| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Infiziert? Avast meldete Blockieren bösartiger Website, Rechner startete neuWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.02.2013, 14:20
| #1 |
 |  Infiziert? Avast meldete Blockieren bösartiger Website, Rechner startete neu Avast meldete heute, dass es eine "bösartige Website" blockiert hat. Kurz darauf schlossen sich alle Programme und der Rechner startete sich neu, ohne dass ich dies in irgendeiner Weise eingeleitet habe. Nach dem Neustart verhielt sich das System unauffällig. Secunia PSI fielen ein paar neue Dinge, die ein Update benötigen (Thunderbird, Firefox, Java SDK und JRE). Zuvor schob ich lediglich das Update der MySQL Server Version 5.5 auf die aktuellste ein paar Wochen vor mir her. Ich wunderte mich darüber, dass laut Windows-Programmliste angeblich die neueste Java-Runtime-Environment-Version (7u15) installiert war. Ich erinnere mich lediglich 7u13 installiert zu haben. Perplex habe ich die Java-Sachen deinstalliert und neu installiert, Firefox und Thunderbird upgedated. Ich bezweifle, dass Java sich unbemerkt selbst upgedated hat und danach ungefragt einen Neustart durchführte. Ich bin daher sehr unsicher, ob die Schadsoftware sich gegen Avast durchgesetzt hat und mein System nun trotz unauffälligen Verhaltens befallen ist. Leider ist es mir nicht gelungen Avast vor dem Durchführen der Scans zu deaktivieren. Es schien jedoch auch keinen Ärger zu machen, nachdem ich die Aktivitäten der Scan-Programme erlaubt hatte. Die Logs habe ich eingefügt. Leider war das gmer-Log zu groß zum posten oder anhängen. Es ist hier zu finden: https://www.wetransfer.com/downloads/5d5c026d243cc868b1906fb5b801991720130221131824/582757de9498f0a0a37c4799db23719920130221131824/ade889# OTL.txt Code:
ATTFilter OTL logfile created on: 21.02.2013 13:24:59 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = K:\ 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 66,83% Memory free 8,00 Gb Paging File | 6,48 Gb Available in Paging File | 81,06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 63,90 Gb Total Space | 23,83 Gb Free Space | 37,30% Space Free | Partition Type: NTFS Drive D: | 401,76 Gb Total Space | 74,07 Gb Free Space | 18,44% Space Free | Partition Type: NTFS Drive K: | 1,89 Gb Total Space | 0,91 Gb Free Space | 48,21% Space Free | Partition Type: FAT Computer Name: MYOHO | User Name: myo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.21 13:19:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- K:\OTL.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.10.14 07:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe PRC - [2011.10.14 07:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2012.08.29 10:12:24 | 009,717,760 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.02.16 01:34:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.13 12:12:13 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.07.15 19:06:44 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.10.14 07:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2011.10.14 07:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.03 19:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agr64svc.exe -- (AgereModemAudio) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.09 01:16:29 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.09.07 16:38:22 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012.07.31 10:09:38 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.16 16:53:01 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.09.01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2010.08.12 13:58:08 | 001,213,440 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2010.03.31 03:10:18 | 000,450,048 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear IE - HKCU\..\SearchScopes\{B4B818C5-8925-43DB-90D2-81CACC85C7FA}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.02 11:00:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.21 13:04:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.13 15:53:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.21 11:00:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.05.03 06:36:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\myo\AppData\Roaming\mozilla\Extensions [2013.02.21 13:04:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.16 01:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.18 22:56:20 | 000,171,584 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2013.02.16 05:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.16 05:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.16 05:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.16 05:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.16 05:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.16 05:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4:64bit: - HKLM..\RunOnce: [*Restore] C:\Windows\SysNative\rstrui.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software) O4 - HKLM..\RunOnce: [aswasOutExt.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software) O4 - HKLM..\RunOnce: [aswasOutExt64.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe (AVAST Software) O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-2OM07.exe () O4 - Startup: C:\Users\myo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Value error.) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.15.2) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.15.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBB6238C-3968-42D1-B7D8-DCC1F5FB7705}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.21 10:57:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.02.21 10:56:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.02.14 01:20:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL [2013.02.14 00:58:28 | 000,000,000 | ---D | C] -- C:\Users\myo\AppData\Roaming\MySQL [2013.02.13 15:53:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.25 11:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer [2013.01.25 11:02:26 | 000,000,000 | ---D | C] -- C:\Users\myo\AppData\Local\Programs ========== Files - Modified Within 30 Days ========== [2013.02.21 13:23:20 | 000,000,168 | ---- | M] () -- C:\Users\myo\defogger_reenable [2013.02.21 13:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.21 13:04:24 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.21 13:02:16 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-860810461-1551829927-3967776457-1001UA.job [2013.02.21 13:02:16 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.21 13:01:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.21 11:01:00 | 000,002,092 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2013.02.21 10:53:12 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.21 10:53:12 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.21 10:48:25 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.21 10:47:47 | 000,316,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.21 10:47:37 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys [2013.02.20 19:11:13 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-860810461-1551829927-3967776457-1001Core.job [2013.02.14 00:22:51 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.14 00:22:51 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.14 00:22:50 | 001,519,798 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.14 00:22:50 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.14 00:22:50 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat ========== Files Created - No Company Name ========== [2013.02.21 13:23:20 | 000,000,168 | ---- | C] () -- C:\Users\myo\defogger_reenable [2013.02.21 13:04:24 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.02.21 13:04:24 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.21 11:01:00 | 000,002,092 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2012.09.06 13:06:36 | 000,000,439 | ---- | C] () -- C:\Windows\cdplayer.ini [2012.09.06 12:43:08 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini [2012.07.06 20:00:19 | 000,704,512 | ---- | C] () -- C:\Windows\is-2OM07.exe [2012.06.26 15:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.06.26 15:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.06.26 15:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.06.26 15:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.06.10 17:09:48 | 000,017,408 | ---- | C] () -- C:\Users\myo\AppData\Local\WebpageIcons.db [2012.06.04 07:53:10 | 000,000,496 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.05.09 12:53:53 | 000,000,218 | ---- | C] () -- C:\Users\myo\AppData\Local\recently-used.xbel [2012.04.02 19:18:53 | 000,036,363 | ---- | C] () -- C:\Windows\CSTBox.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.05.03 16:26:42 | 000,000,000 | ---D | M] -- C:\Users\myo\AppData\Roaming\DAEMON Tools Lite [2012.05.09 12:17:17 | 000,000,000 | ---D | M] -- C:\Users\myo\AppData\Roaming\inkscape [2012.06.18 13:14:42 | 000,000,000 | ---D | M] -- C:\Users\myo\AppData\Roaming\JAM Software [2012.03.21 01:29:12 | 000,000,000 | ---D | M] -- C:\Users\myo\AppData\Roaming\Leadertech [2013.02.14 00:58:28 | 000,000,000 | ---D | M] -- C:\Users\myo\AppData\Roaming\MySQL [2013.01.27 04:51:43 | 000,000,000 | ---D | M] -- C:\Users\myo\AppData\Roaming\Notepad++ [2012.07.23 08:10:54 | 000,000,000 | ---D | M] -- C:\Users\myo\AppData\Roaming\pdfforge [2012.05.03 06:47:03 | 000,000,000 | ---D | M] -- C:\Users\myo\AppData\Roaming\Thunderbird ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.02.2013 13:24:59 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = K:\
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 66,83% Memory free
8,00 Gb Paging File | 6,48 Gb Available in Paging File | 81,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 63,90 Gb Total Space | 23,83 Gb Free Space | 37,30% Space Free | Partition Type: NTFS
Drive D: | 401,76 Gb Total Space | 74,07 Gb Free Space | 18,44% Space Free | Partition Type: NTFS
Drive K: | 1,89 Gb Total Space | 0,91 Gb Free Space | 48,21% Space Free | Partition Type: FAT
Computer Name: MYOHO | User Name: myo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [git_gui] -- "C:\Program Files (x86)\Git\bin\wish.exe" "C:\Program Files (x86)\Git\libexec\git-core\git-gui" "--working-dir" "%1" (ActiveState Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [git_gui] -- "C:\Program Files (x86)\Git\bin\wish.exe" "C:\Program Files (x86)\Git\libexec\git-core\git-gui" "--working-dir" "%1" (ActiveState Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06938BC8-EE76-42F6-828D-2C6F10D1CE84}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1C6BA1B6-5CE9-4923-A7A7-BF6A00E04613}" = lport=139 | protocol=6 | dir=in | app=system |
"{1E189597-9DA7-4748-89F0-ECC2F8A733DF}" = rport=139 | protocol=6 | dir=out | app=system |
"{254058D3-33D4-4F7B-A43B-36FB23252C59}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{32BFB75C-03F8-473C-9269-DBC2439408BE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3F8E338E-3E67-485B-9330-7DD583D7B288}" = rport=137 | protocol=17 | dir=out | app=system |
"{6A04C479-771A-4CE1-9566-7E01CBD62472}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6F9E40DD-2A98-49A1-A0B9-7BD2624C7FE9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{71B4813A-86FA-44FF-8C6F-049F38AF3934}" = lport=445 | protocol=6 | dir=in | app=system |
"{7653C635-A54A-4B57-AE23-F602E4973815}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8DF00324-75ED-4C2D-8D53-47AE1A0E46C2}" = lport=137 | protocol=17 | dir=in | app=system |
"{917F5893-52FA-4E45-84F2-3173D48887B5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{95FD148D-C6BE-4B33-A526-A290621B7557}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{981508A7-9EA5-41A7-894E-64E5AC0B79E9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F6084E1-6B48-47A1-8528-AD8FE28D2827}" = rport=138 | protocol=17 | dir=out | app=system |
"{B8C63E57-7677-4B0A-A0FF-B7BAFCA5FF0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B9C21A87-92A0-4F83-BD59-6BA6A78DDF70}" = rport=445 | protocol=6 | dir=out | app=system |
"{C707617C-DD7A-4BE0-A265-EC1155F24B11}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D88EBBE9-ECFA-4090-B47B-6648CE961CFB}" = lport=138 | protocol=17 | dir=in | app=system |
"{E2464154-DB03-4AAD-A485-33B8BC9ADA98}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E3934032-4ABE-4646-8326-29AD8A118338}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E50B8A00-F98F-4FD3-A6DB-A9CBF2E60FFB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EDE9B2CA-2967-4EBB-BA58-CF0C9F076E0B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03942A9C-2ACD-49BB-B66C-154878D6FE7A}" = protocol=17 | dir=in | app=c:\program files (x86)\x-chat 2\xchat.exe |
"{0B21A3E9-621B-4EA2-9CDF-265DB5936D9B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\dmolj\counter-strike\hl.exe |
"{0CCF373D-E3B2-4D5E-A940-DD5181FE2DC2}" = protocol=6 | dir=out | app=system |
"{0CE8FA6D-AF7A-4A5C-8365-7F87DE686D79}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{12D9AF37-8D44-4FF2-931E-F6CC9E535F54}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{15CBF0AA-3AAF-47E6-85E9-CCEC5E7A183A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{199027E9-1F1A-4D8C-8583-99F794B074C5}" = protocol=17 | dir=in | app=c:\program files (x86)\gnucash\bin\gconfd-2.exe |
