1942.exe |
"{E82B536D-93E8-40FA-8A9D-39BC0BD1E6FC}" = protocol=17 | dir=in | app=c:\program files\reality pump\earth 2160\earth2160_sse.exe |
"{EB522692-9BC1-404B-AEC7-92ABEB476D5B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe |
"{ECE5F10A-4CA3-41C6-9060-9C606260AAD9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\r.u.s.e\ruse.exe |
"{EE68A0F6-29C1-40A9-9DCF-20071211D386}" = protocol=6 | dir=in | app=c:\program files\reality pump\earth 2160\earth2160_no_sse.exe |
"{F4FA4662-5406-4859-9AEE-40040DEB93B7}" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 1942\bf1942.exe |
"{FABEDBCD-346B-4C25-8C9D-D599A32CC4CA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\lexusluger\counter-strike source\hl2.exe |
"{FB1DD3B7-3F71-40D6-94F4-A2921D911CBB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FE34076F-F38A-49B2-A2DE-5AB5F44D0A5F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\lexusluger\day of defeat source\hl2.exe |
"TCP Query User{090BF863-3579-45F5-9E45-C5C4F26F2C71}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe |
"TCP Query User{232DF918-79AB-44C7-A99E-08B72E9BBA1D}C:\program files\steam\steamapps\lexusluger\insurgency\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\lexusluger\insurgency\hl2.exe |
"TCP Query User{263B8034-81B3-4032-A2D7-5BCFF9F61595}C:\program files\ea games\medal of honor pacific assault(tm) demo\mohpa_demo.exe" = protocol=6 | dir=in | app=c:\program files\ea games\medal of honor pacific assault(tm) demo\mohpa_demo.exe |
"TCP Query User{2A8B322C-FF83-429C-9C34-FB45953257F1}C:\program files\duty calls\binaries\win32\dutycalls.exe" = protocol=6 | dir=in | app=c:\program files\duty calls\binaries\win32\dutycalls.exe |
"TCP Query User{41A8E26B-E872-4883-B8C9-4DA20731BF74}C:\users\pascal\desktop\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\pascal\desktop\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{522E8EB8-962B-425B-BD99-CE8AD7C8AEBE}C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe |
"TCP Query User{52FB9875-306A-4EB9-91D5-46352001881C}C:\program files\ea games\battlefield heroes\bfheroes.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield heroes\bfheroes.exe |
"TCP Query User{5AB30AF2-DB34-4B3E-A23F-17304FD352B9}C:\users\pascal\appdata\local\temp\b4c780c1800342968e70e4f2d0e206ed\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\pascal\appdata\local\temp\b4c780c1800342968e70e4f2d0e206ed\relicdownloader.exe |
"TCP Query User{71B140E9-A2C9-4DF7-8827-6D6F96629CB1}C:\program files\call of duty\codmp.exe" = protocol=6 | dir=in | app=c:\program files\call of duty\codmp.exe |
"TCP Query User{7D2F6781-1B1A-4501-9B9F-435BBC49C9FB}C:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"TCP Query User{8703D626-DC2D-443F-99C4-6C5BE363C235}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{A25BA49F-5A99-4EC6-977B-E92AE5C7A567}C:\users\pascal\appdata\local\temp\edcfce51166845da8e9ba9aa58bdd7c8\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\pascal\appdata\local\temp\edcfce51166845da8e9ba9aa58bdd7c8\relicdownloader.exe |
"TCP Query User{A4537B76-6E2A-422C-9775-A1F2D6B31EAB}C:\program files\activision\empires dawn of the modern world\empires_dmw.exe" = protocol=6 | dir=in | app=c:\program files\activision\empires dawn of the modern world\empires_dmw.exe |
"TCP Query User{AA4C50C6-A6C9-426E-9CA0-1F1DEB3D5B37}C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe |
"TCP Query User{B101C106-CC1F-4C00-87E9-0A59CD5FBE1E}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"TCP Query User{C59CADEB-FA7C-42A4-B0B5-97CDEF5253FA}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"TCP Query User{E86E99A3-E9D4-4F65-A650-07B253B6411B}C:\users\pascal\appdata\local\apps\2.0\rgcc854z.kjm\whp6tr47.mz9\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe" = protocol=6 | dir=in | app=c:\users\pascal\appdata\local\apps\2.0\rgcc854z.kjm\whp6tr47.mz9\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe |
"TCP Query User{F1B96DAD-AC3D-4EB3-9910-8431FC95DF46}C:\program files\rockstar games\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\eflc\eflc.exe |
"TCP Query User{FAE4E562-BB45-49D6-B1A7-E2370D4535E0}C:\users\pascal\appdata\local\temp\c391d4b36b2c4cb2942dff35b485372b\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\pascal\appdata\local\temp\c391d4b36b2c4cb2942dff35b485372b\relicdownloader.exe |
"UDP Query User{19F4F651-66A4-4315-90B8-185B4D3C9B3E}C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe |
"UDP Query User{1DC3C6F5-16DD-40FE-AD58-4C27341C7C60}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe |
"UDP Query User{257C17CA-995F-4767-BF30-D15AE607A2B5}C:\program files\call of duty\codmp.exe" = protocol=17 | dir=in | app=c:\program files\call of duty\codmp.exe |
"UDP Query User{34B175F6-8772-4460-9B28-42F4D73AFD6A}C:\program files\duty calls\binaries\win32\dutycalls.exe" = protocol=17 | dir=in | app=c:\program files\duty calls\binaries\win32\dutycalls.exe |
"UDP Query User{4A9694D4-0B68-45C4-A935-778F236997CF}C:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"UDP Query User{61377129-202F-485A-98F2-11145BDB35D9}C:\program files\rockstar games\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\eflc\eflc.exe |
"UDP Query User{6D4C5CAD-5311-49E3-A0AF-CE47F0EF6C27}C:\program files\activision\empires dawn of the modern world\empires_dmw.exe" = protocol=17 | dir=in | app=c:\program files\activision\empires dawn of the modern world\empires_dmw.exe |
"UDP Query User{8146C230-E73F-4746-B25B-7BC874B7417B}C:\program files\steam\steamapps\lexusluger\insurgency\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\lexusluger\insurgency\hl2.exe |
"UDP Query User{8EF0A02D-4275-4196-90CB-DB7BF2D71594}C:\users\pascal\appdata\local\temp\b4c780c1800342968e70e4f2d0e206ed\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\pascal\appdata\local\temp\b4c780c1800342968e70e4f2d0e206ed\relicdownloader.exe |
"UDP Query User{91537DE3-35E1-4590-AFAE-E3F58CFF42E6}C:\users\pascal\desktop\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\pascal\desktop\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{BE51ABFB-BA2F-49F1-9081-85AC5F692113}C:\users\pascal\appdata\local\temp\c391d4b36b2c4cb2942dff35b485372b\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\pascal\appdata\local\temp\c391d4b36b2c4cb2942dff35b485372b\relicdownloader.exe |
"UDP Query User{C218F04D-69D0-45EE-AF0B-F925D97D3150}C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe |
"UDP Query User{C44A2C36-4A1E-48B2-B310-2BC575F7E8C0}C:\program files\ea games\medal of honor pacific assault(tm) demo\mohpa_demo.exe" = protocol=17 | dir=in | app=c:\program files\ea games\medal of honor pacific assault(tm) demo\mohpa_demo.exe |
"UDP Query User{CC64A711-957A-4C42-A265-8F381DAE1A52}C:\program files\ea games\battlefield heroes\bfheroes.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield heroes\bfheroes.exe |
"UDP Query User{E147C511-9216-4EA1-8D2D-39A72DE9CCEB}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{E4384E2A-0227-4653-AD7C-7DFD360B687B}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"UDP Query User{E547B145-3365-4B53-8FF6-967768BB8DBF}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"UDP Query User{ED54214A-E11F-4D15-8EB6-2888B6D62242}C:\users\pascal\appdata\local\apps\2.0\rgcc854z.kjm\whp6tr47.mz9\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe" = protocol=17 | dir=in | app=c:\users\pascal\appdata\local\apps\2.0\rgcc854z.kjm\whp6tr47.mz9\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe |
"UDP Query User{FD18476B-A82C-4D1E-BB21-0194CE7293E1}C:\users\pascal\appdata\local\temp\edcfce51166845da8e9ba9aa58bdd7c8\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\pascal\appdata\local\temp\edcfce51166845da8e9ba9aa58bdd7c8\relicdownloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2DF2C6-08F7-40BD-8E85-D16CB436E7F0}" = Free NaturalReader
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}" = Microsoft XNA Framework Redistributable 2.0
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{25B25C84-6132-4662-972B-4E4DC1B00C98}" = Age of Empires III Trial
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
"{4209F371-4927-659B-6665-F7524E53AE40}_is1" = Ashampoo WinOptimizer 8 v.8.14.00
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4E4F8163-9889-4BAB-B2E7-DBAAE248C1EB}" = LG Android Driver
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adaptor
"{591B29D8-4A37-4202-9F74-3B43A45EC036}" = MAGIX Foto & Grafik Designer 6 SE
"{5928359F-BF46-4646-BF19-B64E55171EB5}_is1" = FILSHtray Version 0.11
"{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BC0CDD6-E0C2-434D-9365-23E79E42DA95}" = Battlestations: Midway
"{6D0042A0-9064-4C7F-B906-3EAC4427EE07}_is1" = Counter-Strike Source DZ
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTAIII
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{C9E270CC-AE42-4BD8-B9C6-1EB3A8657FF5}" = Just Cause 1.00.0000
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EB9F3F92-4857-4121-AA6F-1C424AC6C266}_is1" = Screen Recording Suite V2.5.0
"{EE74D039-45D7-44E9-BF95-B9CFB015964F}_is1" = ArcaniA - Gothic 4
"{EFC97089-04D6-42CE-A707-A343B4A7D2CD}" = Ghost Recon Advanced Warfighter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = WORLD IN CONFLICT
"{F78AC3C0-578C-49AB-BD4E-3107A6036A13}" = Tom Clancy's Ghost Recon Advanced Warfighter® 2
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.0.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"ArmA 2" = ArmA 2 Uninstall
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"ASIO4ALL" = ASIO4ALL
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"ASRock IES_is1" = ASRock IES v2.0.69
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.24
"ASRock OC DNA_is1" = ASRock OC DNA v1.6
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.3.91
"AutocompletePro3_is1" = AutocompletePro
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Battlestrike - Shadow of Stalingrad/DE-German_is1" = Battlestrike: Schlacht um Stalingrad
