| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Seth.anzutracking öffnet Werbung im FirefoxbrowserWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.03.2013, 23:46
| #1 |
 |  Seth.anzutracking öffnet Werbung im Firefoxbrowser seth.anzutracking öffnet plötzlich auf der Seite yugioh.wikia.com (aus Hobbygründen) fremde Werbung. Dabei flimmert dann der Cursor auf. Meines Wissens kann fremde Schadensoftware neue Schadware aufspielen. Darum will ich das loswerden, kann man da was machen um das los zuwerden? Es gibt da ein paar Guides auf englisch, aber ob man den Vertrauen kann...weiß man auch nicht. Solche Anleitungen z.B.: hxxp://blog.yoocare.com/how-to-remove-seth-avazutracking-net-redirect-virus-manual-removal/ hxxp://blog.teesupport.com/how-to-get-rid-of-seth-avazutracking-net-completely-seth-avazutracking-net-donmain-hijacker-malware-remove-guide/ Anmerkung: Avast hat dazu nichts gefunden. Malware Byte Scan: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.10.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 xxx:: xxx-PC [Administrator] 10.03.2013 22:23:35 mbam-log-2013-03-10 (22-23-35).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 204200 Laufzeit: 6 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 3/10/2013 10:34:00 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.99 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 65.89% Memory free 5.98 Gb Paging File | 4.88 Gb Available in Paging File | 81.64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 555.07 Gb Total Space | 523.22 Gb Free Space | 94.26% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 19.60 Gb Free Space | 49.00% Space Free | Partition Type: NTFS Computer Name: xxx-PC | User Name: xxx| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/03/06 14:16:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe PRC - [2013/02/28 09:36:01 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2013/02/28 09:36:01 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2013/02/07 13:31:22 | 001,223,704 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\PSIA.exe PRC - [2013/02/07 13:31:18 | 000,575,000 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe PRC - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/08/13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2012/08/13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009/12/22 18:57:36 | 000,678,432 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2009/12/17 17:18:24 | 000,368,640 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009/12/17 17:17:54 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009/11/07 11:46:52 | 000,020,480 | ---- | M] (X10) -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2013/03/06 08:54:38 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013/03/06 08:54:31 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013/03/06 08:54:25 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013/03/06 08:54:18 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/03/06 08:54:12 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/03/06 08:54:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013/03/06 08:54:04 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/03/06 08:53:54 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2012/08/10 16:50:56 | 000,170,496 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxslt.dll MOD - [2010/11/13 00:19:05 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010/11/13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/08/24 12:13:16 | 001,708,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3638.29735__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll MOD - [2010/08/24 12:13:16 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3638.29705__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2010/08/24 12:13:16 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3638.29613__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010/08/24 12:13:16 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3638.29671__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010/08/24 12:13:16 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3638.29633__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010/08/24 12:13:16 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3638.29672__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010/08/24 12:13:16 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3638.29685__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010/08/24 12:13:16 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3638.29622__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010/08/24 12:13:16 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3638.29706__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010/08/24 12:13:16 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3638.29666__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010/08/24 12:13:16 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3638.29656__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2010/08/24 12:13:16 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3638.29628__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010/08/24 12:13:16 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3638.29622__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2010/08/24 12:13:16 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3638.29736__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll MOD - [2010/08/24 12:13:15 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3638.29731__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll MOD - [2010/08/24 12:13:15 | 000,827,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3638.29659__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010/08/24 12:13:15 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3638.29634__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2010/08/24 12:13:15 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3638.29680__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010/08/24 12:13:15 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3638.29633__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010/08/24 12:13:15 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3638.29704__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2010/08/24 12:13:15 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3638.29658__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010/08/24 12:13:15 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3638.29664__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2010/08/24 12:13:15 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3638.29671__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010/08/24 12:13:15 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3638.29704__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2010/08/24 12:13:15 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3638.29663__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2010/08/24 12:13:14 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3638.29658__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010/08/24 12:13:14 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3638.29653__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2010/08/24 12:13:14 | 000,323,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3638.29665__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2010/08/24 12:13:14 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3638.29638__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2010/08/24 12:13:14 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010/08/24 12:13:14 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3622.19963__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010/08/24 12:13:14 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3622.19963__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010/08/24 12:13:14 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3638.29657__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010/08/24 12:13:14 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010/08/24 12:13:14 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3638.29638__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2010/08/24 12:13:14 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3638.29658__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010/08/24 12:13:14 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3638.29665__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010/08/24 12:13:14 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3622.19962__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010/08/24 12:13:14 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3622.19963__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010/08/24 12:13:14 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3622.19993__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010/08/24 12:13:14 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3622.19964__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010/08/24 12:13:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3622.19964__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010/08/24 12:13:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3622.19963__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010/08/24 12:13:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3622.19973__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll MOD - [2010/08/24 12:13:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3622.19965__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010/08/24 12:13:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3622.19964__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010/08/24 12:13:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3622.19965__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010/08/24 12:13:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010/08/24 12:13:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3622.19974__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010/08/24 12:13:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010/08/24 12:13:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3622.19965__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010/08/24 12:13:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3622.19971__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010/08/24 12:13:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3622.19966__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010/08/24 12:13:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3622.19966__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010/08/24 12:13:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3622.19978__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2010/08/24 12:13:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3622.19975__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010/08/24 12:13:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3622.19967__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010/08/24 12:13:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3622.19974__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010/08/24 12:13:14 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010/08/24 12:13:13 | 000,741,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3638.29730__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2010/08/24 12:13:13 | 000,565,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3638.29694__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010/08/24 12:13:13 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3638.29627__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010/08/24 12:13:13 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3638.29699__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010/08/24 12:13:13 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3638.29698__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010/08/24 12:13:13 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3622.19968__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010/08/24 12:13:13 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3638.29611__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010/08/24 12:13:13 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3622.19966__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010/08/24 12:13:13 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3638.29612__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010/08/24 12:13:13 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3622.19977__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010/08/24 12:13:13 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3622.19966__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010/08/24 12:13:13 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3622.19970__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010/08/24 12:13:13 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3622.19967__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010/08/24 12:13:13 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3638.29710__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010/08/24 12:13:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3622.19963__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010/08/24 12:13:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3622.19973__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010/08/24 12:13:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3622.19965__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010/08/24 12:13:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3622.19967__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010/08/24 12:13:13 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3622.19963__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010/08/24 12:13:13 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3622.19972__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2010/08/24 12:13:13 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3622.19971__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2010/08/24 12:13:13 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3622.19974__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010/08/24 12:13:13 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3622.19964__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010/08/24 12:13:13 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3622.19965__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010/08/24 12:13:13 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3622.19968__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2010/08/24 12:13:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3622.19964__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010/08/24 12:13:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3622.19967__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010/08/24 12:13:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3622.19965__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2010/08/24 12:13:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3622.19967__90ba9c70f846762e\APM.Foundation.dll MOD - [2010/08/24 12:13:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3622.19965__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010/08/24 12:13:13 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3638.29611__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2010/08/24 12:13:12 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3638.29618__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010/08/24 12:13:12 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3638.29609__90ba9c70f846762e\APM.Server.dll MOD - [2010/08/24 12:13:12 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3638.29610__90ba9c70f846762e\AEM.Server.dll MOD - [2010/08/24 12:13:12 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3622.19964__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010/08/24 12:13:12 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010/08/24 12:13:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3622.19967__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010/08/24 12:13:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3622.19968__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010/08/24 12:13:12 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3638.29699__90ba9c70f846762e\CCC.Implementation.dll ========== Services (SafeList) ========== SRV - [2013/03/07 15:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/02/28 09:36:01 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2013/02/26 21:58:56 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/02/07 13:31:22 | 001,223,704 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2013/02/07 13:31:20 | 000,660,504 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009/12/17 17:17:54 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009/11/07 11:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- (x10nets) SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - [2013/02/28 09:36:37 | 000,765,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2013/02/28 09:36:37 | 000,368,248 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2013/02/28 09:36:37 | 000,163,784 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2013/02/28 09:36:37 | 000,062,448 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2013/02/28 09:36:36 | 000,066,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2013/02/28 09:36:36 | 000,060,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2013/02/28 09:36:36 | 000,049,320 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2013/02/28 09:36:35 | 000,029,880 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2013/02/07 13:15:22 | 000,016,024 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf_x86.sys -- (PSI) DRV - [2013/01/31 10:50:58 | 000,022,656 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple) DRV - [2012/10/11 04:08:10 | 000,034,432 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam) DRV - [2012/08/23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012/08/23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/06/09 12:00:48 | 001,554,472 | ---- | M] (Trident Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TrdCap.sys -- (TrdCap) DRV - [2010/05/24 14:46:34 | 000,193,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010/04/01 10:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2009/12/17 17:52:18 | 005,145,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009/09/30 08:33:58 | 000,104,976 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009/05/13 20:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2009/05/13 20:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{469CEF17-C4C5-41DB-B566-0B22FFC3D79A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=ce2600fe-5456-4fea-af94-64535f2c33be&apn_sauid=26D66C6B-D6C0-433F-A56B-2F7C786F2F1D IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{CCB2728A-D514-4A42-959D-F237DF1932BF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/05 17:20:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/08 05:52:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/14 19:41:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions [2013/03/04 21:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\vivet5t1.default\extensions [2013/03/08 05:52:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2013/03/07 15:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013/03/07 16:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013/03/07 16:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013/03/07 16:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013/03/07 16:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013/03/07 16:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013/03/07 16:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: https://www.mozilla.org/de/plugincheck/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.160\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.160\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.160\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - Extension: Google Docs = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: avast! WebRep = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1482_0\ CHR - Extension: Gmail = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013/03/06 14:16:56 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 1.7.