"{1ECC44CE-CAA1-4BCA-AFA0-8B0AE812B099}" = protocol=6 | dir=in | app=c:\program files (x86)\gnucash\bin\gnucash.exe |
"{1F04691B-D2B3-4BE6-BE66-A843AACF8327}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{1F259F13-B30E-42ED-B048-6490566B150D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{27A40ACC-CD68-4AC7-9D44-7B1B950901C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2BE43CB2-82F0-4EF1-9C62-43820E4AF8BF}" = protocol=6 | dir=in | app=c:\program files (x86)\gnucash\bin\gnucash.exe |
"{2C19061D-4D7A-49C2-A57D-7A33AA774AF6}" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"{3398ADF9-E58C-49EE-AF7C-03C58A02A686}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3A44280B-61E2-4563-82C7-A7E56957B5B2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\dmolj\counter-strike\hl.exe |
"{3D3E3594-7500-43DE-9936-5C7F250CF122}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{42AB3790-429D-4B68-B911-45AE0119D8CC}" = protocol=17 | dir=in | app=c:\program files (x86)\gnucash\bin\gconfd-2.exe |
"{4EF3E20C-9429-4D7D-9F45-DA1D7187EC97}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{52BB1106-FE88-4987-BA7A-D9451B271EFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{59A76F0D-BF9F-4644-9298-EA38F29BC9ED}" = protocol=17 | dir=in | app=c:\program files (x86)\gnucash\bin\gnucash.exe |
"{6730804F-5782-4EC0-94EF-602149E790D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{69D95D79-DA95-4886-8C79-0F14FA9483F2}" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"{6EA2E8D3-B493-4674-9232-DD82CCCC0CD8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{721AFF93-456F-4E35-9071-4CE3501110B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{73624FB7-D881-47EE-B0E6-DC554B2A2CAF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{790C0760-AA19-4CD7-B838-99D900BDECBF}" = protocol=6 | dir=in | app=c:\users\ho\appdata\local\programs\opera\opera.exe |
"{82A0C7B2-8982-4C51-B391-314B08B4DF1B}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{8FD57D61-7796-4CB6-958C-5D35DAF14205}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{94C700D4-8902-48C6-988C-C489C3B8C4F9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{94FBADB4-3E16-498A-A8B8-628F225B0D89}" = protocol=6 | dir=in | app=c:\program files (x86)\x-chat 2\xchat.exe |
"{9ADE8D28-A778-4D83-AFA4-52D921AE9090}" = protocol=6 | dir=in | app=c:\program files (x86)\gnucash\bin\gconfd-2.exe |
"{9AF2BCE1-F905-43CB-8505-B61DB0A469D9}" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"{9E2B8324-9FCE-49AE-A616-7661F692EC96}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5751E2E-3D5C-4836-AA95-04689202C47C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\dmolj\counter-strike\hl.exe |
"{AC22E04E-3B8C-4AA6-B620-8AE6557134A9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B0DC1FB9-10EF-41FD-89F1-D34D1439EF77}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\dmolj\counter-strike\hl.exe |
"{B35F826E-0F51-4BBB-B4E6-FA353AE6CAA2}" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe |
"{BC579CC7-A10D-46DC-876F-B7AFCD7E1F2C}" = protocol=17 | dir=in | app=c:\program files (x86)\gnucash\bin\gnucash.exe |
"{C3343384-940C-42E8-92C6-F78FB819BE39}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{C4780D0D-05D0-4FFC-A662-0B35CC7D8736}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C5DBBF21-EA1C-406D-BD38-6B4F48F88213}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C897EAE1-638A-470F-BD5A-7F1FAA4A32AC}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{C97B11BA-DC35-4400-9857-44C4B005E4BE}" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"{CEEEBD38-5526-4452-99D9-17B9C2BFD3CE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D2566B31-B5E5-4C5B-AB75-D480B9FA3B56}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D71E5C4E-9D2F-470D-9BB6-105671ADF4BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E2877981-8ED7-429C-A9E3-282A1FA52E52}" = protocol=17 | dir=in | app=c:\users\ho\appdata\local\programs\opera\opera.exe |
"{E78C4CE1-1A29-4229-9CC0-9717BD7AF2CF}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{E8386ECB-C114-4BA4-8786-D7647363064D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EAA6277A-F81E-4238-A315-5C06B8ACCEF2}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{EE4426D3-8F71-4A66-886D-5DCA07DB044E}" = protocol=6 | dir=in | app=c:\program files (x86)\gnucash\bin\gconfd-2.exe |
"{F06FA4BF-759E-4856-B299-C5E4DBBE8F30}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F9D25D19-6BC9-4D58-A2BD-C79670ADAD7B}" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe |
"{FF88CCD1-3B29-4132-B3E6-DA5FDF443DE8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{013654B9-20F8-4BCA-9B15-12C502312C9A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{50D8E50A-8D8C-4D99-9ABC-490AFB2A5E62}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{5969A7E8-BB75-4635-B6B8-9EA4D5E786BB}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe |
"TCP Query User{6AA42E09-B3A4-470C-92D6-605A1D52526F}C:\users\ho\appdata\local\programs\opera\opera.exe" = protocol=6 | dir=in | app=c:\users\ho\appdata\local\programs\opera\opera.exe |
"TCP Query User{CD4BDB21-D35D-4073-871C-057363507D6C}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"TCP Query User{D2AA83CC-9E53-4814-8740-986F72B37248}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{DDBD04B2-6D76-4AE1-B1EB-50A5D05FB52A}C:\program files (x86)\x-chat 2\xchat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\x-chat 2\xchat.exe |
"TCP Query User{F1C8FD9D-9F10-4A7F-8FDA-9F83BA75174C}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe |
"TCP Query User{FE0FEB95-FF23-44A2-A9AE-DBFCDAA639F6}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{1E341514-B3C1-46B6-9384-564D2C71441E}C:\program files (x86)\x-chat 2\xchat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\x-chat 2\xchat.exe |
"UDP Query User{21DD9B44-4687-42F5-B938-A50CCF0F3966}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe |
"UDP Query User{27DF5E8C-F3D1-4DA7-982B-46042C9F5F66}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{3DCCAB45-2E37-467F-BD8E-393F7A6FC929}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"UDP Query User{40D31FEC-EAC4-43D3-AD6D-3755506B1496}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{57BD31B5-ABD8-498A-AB7F-29B55BA54692}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe |
"UDP Query User{61FC1558-05A4-4A96-A9D6-57351B9AE202}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{B855A610-5158-4639-ACDF-BAD552C2D8E1}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{EC6EB127-4E9B-453F-BF3D-5EE6CB93D5A0}C:\users\ho\appdata\local\programs\opera\opera.exe" = protocol=17 | dir=in | app=c:\users\ho\appdata\local\programs\opera\opera.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04D42880-78A6-43EC-BAA8-7B1D1B2BB3E7}" = MySQL Server 5.5
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417015FF}" = Java 7 Update 15 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5CA882E6-4BF0-4E55-B290-6C4EAD6E586E}" = MySQL Server 5.5
"{64A3A4F4-B792-11D6-A78A-00B0D0170150}" = Java SE Development Kit 7 Update 15 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GIMP-2_is1" = GIMP 2.8.0
"LSI Soft Modem" = LSI USB 2.0 Soft Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"sp6" = Logitech SetPoint 6.32
"VLC media player" = VLC media player 2.0.5
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0DFFF131-8BA6-4236-850C-7279B9C446F1}" = LibreOffice 3.5
"{13223780-8ABA-4209-88A2-AB2AF464417D}" = MySQL Workbench 5.2 CE
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP 3.80
"{65A5E87D-7A3F-4819-807D-B86990D5F369}" = inSSIDer
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{71972D00-4596-11E2-B6EA-B8AC6F97B88E}" = Google Earth Plug-in
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.10.29
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0.2
"avast" = avast! Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"DVDFab 8 Qt_is1" = DVDFab 8.1.7.8 (17/04/2012) Qt
"ElsterFormular 13.1.1.8479p" = ElsterFormular
"foobar2000" = foobar2000 v1.1.13
"GanttProject" = GanttProject
"Git_is1" = Git version 1.7.10-preview20120409
"GnuCash_is1" = GnuCash 2.4.10
"IETester" = IETester v0.4.8 (remove only)
"ImgBurn" = ImgBurn
"Inkscape" = Inkscape 0.48.3.1
"LAME_is1" = LAME v3.99.3 (for Windows)
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"Mozilla Thunderbird 17.0.3 (x86 de)" = Mozilla Thunderbird 17.0.3 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Picasa 3" = Picasa 3
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"SMPlayer" = SMPlayer 0.8.1
"Steam App 10" = Counter-Strike
"TeamViewer 7" = TeamViewer 7
"TreeSize Free_is1" = TreeSize Free V2.7
"TrueCrypt" = TrueCrypt
"X-Chat 2_is1" = X-Chat 2.8.6-2
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.10.2012 13:00:27 | Computer Name = myoho | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: googledrivesync.exe, Version: 1.4.3365.1552,
Zeitstempel: 0x4fbf5043 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x290b0003 ID des fehlerhaften
Prozesses: 0x1ac4 Startzeit der fehlerhaften Anwendung: 0x01cda8bacd89a4a8 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Google\Drive\googledrivesync.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: a6ea5ca6-1620-11e2-8a04-001966e11ce0
Error - 14.10.2012 15:11:31 | Computer Name = myoho | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: googledrivesync.exe, Version: 1.4.3365.1552,
Zeitstempel: 0x4fbf5043 Name des fehlerhaften Moduls: python26.dll, Version: 2.6.4150.1013,
Zeitstempel: 0x4ae54ea8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b0005 ID des fehlerhaften
Prozesses: 0xf30 Startzeit der fehlerhaften Anwendung: 0x01cdaa387b9ce55c Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Google\Drive\googledrivesync.exe
Pfad
des fehlerhaften Moduls: C:\Users\ho\AppData\Local\Temp\_MEI33842\python26.dll Berichtskennung:
f5c27938-1632-11e2-bd1a-d0d8575181e7
Error - 20.10.2012 01:50:37 | Computer Name = myoho | Source = MsiInstaller | ID = 10005
Description =
Error - 08.01.2013 20:42:41 | Computer Name = myoho | Source = .NET Runtime Optimization Service | ID = 1107
Description =
Error - 16.01.2013 06:50:52 | Computer Name = myoho | Source = MsiInstaller | ID = 11500
Description =
Error - 16.01.2013 15:53:04 | Computer Name = myoho | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: googledrivesync64.dll, Version:
1.7.4018.3496, Zeitstempel: 0x509c54ba Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000049981
ID
des fehlerhaften Prozesses: 0xcc0 Startzeit der fehlerhaften Anwendung: 0x01cdee024a492659
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Program Files (x86)\Google\Drive\googledrivesync64.dll Berichtskennung: 56d199bc-6016-11e2-b440-001966e11ce0
Error - 23.01.2013 13:19:15 | Computer Name = myoho | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0x1348 Startzeit der fehlerhaften Anwendung: 0x01cdf4232a371e26
Pfad
der fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 02ecfd92-6581-11e2-b440-001966e11ce0
Error - 13.02.2013 20:04:49 | Computer Name = myoho | Source = MySQLInstaller.ExceptionLog | ID = 0
Description =
Error - 13.02.2013 20:18:43 | Computer Name = myoho | Source = .NET Runtime | ID = 1026
Description =
Error - 13.02.2013 20:18:43 | Computer Name = myoho | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MySQLWorkbench.exe, Version: 5.2.40.8790,
Zeitstempel: 0x4fa2f938 Name des fehlerhaften Moduls: grt.dll, Version: 0.0.0.0,
Zeitstempel: 0x4fa2e36b Ausnahmecode: 0xc0000005 Fehleroffset: 0x000017d8 ID des fehlerhaften
Prozesses: 0xd18 Startzeit der fehlerhaften Anwendung: 0x01ce0a48d0f70c78 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\MySQL\MySQL Workbench 5.2 CE\MySQLWorkbench.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\MySQL\MySQL Workbench 5.2 CE\grt.dll
Berichtskennung:
16da7266-763c-11e2-b17b-001966e11ce0
[ System Events ]
Error - 25.01.2013 05:55:10 | Computer Name = myoho | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 26.01.2013 13:53:33 | Computer Name = myoho | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 31.01.2013 20:35:42 | Computer Name = myoho | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 03.02.2013 14:06:33 | Computer Name = myoho | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 04.02.2013 02:28:40 | Computer Name = myoho | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 05.02.2013 14:37:13 | Computer Name = myoho | Source = DCOM | ID = 10005
Description =
Error - 05.02.2013 14:37:12 | Computer Name = myoho | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%109
Error - 06.02.2013 04:38:19 | Computer Name = myoho | Source = bowser | ID = 8003
Description =
Error - 06.02.2013 16:00:15 | Computer Name = myoho | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
Error - 08.02.2013 10:35:57 | Computer Name = myoho | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
< End of report >
Geändert von Beagles (21.02.2013 um 14:30 Uhr) |
|
21.02.2013, 14:31
| #2 |
| /// Malware-holic   | Infiziert? Avast meldete Blockieren bösartiger Website, Rechner startete neu hi
__________________hast du die Avast fundmeldung noch? falls ja, bitte mal als klartext posten
__________________ |
|
21.02.2013, 14:42
| #3 |
| | Infiziert? Avast meldete Blockieren bösartiger Website, Rechner startete neu ich weiß leider nicht, wie ich die Meldung finden kann.
