| |
| |||||||
Log-Analyse und Auswertung: Eigene E-Mail Adresse verschickt Spam MailsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.03.2013, 15:22
| #1 |
 |  Eigene E-Mail Adresse verschickt Spam Mails Hallo Trojaner Board! Wie Ihr vermutlich am Titel bereits ablesen könnt habe bzw. hatte ich am 15.3. folgendes Problem: Der Rechner war sehr langsam was allein das Öffnen der normalen Windowsordner angeht, der Klick-Sound erklang erst deutlich später als üblich. Darüber hinaus ist der Flashplayer auf YouTube und vergleichbaren Seiten nach wenigen Sekunden abgestürzt und Firefox (aktuell) musste neugestartet werden. Deshalb habe ich den Computer neugestartet woraufhin wieder alles „wie immer“ funktioniert hat. Beim Blick in mein AOL E-Mail Konto ist mir aufgefallen, dass über meine Adresse verschiedene Spammails an diverse Kontakte verschickt wurden. Schon zuvor ist mir aufgefallen, dass mich wieder Spam erreicht hat was für mein wenig frequentiertes Postfach eher unüblich ist. Alle Mails wurden innerhalb etwa einer Minute verschickt und bis heute ist dieses Verhalten nicht wieder aufgetreten. Danach habe ich erst einmal Avira (gratis) angeworfen, bis auf einen vermeintlichen Trojaner (in einer Game.exe - trat bereits vorher auf, mit dem Download des Spiels "RaceRoom Racing Experience" über Steam) konnte nichts entdeckt werden. Beim Suchen nach Usern mit ähnlichen Symptomen bin ich auf Euer Forum gestoßen und gelesen, dass man möglichst nichts am System verändern sollte bis das Problem gelöst ist. In dieser Zeit habe ich keinerlei mögliche Trojaner oder Viren gelöscht oder verschoben. Vorhin habe ich die Liste für die "Eröffnung eines Hilfethreads" abgearbeitet, anbei ist der Inhalt des Logfiles‘ von Malwarebytes Anti-Malware und die OTL.txt, die Extras.txt und die Gmer.txt habe ich aus "Zeichennot" gezippt. Meinen Realnamen habe ich dabei mit den „***“ ausgeblendet. -> Werde vollständigen Malwarebytes Suchlauf nachliefern. Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.15.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: ANTEC300HEPP [Administrator] 18.03.2013 09:28:06 MBAM-log-2013-03-18 (09-34-35).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 211596 Laufzeit: 4 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 3 HKCU\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Keine Aktion durchgeführt. HKCU\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Keine Aktion durchgeführt. C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Keine Aktion durchgeführt. (Ende)OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.03.2013 13:24:28 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 65,14% Memory free 7,99 Gb Paging File | 6,49 Gb Available in Paging File | 81,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 596,17 Gb Total Space | 120,98 Gb Free Space | 20,29% Space Free | Partition Type: NTFS Computer Name: ANTEC300HEPP | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.18 13:15:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2013.03.08 16:57:33 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.09.07 20:33:45 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.07.01 13:34:01 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.12 09:50:03 | 001,990,656 | ---- | M] (CMedia) -- C:\Programme\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe PRC - [2011.05.03 12:33:59 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.03 14:35:24 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe PRC - [2010.09.30 14:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe PRC - [2008.07.11 08:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe ========== Modules (No Company Name) ========== MOD - [2013.03.08 16:57:33 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.04.19 07:56:58 | 000,143,360 | ---- | M] () -- C:\Programme\ASUS Xonar DG Audio\Customapp\VmixP8.dll MOD - [2010.09.30 14:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe MOD - [2008.07.11 08:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe ========== Services (SafeList) ========== SRV:64bit: - [2011.11.10 04:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2008.07.29 12:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90) SRV:64bit: - [2007.05.18 20:53:45 | 000,754,288 | ---- | M] (CODEMASTERS) [Disabled | Stopped] -- C:\Windows\SysNative\pr2ah4nc.exe -- (pr2ah4nc) SRV - [2013.03.08 16:57:33 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.01 16:16:32 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService) SRV - [2013.02.15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.09.07 20:33:45 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.07.01 13:34:01 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.03 12:33:59 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.09.30 14:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.29 22:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.01) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.10 04:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.11.10 03:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.07.26 18:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2011.07.01 13:34:01 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.01 13:34:01 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.05.23 23:24:22 | 002,750,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.03.10 08:44:16 | 002,725,376 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp) DRV:64bit: - [2010.12.23 07:06:56 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.07.18 22:07:38 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010.07.18 22:07:37 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010.05.10 16:21:41 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.04.27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:64bit: - [2010.04.27 16:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo) DRV:64bit: - [2010.04.27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV:64bit: - [2010.04.27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:64bit: - [2010.04.27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter) DRV:64bit: - [2010.03.09 11:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.02.18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.12.19 08:11:40 | 000,314,400 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.11.10 12:53:40 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2009.11.10 12:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009.11.10 12:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2009.10.29 19:28:24 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.02.03 16:40:13 | 000,077,432 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01a.sys -- (sfdrv01a) DRV:64bit: - [2009.02.03 16:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01) DRV:64bit: - [2007.05.18 20:53:12 | 000,072,560 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pe3ah4nc.sys -- (pe3ah4nc) DRV:64bit: - [2007.05.18 20:52:49 | 000,077,176 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ps6ah4nc.sys -- (ps6ah4nc) DRV:64bit: - [2007.02.08 18:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) DRV:64bit: - [2006.07.10 17:21:22 | 000,022,936 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sfsync02.sys -- (sfsync02) DRV:64bit: - [2006.06.14 15:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.02.14 16:40:05 | 000,078,456 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\pe3ah4nc.sys -- (pe3ah4nc) DRV - [2007.05.22 13:05:23 | 000,077,184 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\ps6ah4nc.sys -- (ps6ah4nc) DRV - [2003.04.18 23:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\tandpl.sys -- (tandpl) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 41 AA FE 02 61 F6 CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcphp?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{B53FC187-312F-475C-872F-14B1EB9F02C5}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "www.aero.de" FF - prefs.js..extensions.enabledAddons: %7B11483926-db67-4190-91b1-ef20fcec5f33%7D:0.4.5 FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:1.3.1 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.7 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {11483926-db67-4190-91b1-ef20fcec5f33}:0.4.