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16601466-C772-4CB6-A238-F2D88C533590}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File not found O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/10 22:36:04 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Pc Überprüfung [2013/03/08 06:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013/03/06 21:36:31 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\DevPro [2013/03/06 14:16:56 | 000,000,000 | ---D | C] -- C:\_OTL [2013/03/06 14:16:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2013/03/06 06:41:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/03/05 17:56:31 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Secunia PSI [2013/03/05 17:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia [2013/03/05 17:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013/03/05 17:21:14 | 000,368,248 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2013/03/05 17:21:14 | 000,029,880 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2013/03/05 17:21:12 | 000,060,728 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys [2013/03/05 17:21:11 | 000,765,808 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013/03/05 17:21:11 | 000,062,448 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2013/03/05 17:21:07 | 000,228,600 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2013/03/05 17:21:07 | 000,066,408 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2013/03/05 17:20:41 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013/03/05 17:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013/03/05 17:18:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013/03/05 16:38:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Yugioh [2013/03/05 13:39:37 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes [2013/03/05 13:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/03/05 13:39:20 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/03/05 13:39:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/03/04 21:15:05 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/03/04 20:46:03 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/03/04 20:36:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/03/04 15:00:32 | 000,103,680 | ---- | C] (GMER) -- C:\uwldrkob.sys [2013/03/04 14:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/03/04 04:51:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview [2013/03/04 04:49:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2013/03/03 21:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013/03/03 21:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013/02/28 11:39:45 | 000,034,432 | ---- | C] (ManyCam LLC) -- C:\Windows\System32\drivers\mcvidrv.sys [2013/02/28 11:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\ManyCam [2013/02/26 12:30:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Rinteln_Dateien [2013/02/20 18:53:15 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2013/02/20 07:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/03/10 22:31:34 | 000,377,856 | ---- | M] () -- C:\Users\xxx\Desktop\gmer_2.1.19155.exe [2013/03/10 21:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/10 21:54:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/03/10 20:52:04 | 000,030,991 | ---- | M] () -- C:\Users\xxx\Desktop\Unbenannt 1.odt [2013/03/10 18:09:52 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/10 18:09:52 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/10 18:02:46 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/10 18:02:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/10 18:02:34 | 2406,924,288 | -HS- | M] () -- C:\hiberfil.sys [2013/03/08 05:52:42 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/03/06 21:35:39 | 321,848,743 | ---- | M] () -- C:\Users\xxx\Desktop\YGOPro DevPro 1.7.3.2.7z [2013/03/06 14:16:56 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2013/03/06 14:16:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2013/03/05 22:19:51 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013/03/05 22:19:51 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/03/05 22:19:51 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013/03/05 22:19:51 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/03/05 22:12:04 | 000,311,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/03/05 22:03:56 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf [2013/03/05 17:56:23 | 000,001,072 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013/03/05 17:21:15 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013/03/05 17:21:07 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2013/03/05 13:39:22 | 000,001,075 | ---- | M] () -- C:\Users\xxx\Desktop\ Malwarebytes Anti-Malware .lnk [2013/03/04 15:00:32 | 000,103,680 | ---- | M] (GMER) -- C:\uwldrkob.sys [2013/03/04 06:13:10 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable [2013/03/03 21:18:18 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013/02/28 09:36:37 | 000,765,808 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013/02/28 09:36:37 | 000,368,248 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2013/02/28 09:36:37 | 000,163,784 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys [2013/02/28 09:36:37 | 000,062,448 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2013/02/28 09:36:36 | 000,066,408 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2013/02/28 09:36:36 | 000,060,728 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys [2013/02/28 09:36:36 | 000,049,320 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013/02/28 09:36:35 | 000,029,880 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2013/02/28 09:36:07 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2013/02/28 09:35:59 | 000,228,600 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2013/02/25 18:26:55 | 000,005,120 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/03/10 22:31:32 | 000,377,856 | ---- | C] () -- C:\Users\xxx\Desktop\gmer_2.1.19155.exe [2013/03/06 21:26:28 | 321,848,743 | ---- | C] () -- C:\Users\xxx\Desktop\YGOPro DevPro 1.7.3.2.7z [2013/03/05 22:03:56 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf [2013/03/05 22:02:21 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013/03/05 22:01:26 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013/03/05 17:56:23 | 000,001,072 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013/03/05 17:56:23 | 000,001,035 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2013/03/05 17:21:15 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013/03/05 17:21:11 | 000,163,784 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys [2013/03/05 17:21:10 | 000,049,320 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013/03/05 13:39:22 | 000,001,075 | ---- | C] () -- C:\Users\xxx\Desktop\ Malwarebytes Anti-Malware .lnk [2013/03/04 06:13:10 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable [2013/02/21 23:48:40 | 000,030,991 | ---- | C] () -- C:\Users\xxx\Desktop\Unbenannt 1.odt [2013/01/08 19:37:13 | 000,005,120 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll ========== ZeroAccess Check ========== [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013/01/29 17:29:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Audacity [2013/01/23 16:43:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Auslogics [2013/01/15 17:48:03 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OpenOffice.org [2013/03/06 07:13:17 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TS3Client ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 3/10/2013 10:34:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.99 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 65.89% Memory free
5.98 Gb Paging File | 4.88 Gb Available in Paging File | 81.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 555.07 Gb Total Space | 523.22 Gb Free Space | 94.26% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 19.60 Gb Free Space | 49.00% Space Free | Partition Type: NTFS
Computer Name: xxx-PC | User Name: xxx| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BA33F67A-AF2B-4FB5-A1AA-14DBCD248E2E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C9F34EFE-1E5D-4068-BB14-27330F673971}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5034C34A-FE9D-407C-B509-C90B5F2054CB}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{CD1056BA-4E75-4D29-898D-C68578ED5C47}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EB0D9957-F921-4F3D-8376-66138673B9AD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05111291-C4F7-8292-01A2-C113286286A4}" = CCC Help Russian
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{071B5C15-8CD0-744E-B0BC-F5855F8DECB0}" = CCC Help Hungarian
"{0AAC425C-6B3E-CD6E-BFFB-5D751CC6753C}" = CCC Help Japanese
"{0DAAFBE9-86D2-BDF6-CC64-34DE56EF5960}" = CCC Help Spanish
"{14191227-D02E-B89F-9B98-95EBB3A547AD}" = Catalyst Control Center Localization All
"{1573631D-6883-DA31-9A46-9FB22B38F75F}" = CCC Help Italian
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 6.2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1AD017B8-F7C4-D914-A38C-4756F2DD09F6}" = Catalyst Control Center Graphics Full New
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{343F5BC0-7765-BE30-08AF-798781247903}" = ccc-core-static
"{3ABC3B58-0CAD-E52D-4F36-9379D25794FE}" = Catalyst Control Center Graphics Previews Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C7F3C64-0CF2-71E6-25A2-C4093A1D50D5}" = ccc-utility
"{3D4A7623-61FE-BF12-C2A8-39C1D0E533CF}" = Catalyst Control Center InstallProxy
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{472B7916-CB4E-6F58-056E-804781DFEFF8}" = CCC Help Korean
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FF5A6ED-9A89-3E3D-5ADB-60602DA8FB6D}" = CCC Help Greek
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5914674F-5E85-103E-AE01-C69177C320AF}" = CCC Help Portuguese
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6FC9A3FA-61F5-0D3E-062D-D2C85DA71651}" = CCC Help Norwegian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80FE4054-30AD-A402-BD23-0D3580376EAF}" = CCC Help Dutch
"{838CFC61-FA8C-5AD2-7E86-1BA036D5479F}" = ATI Catalyst Install Manager
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{93C95468-5FFB-101B-FE4F-1B2460AD4791}" = CCC Help French
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96534FAB-69B3-CB78-3312-5416A253792C}" = CCC Help Turkish
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A13AB951-00E5-F431-A1E4-E430F6DF0BD0}" = CCC Help Thai
"{A43A4D7C-8D09-E5AA-F10A-FA99C2D6B400}" = CCC Help Danish
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8832278-3937-6753-A07A-DF23FA6A569A}" = CCC Help English
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA484486-87CC-91E3-C8C1-F505D06A9BEE}" = CCC Help German
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2934A24-C863-7ABE-B054-AD4E97BE48E4}" = CCC Help Finnish
"{B972E956-F6FB-FAD7-43BF-09F558DCFFE6}" = Catalyst Control Center Graphics Previews Common
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C05900D1-D58F-4E26-C60D-605E49583F7E}" = CCC Help Swedish
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3876972-1660-0FC0-5550-B903D161E4D8}" = Catalyst Control Center Graphics Light
"{DAB36FAD-35DE-486A-9F1A-7784AC1E78B5}" = Catalyst Control Center Core Implementation
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DFC1FA94-6D9D-7093-A60D-BEFF1A083023}" = CCC Help Chinese Traditional
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EEE369FB-0F44-D01A-C953-2BFA81362638}" = CCC Help Czech
"{EF33D4A2-8A46-84FF-CFAA-7F90F8EE670F}" = Catalyst Control Center Graphics Full Existing
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3A6830D-689F-C34E-5F38-9D66D7D5B3C3}" = CCC Help Chinese Standard
"{F53F4595-BDF7-C392-1CD5-1D425EBAA1A9}" = CCC Help Polish
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Audacity_is1" = Audacity 2.0.3
"avast" = avast! Free Antivirus
"CamStudio" = CamStudio
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Revo Uninstaller" = Revo Uninstaller 1.94
"Secunia PSI" = Secunia PSI (3.0.0.6005)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 3/6/2013 4:10:03 PM | Computer Name = xxx-PC | Source = Application Hang | ID = 1002
Description = Programm DevPro.exe, Version 1.5.2.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d98 Startzeit:
01ce1aa68dab337f Endzeit: 8 Anwendungspfad: C:\Users\xxx\Desktop\YGOPro\DevPro.exe
Berichts-ID:
d398cf6a-8699-11e2-916b-0022200b8836
Error - 3/6/2013 4:10:33 PM | Computer Name = xxx-PC | Source = Application Hang | ID = 1002
Description = Programm DevPro.exe, Version 1.5.2.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1378 Startzeit:
01ce1aa6a031e771 Endzeit: 6 Anwendungspfad: C:\Users\xxx\Desktop\YGOPro\DevPro.exe
Berichts-ID:
e53dd29e-8699-11e2-916b-0022200b8836
Error - 3/6/2013 4:12:14 PM | Computer Name = xxx-PC | Source = Application Hang | ID = 1002
Description = Programm DevPro.exe, Version 1.5.2.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f4 Startzeit: 01ce1aa6dc5aded3
Endzeit:
10 Anwendungspfad: C:\Users\xxx\Desktop\YGOPro\DevPro.exe Berichts-ID: 2180e211-869a-11e2-916b-0022200b8836
Error - 3/6/2013 4:13:23 PM | Computer Name = xxx-PC | Source = Application Hang | ID = 1002
Description = Programm DevPro.exe, Version 1.5.2.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1f94 Startzeit:
01ce1aa706317977 Endzeit: 5 Anwendungspfad: C:\Users\xxx\Desktop\YGOPro\DevPro.exe
Berichts-ID:
4a8f47c7-869a-11e2-916b-0022200b8836
Error - 3/6/2013 4:15:21 PM | Computer Name = xxx-PC | Source = Application Hang | ID = 1002
Description = Programm DevPro.exe, Version 1.5.2.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 848 Startzeit:
01ce1aa7481cfb60 Endzeit: 9 Anwendungspfad: C:\Users\xxx\Desktop\YGOPro\DevPro.exe
Berichts-ID:
910321ed-869a-11e2-916b-0022200b8836
Error - 3/6/2013 4:18:55 PM | Computer Name = xxx-PC | Source = Application Hang | ID = 1002
Description = Programm DevPro.exe, Version 1.5.2.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1140 Startzeit:
01ce1aa7c6bf5ede Endzeit: 7 Anwendungspfad: C:\Users\xxx\Desktop\YGOPro\DevPro.exe
Berichts-ID:
0dc0b8c2-869b-11e2-916b-0022200b8836
Error - 3/6/2013 4:19:14 PM | Computer Name = xxx-PC | Source = Application Hang | ID = 1002
Description = Programm DevPro.exe, Version 1.5.2.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1744 Startzeit:
01ce1aa7d486a434 Endzeit: 5 Anwendungspfad: C:\Users\xxx\Desktop\YGOPro\DevPro.exe
Berichts-ID:
1b974091-869b-11e2-916b-0022200b8836
Error - 3/6/2013 4:23:51 PM | Computer Name = xxx-PC | Source = Application Hang | ID = 1002
Description = Programm DevPro.exe, Version 1.5.2.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 814 Startzeit:
01ce1aa8727f63ff Endzeit: 15 Anwendungspfad: C:\Users\xxx\Desktop\YGOPro\DevPro.exe
Berichts-ID:
c07e8c28-869b-11e2-82ff-0022200b8836
Error - 3/6/2013 4:24:57 PM | Computer Name = xxx-PC | Source = Application Hang | ID = 1002
Description = Programm DevPro.exe, Version 1.5.2.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1394 Startzeit:
01ce1aa891c6229c Endzeit: 8 Anwendungspfad: C:\Users\xxx\Desktop\YGOPro\DevPro.exe
Berichts-ID:
e89fcf45-869b-11e2-82ff-0022200b8836
Error - 3/8/2013 12:53:26 AM | Computer Name = xxx-PC | Source = VSS | ID = 8194
Description =
[ System Events ]
Error - 3/6/2013 3:40:59 AM | Computer Name = xxx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 3/6/2013 3:47:58 AM | Computer Name = xxx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 3/6/2013 3:47:58 AM | Computer Name = xxx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 3/6/2013 7:59:22 AM | Computer Name = xxx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 3/6/2013 9:08:23 AM | Computer Name = xxx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 3/6/2013 9:11:57 AM | Computer Name = xxx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 3/6/2013 9:11:57 AM | Computer Name = xxx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 3/6/2013 9:11:57 AM | Computer Name = xxx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 3/6/2013 9:12:00 AM | Computer Name = xxx-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 3/8/2013 2:21:57 AM | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst eventlog erreicht.