__________________ |
|
21.02.2013, 14:43
| #4 |
| /// Malware-holic | Infiziert? Avast meldete Blockieren bösartiger Website, Rechner startete neu hi, musst dich mal durch avast klicken, habs grad selber nicht instaliert.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.02.2013, 14:51
| #5 |
| | Infiziert? Avast meldete Blockieren bösartiger Website, Rechner startete neu ich hab die logs im avast ordner durchstöbert und leider nichts gefunden. |
|
21.02.2013, 14:59
| #6 |
| /// Malware-holic | Infiziert? Avast meldete Blockieren bösartiger Website, Rechner startete neu Ok schaun wir mal. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Infiziert? Avast meldete Blockieren bösartiger Website, Rechner startete neu |
|
21.02.2013, 15:51
| #7 |
| | Infiziert? Avast meldete Blockieren bösartiger Website, Rechner startete neu Ich hab in der nshield.log von Avast doch noch was gefunden: Der neueste Eintrag ist der Fragliche - sieht ja fast so aus, als wäre ich regelmäßig auf Pornoseiten!?  Code:
ATTFilter 14.07.2012 22:28:18 Network Shield: blocked access to malicious site hxxp://www1.picfront.org/picture/eUVXOhYSr/img/261.jpg [ C:\Users\ho\AppData\Local\Google\Chrome\Application\chrome.exe ( 3784 ) ]
18.10.2012 11:04:47 Network Shield: blocked access to malicious site hxxp://potload.com/mz0mfompdk25 [ C:\Users\ho\AppData\Local\Google\Chrome\Application\chrome.exe ( 3920 ) ]
12.02.2013 11:09:42 Network Shield: blocked access to malicious site hxxp://cdn1.image.pornhub.phncdn.com/thumbs/004/289/519/small1.jpg [ C:\Users\ho\AppData\Local\Google\Chrome\Application\chrome.exe ( 8060 ) ]
19.02.2013 12:48:21 Network Shield: blocked access to malicious site hxxp://cdn1.image.pornhub.phncdn.com/users/003/843/409/av1347396605.jpg [ C:\Users\ho\AppData\Local\Google\Chrome\Application\chrome.exe ( 1248 ) ]
19.02.2013 12:48:24 Network Shield: blocked access to malicious site hxxp://cdn1.image.pornhub.phncdn.com/thumbs/005/026/209/small1.jpg [ C:\Users\ho\AppData\Local\Google\Chrome\Application\chrome.exe ( 1248 ) ]
19.02.2013 12:48:24 Network Shield: blocked access to malicious site hxxp://cdn1.image.pornhub.phncdn.com/thumbs/005/026/209/small2.jpg [ C:\Users\ho\AppData\Local\Google\Chrome\Application\chrome.exe ( 1248 ) ]
19.02.2013 12:48:25 Network Shield: blocked access to malicious site hxxp://cdn1.image.pornhub.phncdn.com/thumbs/005/026/209/small3.jpg [ C:\Users\ho\AppData\Local\Google\Chrome\Application\chrome.exe ( 1248 ) ]
20.02.2013 09:20:24 Network Shield: blocked access to malicious site hxxp://cdn1.static.pornhub.phncdn.com/js/playlist/playlist.js?cache=2013021901 [ C:\Users\ho\AppData\Local\Google\Chrome\Application\chrome.exe ( 1248 ) ]
20.02.2013 09:20:24 Network Shield: blocked access to malicious site hxxp://cdn1.static.pornhub.phncdn.com/css/common.css?cache=2013021902 [ C:\Users\ho\AppData\Local\Google\Chrome\Application\chrome.exe ( 1248 ) ]
20.02.2013 09:20:24 Network Shield: blocked access to malicious site hxxp://cdn1.static.pornhub.phncdn.com/css/buttons.css?cache=2013021401 [ C:\Users\ho\AppData\Local\Google\Chrome\Application\chrome.exe ( 1248 ) ]
20.02.2013 09:20:24 Network Shield: blocked access to malicious site hxxp://cdn1.static.pornhub.phncdn.com/flash/player2012.swf?cache=2013021901 [ C:\Users\ho\AppData\Local\Google\Chrome\Application\chrome.exe ( 1248 ) ]
20.02.2013 09:20:24 Network Shield: blocked access to malicious site hxxp://cdn1.static.pornhub.phncdn.com/images/sprite-pornhub-nf.png [ C:\Users\ho\AppData\Local\Google\Chrome\Application\chrome.exe ( 1248 ) ]
21.02.2013 10:35:59 Network Shield: blocked access to malicious site hxxp://cdn3.image.pornhub.phncdn.com/users/003/143/205/av4629.jpg [ C:\Users\ho\AppData\Local\Google\Chrome\Application\chrome.exe ( 1248 ) ]
Code:
ATTFilter 15:43:26.0266 5548 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:43:26.0556 5548 ============================================================
15:43:26.0556 5548 Current date / time: 2013/02/21 15:43:26.0556
15:43:26.0556 5548 SystemInfo:
15:43:26.0556 5548
15:43:26.0556 5548 OS Version: 6.1.7601 ServicePack: 1.0
15:43:26.0556 5548 Product type: Workstation
15:43:26.0556 5548 ComputerName: MYOHO
15:43:26.0556 5548 UserName: myo
15:43:26.0556 5548 Windows directory: C:\Windows
15:43:26.0556 5548 System windows directory: C:\Windows
15:43:26.0556 5548 Running under WOW64
15:43:26.0556 5548 Processor architecture: Intel x64
15:43:26.0556 5548 Number of processors: 2
15:43:26.0556 5548 Page size: 0x1000
15:43:26.0556 5548 Boot type: Normal boot
15:43:26.0556 5548 ============================================================
15:43:27.0360 5548 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
15:43:27.0381 5548 ============================================================
15:43:27.0381 5548 \Device\Harddisk0\DR0:
15:43:27.0381 5548 MBR partitions:
15:43:27.0381 5548 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:43:27.0381 5548 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x7FCC800
15:43:27.0381 5548 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7FFF000, BlocksNum 0x32386800
15:43:27.0381 5548 ============================================================
15:43:27.0398 5548 C: <-> \Device\Harddisk0\DR0\Partition2
15:43:27.0428 5548 D: <-> \Device\Harddisk0\DR0\Partition3
15:43:27.0429 5548 ============================================================
15:43:27.0429 5548 Initialize success
15:43:27.0429 5548 ============================================================
15:44:10.0949 5160 ============================================================
15:44:10.0949 5160 Scan started
15:44:10.0949 5160 Mode: Manual; SigCheck; TDLFS;
15:44:10.0949 5160 ============================================================
15:44:11.0355 5160 ================ Scan system memory ========================
15:44:11.0355 5160 System memory - ok
15:44:11.0355 5160 ================ Scan services =============================
15:44:11.0449 5160 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:44:11.0527 5160 1394ohci - ok
15:44:11.0542 5160 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:44:11.0574 5160 ACPI - ok
15:44:11.0589 5160 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:44:11.0605 5160 AcpiPmi - ok
15:44:11.0683 5160 [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:44:11.0699 5160 AdobeFlashPlayerUpdateSvc - ok
15:44:11.0730 5160 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:44:11.0761 5160 adp94xx - ok
15:44:11.0777 5160 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:44:11.0792 5160 adpahci - ok
15:44:11.0792 5160 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:44:11.0808 5160 adpu320 - ok
15:44:11.0839 5160 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:44:11.0886 5160 AeLookupSvc - ok
15:44:11.0933 5160 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:44:11.0949 5160 AFD - ok
15:44:12.0011 5160 [ 48008D4EA73C1058F36D323A644410D4 ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
15:44:12.0027 5160 AgereModemAudio - ok
15:44:12.0058 5160 [ D7CF6568AA20A5B5CDBFECD097B615DB ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
15:44:12.0105 5160 AgereSoftModem - ok
15:44:12.0136 5160 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:44:12.0152 5160 agp440 - ok
15:44:12.0183 5160 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:44:12.0214 5160 ALG - ok
15:44:12.0230 5160 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:44:12.0246 5160 aliide - ok
15:44:12.0261 5160 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:44:12.0277 5160 amdide - ok
15:44:12.0292 5160 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:44:12.0324 5160 AmdK8 - ok
15:44:12.0339 5160 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:44:12.0355 5160 AmdPPM - ok
15:44:12.0371 5160 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:44:12.0386 5160 amdsata - ok
15:44:12.0402 5160 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:44:12.0417 5160 amdsbs - ok
15:44:12.0433 5160 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:44:12.0433 5160 amdxata - ok
15:44:12.0480 5160 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:44:12.0527 5160 AppID - ok
15:44:12.0542 5160 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:44:12.0589 5160 AppIDSvc - ok
15:44:12.0621 5160 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:44:12.0652 5160 Appinfo - ok
15:44:12.0683 5160 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
15:44:12.0699 5160 AppMgmt - ok
15:44:12.0714 5160 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:44:12.0730 5160 arc - ok
15:44:12.0746 5160 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:44:12.0761 5160 arcsas - ok
15:44:12.0777 5160 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
15:44:12.0792 5160 aswFsBlk - ok
15:44:12.0824 5160 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
15:44:12.0839 5160 aswMonFlt - ok
15:44:12.0855 5160 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
15:44:12.0855 5160 aswRdr - ok
15:44:12.0886 5160 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
15:44:12.0902 5160 aswSnx - ok
15:44:12.0949 5160 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
15:44:12.0964 5160 aswSP - ok
15:44:13.0011 5160 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
15:44:13.0011 5160 aswTdi - ok
15:44:13.0042 5160 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:44:13.0105 5160 AsyncMac - ok
15:44:13.0121 5160 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:44:13.0136 5160 atapi - ok
15:44:13.0167 5160 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:44:13.0230 5160 AudioEndpointBuilder - ok
15:44:13.0246 5160 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:44:13.0277 5160 AudioSrv - ok
15:44:13.0324 5160 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:44:13.0339 5160 avast! Antivirus - ok
15:44:13.0371 5160 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:44:13.0402 5160 AxInstSV - ok
15:44:13.0449 5160 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:44:13.0480 5160 b06bdrv - ok
15:44:13.0511 5160 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:44:13.0542 5160 b57nd60a - ok
15:44:13.0558 5160 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:44:13.0589 5160 BDESVC - ok
15:44:13.0589 5160 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:44:13.0652 5160 Beep - ok
15:44:13.0714 5160 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:44:13.0746 5160 BFE - ok
15:44:13.0777 5160 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:44:13.0839 5160 BITS - ok
15:44:13.0855 5160 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:44:13.0886 5160 blbdrive - ok
15:44:13.0902 5160 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:44:13.0917 5160 bowser - ok
15:44:13.0933 5160 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:44:13.0964 5160 BrFiltLo - ok
15:44:13.0964 5160 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:44:13.0980 5160 BrFiltUp - ok
15:44:14.0011 5160 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:44:14.0027 5160 Browser - ok
15:44:14.0027 5160 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:44:14.0074 5160 Brserid - ok
15:44:14.0089 5160 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:44:14.0105 5160 BrSerWdm - ok
15:44:14.0121 5160 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:44:14.0136 5160 BrUsbMdm - ok
15:44:14.0152 5160 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:44:14.0167 5160 BrUsbSer - ok
15:44:14.0167 5160 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:44:14.0183 5160 BTHMODEM - ok
15:44:14.0214 5160 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:44:14.0246 5160 bthserv - ok
15:44:14.0261 5160 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:44:14.0292 5160 cdfs - ok
15:44:14.0339 5160 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:44:14.0371 5160 cdrom - ok
15:44:14.0402 5160 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:44:14.0433 5160 CertPropSvc - ok
15:44:14.0464 5160 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:44:14.0496 5160 circlass - ok
15:44:14.0511 5160 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:44:14.0527 5160 CLFS - ok
15:44:14.0589 5160 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:44:14.0605 5160 clr_optimization_v2.0.50727_32 - ok
15:44:14.0636 5160 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:44:14.0652 5160 clr_optimization_v2.0.50727_64 - ok
15:44:14.0683 5160 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:44:14.0699 5160 clr_optimization_v4.0.30319_32 - ok
15:44:14.0714 5160 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:44:14.0730 5160 clr_optimization_v4.0.30319_64 - ok
15:44:14.0746 5160 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:44:14.0777 5160 CmBatt - ok