"Color Efex Pro 3.0 Stand-Alone Standard" = Color Efex Pro 3.0 Standard
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Company of Heroes" = Company of Heroes
"conduitEngine" = Conduit Engine
"Counter-Strike 1.6" = Counter-Strike 1.6
"DAEMON Tools Lite" = DAEMON Tools Lite
"DealBulldog Toolbar" = DealBulldog Toolbar
"Drakensang_is1" = Drakensang
"Earth 2160" = Earth 2160
"Edirol HQ Orchestral VSTi v1.03" = Edirol HQ Orchestral VSTi v1.03
"Edirol Hyper Canvas VSTi DXi_is1" = Edirol Hyper Canvas VSTi DXi 1.6.0
"ESN Sonar-0.70.4" = ESN Sonar
"FarmingSimulator2009DE_is1" = Landwirtschafts-Simulator 2009
"FL Studio 9" = FL Studio 9
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.0
"Free WAV to MP3 Converter" = Free WAV to MP3 Converter
"Game Booster_is1" = Game Booster 3
"Glary Utilities_is1" = Glary Utilities 2.35.0.1216
"Hardcore" = Hardcore
"Hidden & Dangerous 2 Sabre Squadron Demo" = Hidden & Dangerous 2 Sabre Squadron Demo
"HS2_is1" = Steinberg Hypersonic 2
"HyperCam 2" = HyperCam 2
"IL Download Manager" = IL Download Manager
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{25B25C84-6132-4662-972B-4E4DC1B00C98}" = Age of Empires III Trial
"InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}" = Belkin USB Wireless Adaptor
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11
"Live Lite Alesis Edition" = Live Lite Alesis Edition
"LUXONIX_Purity" = LUXONIX Purity
"MAGIX_{591B29D8-4A37-4202-9F74-3B43A45EC036}" = MAGIX Foto & Grafik Designer 6 SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3-Cutter" = MP3-Cutter
"Native Instruments Absynth 4" = Native Instruments Absynth 4
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Massive v1.0.1.008 VSTi DXi RTAS" = Native Instruments Massive v1.0.1.008 VSTi DXi RTAS
"Native Instruments Service Center" = Native Instruments Service Center
"NCH_EN Toolbar" = NCH EN Toolbar
"Netzmanager" = Netzmanager
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PoiZone" = PoiZone
"PokerTH 0.9.5" = PokerTH
"Predator_is1" = Rob Papen Predator V1.6.2a
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Recuva" = Recuva
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"reFX Vanguard_is1" = reFX Vanguard VSTi RTAS v1.8.0
"Rob Papen Blade_is1" = Rob Papen Blade 1.0.0d
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"Sawer" = Sawer
"Steam App 17500" = Zombie Panic Source
"Steam App 17700" = Insurgency
"Steam App 21970" = R.U.S.E
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 43110" = Metro 2033
"Steam App 80" = Counter-Strike: Condition Zero
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle
"Tone2 Gladiator Retail_is1" = Gladiator v1.2.2.0
"Tone2 Gladiator VSTi_is1" = Tone2 Gladiator VSTi v2.2
"Toxic Biohazard" = Toxic Biohazard
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"XFastUsb" = XFastUsb
"YTdetect" = Yahoo! Detect
"z3ta+_x86_is1" = rgc:audio z3ta+ 1.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"d8be6c3f847d7d92" = Ghost Recon Online
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.07.2012 08:16:22 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.07.2012 08:16:22 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.07.2012 08:16:22 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.07.2012 08:16:22 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.07.2012 08:16:22 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.07.2012 08:16:22 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.07.2012 13:12:10 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.07.2012 13:12:10 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.07.2012 13:12:10 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 02.07.2012 13:12:10 | Computer Name = Pascal-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ System Events ]
Error - 13.02.2013 07:50:02 | Computer Name = Pascal-PC | Source = NetBT | ID = 4321
Description = Der Name "PASCAL-PC :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.102 registriert werden. Der Computer mit IP-Adresse 192.168.2.105
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 13.02.2013 07:50:04 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.02.2013 07:50:04 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.02.2013 07:50:04 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.02.2013 07:50:05 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.02.2013 07:50:05 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.02.2013 07:50:05 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.02.2013 07:50:05 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.02.2013 07:50:05 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.02.2013 07:50:05 | Computer Name = Pascal-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Gmer.txt GMER Logfile: Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-13 13:21:44
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000066 WDC_WD50 rev.15.0 465,76GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\Pascal\AppData\Local\Temp\uxliapog.sys
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82644A49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8267E4D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User code sections - GMER 2.0 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!EnableWindow 77598D02 5 Bytes JMP 70FA9EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!DialogBoxParamW 775B3B9B 5 Bytes JMP 70F01893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!DialogBoxIndirectParamW 775C3B7F 5 Bytes JMP 710F8FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!DialogBoxParamA 775DCF42 5 Bytes JMP 710F8F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!DialogBoxIndirectParamA 775DD274 5 Bytes JMP 710F901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!MessageBoxIndirectA 775EE869 5 Bytes JMP 710F8ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!MessageBoxIndirectW 775EE963 5 Bytes JMP 710F8E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!MessageBoxExA 775EE9C9 5 Bytes JMP 710F8DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1000] USER32.dll!MessageBoxExW 775EE9ED 5 Bytes JMP 710F8D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] kernel32.dll!CreateThread 779FDCC2 5 Bytes JMP 70F675DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!EnableWindow 77598D02 5 Bytes JMP 70FA9EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!CallNextHookEx 7759ABE1 5 Bytes JMP 70FC7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 70FEED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!DefWindowProcA 7759BB1C 7 Bytes JMP 70F69805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!CreateWindowExA 7759BF40 5 Bytes JMP 70F7363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 70FA25AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!CreateWindowExW 7759EC7C 5 Bytes JMP 70FD03CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!DefWindowProcW 775A507D 7 Bytes JMP 70FC8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!DialogBoxParamW 775B3B9B 5 Bytes JMP 70F01893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!DialogBoxIndirectParamW 775C3B7F 5 Bytes JMP 710F8FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!DialogBoxParamA 775DCF42 5 Bytes JMP 710F8F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!DialogBoxIndirectParamA 775DD274 5 Bytes JMP 710F901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!MessageBoxIndirectA 775EE869 5 Bytes JMP 710F8ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!MessageBoxIndirectW 775EE963 5 Bytes JMP 710F8E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!MessageBoxExA 775EE9C9 5 Bytes JMP 710F8DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] USER32.dll!MessageBoxExW 775EE9ED 5 Bytes JMP 710F8D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1288] ole32.dll!OleLoadFromStream 77246143 5 Bytes JMP 710F9784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] kernel32.dll!CreateThread 779FDCC2 5 Bytes JMP 70F675DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!EnableWindow 77598D02 5 Bytes JMP 70FA9EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!CallNextHookEx 7759ABE1 5 Bytes JMP 70FC7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!UnhookWindowsHookEx 7759ADF9 5 Bytes JMP 70FEED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DefWindowProcA 7759BB1C 7 Bytes JMP 70F69805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!CreateWindowExA 7759BF40 5 Bytes JMP 70F7363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!SetWindowsHookExW 7759E30C 5 Bytes JMP 70FA25AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!CreateWindowExW 7759EC7C 5 Bytes JMP 70FD03CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DefWindowProcW 775A507D 7 Bytes JMP 70FC8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DialogBoxParamW 775B3B9B 5 Bytes JMP 70F01893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DialogBoxIndirectParamW 775C3B7F 5 Bytes JMP 710F8FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DialogBoxParamA 775DCF42 5 Bytes JMP 710F8F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DialogBoxIndirectParamA 775DD274 5 Bytes JMP 710F901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!MessageBoxIndirectA 775EE869 5 Bytes JMP 710F8ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!MessageBoxIndirectW 775EE963 5 Bytes JMP 710F8E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!MessageBoxExA 775EE9C9 5 Bytes JMP 710F8DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!MessageBoxExW 775EE9ED 5 Bytes JMP 710F8D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] ole32.dll!OleLoadFromStream 77246143 5 Bytes JMP 710F9784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
---- EOF - GMER 2.0 ----
|
|
13.02.2013, 15:35
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Gvu trojaner 2013 mit webcam infiziert Hallo und
__________________ Zitat:
Zitat:
Zwei Virenscanner dieser Art sollten niemals gleichzeitig installiert sein!