< End of report >
[CODE] GMER Logfile: Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-10 23:33:36
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\xxx\AppData\Local\Temp\uwldrkob.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90C2559C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x91298388]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x90C2602E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x90C317F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x90C3183E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x90C319D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x90C31760]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x91298720]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x90C317A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x90C2652C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x90C26748]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x90C31992]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x90C26DE4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x90C25602]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x90C2A5C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x91298450]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x912969B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x90C25668]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x90C2A98C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x90C27874]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x90C3181C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x90C31860]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x90C319FC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x90C31786]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x90C29EA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x90C31910]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x90C317D0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x90C2A29A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x90C319B6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x912985B0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x90C27740]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x90C2744E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x90C256CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x90C25734]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x90C26C5E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x90C25284]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x90C2545A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x90C253E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x90C26FAE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x90C27110]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x90C254E2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x91298678]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x90C26C3E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x912969E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x90C2579A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x912984FC]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x912B1BA0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C4A9E9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C841C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82C8B1E0 4 Bytes [9C, 55, C2, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82C8B208 4 Bytes [88, 83, 29, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82C8B268 4 Bytes [2E, 60, C2, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82C8B2BC 8 Bytes [F2, 17, C3, 90, 3E, 18, C3, ...] {POP SS; RET ; NOP ; SBB BL, AL; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82C8B2C8 4 Bytes [D8, 19, C3, 90] {FCOMP DWORD [ECX]; RET ; NOP }
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E18C6B 5 Bytes JMP 912AEA3A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82E31280 5 Bytes JMP 912B056C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82E463C7 4 Bytes CALL 90C27F37 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82E601B0 4 Bytes CALL 90C27F4D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82EEA008 7 Bytes JMP 912B1BA4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91A1A000, 0x2CB832, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[424] kernel32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[444] kernel32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[496] kernel32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[572] kernel32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[580] kernel32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text ...
.text C:\Windows\system32\SearchProtocolHost.exe[2452] ntdll.dll!LdrUnloadDll 772FC86E 5 Bytes JMP 000903FC
.text C:\Windows\system32\SearchProtocolHost.exe[2452] ntdll.dll!LdrLoadDll 7730223E 5 Bytes JMP 000901F8
.text C:\Windows\system32\SearchProtocolHost.exe[2452] KERNEL32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Windows\system32\SearchProtocolHost.exe[2452] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 000B0A08
.text C:\Windows\system32\SearchProtocolHost.exe[2452] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 000B03FC
.text C:\Windows\system32\SearchProtocolHost.exe[2452] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 000B0804
.text C:\Windows\system32\SearchProtocolHost.exe[2452] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 000B01F8
.text C:\Windows\system32\SearchProtocolHost.exe[2452] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 000B0600
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2656] ntdll.dll!LdrUnloadDll 772FC86E 5 Bytes JMP 001E03FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2656] ntdll.dll!LdrLoadDll 7730223E 5 Bytes JMP 001E01F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2656] KERNEL32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2656] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2656] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 002003FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2656] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 00200804
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2656] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 002001F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2656] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 00200600
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2672] ntdll.dll!LdrUnloadDll 772FC86E 5 Bytes JMP 000703FC
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2672] ntdll.dll!LdrLoadDll 7730223E 5 Bytes JMP 000701F8
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2672] KERNEL32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2672] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 00320A08
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2672] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 003203FC
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2672] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 00320804
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2672] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 003201F8
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2672] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 00320600
.text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[2828] ntdll.dll!LdrUnloadDll 772FC86E 5 Bytes JMP 001E03FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[2828] ntdll.dll!LdrLoadDll 7730223E 5 Bytes JMP 001E01F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[2828] KERNEL32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[2828] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[2828] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 002003FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[2828] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 00200804
.text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[2828] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 002001F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe[2828] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 00200600
.text C:\Windows\servicing\TrustedInstaller.exe[2924] ntdll.dll!LdrUnloadDll 772FC86E 5 Bytes JMP 000603FC
.text C:\Windows\servicing\TrustedInstaller.exe[2924] ntdll.dll!LdrLoadDll 7730223E 5 Bytes JMP 000601F8
.text C:\Windows\servicing\TrustedInstaller.exe[2924] KERNEL32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Windows\servicing\TrustedInstaller.exe[2924] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 00080A08
.text C:\Windows\servicing\TrustedInstaller.exe[2924] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 000803FC
.text C:\Windows\servicing\TrustedInstaller.exe[2924] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 00080804
.text C:\Windows\servicing\TrustedInstaller.exe[2924] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 000801F8
.text C:\Windows\servicing\TrustedInstaller.exe[2924] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[3000] ntdll.dll!LdrUnloadDll 772FC86E 5 Bytes JMP 002203FC
.text C:\Windows\system32\SearchIndexer.exe[3000] ntdll.dll!LdrLoadDll 7730223E 5 Bytes JMP 002201F8
.text C:\Windows\system32\SearchIndexer.exe[3000] KERNEL32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3000] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 00250A08
.text C:\Windows\system32\SearchIndexer.exe[3000] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 002503FC
.text C:\Windows\system32\SearchIndexer.exe[3000] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 00250804
.text C:\Windows\system32\SearchIndexer.exe[3000] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 002501F8
.text C:\Windows\system32\SearchIndexer.exe[3000] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 00250600
.text C:\Windows\system32\taskeng.exe[3128] ntdll.dll!LdrUnloadDll 772FC86E 5 Bytes JMP 000E03FC
.text C:\Windows\system32\taskeng.exe[3128] ntdll.dll!LdrLoadDll 7730223E 5 Bytes JMP 000E01F8
.text C:\Windows\system32\taskeng.exe[3128] KERNEL32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[3128] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\taskeng.exe[3128] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\taskeng.exe[3128] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\taskeng.exe[3128] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\taskeng.exe[3128] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 000F0600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] ntdll.dll!LdrUnloadDll 772FC86E 5 Bytes JMP 001E03FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] ntdll.dll!LdrLoadDll 7730223E 5 Bytes JMP 001E01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] KERNEL32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3468] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 001F0600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3496] kernel32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3668] ntdll.dll!LdrUnloadDll 772FC86E 5 Bytes JMP 000703FC
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3668] ntdll.dll!LdrLoadDll 7730223E 5 Bytes JMP 000701F8
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3668] KERNEL32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3668] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 00190A08
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3668] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 001903FC
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3668] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 00190804
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3668] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 001901F8
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3668] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 00190600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3732] ntdll.dll!LdrUnloadDll 772FC86E 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3732] ntdll.dll!LdrLoadDll 7730223E 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3732] KERNEL32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3732] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 001A0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3732] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 001A03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3732] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 001A0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3732] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 001A01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3732] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 001A0600
.text C:\Program Files\Windows Sidebar\sidebar.exe[3740] ntdll.dll!LdrUnloadDll 772FC86E 5 Bytes JMP 000E03FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3740] ntdll.dll!LdrLoadDll 7730223E 5 Bytes JMP 000E01F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3740] KERNEL32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3740] USER32.dll!UnhookWindowsHookEx 75D4ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[3740] USER32.dll!UnhookWinEvent 75D4B750 5 Bytes JMP 001003FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3740] USER32.dll!SetWindowsHookExW 75D4E30C 5 Bytes JMP 00100804
.text C:\Program Files\Windows Sidebar\sidebar.exe[3740] USER32.dll!SetWinEventHook 75D524DC 5 Bytes JMP 001001F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3740] USER32.dll!SetWindowsHookExA 75D76D0C 5 Bytes JMP 00100600
.text C:\Users\xxx\Desktop\gmer_2.1.19155.exe[3768] kernel32.dll!GetBinaryTypeW + 70 757769F4 1 Byte [62]
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b4f859
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b4f859 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Geändert von DukeYGO (10.03.2013 um 23:53 Uhr) |
|
11.03.2013, 11:51
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Seth.anzutracking öffnet Werbung im Firefoxbrowser Hallo,
__________________Zitat:
__________________ |
|
11.03.2013, 12:41
| #3 |
| | Seth.anzutracking öffnet Werbung im Firefoxbrowser Handelt sich dabei um ein Programm, das ich zur Ausübung meiner Freizeit nutze.
__________________hxxp://ygopro.de/download/ DAs Programm updatet sich von alleine und ist grundsätzlich eigentlich unbedenklich. |
|
11.03.2013, 12:44
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Seth.anzutracking öffnet Werbung im Firefoxbrowser Ok, danke für die Erklärung Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
11.03.2013, 13:53
| #5 |
| | Seth.anzutracking öffnet Werbung im Firefoxbrowser So. Ich hab alle Sachen durchgeführt. TDSSKiller hat tatsächlich was gefunden. Ich denk mal, ich vertrau dir die Sachen einfach mal absolut an. Laut den ganzen Quellen ist das ja irgendwie so ein Problem nur innerhalb des Browsers, aber andere Probleme, können ja neue auslösen.... Ich hoffe wir werden das los. ^^ Malwarebyte Rootkit: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.11.05
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
xxx:: xxx-PC [administrator]
11.03.2013 13:19:00
mbar-log-2013-03-11 (13-19-00).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30959
Time elapsed: 21 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-11 13:23:41
-----------------------------
13:23:41.399 OS Version: Windows 6.1.7601 Service Pack 1
13:23:41.399 Number of processors: 4 586 0x2505
13:23:41.399 ComputerName: xxx-PC UserName: xxx
13:23:43.146 Initialize success
13:23:43.224 AVAST engine defs: 13031100
13:23:44.971 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:23:44.987 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
13:23:45.018 Disk 0 MBR read successfully
13:23:45.034 Disk 0 MBR scan
13:23:45.034 Disk 0 unknown MBR code
13:23:45.034 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:23:45.065 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 568389 MB offset 206848
13:23:45.096 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 40960 MB offset 1164267520
13:23:45.112 Disk 0 Partition 4 00 12 Compaq diag NTFS 1029 MB offset 1248153600
13:23:45.127 Disk 0 scanning sectors +1250261680
13:23:45.205 Disk 0 scanning C:\Windows\system32\drivers
13:23:59.713 Service scanning
13:24:36.576 Modules scanning
13:24:47.902 Disk 0 trace - called modules:
13:24:47.933 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
13:24:47.933 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e24030]
13:24:47.949 3 CLASSPNP.SYS[8b78959e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x862f8028]
13:24:49.228 AVAST engine scan C:\Windows
13:24:52.582 AVAST engine scan C:\Windows\system32
13:27:11.563 AVAST engine scan C:\Windows\system32\drivers
13:27:24.932 AVAST engine scan C:\Users\xxx
13:39:12.877 AVAST engine scan C:\ProgramData
13:39:29.740 Scan finished successfully
13:39:58.460 Disk 0 MBR has been saved successfully to "C:\Users\xxx\Desktop\Pc Überprüfung\MBR.dat"