15:44:14.0792 5160 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:44:14.0808 5160 cmdide - ok
15:44:14.0839 5160 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:44:14.0871 5160 CNG - ok
15:44:14.0902 5160 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:44:14.0902 5160 Compbatt - ok
15:44:14.0949 5160 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:44:14.0964 5160 CompositeBus - ok
15:44:14.0996 5160 COMSysApp - ok
15:44:14.0996 5160 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:44:15.0011 5160 crcdisk - ok
15:44:15.0042 5160 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:44:15.0058 5160 CryptSvc - ok
15:44:15.0089 5160 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
15:44:15.0136 5160 CSC - ok
15:44:15.0152 5160 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
15:44:15.0183 5160 CscService - ok
15:44:15.0214 5160 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:44:15.0261 5160 DcomLaunch - ok
15:44:15.0292 5160 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:44:15.0339 5160 defragsvc - ok
15:44:15.0371 5160 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:44:15.0417 5160 DfsC - ok
15:44:15.0433 5160 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:44:15.0464 5160 Dhcp - ok
15:44:15.0480 5160 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:44:15.0527 5160 discache - ok
15:44:15.0558 5160 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:44:15.0558 5160 Disk - ok
15:44:15.0589 5160 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:44:15.0621 5160 Dnscache - ok
15:44:15.0652 5160 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:44:15.0699 5160 dot3svc - ok
15:44:15.0714 5160 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:44:15.0761 5160 DPS - ok
15:44:15.0792 5160 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:44:15.0808 5160 drmkaud - ok
15:44:15.0855 5160 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:44:15.0871 5160 dtsoftbus01 - ok
15:44:15.0902 5160 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:44:15.0933 5160 DXGKrnl - ok
15:44:15.0949 5160 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:44:15.0996 5160 EapHost - ok
15:44:16.0058 5160 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:44:16.0121 5160 ebdrv - ok
15:44:16.0136 5160 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:44:16.0167 5160 EFS - ok
15:44:16.0214 5160 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:44:16.0246 5160 ehRecvr - ok
15:44:16.0277 5160 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:44:16.0292 5160 ehSched - ok
15:44:16.0308 5160 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:44:16.0339 5160 elxstor - ok
15:44:16.0355 5160 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:44:16.0371 5160 ErrDev - ok
15:44:16.0402 5160 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:44:16.0449 5160 EventSystem - ok
15:44:16.0464 5160 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:44:16.0496 5160 exfat - ok
15:44:16.0527 5160 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:44:16.0558 5160 fastfat - ok
15:44:16.0621 5160 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:44:16.0652 5160 Fax - ok
15:44:16.0667 5160 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:44:16.0699 5160 fdc - ok
15:44:16.0730 5160 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:44:16.0777 5160 fdPHost - ok
15:44:16.0777 5160 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:44:16.0824 5160 FDResPub - ok
15:44:16.0855 5160 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:44:16.0871 5160 FileInfo - ok
15:44:16.0886 5160 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:44:16.0917 5160 Filetrace - ok
15:44:16.0933 5160 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:44:16.0949 5160 flpydisk - ok
15:44:16.0996 5160 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:44:17.0011 5160 FltMgr - ok
15:44:17.0042 5160 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:44:17.0089 5160 FontCache - ok
15:44:17.0136 5160 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:44:17.0152 5160 FontCache3.0.0.0 - ok
15:44:17.0167 5160 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:44:17.0183 5160 FsDepends - ok
15:44:17.0199 5160 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:44:17.0214 5160 Fs_Rec - ok
15:44:17.0261 5160 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:44:17.0277 5160 fvevol - ok
15:44:17.0292 5160 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:44:17.0308 5160 gagp30kx - ok
15:44:17.0339 5160 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:44:17.0402 5160 gpsvc - ok
15:44:17.0496 5160 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:44:17.0511 5160 gupdate - ok
15:44:17.0527 5160 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:44:17.0527 5160 gupdatem - ok
15:44:17.0558 5160 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:44:17.0574 5160 gusvc - ok
15:44:17.0589 5160 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:44:17.0621 5160 hcw85cir - ok
15:44:17.0667 5160 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:44:17.0699 5160 HdAudAddService - ok
15:44:17.0730 5160 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:44:17.0746 5160 HDAudBus - ok
15:44:17.0761 5160 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:44:17.0792 5160 HidBatt - ok
15:44:17.0808 5160 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:44:17.0839 5160 HidBth - ok
15:44:17.0855 5160 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:44:17.0871 5160 HidIr - ok
15:44:17.0902 5160 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:44:17.0933 5160 hidserv - ok
15:44:17.0980 5160 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:44:17.0996 5160 HidUsb - ok
15:44:18.0027 5160 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:44:18.0089 5160 hkmsvc - ok
15:44:18.0105 5160 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:44:18.0136 5160 HomeGroupListener - ok
15:44:18.0152 5160 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:44:18.0183 5160 HomeGroupProvider - ok
15:44:18.0214 5160 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:44:18.0230 5160 HpSAMD - ok
15:44:18.0261 5160 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:44:18.0324 5160 HTTP - ok
15:44:18.0339 5160 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:44:18.0355 5160 hwpolicy - ok
15:44:18.0371 5160 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:44:18.0386 5160 i8042prt - ok
15:44:18.0402 5160 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:44:18.0433 5160 iaStorV - ok
15:44:18.0464 5160 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:44:18.0480 5160 idsvc - ok
15:44:18.0511 5160 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:44:18.0527 5160 iirsp - ok
15:44:18.0574 5160 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:44:18.0621 5160 IKEEXT - ok
15:44:18.0636 5160 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:44:18.0652 5160 intelide - ok
15:44:18.0667 5160 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:44:18.0683 5160 intelppm - ok
15:44:18.0699 5160 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:44:18.0746 5160 IPBusEnum - ok
15:44:18.0761 5160 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:44:18.0792 5160 IpFilterDriver - ok
15:44:18.0839 5160 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:44:18.0871 5160 iphlpsvc - ok
15:44:18.0886 5160 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:44:18.0902 5160 IPMIDRV - ok
15:44:18.0917 5160 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:44:18.0964 5160 IPNAT - ok
15:44:18.0980 5160 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:44:19.0011 5160 IRENUM - ok
15:44:19.0027 5160 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:44:19.0042 5160 isapnp - ok
15:44:19.0058 5160 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:44:19.0074 5160 iScsiPrt - ok
15:44:19.0105 5160 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:44:19.0105 5160 kbdclass - ok
15:44:19.0136 5160 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:44:19.0167 5160 kbdhid - ok
15:44:19.0183 5160 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:44:19.0199 5160 KeyIso - ok
15:44:19.0214 5160 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:44:19.0230 5160 KSecDD - ok
15:44:19.0261 5160 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:44:19.0277 5160 KSecPkg - ok
15:44:19.0292 5160 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:44:19.0339 5160 ksthunk - ok
15:44:19.0355 5160 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:44:19.0402 5160 KtmRm - ok
15:44:19.0449 5160 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:44:19.0496 5160 LanmanServer - ok
15:44:19.0527 5160 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:44:19.0574 5160 LanmanWorkstation - ok
15:44:19.0652 5160 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
15:44:19.0667 5160 LBTServ - ok
15:44:19.0699 5160 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:44:19.0714 5160 LHidFilt - ok
15:44:19.0730 5160 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:44:19.0777 5160 lltdio - ok
15:44:19.0792 5160 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:44:19.0839 5160 lltdsvc - ok
15:44:19.0855 5160 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:44:19.0886 5160 lmhosts - ok
15:44:19.0933 5160 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:44:19.0933 5160 LMouFilt - ok
15:44:19.0964 5160 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:44:19.0980 5160 LSI_FC - ok
15:44:19.0996 5160 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:44:20.0011 5160 LSI_SAS - ok
15:44:20.0027 5160 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:44:20.0027 5160 LSI_SAS2 - ok
15:44:20.0042 5160 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:44:20.0058 5160 LSI_SCSI - ok
15:44:20.0074 5160 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:44:20.0121 5160 luafv - ok
15:44:20.0136 5160 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:44:20.0167 5160 Mcx2Svc - ok
15:44:20.0183 5160 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:44:20.0199 5160 megasas - ok
15:44:20.0214 5160 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:44:20.0230 5160 MegaSR - ok
15:44:20.0246 5160 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:44:20.0292 5160 MMCSS - ok
15:44:20.0324 5160 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:44:20.0355 5160 Modem - ok
15:44:20.0386 5160 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:44:20.0402 5160 monitor - ok
15:44:20.0417 5160 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:44:20.0433 5160 mouclass - ok
15:44:20.0464 5160 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:44:20.0464 5160 mouhid - ok
15:44:20.0496 5160 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:44:20.0511 5160 mountmgr - ok
15:44:20.0558 5160 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:44:20.0574 5160 MozillaMaintenance - ok
15:44:20.0589 5160 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:44:20.0605 5160 mpio - ok
15:44:20.0605 5160 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:44:20.0636 5160 mpsdrv - ok
15:44:20.0683 5160 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:44:20.0746 5160 MpsSvc - ok
15:44:20.0761 5160 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:44:20.0792 5160 MRxDAV - ok
15:44:20.0824 5160 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:44:20.0839 5160 mrxsmb - ok
15:44:20.0839 5160 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:44:20.0871 5160 mrxsmb10 - ok
15:44:20.0902 5160 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:44:20.0902 5160 mrxsmb20 - ok
15:44:20.0917 5160 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:44:20.0933 5160 msahci - ok
15:44:20.0964 5160 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:44:20.0980 5160 msdsm - ok
15:44:20.0980 5160 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:44:21.0011 5160 MSDTC - ok
15:44:21.0042 5160 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:44:21.0089 5160 Msfs - ok
15:44:21.0089 5160 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:44:21.0136 5160 mshidkmdf - ok
15:44:21.0152 5160 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:44:21.0167 5160 msisadrv - ok
15:44:21.0183 5160 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:44:21.0230 5160 MSiSCSI - ok
15:44:21.0230 5160 msiserver - ok
15:44:21.0261 5160 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:44:21.0308 5160 MSKSSRV - ok
15:44:21.0324 5160 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:44:21.0355 5160 MSPCLOCK - ok