__________________ |
|
13.02.2013, 15:49
| #3 |
| | Gvu trojaner 2013 mit webcam infiziert Malwarebytes Anti-Malware (Test) 1.70.0.1100
__________________www.malwarebytes.org Datenbank Version: v2013.02.12.10 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Pascal :: PASCAL-PC [Administrator] Schutz: Deaktiviert 13.02.2013 01:36:17 mbam-log-2013-02-13 (01-36-17).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 137410 Laufzeit: 12 Minute(n), 17 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.12.10 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Pascal :: PASCAL-PC [Administrator] Schutz: Deaktiviert 13.02.2013 01:48:43 mbam-log-2013-02-13 (01-48-43).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 223891 Laufzeit: 3 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: ("regedit.exe" "%1") Gut: (regedit.exe "%1") -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Pascal\4274807.dll (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.13.05 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Pascal :: PASCAL-PC [Administrator] Schutz: Deaktiviert 13.02.2013 12:52:43 mbam-log-2013-02-13 (12-52-43).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 223313 Laufzeit: 3 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Das mit den zwei Virenprogrammen gleichzeitig war mir nicht bekannt. Kaspersky war davor immer deaktiviert. |
|
14.02.2013, 00:23
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Gvu trojaner 2013 mit webcam infiziert Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.02.2013, 11:25
| #5 |
| | Gvu trojaner 2013 mit webcam infiziertCode:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org
Database version: v2013.02.14.03
Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Pascal :: PASCAL-PC [administrator]
14.02.2013 11:20:40
mbar-log-2013-02-14 (11-20-40).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28069
Time elapsed: 5 minute(s), 5 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Delete on reboot.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
14.02.2013, 11:28
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Gvu trojaner 2013 mit webcam infiziert Denkst du daran bitte: Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
__________________ --> Gvu trojaner 2013 mit webcam infiziert |
|
14.02.2013, 12:01
| #7 |
| | Gvu trojaner 2013 mit webcam infiziert Hab ihn nochmal scannen lassen, kein Fund |
|
14.02.2013, 12:14
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Gvu trojaner 2013 mit webcam infiziert aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.02.2013, 13:02
| #9 |
| | Gvu trojaner 2013 mit webcam infiziertCode:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-14 12:34:16
-----------------------------
12:34:16.402 OS Version: Windows 6.1.7601 Service Pack 1
12:34:16.402 Number of processors: 2 586 0x602
12:34:16.402 ComputerName: PASCAL-PC UserName: Pascal
12:34:35.636 Initialize success
12:34:37.089 AVAST engine defs: 13021302
12:34:57.089 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
12:34:57.089 Disk 0 Vendor: WDC_WD50 15.0 Size: 476940MB BusType: 3
12:34:57.105 Disk 0 MBR read successfully
12:34:57.105 Disk 0 MBR scan
12:34:57.511 Disk 0 Windows 7 default MBR code
12:34:57.527 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 2048
12:34:57.808 Disk 0 scanning sectors +976771072
12:34:58.105 Disk 0 scanning C:\Windows\system32\drivers
12:35:13.339 Service scanning
12:35:22.980 Service MSICDSetup D:\CDriver.sys **LOCKED** 21
12:35:32.589 Modules scanning
12:35:35.542 Disk 0 trace - called modules:
12:35:35.542 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor32.sys
12:35:36.058 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86166398]
12:35:36.058 3 CLASSPNP.SYS[8bb8759e] -> nt!IofCallDriver -> [0x85186480]
12:35:36.058 5 ACPI.sys[8ae443d4] -> nt!IofCallDriver -> \Device\00000066[0x85186030]
12:35:37.449 AVAST engine scan C:\Windows
12:35:40.339 AVAST engine scan C:\Windows\system32
12:37:29.042 AVAST engine scan C:\Windows\system32\drivers
12:37:37.105 AVAST engine scan C:\Users\Pascal
12:53:41.730 AVAST engine scan C:\ProgramData
12:55:13.558 Scan finished successfully
12:56:07.902 Disk 0 MBR has been saved successfully to "C:\Users\Pascal\Desktop\MBR.dat"
12:56:07.917 The log file has been saved successfully to "C:\Users\Pascal\Desktop\aswMBR.txt"
|
|
14.02.2013, 13:14
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Gvu trojaner 2013 mit webcam infiziert Anleitungen bitte richtig lesen und umsetzen Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.02.2013, 13:22
| #11 |
| | Gvu trojaner 2013 mit webcam infiziertCode:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-14 12:34:16
-----------------------------
12:34:16.402 OS Version: Windows 6.1.7601 Service Pack 1
12:34:16.402 Number of processors: 2 586 0x602
12:34:16.402 ComputerName: PASCAL-PC UserName: Pascal
12:34:35.636 Initialize success
12:34:37.089 AVAST engine defs: 13021302
12:34:57.089 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
12:34:57.089 Disk 0 Vendor: WDC_WD50 15.0 Size: 476940MB BusType: 3
12:34:57.105 Disk 0 MBR read successfully
12:34:57.105 Disk 0 MBR scan
12:34:57.511 Disk 0 Windows 7 default MBR code
12:34:57.527 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 2048
12:34:57.808 Disk 0 scanning sectors +976771072
12:34:58.105 Disk 0 scanning C:\Windows\system32\drivers
12:35:13.339 Service scanning
12:35:22.980 Service MSICDSetup D:\CDriver.sys **LOCKED** 21
12:35:32.589 Modules scanning
12:35:35.542 Disk 0 trace - called modules:
12:35:35.542 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor32.sys
12:35:36.058 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86166398]
12:35:36.058 3 CLASSPNP.SYS[8bb8759e] -> nt!IofCallDriver -> [0x85186480]
12:35:36.058 5 ACPI.sys[8ae443d4] -> nt!IofCallDriver -> \Device\00000066[0x85186030]
12:35:37.449 AVAST engine scan C:\Windows
12:35:40.339 AVAST engine scan C:\Windows\system32
12:37:29.042 AVAST engine scan C:\Windows\system32\drivers
12:37:37.105 AVAST engine scan C:\Users\Pascal
12:53:41.730 AVAST engine scan C:\ProgramData
12:55:13.558 Scan finished successfully
12:56:07.902 Disk 0 MBR has been saved successfully to "C:\Users\Pascal\Desktop\MBR.dat"
12:56:07.917 The log file has been saved successfully to "C:\Users\Pascal\Desktop\aswMBR.txt"
Code:
ATTFilter 12:56:28.0214 2008 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:56:28.0699 2008 ============================================================
12:56:28.0699 2008 Current date / time: 2013/02/14 12:56:28.0699
12:56:28.0699 2008 SystemInfo:
12:56:28.0699 2008
12:56:28.0699 2008 OS Version: 6.1.7601 ServicePack: 1.0
12:56:28.0714 2008 Product type: Workstation
12:56:28.0714 2008 ComputerName: PASCAL-PC
12:56:28.0714 2008 UserName: Pascal
12:56:28.0714 2008 Windows directory: C:\Windows
12:56:28.0714 2008 System windows directory: C:\Windows
12:56:28.0714 2008 Processor architecture: Intel x86
12:56:28.0714 2008 Number of processors: 2
12:56:28.0714 2008 Page size: 0x1000
12:56:28.0714 2008 Boot type: Safe boot with network
12:56:28.0714 2008 ============================================================
12:56:29.0855 2008 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:56:29.0855 2008 ============================================================
12:56:29.0855 2008 \Device\Harddisk0\DR0:
12:56:29.0855 2008 MBR partitions:
12:56:29.0855 2008 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
12:56:29.0855 2008 ============================================================
12:56:29.0886 2008 C: <-> \Device\Harddisk0\DR0\Partition1
12:56:29.0886 2008 ============================================================
12:56:29.0886 2008 Initialize success
12:56:29.0886 2008 ============================================================
12:56:32.0652 1264 ============================================================
12:56:32.0652 1264 Scan started
12:56:32.0652 1264 Mode: Manual;
12:56:32.0652 1264 ============================================================
12:56:34.0074 1264 ================ Scan system memory ========================
12:56:34.0074 1264 System memory - ok
12:56:34.0074 1264 ================ Scan services =============================
12:56:34.0324 1264 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:56:34.0324 1264 1394ohci - ok
12:56:34.0371 1264 [ E6F53D6C0DEA3D375362265E175CA638 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
12:56:34.0371 1264 acedrv11 - ok
12:56:34.0433 1264 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:56:34.0449 1264 ACPI - ok
12:56:34.0464 1264 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:56:34.0464 1264 AcpiPmi - ok
12:56:34.0574 1264 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:56:34.0574 1264 AdobeARMservice - ok
12:56:34.0621 1264 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:56:34.0636 1264 AdobeFlashPlayerUpdateSvc - ok
12:56:34.0667 1264 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:56:34.0683 1264 adp94xx - ok
12:56:34.0683 1264 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:56:34.0699 1264 adpahci - ok
12:56:34.0699 1264 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:56:34.0714 1264 adpu320 - ok
12:56:34.0730 1264 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:56:34.0730 1264 AeLookupSvc - ok
12:56:34.0761 1264 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
12:56:34.0777 1264 AFD - ok
12:56:34.0808 1264 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
12:56:34.0808 1264 agp440 - ok
12:56:34.0824 1264 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
12:56:34.0839 1264 aic78xx - ok
12:56:34.0855 1264 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
12:56:34.0855 1264 ALG - ok
12:56:34.0871 1264 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
12:56:34.0871 1264 aliide - ok
12:56:34.0886 1264 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:56:34.0886 1264 amdagp - ok
12:56:34.0902 1264 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
12:56:34.0902 1264 amdide - ok
12:56:34.0917 1264 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:56:34.0917 1264 AmdK8 - ok
12:56:34.0949 1264 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:56:34.0949 1264 AmdPPM - ok
12:56:34.0980 1264 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:56:34.0980 1264 amdsata - ok
12:56:34.0996 1264 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:56:34.0996 1264 amdsbs - ok
12:56:35.0027 1264 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:56:35.0027 1264 amdxata - ok
12:56:35.0058 1264 [ 45039AD240754B3BD789668C2C986EA7 ] Andbus C:\Windows\system32\DRIVERS\lgandbus.sys
12:56:35.0058 1264 Andbus - ok
12:56:35.0074 1264 [ F7EC18DB02C9FB26AED52E0E1BB98960 ] AndDiag C:\Windows\system32\DRIVERS\lganddiag.sys
12:56:35.0074 1264 AndDiag - ok
12:56:35.0105 1264 [ 6D79F0C7F33DD85F50D69C7D7EFEC9E0 ] AndGps C:\Windows\system32\DRIVERS\lgandgps.sys
12:56:35.0105 1264 AndGps - ok
12:56:35.0105 1264 [ 881837E816B948F7A94098ADD21AFD7C ] ANDModem C:\Windows\system32\DRIVERS\lgandmodem.sys
12:56:35.0105 1264 ANDModem - ok
12:56:35.0152 1264 [ 54A40A58FF71936026F2E49ECFD487B8 ] androidusb C:\Windows\system32\Drivers\lgandadb.sys
12:56:35.0152 1264 androidusb - ok
12:56:35.0183 1264 [ 548CCBD8B48FDF7E2435AD6017920A7F ] Apowersoft_AudioDevice C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys
12:56:35.0183 1264 Apowersoft_AudioDevice - ok
12:56:35.0230 1264 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
12:56:35.0230 1264 AppID - ok
12:56:35.0261 1264 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:56:35.0261 1264 AppIDSvc - ok
12:56:35.0292 1264 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
12:56:35.0292 1264 Appinfo - ok