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 16:57:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 16:57:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.05.05 15:47:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.02.23 23:39:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\h8hbr2c8.default\extensions [2012.12.08 23:44:50 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\h8hbr2c8.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2013.02.17 20:19:20 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\h8hbr2c8.default\extensions\ich@maltegoetz.de [2013.02.23 23:39:41 | 000,000,000 | ---D | M] (Better Battlelog (BBLog)) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\h8hbr2c8.default\extensions\jid1-qQSMEVsYTOjgYA@jetpack [2010.10.19 19:12:13 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\h8hbr2c8.default\extensions\vshare@toolbar [2011.12.30 15:39:21 | 000,074,526 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\h8hbr2c8.default\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}.xpi [2012.12.08 23:44:58 | 000,269,905 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\h8hbr2c8.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012.12.08 23:44:50 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\h8hbr2c8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.04.29 15:55:00 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\h8hbr2c8.default\searchplugins\icqplugin-1.xml [2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\h8hbr2c8.default\searchplugins\icqplugin.xml [2013.03.08 16:57:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.08 16:57:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.03.08 16:57:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.19 20:57:03 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 06:31:50 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.19 20:57:03 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.19 20:57:03 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.19 20:57:03 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.19 20:57:03 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE_64.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation) O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe () O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe () O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23FAC921-CAF7-485B-B5D8-C376F7EE5498}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1B9E70A-71F9-46FA-BA51-99BDE8C13E47}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5AF483A-507B-4E14-B698-AB34CC3D662D}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.18 13:15:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Konstantin Hepp\Desktop\OTL.exe [2013.03.17 21:51:12 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\M GK Q1 [2013.03.17 18:24:31 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Anhang [2013.03.17 17:46:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\MigWiz [2013.03.15 23:54:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.03.15 23:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.15 23:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.15 23:54:05 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.15 23:54:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.15 23:53:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2013.03.15 23:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2013.03.15 14:00:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TIPP10 [2013.03.15 14:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TIPP10 [2013.03.15 14:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tipp10 [2013.03.12 17:23:11 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Bax [2013.03.09 21:20:31 | 000,000,000 | ---D | C] -- C:\Users\***\cityguide [2013.03.09 16:10:29 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Facharbeit Quellen [2013.03.09 14:47:13 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\EC 135 [2013.03.08 16:57:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.05 13:49:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.03 22:39:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{58C9229F-45DA-4A19-A127-F10582CFD5F7} [2013.03.01 14:53:38 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\NFS Most Wanted [2010.10.15 14:29:27 | 014,321,664 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Users\***\atioglxx.dll [6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.18 13:30:06 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.18 13:30:06 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.18 13:28:19 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.18 13:28:19 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.18 13:28:19 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.18 13:28:19 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.18 13:28:19 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.18 13:22:29 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.18 13:22:29 | 000,000,312 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2013.03.18 13:22:26 | 000,000,312 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2013.03.18 13:22:24 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2013.03.18 13:22:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.18 13:22:14 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys [2013.03.18 13:21:25 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.03.18 13:15:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.03.18 13:14:53 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.03.18 12:41:02 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.17 18:08:30 | 000,016,947 | ---- | M] () -- C:\Users\***\.recently-used.xbel [2013.03.17 11:30:00 | 000,316,568 | ---- | M] () -- C:\Users\***\Desktop\comp_IMG_1236_2.jpg [2013.03.17 11:29:58 | 003,814,958 | ---- | M] () -- C:\Users\***\Desktop\IMG_1236_2.jpg [2013.03.16 20:47:49 | 001,699,660 | ---- | M] () -- C:\Users\***\Desktop\IMG_0100.jpg [2013.03.15 23:54:06 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.15 14:00:23 | 000,000,979 | ---- | M] () -- C:\Users\***\Desktop\TIPP10.lnk [2013.03.15 12:18:45 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.03.15 12:18:45 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.03.15 12:15:03 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.03.10 17:09:03 | 000,001,192 | ---- | M] () -- C:\Users\***\Desktop\Facharbeit Q1 - Verknüpfung.lnk [2013.03.04 14:07:47 | 000,001,865 | ---- | M] () -- C:\Users\***\Desktop\Fraps.lnk [2013.03.01 14:31:41 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk [2013.02.23 19:04:28 | 005,292,054 | ---- | M] () -- C:\Users\***\Desktop\fsscr001.bmp [2013.02.23 19:04:17 | 005,292,054 | ---- | M] () -- C:\Users\***\Desktop\fsscr000.bmp [6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.18 13:21:25 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.03.18 13:14:52 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.03.17 18:08:30 | 000,016,947 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2013.03.17 11:30:00 | 000,316,568 | ---- | C] () -- C:\Users\***\Desktop\comp_IMG_1236_2.jpg [2013.03.16 21:11:29 | 003,814,958 | ---- | C] () -- C:\Users\***\Desktop\IMG_1236_2.jpg [2013.03.16 20:47:48 | 001,699,660 | ---- | C] () -- C:\Users\***\Desktop\IMG_0100.jpg [2013.03.15 23:54:06 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.15 14:00:23 | 000,000,979 | ---- | C] () -- C:\Users\***\Desktop\TIPP10.lnk [2013.03.10 17:09:03 | 000,001,192 | ---- | C] () -- C:\Users\***\Desktop\Facharbeit Q1 - Verknüpfung.lnk [2013.03.04 14:07:47 | 000,001,865 | ---- | C] () -- C:\Users\***\Desktop\Fraps.lnk [2013.03.01 14:31:41 | 000,002,181 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk [2013.02.23 19:04:28 | 005,292,054 | ---- | C] () -- C:\Users\***\Desktop\fsscr001.bmp [2013.02.23 19:04:17 | 005,292,054 | ---- | C] () -- C:\Users\***\Desktop\fsscr000.bmp [2012.07.01 12:33:08 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2012.05.15 18:15:03 | 000,000,048 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini [2012.05.15 18:15:01 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe [2012.05.15 18:14:50 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll [2012.05.15 18:14:26 | 000,042,457 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl [2012.05.15 18:13:42 | 000,000,861 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi [2012.05.15 18:13:35 | 000,005,060 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg [2012.02.18 14:24:19 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.11.24 18:41:27 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{682C220D-04D8-435A-81B2-5F655AF6994A} [2011.11.10 03:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011.11.10 03:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.10.16 15:19:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.09.04 19:20:57 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll [2011.04.30 13:10:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.04.26 18:25:12 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.10.15 14:29:27 | 006,350,419 | ---- | C] () -- C:\Users\***\atioglxx.dl_ [2010.05.24 17:26:39 | 000,007,602 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2004.01.26 17:15:29 | 000,233,472 | R--- | C] () -- C:\Users\***\AppData\Roaming\MafiaSetup.