15:44:21.0371 5160 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:44:21.0417 5160 MSPQM - ok
15:44:21.0449 5160 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:44:21.0464 5160 MsRPC - ok
15:44:21.0496 5160 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:44:21.0496 5160 mssmbios - ok
15:44:21.0527 5160 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:44:21.0558 5160 MSTEE - ok
15:44:21.0574 5160 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:44:21.0574 5160 MTConfig - ok
15:44:21.0605 5160 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:44:21.0621 5160 Mup - ok
15:44:21.0652 5160 MySQL - ok
15:44:21.0683 5160 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:44:21.0730 5160 napagent - ok
15:44:21.0761 5160 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:44:21.0792 5160 NativeWifiP - ok
15:44:21.0855 5160 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:44:21.0886 5160 NDIS - ok
15:44:21.0917 5160 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:44:21.0949 5160 NdisCap - ok
15:44:21.0964 5160 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:44:22.0011 5160 NdisTapi - ok
15:44:22.0042 5160 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:44:22.0089 5160 Ndisuio - ok
15:44:22.0105 5160 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:44:22.0152 5160 NdisWan - ok
15:44:22.0183 5160 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:44:22.0214 5160 NDProxy - ok
15:44:22.0246 5160 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:44:22.0277 5160 NetBIOS - ok
15:44:22.0308 5160 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:44:22.0355 5160 NetBT - ok
15:44:22.0371 5160 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:44:22.0386 5160 Netlogon - ok
15:44:22.0402 5160 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:44:22.0449 5160 Netman - ok
15:44:22.0464 5160 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:44:22.0511 5160 netprofm - ok
15:44:22.0527 5160 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:44:22.0542 5160 NetTcpPortSharing - ok
15:44:22.0558 5160 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:44:22.0574 5160 nfrd960 - ok
15:44:22.0605 5160 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:44:22.0636 5160 NlaSvc - ok
15:44:22.0652 5160 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:44:22.0699 5160 Npfs - ok
15:44:22.0714 5160 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:44:22.0761 5160 nsi - ok
15:44:22.0777 5160 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:44:22.0824 5160 nsiproxy - ok
15:44:22.0855 5160 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:44:22.0917 5160 Ntfs - ok
15:44:22.0917 5160 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:44:22.0964 5160 Null - ok
15:44:23.0121 5160 [ 26AA3C7E6E1DB7107BF93503F6F57E88 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:44:23.0277 5160 nvlddmkm - ok
15:44:23.0292 5160 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:44:23.0308 5160 nvraid - ok
15:44:23.0324 5160 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:44:23.0339 5160 nvstor - ok
15:44:23.0402 5160 [ A83AC04D672567CAF8BE7A4D73C0B850 ] nvsvc C:\Windows\system32\nvvsvc.exe
15:44:23.0417 5160 nvsvc - ok
15:44:23.0480 5160 [ FB660F80BDC4F13D594996976AFAECD9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:44:23.0527 5160 nvUpdatusService - ok
15:44:23.0542 5160 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:44:23.0558 5160 nv_agp - ok
15:44:23.0574 5160 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:44:23.0589 5160 ohci1394 - ok
15:44:23.0621 5160 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:44:23.0636 5160 p2pimsvc - ok
15:44:23.0667 5160 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:44:23.0683 5160 p2psvc - ok
15:44:23.0699 5160 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:44:23.0714 5160 Parport - ok
15:44:23.0746 5160 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:44:23.0761 5160 partmgr - ok
15:44:23.0777 5160 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:44:23.0792 5160 PcaSvc - ok
15:44:23.0808 5160 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:44:23.0824 5160 pci - ok
15:44:23.0839 5160 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:44:23.0855 5160 pciide - ok
15:44:23.0855 5160 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:44:23.0871 5160 pcmcia - ok
15:44:23.0886 5160 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:44:23.0902 5160 pcw - ok
15:44:23.0917 5160 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:44:23.0964 5160 PEAUTH - ok
15:44:23.0996 5160 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:44:24.0058 5160 PeerDistSvc - ok
15:44:24.0105 5160 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:44:24.0121 5160 PerfHost - ok
15:44:24.0167 5160 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:44:24.0246 5160 pla - ok
15:44:24.0292 5160 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:44:24.0308 5160 PlugPlay - ok
15:44:24.0339 5160 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:44:24.0355 5160 PNRPAutoReg - ok
15:44:24.0386 5160 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:44:24.0402 5160 PNRPsvc - ok
15:44:24.0417 5160 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:44:24.0480 5160 PolicyAgent - ok
15:44:24.0496 5160 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:44:24.0542 5160 Power - ok
15:44:24.0574 5160 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:44:24.0621 5160 PptpMiniport - ok
15:44:24.0636 5160 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:44:24.0652 5160 Processor - ok
15:44:24.0699 5160 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:44:24.0730 5160 ProfSvc - ok
15:44:24.0746 5160 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:44:24.0761 5160 ProtectedStorage - ok
15:44:24.0792 5160 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:44:24.0839 5160 Psched - ok
15:44:24.0886 5160 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
15:44:24.0886 5160 PSI - ok
15:44:24.0933 5160 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:44:24.0980 5160 ql2300 - ok
15:44:24.0996 5160 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:44:25.0011 5160 ql40xx - ok
15:44:25.0027 5160 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:44:25.0074 5160 QWAVE - ok
15:44:25.0089 5160 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:44:25.0121 5160 QWAVEdrv - ok
15:44:25.0136 5160 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:44:25.0167 5160 RasAcd - ok
15:44:25.0199 5160 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:44:25.0230 5160 RasAgileVpn - ok
15:44:25.0246 5160 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:44:25.0292 5160 RasAuto - ok
15:44:25.0308 5160 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:44:25.0355 5160 Rasl2tp - ok
15:44:25.0386 5160 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:44:25.0417 5160 RasMan - ok
15:44:25.0433 5160 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:44:25.0464 5160 RasPppoe - ok
15:44:25.0496 5160 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:44:25.0542 5160 RasSstp - ok
15:44:25.0574 5160 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:44:25.0605 5160 rdbss - ok
15:44:25.0621 5160 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:44:25.0636 5160 rdpbus - ok
15:44:25.0636 5160 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:44:25.0667 5160 RDPCDD - ok
15:44:25.0699 5160 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:44:25.0714 5160 RDPDR - ok
15:44:25.0746 5160 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:44:25.0792 5160 RDPENCDD - ok
15:44:25.0808 5160 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:44:25.0839 5160 RDPREFMP - ok
15:44:25.0855 5160 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:44:25.0886 5160 RdpVideoMiniport - ok
15:44:25.0902 5160 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:44:25.0933 5160 RDPWD - ok
15:44:25.0964 5160 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:44:25.0980 5160 rdyboost - ok
15:44:25.0996 5160 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:44:26.0042 5160 RemoteAccess - ok
15:44:26.0074 5160 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:44:26.0121 5160 RemoteRegistry - ok
15:44:26.0136 5160 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:44:26.0183 5160 RpcEptMapper - ok
15:44:26.0199 5160 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:44:26.0214 5160 RpcLocator - ok
15:44:26.0261 5160 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:44:26.0292 5160 RpcSs - ok
15:44:26.0324 5160 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:44:26.0355 5160 rspndr - ok
15:44:26.0371 5160 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:44:26.0402 5160 RTL8167 - ok
15:44:26.0433 5160 [ 945AB249D12CBE044782430C6013AA1A ] RTL8187B C:\Windows\system32\DRIVERS\rtl8187B.sys
15:44:26.0449 5160 RTL8187B - ok
15:44:26.0480 5160 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
15:44:26.0511 5160 s3cap - ok
15:44:26.0511 5160 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:44:26.0527 5160 SamSs - ok
15:44:26.0542 5160 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:44:26.0558 5160 sbp2port - ok
15:44:26.0574 5160 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:44:26.0621 5160 SCardSvr - ok
15:44:26.0652 5160 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:44:26.0683 5160 scfilter - ok
15:44:26.0730 5160 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:44:26.0792 5160 Schedule - ok
15:44:26.0824 5160 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:44:26.0855 5160 SCPolicySvc - ok
15:44:26.0871 5160 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:44:26.0886 5160 SDRSVC - ok
15:44:26.0917 5160 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:44:26.0964 5160 secdrv - ok
15:44:26.0980 5160 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:44:27.0011 5160 seclogon - ok
15:44:27.0074 5160 [ 5B66DB4877BBAC9F7493AA8D84421E49 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
15:44:27.0105 5160 Secunia PSI Agent - ok
15:44:27.0121 5160 [ 0E88FDF474F2CDD370A4A6CE77D018F0 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
15:44:27.0136 5160 Secunia Update Agent - ok
15:44:27.0167 5160 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:44:27.0261 5160 SENS - ok
15:44:27.0324 5160 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:44:27.0355 5160 SensrSvc - ok
15:44:27.0371 5160 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:44:27.0402 5160 Serenum - ok
15:44:27.0433 5160 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:44:27.0449 5160 Serial - ok
15:44:27.0464 5160 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:44:27.0496 5160 sermouse - ok
15:44:27.0527 5160 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:44:27.0574 5160 SessionEnv - ok
15:44:27.0589 5160 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:44:27.0605 5160 sffdisk - ok
15:44:27.0621 5160 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:44:27.0652 5160 sffp_mmc - ok
15:44:27.0667 5160 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:44:27.0699 5160 sffp_sd - ok
15:44:27.0714 5160 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:44:27.0730 5160 sfloppy - ok
15:44:27.0746 5160 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:44:27.0792 5160 SharedAccess - ok
15:44:27.0824 5160 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:44:27.0855 5160 ShellHWDetection - ok
15:44:27.0871 5160 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:44:27.0886 5160 SiSRaid2 - ok
15:44:27.0902 5160 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:44:27.0917 5160 SiSRaid4 - ok
15:44:27.0964 5160 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:44:27.0964 5160 SkypeUpdate - ok
15:44:27.0996 5160 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:44:28.0027 5160 Smb - ok
15:44:28.0074 5160 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:44:28.0089 5160 SNMPTRAP - ok
15:44:28.0105 5160 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:44:28.0121 5160 spldr - ok
15:44:28.0152 5160 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:44:28.0183 5160 Spooler - ok
15:44:28.0246 5160 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:44:28.0355 5160 sppsvc - ok
15:44:28.0386 5160 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:44:28.0417 5160 sppuinotify - ok
15:44:28.0464 5160 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:44:28.0496 5160 srv - ok
15:44:28.0511 5160 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:44:28.0527 5160 srv2 - ok
15:44:28.0558 5160 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:44:28.0589 5160 srvnet - ok