12:56:35.0324 1264 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
12:56:35.0324 1264 arc - ok
12:56:35.0339 1264 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:56:35.0339 1264 arcsas - ok
12:56:35.0386 1264 [ 46658EE12F6924E832697581FDD0E659 ] AsrAppCharger C:\Windows\system32\DRIVERS\AsrAppCharger.sys
12:56:35.0386 1264 AsrAppCharger - ok
12:56:35.0402 1264 [ 054DF24C92B55427E0757CFFF160E4F2 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
12:56:35.0402 1264 aswFsBlk - ok
12:56:35.0433 1264 [ 258143605E77E4008F1758481D6A977D ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
12:56:35.0433 1264 aswMonFlt - ok
12:56:35.0449 1264 [ 352D5A48EBAB35A7693B048679304831 ] aswRdr C:\Windows\system32\drivers\aswRdr.sys
12:56:35.0449 1264 aswRdr - ok
12:56:35.0464 1264 [ 8D34D2B24297E27D93E847319ABFDEC4 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
12:56:35.0464 1264 aswSnx - ok
12:56:35.0480 1264 [ 010012597333DA1F46C3243F33F8409E ] aswSP C:\Windows\system32\drivers\aswSP.sys
12:56:35.0480 1264 aswSP - ok
12:56:35.0511 1264 [ F9F84364416658E9786235904D448D37 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
12:56:35.0511 1264 aswTdi - ok
12:56:35.0542 1264 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:56:35.0542 1264 AsyncMac - ok
12:56:35.0574 1264 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
12:56:35.0589 1264 atapi - ok
12:56:35.0605 1264 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:56:35.0621 1264 AudioEndpointBuilder - ok
12:56:35.0621 1264 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:56:35.0636 1264 Audiosrv - ok
12:56:35.0714 1264 [ 996E6D052438E8D8DFD501F31560B2E0 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:56:35.0714 1264 avast! Antivirus - ok
12:56:35.0777 1264 [ 3CE83DAAF178E2A8DBB5A1A7CB6892EA ] AVP C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe
12:56:35.0777 1264 AVP - ok
12:56:35.0824 1264 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:56:35.0824 1264 AxInstSV - ok
12:56:35.0871 1264 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
12:56:35.0871 1264 b06bdrv - ok
12:56:35.0902 1264 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
12:56:35.0917 1264 b57nd60x - ok
12:56:35.0949 1264 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
12:56:35.0964 1264 BDESVC - ok
12:56:35.0964 1264 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
12:56:35.0964 1264 Beep - ok
12:56:35.0996 1264 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
12:56:36.0011 1264 BFE - ok
12:56:36.0058 1264 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
12:56:36.0058 1264 BITS - ok
12:56:36.0074 1264 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:56:36.0074 1264 blbdrive - ok
12:56:36.0105 1264 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:56:36.0105 1264 bowser - ok
12:56:36.0121 1264 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:56:36.0121 1264 BrFiltLo - ok
12:56:36.0136 1264 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:56:36.0136 1264 BrFiltUp - ok
12:56:36.0152 1264 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
12:56:36.0152 1264 Browser - ok
12:56:36.0167 1264 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:56:36.0167 1264 Brserid - ok
12:56:36.0183 1264 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:56:36.0183 1264 BrSerWdm - ok
12:56:36.0214 1264 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:56:36.0214 1264 BrUsbMdm - ok
12:56:36.0214 1264 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:56:36.0214 1264 BrUsbSer - ok
12:56:36.0214 1264 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:56:36.0214 1264 BTHMODEM - ok
12:56:36.0261 1264 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
12:56:36.0261 1264 bthserv - ok
12:56:36.0308 1264 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:56:36.0308 1264 cdfs - ok
12:56:36.0339 1264 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:56:36.0339 1264 cdrom - ok
12:56:36.0355 1264 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
12:56:36.0371 1264 CertPropSvc - ok
12:56:36.0386 1264 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:56:36.0386 1264 circlass - ok
12:56:36.0417 1264 [ B53F9635457B56DCFFEF750E18AEC6CB ] CLEDX C:\Windows\system32\DRIVERS\cledx.sys
12:56:36.0417 1264 CLEDX - ok
12:56:36.0449 1264 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
12:56:36.0449 1264 CLFS - ok
12:56:36.0527 1264 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:56:36.0542 1264 clr_optimization_v2.0.50727_32 - ok
12:56:36.0589 1264 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:56:36.0605 1264 clr_optimization_v4.0.30319_32 - ok
12:56:36.0636 1264 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:56:36.0636 1264 CmBatt - ok
12:56:36.0652 1264 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:56:36.0652 1264 cmdide - ok
12:56:36.0683 1264 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
12:56:36.0683 1264 CNG - ok
12:56:36.0699 1264 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:56:36.0699 1264 Compbatt - ok
12:56:36.0746 1264 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:56:36.0746 1264 CompositeBus - ok
12:56:36.0761 1264 COMSysApp - ok
12:56:36.0777 1264 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:56:36.0777 1264 crcdisk - ok
12:56:36.0808 1264 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:56:36.0808 1264 CryptSvc - ok
12:56:36.0839 1264 [ 90F8539FA0DE4AAFE4FDBE7F95D6A512 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
12:56:36.0855 1264 dc3d - ok
12:56:36.0886 1264 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
12:56:36.0886 1264 DcomLaunch - ok
12:56:36.0902 1264 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
12:56:36.0902 1264 defragsvc - ok
12:56:36.0933 1264 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:56:36.0933 1264 DfsC - ok
12:56:36.0996 1264 [ 92AE26F2CAF4A67E24A0BA6DDF32CC3C ] DfSdkS C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS.exe
12:56:36.0996 1264 DfSdkS - ok
12:56:37.0042 1264 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:56:37.0042 1264 Dhcp - ok
12:56:37.0058 1264 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
12:56:37.0058 1264 discache - ok
12:56:37.0089 1264 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:56:37.0105 1264 Disk - ok
12:56:37.0121 1264 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:56:37.0121 1264 Dnscache - ok
12:56:37.0152 1264 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
12:56:37.0152 1264 dot3svc - ok
12:56:37.0199 1264 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
12:56:37.0199 1264 DPS - ok
12:56:37.0230 1264 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:56:37.0230 1264 drmkaud - ok
12:56:37.0261 1264 [ 555E54AC2F601A8821CEF58961653991 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:56:37.0277 1264 dtsoftbus01 - ok
12:56:37.0292 1264 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:56:37.0308 1264 DXGKrnl - ok
12:56:37.0324 1264 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
12:56:37.0339 1264 EapHost - ok
12:56:37.0402 1264 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
12:56:37.0449 1264 ebdrv - ok
12:56:37.0464 1264 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
12:56:37.0464 1264 EFS - ok
12:56:37.0511 1264 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:56:37.0527 1264 ehRecvr - ok
12:56:37.0542 1264 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
12:56:37.0542 1264 ehSched - ok
12:56:37.0589 1264 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:56:37.0589 1264 elxstor - ok
12:56:37.0621 1264 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:56:37.0621 1264 ErrDev - ok
12:56:37.0652 1264 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
12:56:37.0652 1264 EventSystem - ok
12:56:37.0699 1264 [ DAFC7E1B2FFA35CCBDDF95AE3E31BFAE ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
12:56:37.0699 1264 ewusbnet - ok
12:56:37.0730 1264 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
12:56:37.0730 1264 exfat - ok
12:56:37.0746 1264 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:56:37.0761 1264 fastfat - ok
12:56:37.0777 1264 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
12:56:37.0792 1264 Fax - ok
12:56:37.0808 1264 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:56:37.0808 1264 fdc - ok
12:56:37.0808 1264 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
12:56:37.0824 1264 fdPHost - ok
12:56:37.0824 1264 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
12:56:37.0824 1264 FDResPub - ok
12:56:37.0839 1264 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:56:37.0839 1264 FileInfo - ok
12:56:37.0855 1264 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:56:37.0855 1264 Filetrace - ok
12:56:37.0871 1264 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:56:37.0871 1264 flpydisk - ok
12:56:37.0902 1264 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:56:37.0902 1264 FltMgr - ok
12:56:37.0933 1264 [ 09CAE05275585AC404D48213D7B08396 ] FNETTBOH_305 C:\Windows\system32\drivers\FNETTBOH_305.SYS
12:56:37.0933 1264 FNETTBOH_305 - ok
12:56:37.0949 1264 [ 47BDA10316324CFA540F25AB7021F0D8 ] FNETURPX C:\Windows\system32\drivers\FNETURPX.SYS
12:56:37.0949 1264 FNETURPX - ok
12:56:37.0980 1264 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
12:56:37.0980 1264 FontCache - ok
12:56:38.0074 1264 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:56:38.0074 1264 FontCache3.0.0.0 - ok
12:56:38.0121 1264 [ F33425DBD8CDF00C1F318BA0EDC8D048 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
12:56:38.0121 1264 ForceWare Intelligent Application Manager (IAM) - ok
12:56:38.0136 1264 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:56:38.0136 1264 FsDepends - ok
12:56:38.0152 1264 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:56:38.0152 1264 Fs_Rec - ok
12:56:38.0199 1264 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:56:38.0199 1264 fvevol - ok
12:56:38.0230 1264 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:56:38.0230 1264 gagp30kx - ok
12:56:38.0230 1264 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
12:56:38.0246 1264 gpsvc - ok
12:56:38.0308 1264 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:56:38.0308 1264 gupdate - ok
12:56:38.0324 1264 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:56:38.0324 1264 gupdatem - ok
12:56:38.0386 1264 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:56:38.0386 1264 gusvc - ok
12:56:38.0417 1264 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:56:38.0417 1264 hcw85cir - ok
12:56:38.0464 1264 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:56:38.0464 1264 HdAudAddService - ok
12:56:38.0496 1264 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:56:38.0496 1264 HDAudBus - ok
12:56:38.0511 1264 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:56:38.0511 1264 HidBatt - ok
12:56:38.0527 1264 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:56:38.0527 1264 HidBth - ok
12:56:38.0558 1264 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:56:38.0558 1264 HidIr - ok
12:56:38.0589 1264 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
12:56:38.0589 1264 hidserv - ok
12:56:38.0589 1264 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:56:38.0589 1264 HidUsb - ok
12:56:38.0621 1264 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:56:38.0621 1264 hkmsvc - ok
12:56:38.0636 1264 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:56:38.0636 1264 HomeGroupListener - ok
12:56:38.0667 1264 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:56:38.0667 1264 HomeGroupProvider - ok
12:56:38.0683 1264 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:56:38.0683 1264 HpSAMD - ok
12:56:38.0714 1264 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:56:38.0714 1264 HTTP - ok