13:39:58.476 The log file has been saved successfully to "C:\Users\xxx\Desktop\Pc Überprüfung\aswMBR.txt"
Code:
ATTFilter 13:42:21.0874 3408 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:42:22.0123 3408 ============================================================
13:42:22.0123 3408 Current date / time: 2013/03/11 13:42:22.0123
13:42:22.0123 3408 SystemInfo:
13:42:22.0123 3408
13:42:22.0123 3408 OS Version: 6.1.7601 ServicePack: 1.0
13:42:22.0123 3408 Product type: Workstation
13:42:22.0123 3408 ComputerName: xxx-PC
13:42:22.0123 3408 UserName: xxx
13:42:22.0123 3408 Windows directory: C:\Windows
13:42:22.0123 3408 System windows directory: C:\Windows
13:42:22.0123 3408 Processor architecture: Intel x86
13:42:22.0123 3408 Number of processors: 4
13:42:22.0123 3408 Page size: 0x1000
13:42:22.0123 3408 Boot type: Normal boot
13:42:22.0123 3408 ============================================================
13:42:22.0638 3408 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:42:22.0638 3408 ============================================================
13:42:22.0638 3408 \Device\Harddisk0\DR0:
13:42:22.0638 3408 MBR partitions:
13:42:22.0638 3408 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:42:22.0638 3408 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x45622800
13:42:22.0638 3408 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x45655000, BlocksNum 0x5000000
13:42:22.0638 3408 ============================================================
13:42:22.0685 3408 C: <-> \Device\Harddisk0\DR0\Partition2
13:42:22.0732 3408 D: <-> \Device\Harddisk0\DR0\Partition3
13:42:22.0732 3408 ============================================================
13:42:22.0732 3408 Initialize success
13:42:22.0732 3408 ============================================================
13:42:33.0542 2828 ============================================================
13:42:33.0542 2828 Scan started
13:42:33.0542 2828 Mode: Manual; SigCheck; TDLFS;
13:42:33.0542 2828 ============================================================
13:42:34.0244 2828 ================ Scan system memory ========================
13:42:34.0244 2828 System memory - ok
13:42:34.0244 2828 ================ Scan services =============================
13:42:34.0432 2828 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:42:34.0588 2828 1394ohci - ok
13:42:34.0650 2828 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:42:34.0681 2828 ACPI - ok
13:42:34.0744 2828 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:42:34.0822 2828 AcpiPmi - ok
13:42:34.0915 2828 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:42:34.0931 2828 AdobeARMservice - ok
13:42:35.0024 2828 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:42:35.0056 2828 AdobeFlashPlayerUpdateSvc - ok
13:42:35.0134 2828 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:42:35.0180 2828 adp94xx - ok
13:42:35.0243 2828 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:42:35.0274 2828 adpahci - ok
13:42:35.0352 2828 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:42:35.0383 2828 adpu320 - ok
13:42:35.0414 2828 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:42:35.0446 2828 AeLookupSvc - ok
13:42:35.0508 2828 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
13:42:35.0555 2828 AFD - ok
13:42:35.0586 2828 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
13:42:35.0602 2828 agp440 - ok
13:42:35.0664 2828 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
13:42:35.0695 2828 aic78xx - ok
13:42:35.0742 2828 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
13:42:35.0804 2828 ALG - ok
13:42:35.0867 2828 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
13:42:35.0898 2828 aliide - ok
13:42:35.0976 2828 [ 1DDBBBBDC8ABF026CD0B715CDBBD9F7B ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:42:36.0054 2828 AMD External Events Utility - ok
13:42:36.0085 2828 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
13:42:36.0101 2828 amdagp - ok
13:42:36.0132 2828 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
13:42:36.0148 2828 amdide - ok
13:42:36.0179 2828 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:42:36.0272 2828 AmdK8 - ok
13:42:36.0304 2828 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:42:36.0350 2828 AmdPPM - ok
13:42:36.0397 2828 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:42:36.0428 2828 amdsata - ok
13:42:36.0460 2828 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:42:36.0491 2828 amdsbs - ok
13:42:36.0506 2828 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:42:36.0522 2828 amdxata - ok
13:42:36.0553 2828 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
13:42:36.0709 2828 AppID - ok
13:42:36.0756 2828 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:42:36.0818 2828 AppIDSvc - ok
13:42:36.0850 2828 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
13:42:36.0912 2828 Appinfo - ok
13:42:36.0959 2828 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
13:42:36.0990 2828 arc - ok
13:42:37.0006 2828 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:42:37.0021 2828 arcsas - ok
13:42:37.0068 2828 [ 5B3562D243AE2BB76858867DCA43038D ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
13:42:37.0099 2828 aswFsBlk - ok
13:42:37.0146 2828 [ 1A4EABEE6A4809EDA17F7593E211B402 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
13:42:37.0162 2828 aswMonFlt - ok
13:42:37.0177 2828 [ F5F5E12CB417C52516A49E2F92509A78 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
13:42:37.0193 2828 aswRdr - ok
13:42:37.0240 2828 [ F9647D0C5871245F60AD743B0A10D1F1 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
13:42:37.0271 2828 aswRvrt - ok
13:42:37.0302 2828 [ 2A8E206C73D6C0AA795DF8299808AB26 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
13:42:37.0333 2828 aswSnx - ok
13:42:37.0380 2828 [ F0D5770AE7F46387AE17FF9EBB287AAC ] aswSP C:\Windows\system32\drivers\aswSP.sys
13:42:37.0396 2828 aswSP - ok
13:42:37.0411 2828 [ C75DDAE1FDD93A6C9A53DE175DC51225 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
13:42:37.0411 2828 aswTdi - ok
13:42:37.0442 2828 [ 1DCB866DDD43751164AFC01EC2C086CB ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
13:42:37.0458 2828 aswVmm - ok
13:42:37.0489 2828 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:42:37.0583 2828 AsyncMac - ok
13:42:37.0614 2828 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
13:42:37.0645 2828 atapi - ok
13:42:37.0708 2828 [ 40A07E6916AC098E31A9E39AC202B8A1 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
13:42:37.0723 2828 AtiHdmiService - ok
13:42:37.0879 2828 [ 427C14EA1202C874E3EAD16CD2E2778A ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:42:37.0957 2828 atikmdag - ok
13:42:38.0020 2828 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:42:38.0082 2828 AudioEndpointBuilder - ok
13:42:38.0098 2828 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:42:38.0129 2828 Audiosrv - ok
13:42:38.0191 2828 [ AEF6E1DE647339C4990586D1DE427BBB ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:42:38.0207 2828 avast! Antivirus - ok
13:42:38.0254 2828 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:42:38.0316 2828 AxInstSV - ok
13:42:38.0347 2828 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
13:42:38.0394 2828 b06bdrv - ok
13:42:38.0425 2828 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
13:42:38.0488 2828 b57nd60x - ok
13:42:38.0550 2828 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
13:42:38.0581 2828 BDESVC - ok
13:42:38.0612 2828 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
13:42:38.0690 2828 Beep - ok
13:42:38.0737 2828 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
13:42:38.0800 2828 BFE - ok
13:42:38.0846 2828 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
13:42:38.0909 2828 BITS - ok
13:42:38.0940 2828 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:42:38.0971 2828 blbdrive - ok
13:42:39.0002 2828 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:42:39.0065 2828 bowser - ok
13:42:39.0096 2828 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:42:39.0190 2828 BrFiltLo - ok
13:42:39.0221 2828 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:42:39.0283 2828 BrFiltUp - ok
13:42:39.0346 2828 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
13:42:39.0455 2828 BridgeMP - ok
13:42:39.0486 2828 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
13:42:39.0533 2828 Browser - ok
13:42:39.0564 2828 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:42:39.0595 2828 Brserid - ok
13:42:39.0611 2828 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:42:39.0673 2828 BrSerWdm - ok
13:42:39.0689 2828 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:42:39.0751 2828 BrUsbMdm - ok
13:42:39.0782 2828 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:42:39.0829 2828 BrUsbSer - ok
13:42:39.0860 2828 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
13:42:39.0892 2828 BthEnum - ok
13:42:39.0923 2828 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:42:39.0985 2828 BTHMODEM - ok
13:42:40.0032 2828 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
13:42:40.0094 2828 BthPan - ok
13:42:40.0141 2828 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
13:42:40.0188 2828 BTHPORT - ok
13:42:40.0235 2828 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
13:42:40.0297 2828 bthserv - ok
13:42:40.0344 2828 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
13:42:40.0375 2828 BTHUSB - ok
13:42:40.0422 2828 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:42:40.0500 2828 cdfs - ok
13:42:40.0531 2828 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
13:42:40.0594 2828 cdrom - ok
13:42:40.0625 2828 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
13:42:40.0687 2828 CertPropSvc - ok
13:42:40.0750 2828 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:42:40.0812 2828 circlass - ok
13:42:40.0843 2828 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
13:42:40.0874 2828 CLFS - ok
13:42:40.0984 2828 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:42:40.0999 2828 clr_optimization_v2.0.50727_32 - ok
13:42:41.0093 2828 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:42:41.0124 2828 clr_optimization_v4.0.30319_32 - ok
13:42:41.0140 2828 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:42:41.0186 2828 CmBatt - ok
13:42:41.0218 2828 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:42:41.0233 2828 cmdide - ok
13:42:41.0280 2828 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
13:42:41.0311 2828 CNG - ok
13:42:41.0374 2828 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:42:41.0405 2828 Compbatt - ok
13:42:41.0420 2828 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:42:41.0467 2828 CompositeBus - ok
13:42:41.0483 2828 COMSysApp - ok
13:42:41.0530 2828 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:42:41.0561 2828 crcdisk - ok
13:42:41.0592 2828 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:42:41.0623 2828 CryptSvc - ok
13:42:41.0670 2828 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
13:42:41.0717 2828 DcomLaunch - ok
13:42:41.0748 2828 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
13:42:41.0826 2828 defragsvc - ok
13:42:41.0857 2828 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:42:41.0904 2828 DfsC - ok
13:42:41.0951 2828 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
13:42:41.0998 2828 Dhcp - ok
13:42:42.0029 2828 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
13:42:42.0091 2828 discache - ok
13:42:42.0138 2828 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:42:42.0169 2828 Disk - ok
13:42:42.0200 2828 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:42:42.0247 2828 Dnscache - ok
13:42:42.0278 2828 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
13:42:42.0341 2828 dot3svc - ok
13:42:42.0372 2828 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
13:42:42.0419 2828 DPS - ok
13:42:42.0450 2828 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:42:42.0481 2828 drmkaud - ok
13:42:42.0528 2828 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:42:42.0575 2828 DXGKrnl - ok
13:42:42.0622 2828 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
13:42:42.0700 2828 EapHost - ok
13:42:42.0809 2828 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
13:42:42.0887 2828 ebdrv - ok
13:42:42.0918 2828 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
13:42:42.0949 2828 EFS - ok
13:42:43.0012 2828 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:42:43.0074 2828 ehRecvr - ok
13:42:43.0105 2828 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
13:42:43.0152 2828 ehSched - ok
13:42:43.0230 2828 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:42:43.0277 2828 elxstor - ok
13:42:43.0292 2828 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:42:43.0324 2828 ErrDev - ok
13:42:43.0370 2828 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
13:42:43.0464 2828 EventSystem - ok
13:42:43.0495 2828 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
13:42:43.0542 2828 exfat - ok
13:42:43.0558 2828 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:42:43.0604 2828 fastfat - ok
13:42:43.0667 2828 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
13:42:43.0729 2828 Fax - ok
13:42:43.0745 2828 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:42:43.0792 2828 fdc - ok
13:42:43.0823 2828 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
13:42:43.0901 2828 fdPHost - ok
13:42:43.0916 2828 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
13:42:43.0994 2828 FDResPub - ok
13:42:44.0026 2828 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:42:44.0041 2828 FileInfo - ok
13:42:44.0057 2828 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:42:44.0119 2828 Filetrace - ok
13:42:44.0150 2828 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:42:44.0182 2828 flpydisk - ok
13:42:44.0213 2828 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:42:44.0228 2828 FltMgr - ok
13:42:44.0260 2828 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
13:42:44.0338 2828 FontCache - ok
13:42:44.0416 2828 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:42:44.0447 2828 FontCache3.0.0.0 - ok
13:42:44.0494 2828 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:42:44.0525 2828 FsDepends - ok
13:42:44.0540 2828 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:42:44.0556 2828 Fs_Rec - ok
13:42:44.0618 2828 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:42:44.0650 2828 fvevol - ok
13:42:44.0696 2828 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:42:44.0712 2828 gagp30kx - ok
13:42:44.0743 2828 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
13:42:44.0806 2828 gpsvc - ok
13:42:44.0868 2828 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
13:42:44.0899 2828 gupdate - ok
13:42:44.0899 2828 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:42:44.0930 2828 gupdatem - ok
13:42:44.0962 2828 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:42:45.0008 2828 hcw85cir - ok
13:42:45.0071 2828 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:42:45.0133 2828 HdAudAddService - ok
13:42:45.0164 2828 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:42:45.0196 2828 HDAudBus - ok
13:42:45.0227 2828 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:42:45.0274 2828 HidBatt - ok
13:42:45.0289 2828 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:42:45.0336 2828 HidBth - ok
13:42:45.0352 2828 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:42:45.0383 2828 HidIr - ok
13:42:45.0414 2828 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
13:42:45.0445 2828 hidserv - ok
13:42:45.0508 2828 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
13:42:45.0539 2828 HidUsb - ok
13:42:45.0570 2828 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:42:45.0648 2828 hkmsvc - ok
13:42:45.0695 2828 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:42:45.0742 2828 HomeGroupListener - ok
13:42:45.0773 2828 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:42:45.0820 2828 HomeGroupProvider - ok
13:42:45.0866 2828 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:42:45.0898 2828 HpSAMD - ok
13:42:45.0960 2828 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:42:46.0007 2828 HTTP - ok
13:42:46.0038 2828 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:42:46.0038 2828 hwpolicy - ok
13:42:46.0085 2828 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:42:46.0147 2828 i8042prt - ok
13:42:46.0178 2828 [ 26541A068572F650A2FA490726FE81BE ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
13:42:46.0210 2828 iaStor - ok
13:42:46.0272 2828 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
13:42:46.0303 2828 IAStorDataMgrSvc - ok
13:42:46.0334 2828 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:42:46.0350 2828 iaStorV - ok