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.07.29 21:17:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2010.05.06 20:54:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AntMe [2012.05.15 18:15:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASUS [2010.06.30 20:13:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2010.05.16 13:34:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2010.05.10 16:21:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.11.21 19:08:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Diercke Globus Online [2011.08.25 12:14:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2011.07.15 13:30:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2011.12.02 20:08:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\fotobuch.de AG [2010.05.13 18:35:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FUJIFILM [2013.03.17 18:08:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.10.14 12:23:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Helios [2012.07.28 16:08:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2010.05.11 13:59:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2010.08.24 18:30:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JLC's Software [2010.05.05 15:56:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2011.01.22 23:15:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NeatImage SL [2010.05.10 16:55:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2013.01.12 17:14:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2012.12.01 14:41:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin [2011.12.07 21:47:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PreisHai4 [2012.03.20 14:48:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2013.03.15 14:06:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TIPP10 [2013.02.02 23:34:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2010.12.31 21:09:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > Geändert von Stan911s (18.03.2013 um 15:30 Uhr) |
|
18.03.2013, 15:40
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Eigene E-Mail Adresse verschickt Spam Mails Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
18.03.2013, 17:09
| #3 |
| | Eigene E-Mail Adresse verschickt Spam Mails Hallo cosinus,
__________________ja ich habe noch das Logfile von dem Avira Scan. Das sind dann alle Logs, die ich bis jetzt habe. Code:
ATTFilter Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Freitag, 15. März 2013 16:30
Es wird nach 5171536 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : ***
Computername : ANTEC300HEPP
Versionsinformationen:
BUILD.DAT : 10.2.0.719 36070 Bytes 25.10.2012 10:38:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 01.07.2011 12:34:01
AVSCAN.DLL : 10.0.5.0 57192 Bytes 01.07.2011 12:34:01
LUKE.DLL : 10.3.0.5 45416 Bytes 01.07.2011 12:34:01
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 01.07.2011 12:34:01
AVREG.DLL : 10.3.0.9 88833 Bytes 18.07.2011 15:50:34
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 20:47:22
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 10:51:25
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 22:01:02
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 10:27:57
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 22:32:08
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 07:59:17
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 11:49:25
VBASE008.VDF : 7.11.60.10 6627328 Bytes 07.02.2013 12:15:07
VBASE009.VDF : 7.11.60.11 2048 Bytes 07.02.2013 12:15:07
VBASE010.VDF : 7.11.60.12 2048 Bytes 07.02.2013 12:15:07
VBASE011.VDF : 7.11.60.13 2048 Bytes 07.02.2013 12:15:07
VBASE012.VDF : 7.11.60.14 2048 Bytes 07.02.2013 12:15:07
VBASE013.VDF : 7.11.60.62 351232 Bytes 08.02.2013 12:15:08
VBASE014.VDF : 7.11.60.115 190976 Bytes 09.02.2013 12:15:08
VBASE015.VDF : 7.11.60.177 282624 Bytes 11.02.2013 14:59:12
VBASE016.VDF : 7.11.60.249 215552 Bytes 13.02.2013 14:59:13
VBASE017.VDF : 7.11.61.65 151040 Bytes 15.02.2013 14:59:13
VBASE018.VDF : 7.11.61.135 159232 Bytes 18.02.2013 14:59:13
VBASE019.VDF : 7.11.61.163 152064 Bytes 18.02.2013 14:59:14
VBASE020.VDF : 7.11.61.207 164352 Bytes 19.02.2013 14:59:14
VBASE021.VDF : 7.11.62.43 206336 Bytes 21.02.2013 14:59:14
VBASE022.VDF : 7.11.62.111 136192 Bytes 23.02.2013 14:59:14
VBASE023.VDF : 7.11.62.157 143360 Bytes 25.02.2013 14:26:56
VBASE024.VDF : 7.11.62.237 199168 Bytes 27.02.2013 14:26:56
VBASE025.VDF : 7.11.63.71 209408 Bytes 01.03.2013 13:02:40
VBASE026.VDF : 7.11.63.121 257536 Bytes 04.03.2013 13:02:41
VBASE027.VDF : 7.11.63.211 212480 Bytes 06.03.2013 13:02:41
VBASE028.VDF : 7.11.64.21 198656 Bytes 08.03.2013 13:02:41
VBASE029.VDF : 7.11.64.73 187392 Bytes 10.03.2013 13:02:42
VBASE030.VDF : 7.11.64.74 2048 Bytes 10.03.2013 13:02:42
VBASE031.VDF : 7.11.64.82 22528 Bytes 10.03.2013 13:02:42
Engineversion : 8.2.12.14
AEVDF.DLL : 8.1.2.10 102772 Bytes 13.07.2012 10:03:40
AESCRIPT.DLL : 8.1.4.96 471420 Bytes 10.03.2013 13:02:47
AESCN.DLL : 8.1.10.0 131445 Bytes 19.12.2012 18:56:06
AESBX.DLL : 8.2.5.12 606578 Bytes 20.06.2012 18:14:29
AERDL.DLL : 8.2.0.88 643444 Bytes 21.01.2013 13:11:03
AEPACK.DLL : 8.3.2.0 827767 Bytes 10.03.2013 13:02:47
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 10.03.2013 13:02:46
AEHEUR.DLL : 8.1.4.236 5833081 Bytes 10.03.2013 13:02:46
AEHELP.DLL : 8.1.25.2 258423 Bytes 20.10.2012 13:38:26
AEGEN.DLL : 8.1.6.16 434549 Bytes 27.01.2013 10:05:40
AEEXP.DLL : 8.4.0.10 192886 Bytes 10.03.2013 13:02:47
AEEMU.DLL : 8.1.3.2 393587 Bytes 13.07.2012 10:03:19
AECORE.DLL : 8.1.31.2 201080 Bytes 24.02.2013 14:59:16
AEBB.DLL : 8.1.1.4 53619 Bytes 11.11.2012 15:41:50
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10
AVPREF.DLL : 10.0.3.2 44904 Bytes 01.07.2011 12:34:01
AVREP.DLL : 10.0.0.10 174120 Bytes 17.05.2011 12:56:17
AVARKT.DLL : 10.0.26.1 255336 Bytes 01.07.2011 12:34:01
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 01.07.2011 12:34:01
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 01.07.2011 12:34:01
RCTEXT.DLL : 10.0.64.0 98664 Bytes 01.07.2011 12:34:01
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Laufwerke
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\alldrives.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:, F:, G:, H:, D:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +JOKE,+PCK,+PFS,
Beginn des Suchlaufs: Freitag, 15. März 2013 16:30
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcroRd32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcroRd32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WINWORD.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'UIExec.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ASUSAUDIOCENTER.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HsMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AssistantServices.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD3
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD4
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'E:\'
[INFO] Im Laufwerk 'E:\' ist kein Datenträger eingelegt!
Bootsektor 'F:\'
[INFO] Im Laufwerk 'F:\' ist kein Datenträger eingelegt!
Bootsektor 'G:\'
[INFO] Im Laufwerk 'G:\' ist kein Datenträger eingelegt!
Bootsektor 'H:\'
[INFO] Im Laufwerk 'H:\' ist kein Datenträger eingelegt!
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '174' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\Program Files (x86)\Bohemia Interactive\ArmA II\@W_testmaps\addons\brik2.pbo.7z.tmp
[WARNUNG] Die Datei konnte nicht gelesen werden!