12:56:38.0792 1264 [ 1FC7A63148E4F2BD831DAB0DC732026D ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
12:56:38.0792 1264 hwdatacard - ok
12:56:38.0808 1264 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:56:38.0808 1264 hwpolicy - ok
12:56:38.0839 1264 [ A259D3619AA23D4562581067F85E2006 ] hwusbdev C:\Windows\system32\DRIVERS\ewusbdev.sys
12:56:38.0839 1264 hwusbdev - ok
12:56:38.0886 1264 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:56:38.0886 1264 i8042prt - ok
12:56:38.0917 1264 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:56:38.0917 1264 iaStorV - ok
12:56:38.0996 1264 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:56:38.0996 1264 IDriverT - ok
12:56:39.0042 1264 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:56:39.0058 1264 idsvc - ok
12:56:39.0089 1264 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:56:39.0089 1264 iirsp - ok
12:56:39.0121 1264 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
12:56:39.0121 1264 IKEEXT - ok
12:56:39.0136 1264 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
12:56:39.0136 1264 intelide - ok
12:56:39.0152 1264 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:56:39.0152 1264 intelppm - ok
12:56:39.0183 1264 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:56:39.0183 1264 IPBusEnum - ok
12:56:39.0199 1264 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:56:39.0199 1264 IpFilterDriver - ok
12:56:39.0230 1264 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:56:39.0230 1264 iphlpsvc - ok
12:56:39.0261 1264 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:56:39.0261 1264 IPMIDRV - ok
12:56:39.0277 1264 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:56:39.0277 1264 IPNAT - ok
12:56:39.0308 1264 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:56:39.0308 1264 IRENUM - ok
12:56:39.0339 1264 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:56:39.0339 1264 isapnp - ok
12:56:39.0386 1264 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:56:39.0402 1264 iScsiPrt - ok
12:56:39.0433 1264 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:56:39.0433 1264 kbdclass - ok
12:56:39.0464 1264 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:56:39.0464 1264 kbdhid - ok
12:56:39.0496 1264 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
12:56:39.0496 1264 KeyIso - ok
12:56:39.0542 1264 [ 94D67D49BD9503BB1D838405D80F2058 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
12:56:39.0542 1264 KL1 - ok
12:56:39.0558 1264 [ 713576569667AC9E0F8556076004A96B ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
12:56:39.0558 1264 kl2 - ok
12:56:39.0605 1264 [ 39920D69EAEDB51757527AA54FE25216 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
12:56:39.0605 1264 KLIF - ok
12:56:39.0636 1264 [ CF88B4985D957EEE45C9939092E87C92 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
12:56:39.0636 1264 KLIM6 - ok
12:56:39.0636 1264 [ 3DE1771C135328420315E21DDE229BBA ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
12:56:39.0636 1264 klmouflt - ok
12:56:39.0667 1264 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:56:39.0667 1264 KSecDD - ok
12:56:39.0667 1264 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:56:39.0667 1264 KSecPkg - ok
12:56:39.0714 1264 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
12:56:39.0730 1264 KtmRm - ok
12:56:39.0761 1264 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
12:56:39.0777 1264 LanmanServer - ok
12:56:39.0792 1264 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:56:39.0808 1264 LanmanWorkstation - ok
12:56:39.0855 1264 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:56:39.0855 1264 lltdio - ok
12:56:39.0871 1264 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:56:39.0871 1264 lltdsvc - ok
12:56:39.0886 1264 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
12:56:39.0886 1264 lmhosts - ok
12:56:39.0902 1264 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:56:39.0917 1264 LSI_FC - ok
12:56:39.0917 1264 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:56:39.0917 1264 LSI_SAS - ok
12:56:39.0933 1264 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:56:40.0011 1264 LSI_SAS2 - ok
12:56:40.0074 1264 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:56:40.0089 1264 LSI_SCSI - ok
12:56:40.0152 1264 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
12:56:40.0183 1264 luafv - ok
12:56:40.0214 1264 [ 59A2783ABA6019BED0C843C706E10A6A ] massfilter C:\Windows\system32\drivers\massfilter.sys
12:56:40.0214 1264 massfilter - ok
12:56:40.0230 1264 mbamchameleon - ok
12:56:40.0246 1264 mbamswissarmy - ok
12:56:40.0261 1264 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:56:40.0277 1264 Mcx2Svc - ok
12:56:40.0277 1264 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:56:40.0277 1264 megasas - ok
12:56:40.0308 1264 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:56:40.0308 1264 MegaSR - ok
12:56:40.0324 1264 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
12:56:40.0324 1264 MMCSS - ok
12:56:40.0355 1264 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
12:56:40.0355 1264 Modem - ok
12:56:40.0371 1264 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:56:40.0371 1264 monitor - ok
12:56:40.0402 1264 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:56:40.0402 1264 mouclass - ok
12:56:40.0417 1264 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:56:40.0417 1264 mouhid - ok
12:56:40.0433 1264 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:56:40.0449 1264 mountmgr - ok
12:56:40.0480 1264 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:56:40.0480 1264 MozillaMaintenance - ok
12:56:40.0496 1264 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
12:56:40.0496 1264 mpio - ok
12:56:40.0511 1264 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:56:40.0511 1264 mpsdrv - ok
12:56:40.0542 1264 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:56:40.0558 1264 MpsSvc - ok
12:56:40.0574 1264 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:56:40.0574 1264 MRxDAV - ok
12:56:40.0605 1264 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:56:40.0621 1264 mrxsmb - ok
12:56:40.0652 1264 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:56:40.0652 1264 mrxsmb10 - ok
12:56:40.0652 1264 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:56:40.0652 1264 mrxsmb20 - ok
12:56:40.0667 1264 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
12:56:40.0667 1264 msahci - ok
12:56:40.0714 1264 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:56:40.0714 1264 msdsm - ok
12:56:40.0730 1264 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
12:56:40.0730 1264 MSDTC - ok
12:56:40.0761 1264 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:56:40.0761 1264 Msfs - ok
12:56:40.0792 1264 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:56:40.0792 1264 mshidkmdf - ok
12:56:40.0808 1264 MSICDSetup - ok
12:56:40.0839 1264 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:56:40.0839 1264 msisadrv - ok
12:56:40.0871 1264 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:56:40.0871 1264 MSiSCSI - ok
12:56:40.0871 1264 msiserver - ok
12:56:40.0902 1264 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:56:40.0902 1264 MSKSSRV - ok
12:56:40.0917 1264 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:56:40.0917 1264 MSPCLOCK - ok
12:56:40.0917 1264 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:56:40.0933 1264 MSPQM - ok
12:56:40.0949 1264 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:56:40.0949 1264 MsRPC - ok
12:56:40.0949 1264 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:56:40.0949 1264 mssmbios - ok
12:56:40.0964 1264 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:56:40.0964 1264 MSTEE - ok
12:56:40.0964 1264 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:56:40.0964 1264 MTConfig - ok
12:56:40.0980 1264 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
12:56:40.0980 1264 Mup - ok
12:56:41.0027 1264 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
12:56:41.0027 1264 napagent - ok
12:56:41.0058 1264 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:56:41.0074 1264 NativeWifiP - ok
12:56:41.0105 1264 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:56:41.0121 1264 NDIS - ok
12:56:41.0152 1264 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:56:41.0152 1264 NdisCap - ok
12:56:41.0167 1264 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:56:41.0167 1264 NdisTapi - ok
12:56:41.0199 1264 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:56:41.0199 1264 Ndisuio - ok
12:56:41.0214 1264 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:56:41.0230 1264 NdisWan - ok
12:56:41.0230 1264 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:56:41.0230 1264 NDProxy - ok
12:56:41.0261 1264 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:56:41.0261 1264 NetBIOS - ok
12:56:41.0277 1264 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:56:41.0277 1264 NetBT - ok
12:56:41.0292 1264 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
12:56:41.0292 1264 Netlogon - ok
12:56:41.0339 1264 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
12:56:41.0339 1264 Netman - ok
12:56:41.0355 1264 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
12:56:41.0355 1264 netprofm - ok
12:56:41.0386 1264 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:56:41.0386 1264 NetTcpPortSharing - ok
12:56:41.0496 1264 [ 82FFC84EC3AFC2F2D38DB880F50157C0 ] Netzmanager Service C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
12:56:41.0558 1264 Netzmanager Service - ok
12:56:41.0589 1264 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:56:41.0589 1264 nfrd960 - ok
12:56:41.0621 1264 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
12:56:41.0621 1264 NlaSvc - ok
12:56:41.0667 1264 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:56:41.0667 1264 Npfs - ok
12:56:41.0683 1264 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
12:56:41.0683 1264 nsi - ok
12:56:41.0683 1264 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:56:41.0683 1264 nsiproxy - ok
12:56:41.0730 1264 [ 84A1A494791DA6AC7292D82F97E40BEC ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
12:56:41.0730 1264 nSvcIp - ok
12:56:41.0792 1264 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:56:41.0808 1264 Ntfs - ok
12:56:41.0824 1264 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
12:56:41.0824 1264 Null - ok
12:56:41.0855 1264 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
12:56:41.0855 1264 NVENETFD - ok
12:56:41.0902 1264 [ 0E616537F3E12D4C9FB71181C2F21BD5 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
12:56:41.0902 1264 NVHDA - ok
12:56:42.0058 1264 [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:56:42.0214 1264 nvlddmkm - ok
12:56:42.0246 1264 [ 1DE923088878B495CD4219E47BA34EB8 ] NVNET C:\Windows\system32\DRIVERS\nvmf6232.sys
12:56:42.0246 1264 NVNET - ok
12:56:42.0277 1264 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:56:42.0277 1264 nvraid - ok
12:56:42.0292 1264 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:56:42.0292 1264 nvstor - ok
12:56:42.0308 1264 [ 032EF66DD96692AD3A9D36160F467F67 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
12:56:42.0308 1264 nvstor32 - ok
12:56:42.0355 1264 [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc C:\Windows\system32\nvvsvc.exe
12:56:42.0371 1264 nvsvc - ok
12:56:42.0449 1264 [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:56:42.0464 1264 nvUpdatusService - ok
12:56:42.0511 1264 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:56:42.0511 1264 nv_agp - ok
12:56:42.0527 1264 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:56:42.0527 1264 ohci1394 - ok