13:42:46.0412 2828 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:42:46.0490 2828 idsvc - ok
13:42:46.0522 2828 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:42:46.0537 2828 iirsp - ok
13:42:46.0568 2828 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
13:42:46.0631 2828 IKEEXT - ok
13:42:46.0756 2828 [ 98B5841CCE188B565E0CC460B8FD935F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
13:42:46.0880 2828 IntcAzAudAddService - ok
13:42:46.0912 2828 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
13:42:46.0943 2828 intelide - ok
13:42:46.0990 2828 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:42:47.0036 2828 intelppm - ok
13:42:47.0068 2828 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:42:47.0161 2828 IPBusEnum - ok
13:42:47.0192 2828 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:42:47.0270 2828 IpFilterDriver - ok
13:42:47.0302 2828 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:42:47.0364 2828 iphlpsvc - ok
13:42:47.0395 2828 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:42:47.0426 2828 IPMIDRV - ok
13:42:47.0473 2828 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:42:47.0536 2828 IPNAT - ok
13:42:47.0567 2828 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:42:47.0614 2828 IRENUM - ok
13:42:47.0645 2828 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:42:47.0660 2828 isapnp - ok
13:42:47.0692 2828 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:42:47.0707 2828 iScsiPrt - ok
13:42:47.0738 2828 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
13:42:47.0754 2828 kbdclass - ok
13:42:47.0785 2828 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
13:42:47.0848 2828 kbdhid - ok
13:42:47.0879 2828 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
13:42:47.0894 2828 KeyIso - ok
13:42:47.0926 2828 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:42:47.0941 2828 KSecDD - ok
13:42:47.0972 2828 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:42:47.0988 2828 KSecPkg - ok
13:42:48.0019 2828 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
13:42:48.0082 2828 KtmRm - ok
13:42:48.0128 2828 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
13:42:48.0206 2828 LanmanServer - ok
13:42:48.0238 2828 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:42:48.0284 2828 LanmanWorkstation - ok
13:42:48.0331 2828 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:42:48.0409 2828 lltdio - ok
13:42:48.0440 2828 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:42:48.0487 2828 lltdsvc - ok
13:42:48.0503 2828 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
13:42:48.0550 2828 lmhosts - ok
13:42:48.0581 2828 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:42:48.0596 2828 LSI_FC - ok
13:42:48.0643 2828 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:42:48.0674 2828 LSI_SAS - ok
13:42:48.0690 2828 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:42:48.0706 2828 LSI_SAS2 - ok
13:42:48.0737 2828 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:42:48.0752 2828 LSI_SCSI - ok
13:42:48.0784 2828 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
13:42:48.0815 2828 luafv - ok
13:42:48.0862 2828 [ D8C0B2EB928D57C928522EFF500C4BA8 ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv.sys
13:42:48.0893 2828 ManyCam - ok
13:42:48.0924 2828 [ DFAA87E30868FE4CB7D335837A4BF39C ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv.sys
13:42:48.0955 2828 mcaudrv_simple - ok
13:42:48.0986 2828 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:42:49.0018 2828 Mcx2Svc - ok
13:42:49.0049 2828 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:42:49.0064 2828 megasas - ok
13:42:49.0096 2828 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:42:49.0111 2828 MegaSR - ok
13:42:49.0142 2828 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
13:42:49.0205 2828 MMCSS - ok
13:42:49.0236 2828 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
13:42:49.0314 2828 Modem - ok
13:42:49.0345 2828 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:42:49.0376 2828 monitor - ok
13:42:49.0423 2828 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
13:42:49.0454 2828 mouclass - ok
13:42:49.0501 2828 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:42:49.0517 2828 mouhid - ok
13:42:49.0548 2828 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:42:49.0579 2828 mountmgr - ok
13:42:49.0626 2828 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:42:49.0657 2828 MozillaMaintenance - ok
13:42:49.0673 2828 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
13:42:49.0688 2828 mpio - ok
13:42:49.0704 2828 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:42:49.0751 2828 mpsdrv - ok
13:42:49.0798 2828 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:42:49.0844 2828 MpsSvc - ok
13:42:49.0891 2828 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:42:49.0922 2828 MRxDAV - ok
13:42:49.0969 2828 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:42:50.0016 2828 mrxsmb - ok
13:42:50.0047 2828 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:42:50.0094 2828 mrxsmb10 - ok
13:42:50.0110 2828 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:42:50.0156 2828 mrxsmb20 - ok
13:42:50.0203 2828 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
13:42:50.0234 2828 msahci - ok
13:42:50.0266 2828 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:42:50.0281 2828 msdsm - ok
13:42:50.0297 2828 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
13:42:50.0328 2828 MSDTC - ok
13:42:50.0359 2828 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:42:50.0406 2828 Msfs - ok
13:42:50.0422 2828 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:42:50.0468 2828 mshidkmdf - ok
13:42:50.0500 2828 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:42:50.0515 2828 msisadrv - ok
13:42:50.0546 2828 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:42:50.0593 2828 MSiSCSI - ok
13:42:50.0593 2828 msiserver - ok
13:42:50.0624 2828 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:42:50.0702 2828 MSKSSRV - ok
13:42:50.0734 2828 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:42:50.0780 2828 MSPCLOCK - ok
13:42:50.0796 2828 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:42:50.0858 2828 MSPQM - ok
13:42:50.0890 2828 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:42:50.0905 2828 MsRPC - ok
13:42:50.0936 2828 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:42:50.0952 2828 mssmbios - ok
13:42:50.0983 2828 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:42:51.0046 2828 MSTEE - ok
13:42:51.0077 2828 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:42:51.0092 2828 MTConfig - ok
13:42:51.0124 2828 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
13:42:51.0139 2828 Mup - ok
13:42:51.0186 2828 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
13:42:51.0248 2828 napagent - ok
13:42:51.0311 2828 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:42:51.0358 2828 NativeWifiP - ok
13:42:51.0389 2828 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:42:51.0420 2828 NDIS - ok
13:42:51.0451 2828 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:42:51.0482 2828 NdisCap - ok
13:42:51.0514 2828 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:42:51.0560 2828 NdisTapi - ok
13:42:51.0607 2828 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:42:51.0654 2828 Ndisuio - ok
13:42:51.0685 2828 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:42:51.0779 2828 NdisWan - ok
13:42:51.0794 2828 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:42:51.0841 2828 NDProxy - ok
13:42:51.0872 2828 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:42:51.0935 2828 NetBIOS - ok
13:42:51.0950 2828 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:42:52.0028 2828 NetBT - ok
13:42:52.0044 2828 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
13:42:52.0060 2828 Netlogon - ok
13:42:52.0106 2828 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
13:42:52.0200 2828 Netman - ok
13:42:52.0216 2828 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
13:42:52.0278 2828 netprofm - ok
13:42:52.0309 2828 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:42:52.0309 2828 NetTcpPortSharing - ok
13:42:52.0356 2828 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:42:52.0387 2828 nfrd960 - ok
13:42:52.0418 2828 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
13:42:52.0465 2828 NlaSvc - ok
13:42:52.0496 2828 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:42:52.0543 2828 Npfs - ok
13:42:52.0574 2828 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
13:42:52.0621 2828 nsi - ok
13:42:52.0621 2828 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:42:52.0668 2828 nsiproxy - ok
13:42:52.0746 2828 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:42:52.0824 2828 Ntfs - ok
13:42:52.0840 2828 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
13:42:52.0918 2828 Null - ok
13:42:52.0949 2828 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:42:52.0964 2828 nvraid - ok
13:42:52.0996 2828 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:42:53.0011 2828 nvstor - ok
13:42:53.0042 2828 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:42:53.0058 2828 nv_agp - ok
13:42:53.0105 2828 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:42:53.0136 2828 ohci1394 - ok
13:42:53.0152 2828 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:42:53.0198 2828 p2pimsvc - ok
13:42:53.0245 2828 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
13:42:53.0276 2828 p2psvc - ok
13:42:53.0292 2828 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:42:53.0323 2828 Parport - ok
13:42:53.0354 2828 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:42:53.0370 2828 partmgr - ok
13:42:53.0401 2828 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
13:42:53.0448 2828 Parvdm - ok
13:42:53.0464 2828 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:42:53.0510 2828 PcaSvc - ok
13:42:53.0542 2828 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
13:42:53.0557 2828 pci - ok
13:42:53.0573 2828 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
13:42:53.0588 2828 pciide - ok
13:42:53.0620 2828 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:42:53.0635 2828 pcmcia - ok
13:42:53.0666 2828 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
13:42:53.0666 2828 pcw - ok
13:42:53.0713 2828 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:42:53.0776 2828 PEAUTH - ok
13:42:53.0822 2828 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
13:42:53.0916 2828 pla - ok
13:42:53.0978 2828 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:42:54.0025 2828 PlugPlay - ok
13:42:54.0056 2828 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:42:54.0072 2828 PNRPAutoReg - ok
13:42:54.0103 2828 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:42:54.0119 2828 PNRPsvc - ok
13:42:54.0166 2828 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:42:54.0228 2828 PolicyAgent - ok
13:42:54.0259 2828 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
13:42:54.0306 2828 Power - ok
13:42:54.0353 2828 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:42:54.0431 2828 PptpMiniport - ok
13:42:54.0446 2828 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:42:54.0478 2828 Processor - ok
13:42:54.0524 2828 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
13:42:54.0587 2828 ProfSvc - ok
13:42:54.0618 2828 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:42:54.0649 2828 ProtectedStorage - ok
13:42:54.0696 2828 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:42:54.0774 2828 Psched - ok
13:42:54.0805 2828 [ 68B57D7C11277EA89F78255480376B4D ] PSI C:\Windows\system32\DRIVERS\psi_mf_x86.sys
13:42:54.0821 2828 PSI - ok
13:42:54.0868 2828 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
13:42:54.0883 2828 PSI_SVC_2 - ok
13:42:54.0946 2828 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:42:55.0024 2828 ql2300 - ok
13:42:55.0039 2828 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:42:55.0055 2828 ql40xx - ok
13:42:55.0086 2828 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
13:42:55.0148 2828 QWAVE - ok
13:42:55.0164 2828 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:42:55.0211 2828 QWAVEdrv - ok
13:42:55.0226 2828 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:42:55.0289 2828 RasAcd - ok
13:42:55.0320 2828 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:42:55.0367 2828 RasAgileVpn - ok
13:42:55.0398 2828 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
13:42:55.0445 2828 RasAuto - ok
13:42:55.0492 2828 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:42:55.0570 2828 Rasl2tp - ok
13:42:55.0601 2828 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
13:42:55.0663 2828 RasMan - ok
13:42:55.0679 2828 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:42:55.0726 2828 RasPppoe - ok
13:42:55.0757 2828 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:42:55.0804 2828 RasSstp - ok
13:42:55.0835 2828 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:42:55.0866 2828 rdbss - ok
13:42:55.0897 2828 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:42:55.0913 2828 rdpbus - ok
13:42:55.0944 2828 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:42:56.0006 2828 RDPCDD - ok
13:42:56.0038 2828 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:42:56.0069 2828 RDPENCDD - ok
13:42:56.0100 2828 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:42:56.0162 2828 RDPREFMP - ok
13:42:56.0209 2828 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:42:56.0256 2828 RdpVideoMiniport - ok
13:42:56.0272 2828 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:42:56.0303 2828 RDPWD - ok
13:42:56.0350 2828 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:42:56.0381 2828 rdyboost - ok
13:42:56.0412 2828 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
13:42:56.0474 2828 RemoteAccess - ok
13:42:56.0490 2828 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:42:56.0537 2828 RemoteRegistry - ok
13:42:56.0568 2828 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
13:42:56.0615 2828 RFCOMM - ok
13:42:56.0662 2828 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:42:56.0708 2828 RpcEptMapper - ok
13:42:56.0724 2828 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
13:42:56.0755 2828 RpcLocator - ok
13:42:56.0771 2828 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
13:42:56.0818 2828 RpcSs - ok
13:42:56.0849 2828 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:42:56.0927 2828 rspndr - ok
13:42:56.0974 2828 [ 0340A381B920A6E68178B832889F33F8 ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys
13:42:56.0989 2828 RSUSBSTOR - ok
13:42:57.0020 2828 [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
13:42:57.0052 2828 RTL8167 - ok
13:42:57.0098 2828 [ B5E9979FBB26FC059BD87A81F763D5DA ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
13:42:57.0161 2828 rtl8192se - ok
13:42:57.0176 2828 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
13:42:57.0192 2828 SamSs - ok
13:42:57.0239 2828 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:42:57.0254 2828 sbp2port - ok
13:42:57.0270 2828 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:42:57.0332 2828 SCardSvr - ok
13:42:57.0348 2828 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:42:57.0395 2828 scfilter - ok
13:42:57.0426 2828 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
13:42:57.0520 2828 Schedule - ok
13:42:57.0535 2828 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:42:57.0582 2828 SCPolicySvc - ok
13:42:57.0598 2828 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:42:57.0629 2828 SDRSVC - ok
13:42:57.0707 2828 [ 4A5809A1D796E2675AC0332BF7B0CB11 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
13:42:57.0738 2828 SeaPort - ok
13:42:57.0785 2828 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:42:57.0832 2828 secdrv - ok
13:42:57.0847 2828 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
13:42:57.0894 2828 seclogon - ok
13:42:57.0972 2828 [ E43C0D32FF2D9A72F2D975B83B916964 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
13:42:58.0050 2828 Secunia PSI Agent - ok
13:42:58.0097 2828 [ CB2D183E27D1443F7D4CF10665B2BDED ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
13:42:58.0159 2828 Secunia Update Agent - ok
13:42:58.0190 2828 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
13:42:58.0237 2828 SENS - ok
13:42:58.0253 2828 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:42:58.0300 2828 SensrSvc - ok
13:42:58.0331 2828 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:42:58.0362 2828 Serenum - ok
13:42:58.0409 2828 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:42:58.0456 2828 Serial - ok
13:42:58.0487 2828 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:42:58.0534 2828 sermouse - ok