15:44:28.0621 5160 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:44:28.0652 5160 SSDPSRV - ok
15:44:28.0667 5160 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:44:28.0714 5160 SstpSvc - ok
15:44:28.0746 5160 Steam Client Service - ok
15:44:28.0761 5160 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:44:28.0777 5160 stexstor - ok
15:44:28.0808 5160 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:44:28.0855 5160 stisvc - ok
15:44:28.0886 5160 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
15:44:28.0886 5160 storflt - ok
15:44:28.0902 5160 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:44:28.0917 5160 storvsc - ok
15:44:28.0917 5160 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:44:28.0933 5160 swenum - ok
15:44:28.0964 5160 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:44:29.0011 5160 swprv - ok
15:44:29.0011 5160 Synth3dVsc - ok
15:44:29.0074 5160 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:44:29.0136 5160 SysMain - ok
15:44:29.0167 5160 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:44:29.0183 5160 TabletInputService - ok
15:44:29.0214 5160 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:44:29.0261 5160 TapiSrv - ok
15:44:29.0277 5160 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:44:29.0324 5160 TBS - ok
15:44:29.0371 5160 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:44:29.0417 5160 Tcpip - ok
15:44:29.0464 5160 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:44:29.0496 5160 TCPIP6 - ok
15:44:29.0527 5160 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:44:29.0558 5160 tcpipreg - ok
15:44:29.0574 5160 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:44:29.0589 5160 TDPIPE - ok
15:44:29.0605 5160 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:44:29.0636 5160 TDTCP - ok
15:44:29.0683 5160 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:44:29.0714 5160 tdx - ok
15:44:29.0808 5160 [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
15:44:29.0839 5160 TeamViewer7 - ok
15:44:29.0871 5160 [ F5520DBB47C60EE83024B38720ABDA24 ] teamviewervpn C:\Windows\system32\DRIVERS\teamviewervpn.sys
15:44:29.0886 5160 teamviewervpn - ok
15:44:29.0902 5160 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:44:29.0917 5160 TermDD - ok
15:44:29.0933 5160 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:44:29.0996 5160 TermService - ok
15:44:30.0011 5160 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:44:30.0042 5160 Themes - ok
15:44:30.0058 5160 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:44:30.0089 5160 THREADORDER - ok
15:44:30.0105 5160 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:44:30.0152 5160 TrkWks - ok
15:44:30.0199 5160 [ 370A6907DDF79532A39319492B1FA38A ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
15:44:30.0214 5160 truecrypt - ok
15:44:30.0261 5160 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:44:30.0308 5160 TrustedInstaller - ok
15:44:30.0324 5160 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:44:30.0355 5160 tssecsrv - ok
15:44:30.0386 5160 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:44:30.0402 5160 TsUsbFlt - ok
15:44:30.0402 5160 tsusbhub - ok
15:44:30.0449 5160 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:44:30.0480 5160 tunnel - ok
15:44:30.0511 5160 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:44:30.0527 5160 uagp35 - ok
15:44:30.0558 5160 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:44:30.0589 5160 udfs - ok
15:44:30.0621 5160 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:44:30.0636 5160 UI0Detect - ok
15:44:30.0652 5160 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:44:30.0667 5160 uliagpkx - ok
15:44:30.0683 5160 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
15:44:30.0714 5160 umbus - ok
15:44:30.0730 5160 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:44:30.0746 5160 UmPass - ok
15:44:30.0777 5160 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
15:44:30.0808 5160 UmRdpService - ok
15:44:30.0839 5160 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:44:30.0871 5160 upnphost - ok
15:44:30.0902 5160 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:44:30.0917 5160 usbaudio - ok
15:44:30.0949 5160 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:44:30.0964 5160 usbccgp - ok
15:44:30.0980 5160 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:44:31.0011 5160 usbcir - ok
15:44:31.0027 5160 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:44:31.0058 5160 usbehci - ok
15:44:31.0074 5160 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:44:31.0105 5160 usbhub - ok
15:44:31.0121 5160 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:44:31.0136 5160 usbohci - ok
15:44:31.0167 5160 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:44:31.0183 5160 usbprint - ok
15:44:31.0230 5160 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:44:31.0261 5160 usbscan - ok
15:44:31.0261 5160 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:44:31.0292 5160 USBSTOR - ok
15:44:31.0308 5160 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:44:31.0324 5160 usbuhci - ok
15:44:31.0355 5160 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:44:31.0402 5160 UxSms - ok
15:44:31.0417 5160 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:44:31.0433 5160 VaultSvc - ok
15:44:31.0449 5160 [ 57A6B43FB25B965869837350A6F1DA9E ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
15:44:31.0464 5160 VBoxNetAdp - ok
15:44:31.0480 5160 VBoxNetFlt - ok
15:44:31.0511 5160 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:44:31.0527 5160 vdrvroot - ok
15:44:31.0558 5160 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:44:31.0605 5160 vds - ok
15:44:31.0636 5160 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:44:31.0652 5160 vga - ok
15:44:31.0667 5160 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:44:31.0699 5160 VgaSave - ok
15:44:31.0730 5160 VGPU - ok
15:44:31.0746 5160 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:44:31.0761 5160 vhdmp - ok
15:44:31.0792 5160 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:44:31.0808 5160 viaide - ok
15:44:31.0824 5160 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
15:44:31.0839 5160 vmbus - ok
15:44:31.0855 5160 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
15:44:31.0871 5160 VMBusHID - ok
15:44:31.0886 5160 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:44:31.0902 5160 volmgr - ok
15:44:31.0933 5160 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:44:31.0949 5160 volmgrx - ok
15:44:31.0964 5160 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:44:31.0980 5160 volsnap - ok
15:44:31.0996 5160 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:44:32.0011 5160 vsmraid - ok
15:44:32.0058 5160 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:44:32.0136 5160 VSS - ok
15:44:32.0136 5160 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:44:32.0167 5160 vwifibus - ok
15:44:32.0199 5160 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:44:32.0214 5160 vwififlt - ok
15:44:32.0246 5160 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:44:32.0277 5160 W32Time - ok
15:44:32.0292 5160 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:44:32.0324 5160 WacomPen - ok
15:44:32.0386 5160 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:44:32.0464 5160 WANARP - ok
15:44:32.0527 5160 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:44:32.0558 5160 Wanarpv6 - ok
15:44:32.0605 5160 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:44:32.0636 5160 WatAdminSvc - ok
15:44:32.0683 5160 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:44:32.0730 5160 wbengine - ok
15:44:32.0761 5160 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:44:32.0777 5160 WbioSrvc - ok
15:44:32.0808 5160 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:44:32.0839 5160 wcncsvc - ok
15:44:32.0855 5160 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:44:32.0871 5160 WcsPlugInService - ok
15:44:32.0902 5160 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:44:32.0917 5160 Wd - ok
15:44:32.0949 5160 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:44:32.0980 5160 Wdf01000 - ok
15:44:32.0996 5160 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:44:33.0027 5160 WdiServiceHost - ok
15:44:33.0027 5160 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:44:33.0042 5160 WdiSystemHost - ok
15:44:33.0074 5160 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:44:33.0105 5160 WebClient - ok
15:44:33.0136 5160 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:44:33.0167 5160 Wecsvc - ok
15:44:33.0183 5160 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:44:33.0214 5160 wercplsupport - ok
15:44:33.0246 5160 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:44:33.0277 5160 WerSvc - ok
15:44:33.0308 5160 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:44:33.0339 5160 WfpLwf - ok
15:44:33.0339 5160 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:44:33.0355 5160 WIMMount - ok
15:44:33.0355 5160 WinDefend - ok
15:44:33.0371 5160 WinHttpAutoProxySvc - ok
15:44:33.0402 5160 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:44:33.0433 5160 Winmgmt - ok
15:44:33.0496 5160 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:44:33.0558 5160 WinRM - ok
15:44:33.0605 5160 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:44:33.0621 5160 WinUsb - ok
15:44:33.0652 5160 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:44:33.0699 5160 Wlansvc - ok
15:44:33.0714 5160 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:44:33.0730 5160 WmiAcpi - ok
15:44:33.0761 5160 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:44:33.0777 5160 wmiApSrv - ok
15:44:33.0808 5160 WMPNetworkSvc - ok
15:44:33.0824 5160 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:44:33.0839 5160 WPCSvc - ok
15:44:33.0871 5160 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:44:33.0886 5160 WPDBusEnum - ok
15:44:33.0902 5160 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:44:33.0949 5160 ws2ifsl - ok
15:44:33.0964 5160 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:44:33.0996 5160 wscsvc - ok
15:44:33.0996 5160 WSearch - ok
15:44:34.0058 5160 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:44:34.0121 5160 wuauserv - ok
15:44:34.0136 5160 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:44:34.0167 5160 WudfPf - ok
15:44:34.0183 5160 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:44:34.0199 5160 WUDFRd - ok
15:44:34.0246 5160 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:44:34.0261 5160 wudfsvc - ok
15:44:34.0292 5160 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:44:34.0324 5160 WwanSvc - ok
15:44:34.0324 5160 ================ Scan global ===============================
15:44:34.0339 5160 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:44:34.0371 5160 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:44:34.0386 5160 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:44:34.0402 5160 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:44:34.0417 5160 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:44:34.0433 5160 [Global] - ok
15:44:34.0433 5160 ================ Scan MBR ==================================
15:44:34.0433 5160 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:44:34.0855 5160 \Device\Harddisk0\DR0 - ok
15:44:34.0855 5160 ================ Scan VBR ==================================
15:44:34.0855 5160 [ 06C6B5FBF9F7F17C0D96E475FE3F2638 ] \Device\Harddisk0\DR0\Partition1
15:44:34.0855 5160 \Device\Harddisk0\DR0\Partition1 - ok
15:44:34.0886 5160 [ F8BEFBDFBE10FC2AA0D8DFB0A48EE1AD ] \Device\Harddisk0\DR0\Partition2
15:44:34.0886 5160 \Device\Harddisk0\DR0\Partition2 - ok
15:44:34.0886 5160 [ 89391F71FE6FA9B1792526E0C14BAA51 ] \Device\Harddisk0\DR0\Partition3
15:44:34.0902 5160 \Device\Harddisk0\DR0\Partition3 - ok
15:44:34.0902 5160 ============================================================
15:44:34.0902 5160 Scan finished
15:44:34.0902 5160 ============================================================
15:44:34.0902 4664 Detected object count: 0
15:44:34.0902 4664 Actual detected object count: 0
15:45:27.0714 1576 Deinitialize success
|
|
21.02.2013, 16:01
| #8 |
| /// Malware-holic | Infiziert? Avast meldete Blockieren bösartiger Website, Rechner startete neu Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.02.2013, 16:45
| #9 |
| | Infiziert? Avast meldete Blockieren bösartiger Website, Rechner startete neu Combofix-Log: Code:
ATTFilter ComboFix 13-02-21.02 - myo 21.02.2013 16:33:57.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4095.2803 [GMT 1:00]
ausgeführt von:: d:\desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\isRS-000.tmp
c:\windows\SysWow64\muzapp.exe
.