12:56:42.0574 1264 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:56:42.0574 1264 ose - ok
12:56:42.0605 1264 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:56:42.0605 1264 p2pimsvc - ok
12:56:42.0636 1264 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
12:56:42.0636 1264 p2psvc - ok
12:56:42.0683 1264 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:56:42.0683 1264 Parport - ok
12:56:42.0714 1264 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:56:42.0714 1264 partmgr - ok
12:56:42.0730 1264 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
12:56:42.0730 1264 Parvdm - ok
12:56:42.0730 1264 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:56:42.0746 1264 PcaSvc - ok
12:56:42.0792 1264 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
12:56:42.0792 1264 pci - ok
12:56:42.0792 1264 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
12:56:42.0792 1264 pciide - ok
12:56:42.0808 1264 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:56:42.0824 1264 pcmcia - ok
12:56:42.0824 1264 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
12:56:42.0824 1264 pcw - ok
12:56:42.0855 1264 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:56:42.0855 1264 PEAUTH - ok
12:56:42.0902 1264 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
12:56:42.0933 1264 pla - ok
12:56:42.0980 1264 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:56:42.0980 1264 PlugPlay - ok
12:56:43.0027 1264 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
12:56:43.0027 1264 PnkBstrA - ok
12:56:43.0042 1264 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:56:43.0042 1264 PNRPAutoReg - ok
12:56:43.0058 1264 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:56:43.0058 1264 PNRPsvc - ok
12:56:43.0089 1264 [ 896D916DE06F5502D301E8C4DC442AE8 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
12:56:43.0089 1264 Point32 - ok
12:56:43.0121 1264 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:56:43.0121 1264 PolicyAgent - ok
12:56:43.0152 1264 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
12:56:43.0152 1264 Power - ok
12:56:43.0183 1264 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:56:43.0183 1264 PptpMiniport - ok
12:56:43.0214 1264 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:56:43.0214 1264 Processor - ok
12:56:43.0246 1264 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
12:56:43.0246 1264 ProfSvc - ok
12:56:43.0261 1264 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:56:43.0261 1264 ProtectedStorage - ok
12:56:43.0292 1264 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:56:43.0292 1264 Psched - ok
12:56:43.0324 1264 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:56:43.0355 1264 ql2300 - ok
12:56:43.0371 1264 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:56:43.0371 1264 ql40xx - ok
12:56:43.0402 1264 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
12:56:43.0402 1264 QWAVE - ok
12:56:43.0417 1264 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:56:43.0417 1264 QWAVEdrv - ok
12:56:43.0417 1264 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:56:43.0417 1264 RasAcd - ok
12:56:43.0449 1264 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:56:43.0449 1264 RasAgileVpn - ok
12:56:43.0464 1264 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
12:56:43.0464 1264 RasAuto - ok
12:56:43.0480 1264 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:56:43.0480 1264 Rasl2tp - ok
12:56:43.0511 1264 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
12:56:43.0511 1264 RasMan - ok
12:56:43.0527 1264 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:56:43.0527 1264 RasPppoe - ok
12:56:43.0558 1264 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:56:43.0558 1264 RasSstp - ok
12:56:43.0574 1264 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:56:43.0574 1264 rdbss - ok
12:56:43.0589 1264 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:56:43.0589 1264 rdpbus - ok
12:56:43.0605 1264 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:56:43.0605 1264 RDPCDD - ok
12:56:43.0621 1264 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:56:43.0621 1264 RDPENCDD - ok
12:56:43.0636 1264 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:56:43.0636 1264 RDPREFMP - ok
12:56:43.0667 1264 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:56:43.0667 1264 RDPWD - ok
12:56:43.0683 1264 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:56:43.0683 1264 rdyboost - ok
12:56:43.0699 1264 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
12:56:43.0699 1264 RemoteAccess - ok
12:56:43.0714 1264 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:56:43.0714 1264 RemoteRegistry - ok
12:56:43.0746 1264 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:56:43.0746 1264 RpcEptMapper - ok
12:56:43.0761 1264 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
12:56:43.0761 1264 RpcLocator - ok
12:56:43.0777 1264 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
12:56:43.0777 1264 RpcSs - ok
12:56:43.0777 1264 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:56:43.0792 1264 rspndr - ok
12:56:43.0839 1264 [ 030129520D4C75CBA170E0F0C6040C68 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
12:56:43.0839 1264 RTL8192su - ok
12:56:43.0855 1264 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
12:56:43.0855 1264 SamSs - ok
12:56:43.0886 1264 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:56:43.0886 1264 sbp2port - ok
12:56:43.0902 1264 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:56:43.0902 1264 SCardSvr - ok
12:56:43.0933 1264 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:56:43.0933 1264 scfilter - ok
12:56:43.0949 1264 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
12:56:43.0964 1264 Schedule - ok
12:56:43.0964 1264 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:56:43.0964 1264 SCPolicySvc - ok
12:56:43.0996 1264 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:56:43.0996 1264 SDRSVC - ok
12:56:44.0027 1264 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:56:44.0027 1264 secdrv - ok
12:56:44.0042 1264 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
12:56:44.0042 1264 seclogon - ok
12:56:44.0058 1264 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
12:56:44.0058 1264 SENS - ok
12:56:44.0089 1264 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:56:44.0089 1264 SensrSvc - ok
12:56:44.0105 1264 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:56:44.0105 1264 Serenum - ok
12:56:44.0105 1264 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:56:44.0105 1264 Serial - ok
12:56:44.0136 1264 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:56:44.0136 1264 sermouse - ok
12:56:44.0167 1264 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
12:56:44.0167 1264 SessionEnv - ok
12:56:44.0183 1264 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:56:44.0183 1264 sffdisk - ok
12:56:44.0199 1264 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:56:44.0199 1264 sffp_mmc - ok
12:56:44.0214 1264 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:56:44.0214 1264 sffp_sd - ok
12:56:44.0214 1264 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:56:44.0230 1264 sfloppy - ok
12:56:44.0246 1264 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:56:44.0246 1264 SharedAccess - ok
12:56:44.0277 1264 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:56:44.0277 1264 ShellHWDetection - ok
12:56:44.0292 1264 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:56:44.0292 1264 sisagp - ok
12:56:44.0308 1264 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:56:44.0308 1264 SiSRaid2 - ok
12:56:44.0324 1264 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:56:44.0324 1264 SiSRaid4 - ok
12:56:44.0339 1264 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:56:44.0339 1264 Smb - ok
12:56:44.0386 1264 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:56:44.0386 1264 SNMPTRAP - ok
12:56:44.0402 1264 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
12:56:44.0402 1264 spldr - ok
12:56:44.0417 1264 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
12:56:44.0433 1264 Spooler - ok
12:56:44.0480 1264 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
12:56:44.0542 1264 sppsvc - ok
12:56:44.0558 1264 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:56:44.0558 1264 sppuinotify - ok
12:56:44.0589 1264 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:56:44.0589 1264 srv - ok
12:56:44.0605 1264 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:56:44.0605 1264 srv2 - ok
12:56:44.0621 1264 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:56:44.0621 1264 srvnet - ok
12:56:44.0652 1264 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:56:44.0652 1264 SSDPSRV - ok
12:56:44.0652 1264 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:56:44.0652 1264 SstpSvc - ok
12:56:44.0699 1264 Steam Client Service - ok
12:56:44.0761 1264 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:56:44.0761 1264 Stereo Service - ok
12:56:44.0792 1264 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:56:44.0792 1264 stexstor - ok
12:56:44.0824 1264 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
12:56:44.0824 1264 StiSvc - ok
12:56:44.0839 1264 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
12:56:44.0839 1264 swenum - ok
12:56:44.0855 1264 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
12:56:44.0855 1264 swprv - ok
12:56:44.0902 1264 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
12:56:44.0917 1264 SysMain - ok
12:56:44.0933 1264 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:56:44.0933 1264 TabletInputService - ok
12:56:44.0964 1264 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
12:56:44.0964 1264 TapiSrv - ok
12:56:44.0964 1264 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
12:56:44.0980 1264 TBS - ok
12:56:45.0011 1264 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:56:45.0042 1264 Tcpip - ok
12:56:45.0074 1264 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:56:45.0074 1264 TCPIP6 - ok
12:56:45.0105 1264 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:56:45.0105 1264 tcpipreg - ok
12:56:45.0136 1264 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:56:45.0136 1264 TDPIPE - ok
12:56:45.0152 1264 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:56:45.0167 1264 TDTCP - ok
12:56:45.0183 1264 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:56:45.0183 1264 tdx - ok
12:56:45.0277 1264 [ 5D528200679C3B4595B4237E02C077D5 ] TelekomNM3 C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys
12:56:45.0277 1264 TelekomNM3 - ok
12:56:45.0277 1264 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:56:45.0292 1264 TermDD - ok
12:56:45.0308 1264 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
12:56:45.0324 1264 TermService - ok
12:56:45.0339 1264 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
12:56:45.0339 1264 Themes - ok
12:56:45.0355 1264 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
12:56:45.0355 1264 THREADORDER - ok
12:56:45.0371 1264 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
12:56:45.0371 1264 TrkWks - ok
12:56:45.0417 1264 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:56:45.0417 1264 TrustedInstaller - ok
12:56:45.0433 1264 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:56:45.0433 1264 tssecsrv - ok
12:56:45.0480 1264 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:56:45.0480 1264 TsUsbFlt - ok
12:56:45.0511 1264 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:56:45.0527 1264 tunnel - ok
12:56:45.0542 1264 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:56:45.0542 1264 uagp35 - ok
12:56:45.0558 1264 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:56:45.0574 1264 udfs - ok