C:\Program Files (x86)\Steam\SteamApps\downloading\211500\Game\Game.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
Beginne mit der Suche in 'E:\'
Der zu durchsuchende Pfad E:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'F:\'
Der zu durchsuchende Pfad F:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'G:\'
Der zu durchsuchende Pfad G:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'H:\'
Der zu durchsuchende Pfad H:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'D:\'
Der zu durchsuchende Pfad D:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Desinfektion:
C:\Program Files (x86)\Steam\SteamApps\downloading\211500\Game\Game.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
[WARNUNG] Die Datei wurde ignoriert.
Ende des Suchlaufs: Freitag, 15. März 2013 18:57
Benötigte Zeit: 2:13:48 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
64718 Verzeichnisse wurden überprüft
1268525 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1268524 Dateien ohne Befall
6619 Archive wurden durchsucht
2 Warnungen
0 Hinweise
|
|
18.03.2013, 17:11
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Eigene E-Mail Adresse verschickt Spam MailsZitat:
 ....wasndas bitte?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.03.2013, 17:28
| #5 |
| | Eigene E-Mail Adresse verschickt Spam Mails Das erste gehört zu einer Modifikation der Militärsimulation ArmA 2 und wenn ich mich nicht irre, gehört der letzte Ausdruck zu einer nicht vollständig heruntergeladenen Datei bzw. gibt einen Pfad an. Warum das jetzt nicht gelesen werden kann, kann ich nicht sagen. Zum zweiten, ich habe begonnen über die Onlineplattform "Steam" (Computerspiele digital kaufen, mit Kontoanbindung) ein Rennspiel herunterzuladen. Manchen Forenberichten zu Folge (Überwiegend Spiele Foren) gibt es immer wieder Fehlermeldungen bei solchen Downloads. Daher hatte ich die Meldung als unwichtig abgestempelt. -> Das ganze mit Steam ist legal und weltweit mit mehreren Millionen Nutzern verbreitet von daher hatte ich nicht mit einer (möglicherweise) ernsteren Bedrohung gerechnet. Ich hatte ganz vergessen, dass Virenexperten nicht immer Computerspieler sein müssen.  |
|
18.03.2013, 22:48
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Eigene E-Mail Adresse verschickt Spam MailsZitat:
Man wird halt nur hellhörig wenn man in einem verwinkelten Pfad von einer game.exe liest, macht genausoviel Sinn die auszuführende Datei von zB Firefox nicht firefox.exe sondern programm.exe zu nennen - aber vllt versteh ich den Sinn hinter der Benennung zu "game.exe" einfach nicht Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> Eigene E-Mail Adresse verschickt Spam Mails |
|
19.03.2013, 17:08
| #7 |
| | Eigene E-Mail Adresse verschickt Spam Mails Hi, hier ist das Logfile von mbar nach dem ersten Ausführen. Beim zweiten Ausführen wurde nichts gefunden. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.19.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ANTEC300HEPP [administrator]
19.03.2013 16:46:51
mbar-log-2013-03-19 (16-46-51).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28213
Time elapsed: 8 minute(s), 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 3
HKCU\SOFTWARE\M5T8QL3YW3 (Trojan.FakeAlert) -> Delete on reboot.
HKCU\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\Handle (Malware.Trace) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
c:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Delete on reboot.
c:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Delete on reboot.
(end)
|
|
19.03.2013, 23:02
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Eigene E-Mail Adresse verschickt Spam Mails Was ist denn mit GMER?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.03.2013, 23:11
| #9 |
| | Eigene E-Mail Adresse verschickt Spam Mails Ok, das Log von GMER vor dem Entfernen, richtig? Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-19 16:32:17
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD6400AAKS-00A7B2 rev.01.03B01 596,17GB
Running: 8k5rdpv8.exe; Driver: C:\Users\KONSTA~1\AppData\Local\Temp\pwliqaob.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[2008] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000732f1a22 2 bytes [2F, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2008] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000732f1ad0 2 bytes [2F, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2008] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000732f1b08 2 bytes [2F, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2008] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000732f1bba 2 bytes [2F, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2008] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 00000000732f1bda 2 bytes [2F, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000756e1465 2 bytes [6E, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756e14bb 2 bytes [6E, 75]
.text ... * 2
.text C:\Windows\SysWOW64\HsMgr.exe[1380] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076779d0b 5 bytes JMP 000000011000a4d0
.text C:\Windows\SysWOW64\HsMgr.exe[1380] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076779d4e 5 bytes JMP 000000011000a630
.text C:\Windows\SysWOW64\HsMgr.exe[1380] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000007150451e 5 bytes JMP 000000011000ab40
.text C:\Windows\SysWOW64\HsMgr.exe[1380] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000071504b6d 5 bytes JMP 000000011000abb0
.text C:\Windows\SysWOW64\HsMgr.exe[1380] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000071504bf2 5 bytes JMP 000000011000ac90
.text C:\Windows\SysWOW64\HsMgr.exe[1380] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000071504f0f 5 bytes JMP 000000011000ac50
.text C:\Windows\SysWOW64\HsMgr.exe[1380] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000071504f7b 5 bytes JMP 000000011000ac10
.text C:\Windows\SysWOW64\HsMgr.exe[1380] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000071509054 5 bytes JMP 000000011000ad10
.text C:\Windows\SysWOW64\HsMgr.exe[1380] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000007150adf9 5 bytes JMP 000000011000abe0
.text C:\Windows\SysWOW64\HsMgr.exe[1380] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000715252e8 5 bytes JMP 000000011000acd0
.text C:\Windows\SysWOW64\HsMgr.exe[1380] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000007152535f 5 bytes JMP 000000011000acf0
.text C:\Windows\SysWOW64\HsMgr.exe[1380] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000715259cc 5 bytes JMP 000000011000ae40
.text C:\Windows\SysWOW64\HsMgr.exe[1380] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000071525a6a 5 bytes JMP 000000011000aec0
.text C:\Windows\SysWOW64\HsMgr.exe[1380] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000071525ad7 5 bytes JMP 000000011000af00
.text C:\Windows\SysWOW64\HsMgr.exe[1380] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000071525b5b 5 bytes JMP 000000011000af40
.text C:\Windows\SysWOW64\HsMgr.exe[1380] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000071525bba 5 bytes JMP 000000011000af80
.text C:\Windows\SysWOW64\HsMgr.exe[1380] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000071525bee 5 bytes JMP 000000011000b000
.text C:\Windows\SysWOW64\HsMgr.exe[1380] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000071525c22 5 bytes JMP 000000011000b060
.text C:\Windows\SysWOW64\HsMgr.exe[1380] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000071525c67 5 bytes JMP 000000011000b0d0
.text C:\Windows\SysWOW64\HsMgr.exe[1380] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000071487e3d 5 bytes JMP 000000011000a690
.text C:\Windows\SysWOW64\HsMgr.exe[1380] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 00000000714bde69 5 bytes JMP 000000011000a770
.text C:\Windows\SysWOW64\HsMgr.exe[1380] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000714cd2c5 5 bytes JMP 000000011000a8a0
.text C:\Windows\SysWOW64\HsMgr.exe[1380] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000714cd371 5 bytes JMP 000000011000a990