13:42:58.0565 2828 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
13:42:58.0627 2828 SessionEnv - ok
13:42:58.0643 2828 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:42:58.0674 2828 sffdisk - ok
13:42:58.0690 2828 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:42:58.0721 2828 sffp_mmc - ok
13:42:58.0736 2828 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:42:58.0768 2828 sffp_sd - ok
13:42:58.0799 2828 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:42:58.0830 2828 sfloppy - ok
13:42:58.0861 2828 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:42:58.0924 2828 SharedAccess - ok
13:42:58.0955 2828 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:42:59.0002 2828 ShellHWDetection - ok
13:42:59.0033 2828 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
13:42:59.0033 2828 sisagp - ok
13:42:59.0095 2828 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:42:59.0126 2828 SiSRaid2 - ok
13:42:59.0158 2828 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:42:59.0173 2828 SiSRaid4 - ok
13:42:59.0220 2828 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:42:59.0282 2828 Smb - ok
13:42:59.0314 2828 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:42:59.0345 2828 SNMPTRAP - ok
13:42:59.0376 2828 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
13:42:59.0392 2828 spldr - ok
13:42:59.0438 2828 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
13:42:59.0516 2828 Spooler - ok
13:42:59.0594 2828 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
13:42:59.0719 2828 sppsvc - ok
13:42:59.0750 2828 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:42:59.0828 2828 sppuinotify - ok
13:42:59.0860 2828 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:42:59.0906 2828 srv - ok
13:42:59.0938 2828 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:42:59.0969 2828 srv2 - ok
13:43:00.0000 2828 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:43:00.0031 2828 srvnet - ok
13:43:00.0047 2828 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:43:00.0109 2828 SSDPSRV - ok
13:43:00.0125 2828 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:43:00.0172 2828 SstpSvc - ok
13:43:00.0187 2828 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:43:00.0203 2828 stexstor - ok
13:43:00.0250 2828 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
13:43:00.0312 2828 StiSvc - ok
13:43:00.0328 2828 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
13:43:00.0359 2828 swenum - ok
13:43:00.0374 2828 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
13:43:00.0421 2828 swprv - ok
13:43:00.0468 2828 [ 03B76B4C38C6A0FCE763FF272E94490D ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
13:43:00.0499 2828 SynTP - ok
13:43:00.0546 2828 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
13:43:00.0640 2828 SysMain - ok
13:43:00.0671 2828 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:43:00.0718 2828 TabletInputService - ok
13:43:00.0749 2828 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
13:43:00.0811 2828 TapiSrv - ok
13:43:00.0842 2828 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
13:43:00.0889 2828 TBS - ok
13:43:00.0936 2828 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:43:01.0014 2828 Tcpip - ok
13:43:01.0045 2828 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:43:01.0076 2828 TCPIP6 - ok
13:43:01.0123 2828 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:43:01.0170 2828 tcpipreg - ok
13:43:01.0201 2828 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:43:01.0232 2828 TDPIPE - ok
13:43:01.0248 2828 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:43:01.0279 2828 TDTCP - ok
13:43:01.0295 2828 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:43:01.0342 2828 tdx - ok
13:43:01.0373 2828 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:43:01.0388 2828 TermDD - ok
13:43:01.0420 2828 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
13:43:01.0466 2828 TermService - ok
13:43:01.0498 2828 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
13:43:01.0529 2828 Themes - ok
13:43:01.0544 2828 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
13:43:01.0576 2828 THREADORDER - ok
13:43:01.0669 2828 [ 7EEAD8BDAFD8F6DDACDD83CEB3191D42 ] TrdCap C:\Windows\system32\DRIVERS\TrdCap.sys
13:43:01.0732 2828 TrdCap - ok
13:43:01.0763 2828 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
13:43:01.0810 2828 TrkWks - ok
13:43:01.0856 2828 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:43:01.0934 2828 TrustedInstaller - ok
13:43:01.0966 2828 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:43:02.0012 2828 tssecsrv - ok
13:43:02.0059 2828 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:43:02.0106 2828 TsUsbFlt - ok
13:43:02.0168 2828 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:43:02.0246 2828 tunnel - ok
13:43:02.0278 2828 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:43:02.0293 2828 uagp35 - ok
13:43:02.0324 2828 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:43:02.0356 2828 udfs - ok
13:43:02.0387 2828 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:43:02.0418 2828 UI0Detect - ok
13:43:02.0449 2828 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:43:02.0480 2828 uliagpkx - ok
13:43:02.0512 2828 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
13:43:02.0558 2828 umbus - ok
13:43:02.0590 2828 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:43:02.0636 2828 UmPass - ok
13:43:02.0652 2828 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
13:43:02.0714 2828 upnphost - ok
13:43:02.0761 2828 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:43:02.0808 2828 usbaudio - ok
13:43:02.0824 2828 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:43:02.0870 2828 usbccgp - ok
13:43:02.0917 2828 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:43:02.0964 2828 usbcir - ok
13:43:02.0980 2828 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
13:43:02.0995 2828 usbehci - ok
13:43:03.0026 2828 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:43:03.0058 2828 usbhub - ok
13:43:03.0073 2828 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:43:03.0120 2828 usbohci - ok
13:43:03.0151 2828 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:43:03.0198 2828 usbprint - ok
13:43:03.0229 2828 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
13:43:03.0260 2828 USBSTOR - ok
13:43:03.0292 2828 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:43:03.0307 2828 usbuhci - ok
13:43:03.0338 2828 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
13:43:03.0385 2828 usbvideo - ok
13:43:03.0401 2828 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
13:43:03.0463 2828 UxSms - ok
13:43:03.0479 2828 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
13:43:03.0494 2828 VaultSvc - ok
13:43:03.0541 2828 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:43:03.0557 2828 vdrvroot - ok
13:43:03.0604 2828 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
13:43:03.0666 2828 vds - ok
13:43:03.0713 2828 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:43:03.0760 2828 vga - ok
13:43:03.0791 2828 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
13:43:03.0822 2828 VgaSave - ok
13:43:03.0853 2828 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:43:03.0869 2828 vhdmp - ok
13:43:03.0900 2828 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
13:43:03.0916 2828 viaagp - ok
13:43:03.0947 2828 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
13:43:03.0978 2828 ViaC7 - ok
13:43:03.0978 2828 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
13:43:03.0994 2828 viaide - ok
13:43:04.0025 2828 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:43:04.0056 2828 volmgr - ok
13:43:04.0087 2828 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:43:04.0103 2828 volmgrx - ok
13:43:04.0134 2828 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:43:04.0150 2828 volsnap - ok
13:43:04.0181 2828 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:43:04.0196 2828 vsmraid - ok
13:43:04.0259 2828 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
13:43:04.0368 2828 VSS - ok
13:43:04.0399 2828 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:43:04.0446 2828 vwifibus - ok
13:43:04.0462 2828 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:43:04.0493 2828 vwififlt - ok
13:43:04.0540 2828 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
13:43:04.0618 2828 W32Time - ok
13:43:04.0649 2828 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:43:04.0664 2828 WacomPen - ok
13:43:04.0711 2828 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:43:04.0774 2828 WANARP - ok
13:43:04.0774 2828 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:43:04.0805 2828 Wanarpv6 - ok
13:43:04.0867 2828 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
13:43:04.0945 2828 wbengine - ok
13:43:04.0976 2828 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:43:05.0023 2828 WbioSrvc - ok
13:43:05.0054 2828 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:43:05.0086 2828 wcncsvc - ok
13:43:05.0101 2828 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:43:05.0148 2828 WcsPlugInService - ok
13:43:05.0164 2828 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:43:05.0179 2828 Wd - ok
13:43:05.0226 2828 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:43:05.0257 2828 Wdf01000 - ok
13:43:05.0288 2828 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:43:05.0320 2828 WdiServiceHost - ok
13:43:05.0320 2828 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:43:05.0351 2828 WdiSystemHost - ok
13:43:05.0382 2828 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
13:43:05.0413 2828 WebClient - ok
13:43:05.0444 2828 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:43:05.0476 2828 Wecsvc - ok
13:43:05.0491 2828 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:43:05.0522 2828 wercplsupport - ok
13:43:05.0554 2828 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
13:43:05.0600 2828 WerSvc - ok
13:43:05.0647 2828 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:43:05.0678 2828 WfpLwf - ok
13:43:05.0694 2828 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:43:05.0710 2828 WIMMount - ok
13:43:05.0772 2828 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:43:05.0834 2828 WinDefend - ok
13:43:05.0834 2828 WinHttpAutoProxySvc - ok
13:43:05.0897 2828 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:43:05.0928 2828 Winmgmt - ok
13:43:05.0975 2828 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
13:43:06.0084 2828 WinRM - ok
13:43:06.0131 2828 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:43:06.0178 2828 Wlansvc - ok
13:43:06.0209 2828 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:43:06.0240 2828 WmiAcpi - ok
13:43:06.0271 2828 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:43:06.0302 2828 wmiApSrv - ok
13:43:06.0365 2828 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:43:06.0458 2828 WMPNetworkSvc - ok
13:43:06.0474 2828 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:43:06.0505 2828 WPCSvc - ok
13:43:06.0552 2828 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:43:06.0599 2828 WPDBusEnum - ok
13:43:06.0630 2828 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:43:06.0692 2828 ws2ifsl - ok
13:43:06.0724 2828 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
13:43:06.0755 2828 wscsvc - ok
13:43:06.0755 2828 WSearch - ok
13:43:06.0817 2828 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
13:43:06.0942 2828 wuauserv - ok
13:43:06.0973 2828 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:43:07.0020 2828 WudfPf - ok
13:43:07.0051 2828 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:43:07.0067 2828 WUDFRd - ok
13:43:07.0114 2828 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:43:07.0145 2828 wudfsvc - ok
13:43:07.0160 2828 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
13:43:07.0238 2828 WwanSvc - ok
13:43:07.0285 2828 [ 1F93FCB5BAB3A921ECBA522F63586F4A ] X10Hid C:\Windows\System32\Drivers\x10hid.sys
13:43:07.0301 2828 X10Hid - ok
13:43:07.0379 2828 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
13:43:07.0394 2828 x10nets ( UnsignedFile.Multi.Generic ) - warning
13:43:07.0394 2828 x10nets - detected UnsignedFile.Multi.Generic (1)
13:43:07.0441 2828 [ 378DC1B0B1F62A7488EE8D31A3C6E949 ] XUIF C:\Windows\system32\Drivers\x10ufx2.sys
13:43:07.0472 2828 XUIF - ok
13:43:07.0488 2828 ================ Scan global ===============================
13:43:07.0504 2828 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
13:43:07.0535 2828 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
13:43:07.0550 2828 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
13:43:07.0582 2828 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
13:43:07.0613 2828 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
13:43:07.0613 2828 [Global] - ok
13:43:07.0613 2828 ================ Scan MBR ==================================
13:43:07.0628 2828 [ 4624822E540EC83CD0819525C65846BA ] \Device\Harddisk0\DR0
13:43:10.0062 2828 \Device\Harddisk0\DR0 - ok
13:43:10.0062 2828 ================ Scan VBR ==================================
13:43:10.0078 2828 [ F8E37D3CAD15B464C40B0EE8F968C1B4 ] \Device\Harddisk0\DR0\Partition1
13:43:10.0078 2828 \Device\Harddisk0\DR0\Partition1 - ok
13:43:10.0109 2828 [ B8BD3CE53607C7617B2C97AB220FBAB4 ] \Device\Harddisk0\DR0\Partition2
13:43:10.0109 2828 \Device\Harddisk0\DR0\Partition2 - ok
13:43:10.0140 2828 [ 3AF2D94621D28C2F3D6DD980D1EBEEB6 ] \Device\Harddisk0\DR0\Partition3
13:43:10.0156 2828 \Device\Harddisk0\DR0\Partition3 - ok
13:43:10.0156 2828 ============================================================
13:43:10.0156 2828 Scan finished
13:43:10.0156 2828 ============================================================
13:43:10.0171 5136 Detected object count: 1
13:43:10.0171 5136 Actual detected object count: 1
13:43:27.0721 5136 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
13:43:27.0721 5136 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:43:33.0322 4376 Deinitialize success
|
|
11.03.2013, 13:54
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Seth.anzutracking öffnet Werbung im Firefoxbrowser Das ist harmlos, kannste ignoreiren, die Logs sehen unauffällig aus JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ --> Seth.anzutracking öffnet Werbung im Firefoxbrowser |
|
11.03.2013, 14:39
| #7 |
| | Seth.anzutracking öffnet Werbung im Firefoxbrowser Das stimmt mich zumindest einigermaßen zufrieden. Sollte ich falls kein Befund gefunden wird einfach eine der oben von mir gelinkten Anleitungen durchspielen? JRT Txt Log: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.9 (03.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by xxx on 11.03.2013 at 14:05:57,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Failed to delete: [Registry Key] "hkey_local_machine\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\scheduled update for ask toolbar"
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\vivet5t1.default\minidumps [23 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.03.2013 at 14:08:16,68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.114 - Datei am 11/03/2013 um 14:09:25 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : xxx- xxx-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\xxx\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\vivet5t1.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v25.0.1364.160
Datei : C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S2].txt - [1012 octets] - [11/03/2013 14:09:25]
########## EOF - C:\AdwCleaner[S2].txt - [1072 octets] ##########
Code:
ATTFilter OTL logfile created on: 3/11/2013 2:13:28 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.99 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 62.15% Memory free 5.98 Gb Paging File | 4.72 Gb Available in Paging File | 79.05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 555.07 Gb Total Space | 523.18 Gb Free Space | 94.26% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 19.60 Gb Free Space | 49.00% Space Free | Partition Type: NTFS Computer Name: xxx-PC | User Name: xxx| Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe (Adobe Systems, Inc.) PRC - C:\Program Files\Secunia\PSI\PSIA.exe (Secunia) PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (X10) PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_171.dll () MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3638.29735__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3638.29705__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3638.29613__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3638.29671__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3638.29633__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3638.29672__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3638.29685__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3638.29622__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3638.29706__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3638.29666__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3638.29656__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3638.29628__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3638.29622__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3638.29736__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3638.29731__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3638.29659__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3638.29634__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3638.29680__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3638.29633__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3638.29704__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3638.29658__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3638.29664__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3638.29671__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3638.29704__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3638.29663__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3638.29658__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3638.29653__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3638.29665__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3638.29638__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3622.19963__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3622.19963__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3638.29657__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3638.29638__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3638.29658__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3638.29665__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3622.19962__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3622.19963__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3622.19993__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3622.19964__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3622.19964__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3622.19963__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3622.19973__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3622.19965__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3622.19964__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3622.19965__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3622.19974__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3622.19965__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3622.19971__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3622.19966__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3622.19966__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3622.19978__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3622.19975__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3622.19967__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3622.19974__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3638.29730__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3638.29694__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3638.29627__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3638.29699__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3638.29698__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3622.19968__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3638.29611__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3622.19966__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3638.29612__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3622.19977__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3622.19966__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3622.19970__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3622.19967__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3638.29710__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3622.19963__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3622.19973__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3622.19965__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3622.19967__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3622.19963__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3622.19972__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3622.19971__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3622.19974__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3622.19964__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3622.19965__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3622.19968__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3622.19964__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3622.19967__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3622.19965__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3622.19967__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3622.19965__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3638.29611__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3638.29618__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3638.29609__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3638.29610__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3622.19964__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3622.19967__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3622.19968__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3638.29699__90ba9c70f846762e\CCC.Implementation.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (x10nets) -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (X10) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Driver Services (SafeList) ========== DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys () DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software) DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys () DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf_x86.sys (Secunia) DRV - (mcaudrv_simple) -- C:\Windows\System32\drivers\mcaudrv.sys (ManyCam LLC) DRV - (ManyCam) -- C:\Windows\System32\drivers\mcvidrv.sys (ManyCam LLC) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (TrdCap) -- C:\Windows\System32\drivers\TrdCap.sys (Trident Microsystems, Inc.) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation ) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3657325877-1720700274-2462683530-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3657325877-1720700274-2462683530-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com IE - HKU\S-1-5-21-3657325877-1720700274-2462683530-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3657325877-1720700274-2462683530-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3657325877-1720700274-2462683530-1000\..\SearchScopes\{469CEF17-C4C5-41DB-B566-0B22FFC3D79A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=ce2600fe-5456-4fea-af94-64535f2c33be&apn_sauid=26D66C6B-D6C0-433F-A56B-2F7C786F2F1D IE - HKU\S-1-5-21-3657325877-1720700274-2462683530-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3657325877-1720700274-2462683530-1000\..\SearchScopes\{CCB2728A-D514-4A42-959D-F237DF1932BF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393 IE - HKU\S-1-5-21-3657325877-1720700274-2462683530-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/05 17:20:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/08 05:52:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/14 19:41:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions [2013/03/04 21:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\vivet5t1.default\extensions [2013/03/08 05:52:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2013/03/07 15:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013/03/07 16:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013/03/07 16:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013/03/07 16:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013/03/07 16:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013/03/07 16:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013/03/07 16:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: https://www.mozilla.org/de/plugincheck/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.160\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.160\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.160\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - Extension: Google Docs = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: avast! WebRep = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1482_0\ CHR - Extension: Gmail = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013/03/06 14:16:56 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3657325877-1720700274-2462683530-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3657325877-1720700274-2462683530-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 1.7.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16601466-C772-4CB6-A238-F2D88C533590}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File not found O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/11 14:05:52 | 000,000,000 | ---D | C] -- C:\JRT [2013/03/11 14:03:07 | 000,547,791 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\xxx\Desktop\JRT.exe [2013/03/11 12:52:29 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\AntiRootkit [2013/03/11 12:51:01 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\xxx\Desktop\tdsskiller.exe [2013/03/11 12:47:25 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\xxx\Desktop\aswMBR.exe [2013/03/10 22:36:04 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Pc Überprüfung [2013/03/08 06:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013/03/08 06:20:54 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/03/08 06:20:37 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/03/08 06:20:37 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/03/08 06:20:37 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/03/06 21:36:31 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\DevPro [2013/03/06 14:16:56 | 000,000,000 | ---D | C] -- C:\_OTL [2013/03/06 14:16:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2013/03/06 06:41:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/03/05 22:07:43 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe [2013/03/05 22:07:42 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys [2013/03/05 22:07:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll [2013/03/05 22:07:40 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll [2013/03/05 22:07:37 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys [2013/03/05 22:07:34 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe [2013/03/05 22:07:34 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2013/03/05 22:07:34 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll [2013/03/05 22:07:34 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll [2013/03/05 22:07:34 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe [2013/03/05 22:07:34 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll [2013/03/05 22:07:34 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2013/03/05 22:07:34 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll [2013/03/05 22:07:34 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll [2013/03/05 22:07:33 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll [2013/03/05 22:02:19 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2013/03/05 22:02:19 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2013/03/05 22:01:28 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2013/03/05 22:01:27 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2013/03/05 22:01:26 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2013/03/05 21:56:16 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013/03/05 21:56:14 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013/03/05 21:56:13 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013/03/05 21:56:13 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013/03/05 21:56:13 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013/03/05 21:56:12 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013/03/05 21:56:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013/03/05 21:56:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013/03/05 21:56:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013/03/05 21:56:11 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013/03/05 21:56:11 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013/03/05 21:56:11 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013/03/05 21:56:11 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013/03/05 21:56:11 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013/03/05 21:56:11 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013/03/05 21:56:11 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013/03/05 21:56:11 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013/03/05 21:56:11 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013/03/05 21:56:11 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013/03/05 21:56:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013/03/05 21:56:10 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013/03/05 21:56:10 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013/03/05 21:56:10 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013/03/05 21:56:10 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013/03/05 21:56:10 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013/03/05 21:51:38 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe [2013/03/05 21:51:36 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl [2013/03/05 21:51:36 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll [2013/03/05 21:51:23 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs [2013/03/05 21:51:23 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs [2013/03/05 21:51:23 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs [2013/03/05 21:51:23 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs [2013/03/05 21:51:22 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2013/03/05 21:51:22 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll [2013/03/05 21:51:22 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs [2013/03/05 21:51:22 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs [2013/03/05 21:51:22 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs [2013/03/05 21:51:22 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs [2013/03/05 21:51:22 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs [2013/03/05 21:51:22 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs [2013/03/05 21:51:16 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs [2013/03/05 21:51:16 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs [2013/03/05 21:51:15 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs [2013/03/05 21:51:15 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs [2013/03/05 21:51:00 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2013/03/05 21:50:54 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2013/03/05 21:50:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2013/03/05 21:50:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2013/03/05 21:50:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2013/03/05 21:50:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2013/03/05 21:50:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2013/03/05 21:50:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2013/03/05 21:50:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2013/03/05 21:50:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2013/03/05 21:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2013/03/05 21:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2013/03/05 21:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2013/03/05 21:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2013/03/05 21:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2013/03/05 21:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2013/03/05 21:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2013/03/05 21:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2013/03/05 21:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2013/03/05 21:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/03/05 21:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2013/03/05 21:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2013/03/05 21:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2013/03/05 21:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2013/03/05 21:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2013/03/05 21:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2013/03/05 21:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2013/03/05 21:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2013/03/05 21:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2013/03/05 21:50:39 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys [2013/03/05 21:50:39 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe [2013/03/05 21:50:28 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll [2013/03/05 21:50:28 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll [2013/03/05 21:50:27 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2013/03/05 21:50:22 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll [2013/03/05 21:50:22 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll [2013/03/05 21:50:12 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll [2013/03/05 21:50:12 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll [2013/03/05 21:50:11 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll [2013/03/05 21:50:10 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll [2013/03/05 21:50:10 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll [2013/03/05 21:50:10 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll [2013/03/05 21:49:55 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2013/03/05 21:49:54 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2013/03/05 21:49:52 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys [2013/03/05 21:49:52 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys [2013/03/05 21:49:46 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys [2013/03/05 21:49:45 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys [2013/03/05 21:49:44 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe [2013/03/05 21:49:39 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2013/03/05 17:56:31 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Secunia PSI [2013/03/05 17:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia [2013/03/05 17:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013/03/05 17:21:14 | 000,368,248 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2013/03/05 17:21:14 | 000,029,880 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2013/03/05 17:21:12 | 000,060,728 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys [2013/03/05 17:21:11 | 000,765,808 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013/03/05 17:21:11 | 000,062,448 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2013/03/05 17:21:07 | 000,228,600 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2013/03/05 17:21:07 | 000,066,408 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2013/03/05 17:20:41 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013/03/05 17:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013/03/05 17:18:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013/03/05 16:38:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Yugioh [2013/03/05 13:39:37 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes [2013/03/05 13:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/03/05 13:39:20 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/03/05 13:39:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/03/04 21:15:05 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/03/04 20:46:03 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/03/04 20:36:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/03/04 19:02:01 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe [2013/03/04 15:00:32 | 000,103,680 | ---- | C] (GMER) -- C:\uwldrkob.sys [2013/03/04 14:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/03/04 04:51:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview [2013/03/04 04:49:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2013/03/03 21:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013/03/03 21:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013/02/28 11:39:45 | 000,034,432 | ---- | C] (ManyCam LLC) -- C:\Windows\System32\drivers\mcvidrv.sys [2013/02/28 11:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\ManyCam [2013/02/26 12:30:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Rinteln_Dateien [2013/02/20 18:53:15 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2013/02/20 07:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/02/13 13:38:15 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/02/13 13:38:13 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013/02/13 13:38:13 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013/02/13 13:38:11 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2013/02/13 13:38:11 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013/02/13 13:38:07 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/03/11 14:17:50 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/11 14:17:50 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/11 14:10:39 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/11 14:10:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/11 14:10:19 | 2406,924,288 | -HS- | M] () -- C:\hiberfil.sys [2013/03/11 14:05:06 | 000,597,667 | ---- | M] () -- C:\Users\xxx\Desktop\adwcleaner.exe [2013/03/11 14:04:27 | 000,547,791 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\xxx\Desktop\JRT.exe [2013/03/11 13:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/11 13:54:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/03/11 12:51:05 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\xxx\Desktop\tdsskiller.exe [2013/03/11 12:48:43 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\xxx\Desktop\aswMBR.exe [2013/03/11 12:46:28 | 013,786,977 | ---- | M] () -- C:\Users\xxx\Desktop\mbar-1.01.0.1021.zip [2013/03/10 22:31:34 | 000,377,856 | ---- | M] () -- C:\Users\xxx\Desktop\gmer_2.1.19155.exe [2013/03/10 20:52:04 | 000,030,991 | ---- | M] () -- C:\Users\xxx\Desktop\Unbenannt 1.odt [2013/03/08 06:20:30 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/03/08 06:20:28 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013/03/08 06:20:28 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013/03/08 06:20:28 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/03/08 06:20:28 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/03/08 06:20:28 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/03/08 05:52:42 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/03/06 21:35:39 | 321,848,743 | ---- | M] () -- C:\Users\xxx\Desktop\YGOPro DevPro 1.7.3.2.7z [2013/03/06 14:16:56 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2013/03/06 14:16:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2013/03/05 22:19:51 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013/03/05 22:19:51 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/03/05 22:19:51 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013/03/05 22:19:51 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/03/05 22:12:04 | 000,311,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/03/05 22:03:56 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf [2013/03/05 17:56:23 | 000,001,072 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013/03/05 17:21:15 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013/03/05 17:21:07 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2013/03/05 13:39:22 | 000,001,075 | ---- | M] () -- C:\Users\xxx\Desktop\ Malwarebytes Anti-Malware .lnk [2013/03/04 15:00:32 | 000,103,680 | ---- | M] (GMER) -- C:\uwldrkob.sys [2013/03/04 06:13:10 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable [2013/03/04 05:06:40 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll [2013/03/03 21:18:18 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013/02/28 09:36:37 | 000,765,808 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013/02/28 09:36:37 | 000,368,248 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2013/02/28 09:36:37 | 000,163,784 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys [2013/02/28 09:36:37 | 000,062,448 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2013/02/28 09:36:36 | 000,066,408 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2013/02/28 09:36:36 | 000,060,728 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys [2013/02/28 09:36:36 | 000,049,320 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013/02/28 09:36:35 | 000,029,880 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2013/02/28 09:36:07 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2013/02/28 09:35:59 | 000,228,600 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2013/02/26 21:58:52 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/02/26 21:58:52 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/02/25 18:26:55 | 000,005,120 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/03/11 14:05:05 | 000,597,667 | ---- | C] () -- C:\Users\xxx\Desktop\adwcleaner.exe [2013/03/11 12:46:10 | 013,786,977 | ---- | C] () -- C:\Users\xxx\Desktop\mbar-1.01.0.1021.zip [2013/03/10 22:31:32 | 000,377,856 | ---- | C] () -- C:\Users\xxx\Desktop\gmer_2.1.19155.exe [2013/03/06 21:26:28 | 321,848,743 | ---- | C] () -- C:\Users\xxx\Desktop\YGOPro DevPro 1.7.3.2.7z [2013/03/05 22:03:56 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf [2013/03/05 22:02:21 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013/03/05 22:01:26 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013/03/05 17:56:23 | 000,001,072 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013/03/05 17:56:23 | 000,001,035 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2013/03/05 17:21:15 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013/03/05 17:21:11 | 000,163,784 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys [2013/03/05 17:21:10 | 000,049,320 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013/03/05 13:39:22 | 000,001,075 | ---- | C] () -- C:\Users\xxx\Desktop\ Malwarebytes Anti-Malware .lnk [2013/03/04 06:13:10 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable [2013/02/21 23:48:40 | 000,030,991 | ---- | C] () -- C:\Users\xxx\Desktop\Unbenannt 1.odt [2013/01/08 19:37:13 | 000,005,120 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll ========== ZeroAccess Check ========== [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 3/11/2013 2:13:28 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.99 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 62.15% Memory free
5.98 Gb Paging File | 4.72 Gb Available in Paging File | 79.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 555.07 Gb Total Space | 523.18 Gb Free Space | 94.26% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 19.60 Gb Free Space | 49.00% Space Free | Partition Type: NTFS
Computer Name: xxx-PC | User Name: xxx| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-3657325877-1720700274-2462683530-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BA33F67A-AF2B-4FB5-A1AA-14DBCD248E2E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C9F34EFE-1E5D-4068-BB14-27330F673971}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5034C34A-FE9D-407C-B509-C90B5F2054CB}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{CD1056BA-4E75-4D29-898D-C68578ED5C47}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EB0D9957-F921-4F3D-8376-66138673B9AD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05111291-C4F7-8292-01A2-C113286286A4}" = CCC Help Russian
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{071B5C15-8CD0-744E-B0BC-F5855F8DECB0}" = CCC Help Hungarian
"{0AAC425C-6B3E-CD6E-BFFB-5D751CC6753C}" = CCC Help Japanese
"{0DAAFBE9-86D2-BDF6-CC64-34DE56EF5960}" = CCC Help Spanish
"{14191227-D02E-B89F-9B98-95EBB3A547AD}" = Catalyst Control Center Localization All
"{1573631D-6883-DA31-9A46-9FB22B38F75F}" = CCC Help Italian
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 6.2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1AD017B8-F7C4-D914-A38C-4756F2DD09F6}" = Catalyst Control Center Graphics Full New
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{343F5BC0-7765-BE30-08AF-798781247903}" = ccc-core-static
"{3ABC3B58-0CAD-E52D-4F36-9379D25794FE}" = Catalyst Control Center Graphics Previews Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C7F3C64-0CF2-71E6-25A2-C4093A1D50D5}" = ccc-utility
"{3D4A7623-61FE-BF12-C2A8-39C1D0E533CF}" = Catalyst Control Center InstallProxy
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{472B7916-CB4E-6F58-056E-804781DFEFF8}" = CCC Help Korean
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FF5A6ED-9A89-3E3D-5ADB-60602DA8FB6D}" = CCC Help Greek
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5914674F-5E85-103E-AE01-C69177C320AF}" = CCC Help Portuguese
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6FC9A3FA-61F5-0D3E-062D-D2C85DA71651}" = CCC Help Norwegian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80FE4054-30AD-A402-BD23-0D3580376EAF}" = CCC Help Dutch
"{838CFC61-FA8C-5AD2-7E86-1BA036D5479F}" = ATI Catalyst Install Manager
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{93C95468-5FFB-101B-FE4F-1B2460AD4791}" = CCC Help French
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96534FAB-69B3-CB78-3312-5416A253792C}" = CCC Help Turkish
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A13AB951-00E5-F431-A1E4-E430F6DF0BD0}" = CCC Help Thai
"{A43A4D7C-8D09-E5AA-F10A-FA99C2D6B400}" = CCC Help Danish
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8832278-3937-6753-A07A-DF23FA6A569A}" = CCC Help English
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA484486-87CC-91E3-C8C1-F505D06A9BEE}" = CCC Help German
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2934A24-C863-7ABE-B054-AD4E97BE48E4}" = CCC Help Finnish
"{B972E956-F6FB-FAD7-43BF-09F558DCFFE6}" = Catalyst Control Center Graphics Previews Common
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C05900D1-D58F-4E26-C60D-605E49583F7E}" = CCC Help Swedish
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3876972-1660-0FC0-5550-B903D161E4D8}" = Catalyst Control Center Graphics Light
"{DAB36FAD-35DE-486A-9F1A-7784AC1E78B5}" = Catalyst Control Center Core Implementation
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DFC1FA94-6D9D-7093-A60D-BEFF1A083023}" = CCC Help Chinese Traditional
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EEE369FB-0F44-D01A-C953-2BFA81362638}" = CCC Help Czech
"{EF33D4A2-8A46-84FF-CFAA-7F90F8EE670F}" = Catalyst Control Center Graphics Full Existing
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3A6830D-689F-C34E-5F38-9D66D7D5B3C3}" = CCC Help Chinese Standard
"{F53F4595-BDF7-C392-1CD5-1D425EBAA1A9}" = CCC Help Polish
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Audacity_is1" = Audacity 2.0.3
"avast" = avast! Free Antivirus
"CamStudio" = CamStudio
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Revo Uninstaller" = Revo Uninstaller 1.94
"Secunia PSI" = Secunia PSI (3.0.0.6005)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3657325877-1720700274-2462683530-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
< End of report >
|
|
11.03.2013, 14:47
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Seth.anzutracking öffnet Werbung im Firefoxbrowser Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.03.2013, 16:33
| #9 |
| | Seth.anzutracking öffnet Werbung im Firefoxbrowser Auch nichts auffälliges. Ich frag mich ob es mein Problem ist oder das der Website. Sollte man ggf einfach eine von den Bereinigungstipps von den Links oben durchführen? Also mit Cookies löschen, Addons löschen, Browser neu aufsetzen etc? MalewareBytes Scan: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.11.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 xxx :: xxx-PC [Administrator] 11.03.2013 14:51:09 mbam-log-2013-03-11 (14-51-09).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 203860 Laufzeit: 3 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5fa286752453fe4da6aa502559870e42
# engine=13355
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-11 03:18:35
# local_time=2013-03-11 04:18:35 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 514652 139724987 0 0
# compatibility_mode=5893 16776574 100 94 644068 114646306 0 0
# scanned=245557
# found=0
# cleaned=0
# scan_time=4731
|
|
11.03.2013, 16:55
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Seth.anzutracking öffnet Werbung im Firefoxbrowser Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Seth.anzutracking öffnet Werbung im Firefoxbrowser |
| 7-zip, adobe reader xi, antivirus, aswrvrt.sys, autorun, bho, ccc.exe, cursor, error, fehler, firefox, flash player, helper, home, iexplore.exe, install.exe, log file, logfile, loswerden, mozilla, nodrives, ntdll.dll, plug-in, programm, realtek, registry, revo uninstaller, rundll, scan, schadware, secunia psi, security, software, svchost.exe, teamspeak, unknown mbr, werbung, öffnet werbung |
Linear-Darstellung