12:56:45.0667 1264 [ 0CA9E659B7053D398052776AC936B167 ] UI Assistant Service C:\Program Files\Mobile Partner Manager\AssistantServices.exe
12:56:45.0667 1264 UI Assistant Service - ok
12:56:45.0699 1264 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:56:45.0699 1264 UI0Detect - ok
12:56:45.0730 1264 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:56:45.0730 1264 uliagpkx - ok
12:56:45.0761 1264 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
12:56:45.0761 1264 umbus - ok
12:56:45.0777 1264 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:56:45.0777 1264 UmPass - ok
12:56:45.0792 1264 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
12:56:45.0792 1264 upnphost - ok
12:56:45.0839 1264 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:56:45.0839 1264 usbaudio - ok
12:56:45.0871 1264 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:56:45.0871 1264 usbccgp - ok
12:56:45.0902 1264 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:56:45.0902 1264 usbcir - ok
12:56:45.0917 1264 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:56:45.0917 1264 usbehci - ok
12:56:45.0949 1264 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:56:45.0949 1264 usbhub - ok
12:56:45.0980 1264 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:56:45.0980 1264 usbohci - ok
12:56:45.0996 1264 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:56:45.0996 1264 usbprint - ok
12:56:46.0011 1264 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:56:46.0011 1264 USBSTOR - ok
12:56:46.0027 1264 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:56:46.0027 1264 usbuhci - ok
12:56:46.0058 1264 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
12:56:46.0058 1264 usbvideo - ok
12:56:46.0074 1264 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
12:56:46.0074 1264 UxSms - ok
12:56:46.0089 1264 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
12:56:46.0089 1264 VaultSvc - ok
12:56:46.0121 1264 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:56:46.0121 1264 vdrvroot - ok
12:56:46.0152 1264 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
12:56:46.0152 1264 vds - ok
12:56:46.0167 1264 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:56:46.0167 1264 vga - ok
12:56:46.0183 1264 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:56:46.0183 1264 VgaSave - ok
12:56:46.0214 1264 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:56:46.0214 1264 vhdmp - ok
12:56:46.0230 1264 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:56:46.0230 1264 viaagp - ok
12:56:46.0246 1264 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
12:56:46.0246 1264 ViaC7 - ok
12:56:46.0308 1264 [ 4B1C025D194BBB41B1D7E86B54D88DC1 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
12:56:46.0324 1264 VIAHdAudAddService - ok
12:56:46.0355 1264 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
12:56:46.0355 1264 viaide - ok
12:56:46.0371 1264 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:56:46.0371 1264 volmgr - ok
12:56:46.0386 1264 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:56:46.0386 1264 volmgrx - ok
12:56:46.0402 1264 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:56:46.0402 1264 volsnap - ok
12:56:46.0433 1264 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:56:46.0433 1264 vsmraid - ok
12:56:46.0464 1264 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
12:56:46.0480 1264 VSS - ok
12:56:46.0496 1264 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:56:46.0496 1264 vwifibus - ok
12:56:46.0527 1264 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:56:46.0527 1264 vwififlt - ok
12:56:46.0574 1264 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
12:56:46.0574 1264 W32Time - ok
12:56:46.0589 1264 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:56:46.0589 1264 WacomPen - ok
12:56:46.0621 1264 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:56:46.0621 1264 WANARP - ok
12:56:46.0621 1264 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:56:46.0621 1264 Wanarpv6 - ok
12:56:46.0667 1264 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
12:56:46.0683 1264 wbengine - ok
12:56:46.0714 1264 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:56:46.0730 1264 WbioSrvc - ok
12:56:46.0746 1264 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:56:46.0746 1264 wcncsvc - ok
12:56:46.0761 1264 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:56:46.0777 1264 WcsPlugInService - ok
12:56:46.0777 1264 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:56:46.0777 1264 Wd - ok
12:56:46.0808 1264 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:56:46.0808 1264 Wdf01000 - ok
12:56:46.0808 1264 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:56:46.0824 1264 WdiServiceHost - ok
12:56:46.0824 1264 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:56:46.0824 1264 WdiSystemHost - ok
12:56:46.0855 1264 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
12:56:46.0855 1264 WebClient - ok
12:56:46.0871 1264 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:56:46.0871 1264 Wecsvc - ok
12:56:46.0886 1264 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:56:46.0886 1264 wercplsupport - ok
12:56:46.0917 1264 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
12:56:46.0917 1264 WerSvc - ok
12:56:46.0949 1264 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:56:46.0949 1264 WfpLwf - ok
12:56:46.0964 1264 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:56:46.0964 1264 WIMMount - ok
12:56:47.0011 1264 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:56:47.0027 1264 WinDefend - ok
12:56:47.0027 1264 WinHttpAutoProxySvc - ok
12:56:47.0074 1264 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:56:47.0074 1264 Winmgmt - ok
12:56:47.0136 1264 [ 845AF1BA23C8D5E64DEF61BCC441604C ] WinRing0_1_2_0 C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys
12:56:47.0136 1264 WinRing0_1_2_0 - ok
12:56:47.0183 1264 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
12:56:47.0199 1264 WinRM - ok
12:56:47.0230 1264 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:56:47.0230 1264 WinUsb - ok
12:56:47.0261 1264 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:56:47.0277 1264 Wlansvc - ok
12:56:47.0339 1264 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:56:47.0371 1264 wlidsvc - ok
12:56:47.0386 1264 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:56:47.0386 1264 WmiAcpi - ok
12:56:47.0417 1264 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:56:47.0417 1264 wmiApSrv - ok
12:56:47.0464 1264 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:56:47.0480 1264 WMPNetworkSvc - ok
12:56:47.0496 1264 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:56:47.0496 1264 WPCSvc - ok
12:56:47.0527 1264 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:56:47.0527 1264 WPDBusEnum - ok
12:56:47.0558 1264 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:56:47.0558 1264 ws2ifsl - ok
12:56:47.0574 1264 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
12:56:47.0574 1264 wscsvc - ok
12:56:47.0589 1264 WSearch - ok
12:56:47.0636 1264 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
12:56:47.0683 1264 wuauserv - ok
12:56:47.0714 1264 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:56:47.0714 1264 WudfPf - ok
12:56:47.0746 1264 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:56:47.0746 1264 WUDFRd - ok
12:56:47.0761 1264 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:56:47.0777 1264 wudfsvc - ok
12:56:47.0777 1264 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
12:56:47.0777 1264 WwanSvc - ok
12:56:47.0824 1264 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
12:56:47.0824 1264 ZTEusbmdm6k - ok
12:56:47.0839 1264 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
12:56:47.0839 1264 ZTEusbnmea - ok
12:56:47.0855 1264 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
12:56:47.0855 1264 ZTEusbser6k - ok
12:56:47.0871 1264 ================ Scan global ===============================
12:56:47.0902 1264 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
12:56:47.0933 1264 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
12:56:47.0933 1264 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
12:56:47.0949 1264 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
12:56:47.0996 1264 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
12:56:47.0996 1264 [Global] - ok
12:56:47.0996 1264 ================ Scan MBR ==================================
12:56:47.0996 1264 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:56:48.0464 1264 \Device\Harddisk0\DR0 - ok
12:56:48.0464 1264 ================ Scan VBR ==================================
12:56:48.0464 1264 [ AA219A9D006AB9085A4DC696A6C5D99C ] \Device\Harddisk0\DR0\Partition1
12:56:48.0464 1264 \Device\Harddisk0\DR0\Partition1 - ok
12:56:48.0464 1264 ============================================================
12:56:48.0464 1264 Scan finished
12:56:48.0464 1264 ============================================================
12:56:48.0480 1664 Detected object count: 0
12:56:48.0480 1664 Actual detected object count: 0
12:57:03.0324 1520 Deinitialize success
|
|
14.02.2013, 13:51
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Gvu trojaner 2013 mit webcam infiziert Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.02.2013, 14:49
| #13 |
| | Gvu trojaner 2013 mit webcam infiziert Combofix Logfile: Code:
ATTFilter ComboFix 13-02-13.02 - Pascal 14.02.2013 14:37:52.1.2 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3071.2120 [GMT 1:00]
ausgeführt von:: c:\users\Pascal\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Kaspersky Security Suite CBE 11 *Enabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Security Suite CBE 11 *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Kaspersky Security Suite CBE 11 *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\AutocompletePro
c:\program files\AutocompletePro\AutocompletePro.dll
c:\program files\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files\AutocompletePro\FireFoxExtension.exe
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files\AutocompletePro\support@predictad.com\install.rdf
c:\program files\AutocompletePro\unins000.dat
c:\program files\AutocompletePro\unins000.exe
c:\program files\DealBulldog Toolbar
c:\program files\DealBulldog Toolbar\affid.dat
c:\program files\DealBulldog Toolbar\alert_plugin.dll
c:\program files\DealBulldog Toolbar\basis.xml
c:\program files\DealBulldog Toolbar\icons.bmp
c:\program files\DealBulldog Toolbar\info.txt
c:\program files\DealBulldog Toolbar\install.ico
c:\program files\DealBulldog Toolbar\MacroParserPlugin.dll
c:\program files\DealBulldog Toolbar\mbback.bmp
c:\program files\DealBulldog Toolbar\mbbigopen.bmp
c:\program files\DealBulldog Toolbar\mbclose.bmp
c:\program files\DealBulldog Toolbar\mbfwd.bmp
c:\program files\DealBulldog Toolbar\mbsep.bmp
c:\program files\DealBulldog Toolbar\nav1c.bmp
c:\program files\DealBulldog Toolbar\somoto.dll
c:\program files\DealBulldog Toolbar\TbCommonUtils.dll
c:\program files\DealBulldog Toolbar\tbcore3.dll
c:\program files\DealBulldog Toolbar\tbcore3.inf
c:\program files\DealBulldog Toolbar\tbHElper.dll
c:\program files\DealBulldog Toolbar\TbHelper2.exe
c:\program files\DealBulldog Toolbar\uninstall.exe
c:\program files\DealBulldog Toolbar\UninstallToolbar.exe
c:\program files\DealBulldog Toolbar\update.exe
c:\program files\DealBulldog Toolbar\version.txt
c:\programdata\7084724.pad
c:\users\Pascal\AppData\Roaming\Microsoft\~DFK5cf31a.tmp
c:\users\Pascal\videos\mp3DirectCut.exe
c:\windows\system32\roboot.exe
c:\windows\system32\tmp5E46.tmp
c:\windows\system32\tmp5E67.tmp
c:\windows\system32\tmpFDA6.tmp
c:\windows\system32\tmpFDB7.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-14 bis 2013-02-14 ))))))))))))))))))))))))))))))
.