.text C:\Windows\SysWOW64\HsMgr.exe[1380] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000714cd429 5 bytes JMP 000000011000aa80
.text C:\Windows\system\HsMgr64.exe[1528] C:\Windows\system32\WINMM.dll!waveOutClose 000007fefa1f36ac 5 bytes JMP 000007feff3101f0
.text C:\Windows\system\HsMgr64.exe[1528] C:\Windows\system32\WINMM.dll!waveOutUnprepareHeader 000007fefa1f3770 5 bytes JMP 000007feff310298
.text C:\Windows\system\HsMgr64.exe[1528] C:\Windows\system32\WINMM.dll!waveOutOpen 000007fefa1f38d0 5 bytes JMP 000007feff3101b8
.text C:\Windows\system\HsMgr64.exe[1528] C:\Windows\system32\WINMM.dll!waveOutPrepareHeader 000007fefa1f3ca4 5 bytes JMP 000007feff310260
.text C:\Windows\system\HsMgr64.exe[1528] C:\Windows\system32\WINMM.dll!waveOutWrite 000007fefa1f3d40 5 bytes JMP 000007feff310228
.text C:\Windows\system\HsMgr64.exe[1528] C:\Windows\system32\WINMM.dll!waveInOpen 000007fefa1f7fe0 7 bytes JMP 000007feff310378
.text C:\Windows\system\HsMgr64.exe[1528] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefa1fa38c 5 bytes JMP 000007feff3102d0
.text C:\Windows\system\HsMgr64.exe[1528] C:\Windows\system32\WINMM.dll!waveOutGetVolume 000007fefa2149f0 5 bytes JMP 000007feff310308
.text C:\Windows\system\HsMgr64.exe[1528] C:\Windows\system32\WINMM.dll!waveOutSetVolume 000007fefa214ab0 5 bytes JMP 000007feff310340
.text C:\Windows\system\HsMgr64.exe[1528] C:\Windows\system32\WINMM.dll!waveInClose 000007fefa2152e0 5 bytes JMP 000007feff3103b0
.text C:\Windows\system\HsMgr64.exe[1528] C:\Windows\system32\WINMM.dll!waveInPrepareHeader 000007fefa2153c0 5 bytes JMP 000007feff310490
.text C:\Windows\system\HsMgr64.exe[1528] C:\Windows\system32\WINMM.dll!waveInUnprepareHeader 000007fefa215454 5 bytes JMP 000007feff3104c8
.text C:\Windows\system\HsMgr64.exe[1528] C:\Windows\system32\WINMM.dll!waveInAddBuffer 000007fefa215514 5 bytes JMP 000007feff310500
.text C:\Windows\system\HsMgr64.exe[1528] C:\Windows\system32\WINMM.dll!waveInStart 000007fefa2155a4 6 bytes JMP 000007feff3103e8
.text C:\Windows\system\HsMgr64.exe[1528] C:\Windows\system32\WINMM.dll!waveInStop 000007fefa2155e4 6 bytes JMP 000007feff310420
.text C:\Windows\system\HsMgr64.exe[1528] C:\Windows\system32\WINMM.dll!waveInReset 000007fefa215624 5 bytes JMP 000007feff310458
.text C:\Windows\system\HsMgr64.exe[1528] C:\Windows\system32\WINMM.dll!waveInGetPosition 000007fefa21567c 5 bytes JMP 000007feff310538
.text C:\Windows\system\HsMgr64.exe[1528] C:\Windows\system32\DSOUND.dll!DirectSoundCreate8 000007fef5f16944 7 bytes JMP 000007feff310180
.text C:\Windows\system\HsMgr64.exe[1528] C:\Windows\system32\DSOUND.dll!DirectSoundCreate 000007fef5f35a84 7 bytes JMP 000007feff310148
.text C:\Windows\system\HsMgr64.exe[1528] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate 000007fef5f35b90 7 bytes JMP 000007feff310570
.text C:\Windows\system\HsMgr64.exe[1528] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate8 000007fef5f35c94 7 bytes JMP 000007feff3105a8
.text C:\Windows\system\HsMgr64.exe[1528] C:\Windows\system32\DSOUND.dll!DirectSoundFullDuplexCreate 000007fef5f35da8 5 bytes JMP 000007feff3105e0
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[3308] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076779d0b 5 bytes JMP 000000011000a4d0
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[3308] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076779d4e 5 bytes JMP 000000011000a630
.text C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe[3324] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076779d0b 5 bytes JMP 000000011000a4d0
.text C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe[3324] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076779d4e 5 bytes JMP 000000011000a630
.text C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000007150451e 5 bytes JMP 000000011000ab40
.text C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000071504b6d 5 bytes JMP 000000011000abb0
.text C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000071504bf2 5 bytes JMP 000000011000ac90
.text C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000071504f0f 5 bytes JMP 000000011000ac50
.text C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000071504f7b 5 bytes JMP 000000011000ac10
.text C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000071509054 5 bytes JMP 000000011000ad10
.text C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000007150adf9 5 bytes JMP 000000011000abe0
.text C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000715252e8 5 bytes JMP 000000011000acd0
.text C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000007152535f 5 bytes JMP 000000011000acf0
.text C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000715259cc 5 bytes JMP 000000011000ae40
.text C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000071525a6a 5 bytes JMP 000000011000aec0
.text C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000071525ad7 5 bytes JMP 000000011000af00
.text C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000071525b5b 5 bytes JMP 000000011000af40
.text C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000071525bba 5 bytes JMP 000000011000af80
.text C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000071525bee 5 bytes JMP 000000011000b000
.text C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000071525c22 5 bytes JMP 000000011000b060
.text C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000071525c67 5 bytes JMP 000000011000b0d0
.text C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe[3324] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000071487e3d 5 bytes JMP 000000011000a690
.text C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe[3324] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 00000000714bde69 5 bytes JMP 000000011000a770
.text C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe[3324] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000714cd2c5 5 bytes JMP 000000011000a8a0
.text C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe[3324] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000714cd371 5 bytes JMP 000000011000a990
.text C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe[3324] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000714cd429 5 bytes JMP 000000011000aa80
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3340] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076779d0b 5 bytes JMP 000000011000a4d0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3340] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076779d4e 5 bytes JMP 000000011000a630
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3340] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000007150451e 5 bytes JMP 000000011000ab40
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3340] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000071504b6d 5 bytes JMP 000000011000abb0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3340] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000071504bf2 5 bytes JMP 000000011000ac90
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3340] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000071504f0f 5 bytes JMP 000000011000ac50
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3340] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000071504f7b 5 bytes JMP 000000011000ac10
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3340] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000071509054 5 bytes JMP 000000011000ad10
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3340] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000007150adf9 5 bytes JMP 000000011000abe0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3340] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000715252e8 5 bytes JMP 000000011000acd0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3340] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000007152535f 5 bytes JMP 000000011000acf0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3340] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000715259cc 5 bytes JMP 000000011000ae40