----- Datei Replikatoren -----
.
c:\program files (x86)\Git\libexec\git-core\git-add.exe
c:\program files (x86)\Git\libexec\git-core\git-annotate.exe
c:\program files (x86)\Git\libexec\git-core\git-apply.exe
c:\program files (x86)\Git\libexec\git-core\git-archive.exe
c:\program files (x86)\Git\libexec\git-core\git-bisect--helper.exe
c:\program files (x86)\Git\libexec\git-core\git-blame.exe
c:\program files (x86)\Git\libexec\git-core\git-branch.exe
c:\program files (x86)\Git\libexec\git-core\git-bundle.exe
c:\program files (x86)\Git\libexec\git-core\git-cat-file.exe
c:\program files (x86)\Git\libexec\git-core\git-check-attr.exe
c:\program files (x86)\Git\libexec\git-core\git-check-ref-format.exe
c:\program files (x86)\Git\libexec\git-core\git-checkout-index.exe
c:\program files (x86)\Git\libexec\git-core\git-checkout.exe
c:\program files (x86)\Git\libexec\git-core\git-cherry-pick.exe
c:\program files (x86)\Git\libexec\git-core\git-cherry.exe
c:\program files (x86)\Git\libexec\git-core\git-clean.exe
c:\program files (x86)\Git\libexec\git-core\git-clone.exe
c:\program files (x86)\Git\libexec\git-core\git-commit-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-commit.exe
c:\program files (x86)\Git\libexec\git-core\git-config.exe
c:\program files (x86)\Git\libexec\git-core\git-count-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-describe.exe
c:\program files (x86)\Git\libexec\git-core\git-diff-files.exe
c:\program files (x86)\Git\libexec\git-core\git-diff-index.exe
c:\program files (x86)\Git\libexec\git-core\git-diff-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-diff.exe
c:\program files (x86)\Git\libexec\git-core\git-fast-export.exe
c:\program files (x86)\Git\libexec\git-core\git-fetch-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-fetch.exe
c:\program files (x86)\Git\libexec\git-core\git-fmt-merge-msg.exe
c:\program files (x86)\Git\libexec\git-core\git-for-each-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-format-patch.exe
c:\program files (x86)\Git\libexec\git-core\git-fsck-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-fsck.exe
c:\program files (x86)\Git\libexec\git-core\git-gc.exe
c:\program files (x86)\Git\libexec\git-core\git-get-tar-commit-id.exe
c:\program files (x86)\Git\libexec\git-core\git-grep.exe
c:\program files (x86)\Git\libexec\git-core\git-hash-object.exe
c:\program files (x86)\Git\libexec\git-core\git-help.exe
c:\program files (x86)\Git\libexec\git-core\git-index-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-init-db.exe
c:\program files (x86)\Git\libexec\git-core\git-init.exe
c:\program files (x86)\Git\libexec\git-core\git-log.exe
c:\program files (x86)\Git\libexec\git-core\git-ls-files.exe
c:\program files (x86)\Git\libexec\git-core\git-ls-remote.exe
c:\program files (x86)\Git\libexec\git-core\git-ls-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-mailinfo.exe
c:\program files (x86)\Git\libexec\git-core\git-mailsplit.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-base.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-file.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-index.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-ours.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-recursive.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-subtree.exe
c:\program files (x86)\Git\libexec\git-core\git-merge-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-merge.exe
c:\program files (x86)\Git\libexec\git-core\git-mktag.exe
c:\program files (x86)\Git\libexec\git-core\git-mktree.exe
c:\program files (x86)\Git\libexec\git-core\git-mv.exe
c:\program files (x86)\Git\libexec\git-core\git-name-rev.exe
c:\program files (x86)\Git\libexec\git-core\git-notes.exe
c:\program files (x86)\Git\libexec\git-core\git-pack-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-pack-redundant.exe
c:\program files (x86)\Git\libexec\git-core\git-pack-refs.exe
c:\program files (x86)\Git\libexec\git-core\git-patch-id.exe
c:\program files (x86)\Git\libexec\git-core\git-peek-remote.exe
c:\program files (x86)\Git\libexec\git-core\git-prune-packed.exe
c:\program files (x86)\Git\libexec\git-core\git-prune.exe
c:\program files (x86)\Git\libexec\git-core\git-push.exe
c:\program files (x86)\Git\libexec\git-core\git-read-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-receive-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-reflog.exe
c:\program files (x86)\Git\libexec\git-core\git-remote-ext.exe
c:\program files (x86)\Git\libexec\git-core\git-remote-fd.exe
c:\program files (x86)\Git\libexec\git-core\git-remote.exe
c:\program files (x86)\Git\libexec\git-core\git-replace.exe
c:\program files (x86)\Git\libexec\git-core\git-repo-config.exe
c:\program files (x86)\Git\libexec\git-core\git-rerere.exe
c:\program files (x86)\Git\libexec\git-core\git-reset.exe
c:\program files (x86)\Git\libexec\git-core\git-rev-list.exe
c:\program files (x86)\Git\libexec\git-core\git-rev-parse.exe
c:\program files (x86)\Git\libexec\git-core\git-revert.exe
c:\program files (x86)\Git\libexec\git-core\git-rm.exe
c:\program files (x86)\Git\libexec\git-core\git-send-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-shortlog.exe
c:\program files (x86)\Git\libexec\git-core\git-show-branch.exe
c:\program files (x86)\Git\libexec\git-core\git-show-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-show.exe
c:\program files (x86)\Git\libexec\git-core\git-stage.exe
c:\program files (x86)\Git\libexec\git-core\git-status.exe
c:\program files (x86)\Git\libexec\git-core\git-stripspace.exe
c:\program files (x86)\Git\libexec\git-core\git-symbolic-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-tag.exe
c:\program files (x86)\Git\libexec\git-core\git-tar-tree.exe
c:\program files (x86)\Git\libexec\git-core\git-unpack-file.exe
c:\program files (x86)\Git\libexec\git-core\git-unpack-objects.exe
c:\program files (x86)\Git\libexec\git-core\git-update-index.exe
c:\program files (x86)\Git\libexec\git-core\git-update-ref.exe
c:\program files (x86)\Git\libexec\git-core\git-update-server-info.exe
c:\program files (x86)\Git\libexec\git-core\git-upload-archive.exe
c:\program files (x86)\Git\libexec\git-core\git-var.exe
c:\program files (x86)\Git\libexec\git-core\git-verify-pack.exe
c:\program files (x86)\Git\libexec\git-core\git-verify-tag.exe
c:\program files (x86)\Git\libexec\git-core\git-whatchanged.exe
c:\program files (x86)\Git\libexec\git-core\git-write-tree.exe
c:\program files (x86)\Git\libexec\git-core\git.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-21 bis 2013-02-21 ))))))))))))))))))))))))))))))
.
.
2013-02-21 15:39 . 2013-02-21 15:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-02-21 15:39 . 2013-02-21 15:39 -------- d-----w- c:\users\myo\AppData\Local\temp
2013-02-21 15:39 . 2013-02-21 15:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-21 15:28 . 2013-02-21 15:28 -------- d-----w- c:\users\myo\AppData\Local\Macromedia
2013-02-21 15:27 . 2013-02-21 15:28 -------- d-----w- c:\users\myo\AppData\Roaming\Skype
2013-02-21 14:36 . 2013-02-21 14:36 -------- d-----w- c:\program files (x86)\Mythicsoft
2013-02-21 09:58 . 2013-02-21 09:58 310688 ----a-w- c:\windows\system32\javaws.exe
2013-02-21 09:58 . 2013-02-21 09:58 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-02-21 09:58 . 2013-02-21 09:58 188832 ----a-w- c:\windows\system32\javaw.exe
2013-02-21 09:58 . 2013-02-21 09:58 188320 ----a-w- c:\windows\system32\java.exe
2013-02-21 09:57 . 2013-02-21 09:57 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-02-21 09:56 . 2013-02-21 09:56 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-21 09:56 . 2013-02-21 09:56 -------- d-----w- c:\program files (x86)\Java
2013-02-19 09:04 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0D75F44-3DC1-4286-8FA0-8FAA828DE03D}\mpengine.dll
2013-02-13 23:58 . 2013-02-13 23:58 -------- d-----w- c:\users\myo\AppData\Roaming\MySQL
2013-02-13 23:19 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 23:19 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 07:52 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 07:52 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 07:52 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 07:52 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 07:51 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 07:51 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 07:51 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 07:51 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 07:51 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 07:51 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 07:51 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 07:51 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-08 14:05 . 2013-02-08 14:05 16365936 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-01-31 23:52 . 2013-01-31 23:52 -------- d-----w- c:\users\ho\AppData\Local\Amazon
2013-01-25 10:02 . 2013-01-25 10:02 -------- d-----w- c:\users\myo\AppData\Local\Programs
2013-01-25 09:58 . 2013-01-25 09:58 -------- d-----w- c:\users\ho\AppData\Local\Tracker Software
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-21 09:58 . 2012-03-21 19:46 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-21 09:58 . 2012-03-21 19:46 1085344 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-21 09:56 . 2012-06-22 10:07 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-02-21 09:56 . 2012-03-21 15:54 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-13 23:24 . 2012-03-21 00:47 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-13 11:12 . 2012-04-01 10:10 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-13 11:12 . 2012-03-21 23:18 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-18 13:20 . 2012-03-21 00:28 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-01-17 00:28 . 2012-03-20 17:28 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-09 00:16 . 2013-01-09 00:16 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-01-04 04:43 . 2013-02-13 07:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-29 10:34 . 2013-01-08 22:52 9389888 ----a-w- c:\windows\system32\nvcuda.dll
2012-12-29 10:34 . 2013-01-08 22:52 7931896 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-12-29 10:34 . 2013-01-08 22:52 7565240 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-29 10:34 . 2013-01-08 22:52 6263784 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-12-29 10:34 . 2013-01-08 22:52 2904504 ----a-w- c:\windows\system32\nvcuvid.dll
2012-12-29 10:34 . 2013-01-08 22:52 2720696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-12-29 10:34 . 2013-01-08 22:52 26931128 ----a-w- c:\windows\system32\nvoglv64.dll
2012-12-29 10:34 . 2013-01-08 22:52 25256376 ----a-w- c:\windows\system32\nvcompiler.dll
2012-12-29 10:34 . 2013-01-08 22:52 2344888 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-12-29 10:34 . 2013-01-08 22:52 20450232 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-12-29 10:34 . 2013-01-08 22:52 1985976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-12-29 10:34 . 2013-01-08 22:52 17560504 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-12-29 10:34 . 2013-01-08 22:52 15129064 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-12-29 10:34 . 2013-01-08 22:52 12641120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-12-29 10:34 . 2013-01-08 22:52 10997176 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-12-29 10:34 . 2013-01-08 22:52 2504248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-12-29 10:34 . 2012-12-19 23:35 1813432 ----a-w- c:\windows\system32\nvdispco64.dll
2012-12-29 10:34 . 2012-12-19 23:35 15052368 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-12-29 10:34 . 2012-12-19 23:35 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-12-29 10:34 . 2012-12-19 23:35 2824656 ----a-w- c:\windows\system32\nvapi64.dll
2012-12-29 10:34 . 2012-12-19 23:35 18054312 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-12-29 08:40 . 2012-12-19 23:37 6382008 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-29 08:40 . 2012-12-19 23:37 3455416 ----a-w- c:\windows\system32\nvsvc64.dll
2012-12-29 08:40 . 2012-12-19 23:37 884152 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-29 08:40 . 2012-12-19 23:37 63928 ----a-w- c:\windows\system32\nvshext.dll
2012-12-29 08:40 . 2012-12-19 23:37 2558392 ----a-w- c:\windows\system32\nvsvcr.dll
2012-12-29 08:40 . 2012-12-19 23:37 118712 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-16 17:11 . 2012-12-21 02:01 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 02:01 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 02:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 02:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 00:17 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 00:17 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 00:17 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 00:17 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 00:17 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 00:17 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 00:17 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 00:17 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 00:17 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 00:17 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 00:17 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 00:17 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 00:17 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 00:17 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 00:17 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 00:17 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 00:17 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 00:17 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 00:17 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 00:17 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 00:17 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 00:17 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 00:17 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 00:17 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 00:17 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 00:17 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 00:17 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 00:17 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 00:17 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 00:17 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 00:17 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-12-07 10:46 . 2013-01-09 00:17 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-03 15:47 . 2012-12-19 23:36 60776 ----a-w- c:\windows\system32\OpenCL.dll
2012-12-03 15:47 . 2012-12-19 23:36 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-11-30 05:45 . 2013-01-09 00:18 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 00:18 243200 ----a-w- c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 00:18 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-09 00:18 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 00:18 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 00:18 1161216 ----a-w- c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 00:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 00:18 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 00:18 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 00:18 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 00:18 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 00:18 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 00:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 00:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 00:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 00:18 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 00:18 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 00:18 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 00:18 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 00:18 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 00:18 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 00:18 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 00:18 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 00:18 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\myo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Produktregistrierung.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187B.sys [2010-03-31 450048]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-12-16 35112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-09-07 147288]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-20 1255736]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-01-09 283200]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 11:12]
.