.
2013-02-13 23:04 . 2013-02-14 13:20 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A63AC76-E5B2-4021-AB2A-B9D19D3AC874}\offreg.dll
2013-02-13 11:51 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-13 02:57 . 2009-07-14 01:14 8704 ----a-w- c:\windows\system32\ctfmon.exe.backup
2013-02-13 01:59 . 2013-02-13 02:43 -------- dc----w- c:\program files\Astroburn Lite
2013-02-13 01:59 . 2013-02-13 01:59 -------- d-----w- c:\programdata\Astroburn Lite
2013-02-13 00:33 . 2013-02-13 00:33 -------- d-----w- c:\users\Pascal\AppData\Roaming\Malwarebytes
2013-02-13 00:33 . 2013-02-13 11:51 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-13 00:33 . 2013-02-13 00:33 -------- d-----w- c:\programdata\Malwarebytes
2013-01-29 11:55 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A63AC76-E5B2-4021-AB2A-B9D19D3AC874}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-13 02:57 . 2009-07-13 23:26 24064 ----a-w- c:\windows\system32\ctfmon.exe
2013-02-09 16:27 . 2012-04-28 12:19 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-09 16:27 . 2011-06-07 09:50 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 14:13 . 2013-01-07 18:51 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2013-01-07 18:51 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-07 12:26 . 2013-01-09 08:57 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20 . 2013-01-09 08:57 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 10:46 . 2013-01-09 08:57 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 10:46 . 2013-01-09 08:57 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 10:46 . 2013-01-09 08:57 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 08:57 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 08:57 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 08:57 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 10:46 . 2013-01-09 08:57 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 08:57 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 10:46 . 2013-01-09 08:57 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 10:46 . 2013-01-09 08:57 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 10:46 . 2013-01-09 08:57 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 10:46 . 2013-01-09 08:57 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 10:46 . 2013-01-09 08:57 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 08:57 55296 ----a-w- c:\windows\system32\cero.rs
2012-11-30 04:53 . 2013-01-09 08:59 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-11-30 04:47 . 2013-01-09 08:59 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 08:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 02:55 . 2013-01-09 08:59 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38 . 2013-01-09 08:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 08:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 08:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 08:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-23 21:57 . 2012-11-18 21:58 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-11-23 21:57 . 2012-11-18 22:11 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-11-23 21:57 . 2012-11-18 21:58 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-11-23 02:56 . 2013-01-09 09:05 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-23 02:48 . 2013-01-09 08:56 49152 ----a-w- c:\windows\system32\taskhost.exe
2012-11-22 04:45 . 2013-01-09 09:05 626688 ----a-w- c:\windows\system32\usp10.dll
2012-11-20 04:51 . 2013-01-09 08:56 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-18 22:11 . 2012-11-18 21:58 270240 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-11-18 21:58 . 2012-11-18 21:58 138056 ----a-w- c:\users\Pascal\AppData\Roaming\PnkBstrK.sys
2012-11-18 21:58 . 2012-11-18 21:58 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-07-21 13:50 . 2011-06-20 18:25 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-02-13 02:57 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\System32\ctfmon.exe
[7] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "c:\program files\NCH_EN\prxtbNCH_.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e}]
2011-01-17 14:54 175912 ----a-w- c:\program files\NCH_EN\prxtbNCH_.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "c:\program files\NCH_EN\prxtbNCH_.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Pascal\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Pascal\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Pascal\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-08-01 124480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-12-10 969104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-11-13 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XFastUsb"="c:\program files\XFastUsb\XFastUsb.exe" [2011-06-06 4942336]
"UIExec"="c:\program files\Mobile Partner Manager\UIExec.exe" [2010-01-13 133120]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 307200]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-28 404568]
"FILSHtray"="c:\program files\FILSHtray\FILSHtray.exe" [2012-02-06 597504]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\Pascal\Desktop\mbar-1.01.0.1020\mbar\mbar.exe" [2013-02-05 1363528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileAssociate"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [x]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS.exe [x]
R2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\program files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 UI Assistant Service;UI Assistant Service;c:\program files\Mobile Partner Manager\AssistantServices.exe [x]
R3 Andbus;LGE Android Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [x]
R3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [x]
R3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [x]
R3 ANDModem;LGE Android USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [x]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]
R3 mbamswissarmy;mbamswissarmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 MSICDSetup;MSICDSetup;D:\CDriver.sys [x]
R3 TelekomNM3;Telekom Netzmanager Packet Filter Driver;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 54561277
*NewlyCreated* - 72216825
*NewlyCreated* - ASWMBR
*Deregistered* - 54561277
*Deregistered* - 72216825
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 16:27]
.
2013-02-14 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-06-07 06:26]
.
2013-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-07 17:06]
.
2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-07 17:06]
.
2013-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3180806219-2987136475-2523560488-1000Core.job
- c:\users\Pascal\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-08 19:44]
.
2013-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3180806219-2987136475-2523560488-1000UA.job
- c:\users\Pascal\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-08 19:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4005449D-608D-4766-86BE-D3619A65B178}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\nni4695t.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKCU-Run-AshSnap - c:\program files\Ashampoo\Ashampoo Snap 4\ashsnap.exe
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_Plugin.exe
AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe
AddRemove-DealBulldog Toolbar - c:\program files\DealBulldog Toolbar\UninstallToolbar.exe
AddRemove-Free Mp3 Wma Converter_is1 - c:\program files\Free mp3 Wma Converter\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3180806219-2987136475-2523560488-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a2,1b,7a,79,50,89,32,d5,d1,de,10,c9,60,cd,c4,74,8b,35,13,ed,ae,85,62,
dc,fa,ea,f3,03,fd,2b,5d,68,0a,ce,06,48,5e,ce,f5,7f,59,fd,a8,18,11,dc,a8,22,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-3180806219-2987136475-2523560488-1000\Software\SecuROM\License information*]
"datasecu"=hex:75,f8,51,dd,79,15,4c,db,1f,28,be,ba,99,0b,ba,a5,ba,16,cc,90,c1,
7c,64,f7,1d,90,aa,a4,36,54,a5,96,bb,ea,2a,5a,0b,95,73,4e,ab,a8,21,ef,b3,c9,\
"rkeysecu"=hex:cc,31,02,7e,6f,de,78,e6,1e,62,81,55,72,bf,9f,94
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-14 14:44:28
ComboFix-quarantined-files.txt 2013-02-14 13:44
.
Vor Suchlauf: 10 Verzeichnis(se), 168.460.509.184 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 168.341.696.512 Bytes frei
.
- - End Of File - - FE97DC320D01AF848B15056784B946FE
|
|
14.02.2013, 15:32
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Gvu trojaner 2013 mit webcam infiziertZitat:
 warum hast du denn Avast und Kaspersky gleichzeitig installiert, man verwendet niemals zwei wolcher Virenscanner gleichzeitig!  Bitte umgehend einen der beiden deinstallieren!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.02.2013, 16:03
| #15 |
| | Gvu trojaner 2013 mit webcam infiziert Gesagt, getan. Kaspersky ist weg |
|
| Themen zu Gvu trojaner 2013 mit webcam infiziert |
| abgesicherten, anti-malware, bildschirm, bios, dringen, dringen hilfe, feedback, gestern, grand theft auto, gvutrojaner, infiziert, infizierte, install.exe, interne, internet, kein zugriff, launch, malwarebytes, minute, minuten, morgen, nexus, notfall, nvidia update, origin, plug-in, quarantäne, recuva, starte, systemwiederherstellung, troja, trojaner, verschwunden, webcam, zugriff |
Linear-Darstellung