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3340] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000071525a6a 5 bytes JMP 000000011000aec0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3340] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000071525ad7 5 bytes JMP 000000011000af00
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3340] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000071525b5b 5 bytes JMP 000000011000af40
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3340] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000071525bba 5 bytes JMP 000000011000af80
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3340] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000071525bee 5 bytes JMP 000000011000b000
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3340] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000071525c22 5 bytes JMP 000000011000b060
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3340] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000071525c67 5 bytes JMP 000000011000b0d0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3340] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000071487e3d 5 bytes JMP 000000011000a690
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3340] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 00000000714bde69 5 bytes JMP 000000011000a770
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3340] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000714cd2c5 5 bytes JMP 000000011000a8a0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3340] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000714cd371 5 bytes JMP 000000011000a990
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3340] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000714cd429 5 bytes JMP 000000011000aa80
.text C:\program files (x86)\avira\antivir desktop\avcenter.exe[2168] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076779d0b 5 bytes JMP 000000010067a4d0
.text C:\program files (x86)\avira\antivir desktop\avcenter.exe[2168] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076779d4e 5 bytes JMP 000000010067a630
.text C:\program files (x86)\avira\antivir desktop\avcenter.exe[2168] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000007150451e 5 bytes JMP 000000010067ab40
.text C:\program files (x86)\avira\antivir desktop\avcenter.exe[2168] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 0000000071504b6d 5 bytes JMP 000000010067abb0
.text C:\program files (x86)\avira\antivir desktop\avcenter.exe[2168] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 0000000071504bf2 5 bytes JMP 000000010067ac90
.text C:\program files (x86)\avira\antivir desktop\avcenter.exe[2168] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 0000000071504f0f 5 bytes JMP 000000010067ac50
.text C:\program files (x86)\avira\antivir desktop\avcenter.exe[2168] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 0000000071504f7b 5 bytes JMP 000000010067ac10
.text C:\program files (x86)\avira\antivir desktop\avcenter.exe[2168] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 0000000071509054 5 bytes JMP 000000010067ad10
.text C:\program files (x86)\avira\antivir desktop\avcenter.exe[2168] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000007150adf9 5 bytes JMP 000000010067abe0
.text C:\program files (x86)\avira\antivir desktop\avcenter.exe[2168] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 00000000715252e8 5 bytes JMP 000000010067acd0
.text C:\program files (x86)\avira\antivir desktop\avcenter.exe[2168] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000007152535f 5 bytes JMP 000000010067acf0
.text C:\program files (x86)\avira\antivir desktop\avcenter.exe[2168] C:\Windows\SysWOW64\WINMM.dll!waveInClose 00000000715259cc 5 bytes JMP 000000010067ae40
.text C:\program files (x86)\avira\antivir desktop\avcenter.exe[2168] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 0000000071525a6a 5 bytes JMP 000000010067aec0
.text C:\program files (x86)\avira\antivir desktop\avcenter.exe[2168] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 0000000071525ad7 5 bytes JMP 000000010067af00
.text C:\program files (x86)\avira\antivir desktop\avcenter.exe[2168] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 0000000071525b5b 5 bytes JMP 000000010067af40
.text C:\program files (x86)\avira\antivir desktop\avcenter.exe[2168] C:\Windows\SysWOW64\WINMM.dll!waveInStart 0000000071525bba 5 bytes JMP 000000010067af80
.text C:\program files (x86)\avira\antivir desktop\avcenter.exe[2168] C:\Windows\SysWOW64\WINMM.dll!waveInStop 0000000071525bee 5 bytes JMP 000000010067b000
.text C:\program files (x86)\avira\antivir desktop\avcenter.exe[2168] C:\Windows\SysWOW64\WINMM.dll!waveInReset 0000000071525c22 5 bytes JMP 000000010067b060
.text C:\program files (x86)\avira\antivir desktop\avcenter.exe[2168] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 0000000071525c67 5 bytes JMP 000000010067b0d0
.text C:\program files (x86)\avira\antivir desktop\avcenter.exe[2168] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000071487e3d 5 bytes JMP 000000010067a690
.text C:\program files (x86)\avira\antivir desktop\avcenter.exe[2168] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 00000000714bde69 5 bytes JMP 000000010067a770
.text C:\program files (x86)\avira\antivir desktop\avcenter.exe[2168] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000714cd2c5 5 bytes JMP 000000010067a8a0
.text C:\program files (x86)\avira\antivir desktop\avcenter.exe[2168] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000714cd371 5 bytes JMP 000000010067a990
.text C:\program files (x86)\avira\antivir desktop\avcenter.exe[2168] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000714cd429 5 bytes JMP 000000010067aa80
.text C:\program files (x86)\avira\antivir desktop\avcenter.exe[2168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000756e1465 2 bytes [6E, 75]
.text C:\program files (x86)\avira\antivir desktop\avcenter.exe[2168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756e14bb 2 bytes [6E, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [3976:3352] 000007fef2919688
---- EOF - GMER 2.1 ----
|
|
20.03.2013, 13:23
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Eigene E-Mail Adresse verschickt Spam Mails aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.03.2013, 16:50
| #11 |
| | Eigene E-Mail Adresse verschickt Spam Mails aswMBR Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-20 16:35:39
-----------------------------
16:35:39.274 OS Version: Windows x64 6.1.7601 Service Pack 1
16:35:39.274 Number of processors: 4 586 0x403
16:35:39.275 ComputerName: ANTEC300HEPP UserName:
16:35:40.214 Initialize success
16:35:49.919 AVAST engine defs: 13032000
16:35:51.756 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
16:35:51.760 Disk 0 Vendor: WDC_WD6400AAKS-00A7B2 01.03B01 Size: 610480MB BusType: 11
16:35:51.998 Disk 0 MBR read successfully
16:35:52.003 Disk 0 MBR scan
16:35:52.030 Disk 0 Windows 7 default MBR code
16:35:52.035 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 610477 MB offset 63
16:35:52.060 Disk 0 scanning C:\Windows\system32\drivers
16:36:12.682 Service scanning
16:36:34.844 Modules scanning
16:36:34.863 Disk 0 trace - called modules:
16:36:34.887 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:36:34.889 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a82060]
16:36:34.893 3 CLASSPNP.SYS[fffff8800192e43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8003ac1060]
16:36:36.736 AVAST engine scan C:\Windows
16:36:39.786 AVAST engine scan C:\Windows\system32
16:39:35.160 AVAST engine scan C:\Windows\system32\drivers
16:39:49.084 AVAST engine scan C:\Users\***
16:40:00.989 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
16:40:00.994 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
Code:
ATTFilter 16:43:25.0284 3392 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:43:25.0292 3392 ============================================================