2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-29 22:12]
.
2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-29 22:12]
.
2013-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-860810461-1551829927-3967776457-1001Core.job
- c:\users\ho\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-23 18:56]
.
2013-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-860810461-1551829927-3967776457-1001UA.job
- c:\users\ho\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-23 18:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\myo\AppData\Roaming\Mozilla\Firefox\Profiles\dzk1hqui.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-21 16:41:48
ComboFix-quarantined-files.txt 2013-02-21 15:41
.
Vor Suchlauf: 8 Verzeichnis(se), 25.237.872.640 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 27.383.693.312 Bytes frei
.
- - End Of File - - 7E85C464B747DBC7284158D9CC8EB3DF
|
|
21.02.2013, 17:09
| #10 |
| /// Malware-holic | Infiziert? Avast meldete Blockieren bösartiger Website, Rechner startete neu Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.02.2013, 18:21
| #11 |
| | Infiziert? Avast meldete Blockieren bösartiger Website, Rechner startete neuCode:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.21.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 myo :: MYOHO [Administrator] 21.02.2013 17:23:22 mbam-log-2013-02-21 (17-23-22).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 475621 Laufzeit: 41 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 D:\Alt\wl\Wilkinson Longs\Wilkinson Longs.exe (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
21.02.2013, 18:22
| #12 |
| /// Malware-holic | Infiziert? Avast meldete Blockieren bösartiger Website, Rechner startete neu Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.02.2013, 18:38
| #13 |
| | Infiziert? Avast meldete Blockieren bösartiger Website, Rechner startete neuCode:
ATTFilter 7-Zip 9.20 (x64 edition) Igor Pavlov 21.03.2012 4,53 MB 9.20.00.0 notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 13.02.2013 6,00 MB 11.6.602.168 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 13.02.2013 6,00 MB 11.6.602.168 notwendig Agent Ransack Version 1.7.3 21.02.2013 notwendig Amazon Kindle Amazon 01.02.2013 notwendig Audacity 2.0.2 Audacity Team 28.10.2012 43,5 MB 2.0.2 notwendig avast! Free Antivirus AVAST Software 02.11.2012 7.0.1474.0 notwendig CanoScan Toolbox Ver4.9 02.04.2012 notwendig CCleaner Piriform 23.01.2013 3.27 notwendig Counter-Strike Valve 15.07.2012 notwendig DAEMON Tools Lite DT Soft Ltd 09.01.2013 4.46.1.0328 notwendig DVD Shrink 3.2 deutsch (DeCSS-frei) DVD Shrink 26.09.2012 notwendig DVDFab 8.1.7.8 (17/04/2012) Qt Fengtao Software Inc. 11.05.2012 51,5 MB notwendig ElsterFormular Landesfinanzdirektion Thüringen 21.03.2012 160 MB 13.1.1.8479p notwendig foobar2000 v1.1.13 Peter Pawlowski 21.06.2012 7,40 MB 1.1.13 notwendig FreeRIP 3.80 GreenTree Applications SRL 06.09.2012 3.80 notwendig GanttProject 17.08.2012 notwendig GIMP 2.8.0 The GIMP Team 03.06.2012 241 MB 2.8.0 notwendig Git version 1.7.10-preview20120409 15.05.2012 75,4 MB 1.7.10-preview20120409 notwendig GnuCash 2.4.10 GnuCash Development Team 27.06.2012 282 MB notwendig Google Chrome Google Inc. 23.03.2012 24.0.1312.57 notwendig Google Drive Google, Inc. 16.01.2013 16,2 MB 1.7.4018.3496 notwendig Google Earth Plug-in Google 21.01.2013 80,7 MB 7.0.2.8415 notwendig IETester v0.4.8 (remove only) Core Services 21.07.2012 0.4.8 notwendig ImgBurn LIGHTNING UK! 11.05.2012 2.5.7.0 notwendig Inkscape 0.48.3.1 09.05.2012 0.48.3.1 notwendig inSSIDer MetaGeek 07.11.2012 4,31 MB 2.1.6 notwendig Java 7 Update 15 Oracle 21.02.2013 129 MB 7.0.150 notwendig Java 7 Update 15 (64-bit) Oracle 21.02.2013 128 MB 7.0.150 notwendig Java SE Development Kit 7 Update 15 (64-bit) Oracle 21.02.2013 189 MB 1.7.0.150 notwendig JDownloader 0.9 AppWork GmbH 09.08.2012 0.9 notwendig JDownloader 2 AppWork GmbH 15.02.2013 2 notwendig LAME v3.99.3 (for Windows) 28.10.2012 1,52 MB notwendig LibreOffice 3.5 The Document Foundation 17.12.2012 533 MB 3.5.7.2 notwendig Logitech SetPoint 6.32 Logitech 21.03.2012 39,0 MB 6.32.20 notwendig LSI USB 2.0 Soft Modem LSI Corporation 29.05.2012 16,0 KB 2.2.102 notwendig Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 21.02.2013 18,4 MB 1.70.0.1100 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 08.08.2012 38,8 MB 4.0.30320 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 08.08.2012 2,93 MB 4.0.30320 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 21.03.2012 788 KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 21.03.2012 788 KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 20.03.2012 596 KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 21.03.2012 600 KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 01.08.2012 11,0 MB 10.0.30319 unbekannt Mozilla Firefox 19.0 (x86 de) Mozilla 21.02.2013 44,0 MB 19.0 notwendig Mozilla Maintenance Service Mozilla 21.02.2013 330 KB 19.0 unbekannt Mozilla Thunderbird 17.0.3 (x86 de) Mozilla 21.02.2013 41,9 MB 17.0.3 notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 28.05.2012 1,27 MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 28.05.2012 1,33 MB 4.20.9876.0 unbekannt MSXML 4.0 SP3 Parser Microsoft Corporation 02.09.2012 1,47 MB 4.30.2100.0 unbekannt MSXML 4.0 SP3 Parser (KB2721691) Microsoft Corporation 02.09.2012 1,53 MB 4.30.2114.0 unbekannt MSXML 4.0 SP3 Parser (KB2758694) Microsoft Corporation 09.01.2013 1,54 MB 4.30.2117.0 unbekannt MySQL Server 5.5 Oracle Corporation 01.08.2012 123 MB 5.5.26 notwendig MySQL Workbench 5.2 CE Oracle Corporation 14.02.2013 107 MB 5.2.46 notwendig Notepad++ 27.01.2013 6.2.2 notwendig NVIDIA Grafiktreiber 310.90 NVIDIA Corporation 08.01.2013 310.90 notwendig NVIDIA PhysX-Systemsoftware 9.12.1031 NVIDIA Corporation 20.12.2012 9.12.1031 unbekannt NVIDIA Update 1.11.3 NVIDIA Corporation 08.01.2013 1.11.3 notwendig Opera 12.14 Opera Software ASA 08.02.2013 12.14.1738 notwendig PDF-Viewer Tracker Software Products Ltd 25.01.2013 46,6 MB 2.5.208.0 notwendig PDF-XChange Viewer Tracker Software Products Ltd. 21.03.2012 66,5 MB 2.5.201.0 notwendig PDFCreator Frank Heindörfer, Philip Chinery 23.07.2012 1.4.2 notwendig Picasa 3 Google, Inc. 02.04.2012 3.8 notwendig Secunia PSI (2.0.0.4003) Secunia 21.03.2012 3,47 MB 2.0.0.4003 notwendig SIW version 2011.10.29 Topala Software Solutions 27.05.2012 5,84 MB 2011.10.29 notwendig Skype™ 6.0 Skype Technologies S.A. 22.11.2012 20,3 MB 6.0.126 notwendig SMPlayer 0.8.1 Ricardo Villalba 16.11.2012 0.8.1 notwendig Steam Valve Corporation 15.07.2012 35,4 MB 1.0.0.0 notwendig TeamViewer 7 TeamViewer 16.10.2012 7.0.14563 notwendig TreeSize Free V2.7 JAM Software 18.06.2012 3,96 MB 2.7 notwendig TrueCrypt TrueCrypt Foundation 31.07.2012 7.1a notwendig VLC media player 2.0.5 VideoLAN 06.01.2013 2.0.5 notwendig X-Chat 2.8.6-2 SilvereX 14.06.2012 2.8.6-2 notwendig Zattoo4 4.0.5 Zattoo Inc. 10.06.2012 4.0.5 notwendig |
|
21.02.2013, 19:14
| #14 |
| /// Malware-holic | Infiziert? Avast meldete Blockieren bösartiger Website, Rechner startete neu deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. Secunia : mal auf Version 3 upgraden. TeamViewer : würde ich nur bei Bedarf instalieren, falls es drauf bleiben muss, Version 8 hohlen. System ist ganz gut mit Updates versorgt, sehr gut. Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.02.2013, 22:59
| #15 |
| | Infiziert? Avast meldete Blockieren bösartiger Website, Rechner startete neu Adobe Flash Player habe ich deinstalliert, obwohl sie meines Wissen uptodate waren. Aber da ich für fast alles ohnehin nur Chrome nutze... Auf Secunia bin ich ein wenig stinkig: Mittlerweile nehme ich an, dass Secunia meinen Rechner heute vormittag neu gestartet hat. Um 10:36 gab es die Avast Meldung über die bösartige Website und in der Secunia PSI Auto-Updates History ist Java Runtime Environment um 10:42 mit "Success" angegeben. Komisch nur, dass ich die JRE bisher immer selbst installieren musste und ein Neustart nie nötig war. Sowas ist bisher nie vorgekommen. Ich werde Secunia in Kürze upgraden. TeamViewer habe ich erstmal deinstalliert. Ich kann ich ja schnell neu laden, wenn ich ihn brauche. CCleaner wollte mir geschlagene 260 MB freigeben, verlangte dafür aber, meine Cookies und Session-Daten zu löschen... muss ich? AdwCleaner ist in ca. 20 Sekunden durchgelaufen und es gab nichts zum bestätigen. Danach startete der Rechner dennoch neu. Als kein Log-File auftauchte, ließ ich es noch mal durchlaufen, neustarten: nichts. Noch ein Neustart: Nichts... Weder ein sich öffnendes Log-File, noch unter C:\. |
|
| Themen zu Infiziert? Avast meldete Blockieren bösartiger Website, Rechner startete neu |
| 7-zip, angeblich, application/pdf:, audacity, avast, befallen, blockiert, bösartige website, dinge, firefox, heute, infiziert, infiziert?, install.exe, installiert, java, jdownloader, msiinstaller, neu, neue, neues, neustart, ntdll.dll, nvidia update, plug-in, programme, rechner, server, system, tracker, trotz, unbemerkt, ungefragt, update, version, woche, wochen, wunder |
WARNUNG an die MITLESER: 
Linear-Darstellung