16:43:25.0292 3392 Current date / time: 2013/03/20 16:43:25.0292
16:43:25.0292 3392 SystemInfo:
16:43:25.0292 3392
16:43:25.0292 3392 OS Version: 6.1.7601 ServicePack: 1.0
16:43:25.0292 3392 Product type: Workstation
16:43:25.0292 3392 ComputerName: ANTEC300HEPP
16:43:25.0292 3392 UserName: ***
16:43:25.0292 3392 Windows directory: C:\Windows
16:43:25.0292 3392 System windows directory: C:\Windows
16:43:25.0292 3392 Running under WOW64
16:43:25.0292 3392 Processor architecture: Intel x64
16:43:25.0292 3392 Number of processors: 4
16:43:25.0292 3392 Page size: 0x1000
16:43:25.0292 3392 Boot type: Normal boot
16:43:25.0292 3392 ============================================================
16:43:27.0100 3392 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:43:27.0123 3392 ============================================================
16:43:27.0123 3392 \Device\Harddisk0\DR0:
16:43:27.0123 3392 MBR partitions:
16:43:27.0123 3392 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82
16:43:27.0123 3392 ============================================================
16:43:27.0134 3392 C: <-> \Device\Harddisk0\DR0\Partition1
16:43:27.0134 3392 ============================================================
16:43:27.0134 3392 Initialize success
16:43:27.0134 3392 ============================================================
16:43:32.0129 0356 ============================================================
16:43:32.0129 0356 Scan started
16:43:32.0129 0356 Mode: Manual; SigCheck; TDLFS;
16:43:32.0131 0356 ============================================================
16:43:32.0956 0356 ================ Scan system memory ========================
16:43:32.0956 0356 System memory - ok
16:43:32.0956 0356 ================ Scan services =============================
16:43:33.0134 0356 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:43:33.0181 0356 1394ohci - ok
16:43:33.0224 0356 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:43:33.0236 0356 ACPI - ok
16:43:33.0269 0356 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:43:33.0311 0356 AcpiPmi - ok
16:43:33.0442 0356 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
16:43:33.0454 0356 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
16:43:33.0454 0356 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
16:43:33.0554 0356 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:43:33.0562 0356 AdobeARMservice - ok
16:43:33.0614 0356 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:43:33.0628 0356 adp94xx - ok
16:43:33.0651 0356 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:43:33.0662 0356 adpahci - ok
16:43:33.0667 0356 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:43:33.0677 0356 adpu320 - ok
16:43:33.0707 0356 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:43:33.0806 0356 AeLookupSvc - ok
16:43:33.0844 0356 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:43:33.0893 0356 AFD - ok
16:43:33.0937 0356 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:43:33.0946 0356 agp440 - ok
16:43:33.0963 0356 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:43:34.0003 0356 ALG - ok
16:43:34.0014 0356 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:43:34.0022 0356 aliide - ok
16:43:34.0156 0356 ALSysIO - ok
16:43:34.0201 0356 [ 5EC60409BD50953BD4F892B18840039E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:43:34.0252 0356 AMD External Events Utility - ok
16:43:34.0288 0356 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:43:34.0296 0356 amdide - ok
16:43:34.0334 0356 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
16:43:34.0343 0356 amdiox64 - ok
16:43:34.0381 0356 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:43:34.0431 0356 AmdK8 - ok
16:43:34.0597 0356 [ 322E5C178990F116F00E3D923F4E6B1C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:43:34.0799 0356 amdkmdag - ok
16:43:34.0817 0356 [ 961A81A84FDD700E361E8294528A37BA ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:43:34.0853 0356 amdkmdap - ok
16:43:34.0879 0356 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:43:34.0911 0356 AmdPPM - ok
16:43:34.0962 0356 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:43:34.0971 0356 amdsata - ok
16:43:35.0194 0356 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:43:35.0204 0356 amdsbs - ok
16:43:35.0293 0356 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:43:35.0301 0356 amdxata - ok
16:43:35.0369 0356 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:43:35.0386 0356 AntiVirSchedulerService - ok
16:43:35.0423 0356 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:43:35.0431 0356 AntiVirService - ok
16:43:35.0492 0356 AODDriver4.01 - ok
16:43:35.0534 0356 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:43:35.0648 0356 AppID - ok
16:43:35.0684 0356 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:43:35.0727 0356 AppIDSvc - ok
16:43:35.0778 0356 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:43:35.0809 0356 Appinfo - ok
16:43:35.0853 0356 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:43:35.0862 0356 arc - ok
16:43:35.0887 0356 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:43:35.0896 0356 arcsas - ok
16:43:36.0039 0356 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:43:36.0074 0356 aspnet_state - ok
16:43:36.0099 0356 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:43:36.0137 0356 AsyncMac - ok
16:43:36.0169 0356 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:43:36.0177 0356 atapi - ok
16:43:36.0258 0356 [ DE9FB3DADE8FD39AE2C587DF22D36B8E ] athr C:\Windows\system32\DRIVERS\athrx.sys
16:43:36.0332 0356 athr - ok
16:43:36.0377 0356 [ 7E2F5A758F63F80F8B03F889B4E6B19F ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
16:43:36.0384 0356 AtiHdmiService - ok
16:43:36.0426 0356 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
16:43:36.0434 0356 atksgt - ok
16:43:36.0482 0356 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:43:36.0551 0356 AudioEndpointBuilder - ok
16:43:36.0558 0356 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:43:36.0586 0356 AudioSrv - ok
16:43:36.0621 0356 [ B1224E6B086CD6548315B04AB575A23E ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
16:43:36.0628 0356 avgntflt - ok
16:43:36.0634 0356 [ ED45F12CFA62B83765C9C1496758CC87 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
16:43:36.0641 0356 avipbb - ok
16:43:36.0679 0356 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:43:36.0744 0356 AxInstSV - ok
16:43:36.0786 0356 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:43:36.0817 0356 b06bdrv - ok
16:43:36.0856 0356 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:43:36.0867 0356 b57nd60a - ok
16:43:36.0938 0356 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:43:36.0979 0356 BDESVC - ok
16:43:36.0984 0356 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:43:37.0031 0356 Beep - ok
16:43:37.0084 0356 [ 06C1E887BF34C0E31EB8E2C999E4842F ] BEService C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
16:43:37.0107 0356 BEService ( UnsignedFile.Multi.Generic ) - warning
16:43:37.0107 0356 BEService - detected UnsignedFile.Multi.Generic (1)
16:43:37.0159 0356 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:43:37.0198 0356 BFE - ok
16:43:37.0218 0356 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:43:37.0288 0356 BITS - ok
16:43:37.0307 0356 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:43:37.0322 0356 blbdrive - ok
16:43:37.0359 0356 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:43:37.0379 0356 bowser - ok
16:43:37.0392 0356 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:43:37.0454 0356 BrFiltLo - ok
16:43:37.0461 0356 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:43:37.0469 0356 BrFiltUp - ok
16:43:37.0507 0356 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:43:37.0523 0356 Browser - ok
16:43:37.0538 0356 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:43:37.0574 0356 Brserid - ok
16:43:37.0586 0356 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:43:37.0606 0356 BrSerWdm - ok
16:43:37.0618 0356 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:43:37.0647 0356 BrUsbMdm - ok
16:43:37.0662 0356 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:43:37.0669 0356 BrUsbSer - ok
16:43:37.0679 0356 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:43:37.0697 0356 BTHMODEM - ok
16:43:37.0743 0356 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:43:37.0781 0356 bthserv - ok
16:43:37.0808 0356 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:43:37.0833 0356 cdfs - ok
16:43:37.0873 0356 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
16:43:37.0894 0356 cdrom - ok
16:43:37.0938 0356 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:43:37.0977 0356 CertPropSvc - ok
16:43:38.0008 0356 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:43:38.0029 0356 circlass - ok
16:43:38.0067 0356 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:43:38.0078 0356 CLFS - ok
16:43:38.0144 0356 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:43:38.0153 0356 clr_optimization_v2.0.50727_32 - ok
16:43:38.0226 0356 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:43:38.0234 0356 clr_optimization_v2.0.50727_64 - ok
16:43:38.0338 0356 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:43:38.0471 0356 clr_optimization_v4.0.30319_32 - ok
16:43:38.0488 0356 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:43:38.0546 0356 clr_optimization_v4.0.30319_64 - ok
16:43:38.0589 0356 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:43:38.0612 0356 CmBatt - ok
16:43:38.0648 0356 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:43:38.0656 0356 cmdide - ok
16:43:38.0718 0356 [ 0367F029425CBD5506E8DB2757FF3A8F ] cmudaxp C:\Windows\system32\drivers\cmudaxp.sys
16:43:38.0793 0356 cmudaxp - ok
16:43:38.0837 0356 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:43:38.0861 0356 CNG - ok
16:43:38.0876 0356 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:43:38.0883 0356 Compbatt - ok
16:43:38.0926 0356 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:43:38.0948 0356 CompositeBus - ok
16:43:38.0961 0356 COMSysApp - ok
16:43:38.0983 0356 cpuz130 - ok
16:43:38.0998 0356 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:43:39.0006 0356 crcdisk - ok
16:43:39.0046 0356 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:43:39.0089 0356 CryptSvc - ok
16:43:39.0129 0356 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:43:39.0168 0356 DcomLaunch - ok
16:43:39.0226 0356 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:43:39.0267 0356 defragsvc - ok
16:43:39.0316 0356 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:43:39.0353 0356 DfsC - ok
16:43:39.0393 0356 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:43:39.0433 0356 Dhcp - ok
16:43:39.0437 0356 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:43:39.0461 0356 discache - ok
16:43:39.0489 0356 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:43:39.0497 0356 Disk - ok
16:43:39.0534 0356 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:43:39.0588 0356 Dnscache - ok
16:43:39.0622 0356 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:43:39.0659 0356 dot3svc - ok
16:43:39.0696 0356 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:43:39.0727 0356 DPS - ok
16:43:39.0777 0356 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:43:39.0794 0356 drmkaud - ok
16:43:39.0846 0356 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:43:39.0864 0356 DXGKrnl - ok
16:43:39.0894 0356 EagleX64 - ok
16:43:39.0937 0356 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:43:39.0977 0356 EapHost - ok
16:43:40.0036 0356 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:43:40.0112 0356 ebdrv - ok
16:43:40.0146 0356 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:43:40.0191 0356 EFS - ok
16:43:40.0243 0356 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:43:40.0301 0356 ehRecvr - ok
16:43:40.0334 0356 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:43:40.0371 0356 ehSched - ok
16:43:40.0401 0356 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:43:40.0423 0356 elxstor - ok
16:43:40.0449 0356 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:43:40.0464 0356 ErrDev - ok
16:43:40.0489 0356 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:43:40.0524 0356 EventSystem - ok
16:43:40.0563 0356 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:43:40.0626 0356 exfat - ok
16:43:40.0649 0356 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:43:40.0714 0356 fastfat - ok
16:43:40.0771 0356 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:43:40.0834 0356 Fax - ok
16:43:40.0843 0356 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:43:40.0858 0356 fdc - ok
16:43:40.0889 0356 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:43:40.0932 0356 fdPHost - ok
16:43:40.0943 0356 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:43:40.0979 0356 FDResPub - ok
16:43:40.0996 0356 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:43:41.0003 0356 FileInfo - ok
16:43:41.0013 0356 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:43:41.0057 0356 Filetrace - ok
16:43:41.0072 0356 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:43:41.0109 0356 flpydisk - ok
16:43:41.0152 0356 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:43:41.0168 0356 FltMgr - ok
16:43:41.0227 0356 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
16:43:41.0293 0356 FontCache - ok
16:43:41.0356 0356 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:43:41.0379 0356 FontCache3.0.0.0 - ok
16:43:41.0413 0356 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:43:41.0442 0356 FsDepends - ok
16:43:41.0481 0356 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:43:41.0506 0356 Fs_Rec - ok
16:43:41.0553 0356 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:43:41.0596 0356 fvevol - ok
16:43:41.0612 0356 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:43:41.0623 0356 gagp30kx - ok
16:43:41.0643 0356 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:43:41.0707 0356 gpsvc - ok
16:43:41.0812 0356 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:43:41.0836 0356 gupdate - ok
16:43:41.0869 0356 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:43:41.0879 0356 gupdatem - ok
16:43:41.0893 0356 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:43:41.0928 0356 hcw85cir - ok
16:43:41.0971 0356 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:43:41.0989 0356 HdAudAddService - ok
16:43:42.0023 0356 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:43:42.0046 0356 HDAudBus - ok
16:43:42.0062 0356 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:43:42.0087 0356 HidBatt - ok
16:43:42.0107 0356 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:43:42.0121 0356 HidBth - ok
16:43:42.0131 0356 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:43:42.0149 0356 HidIr - ok
16:43:42.0178 0356 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:43:42.0244 0356 hidserv - ok
16:43:42.0293 0356 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:43:42.0317 0356 HidUsb - ok
16:43:42.0351 0356 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:43:42.0427 0356 hkmsvc - ok
16:43:42.0453 0356 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:43:42.0484 0356 HomeGroupListener - ok
16:43:42.0517 0356 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:43:42.0551 0356 HomeGroupProvider - ok
16:43:42.0564 0356 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:43:42.0577 0356 HpSAMD - ok
16:43:42.0628 0356 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:43:42.0703 0356 HTTP - ok
16:43:42.0738 0356 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:43:42.0764 0356 hwpolicy - ok
16:43:42.0803 0356 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:43:42.0827 0356 i8042prt - ok
16:43:42.0844 0356 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:43:42.0873 0356 iaStorV - ok
16:43:42.0951 0356 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:43:42.0961 0356 IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:43:42.0961 0356 IDriverT - detected UnsignedFile.Multi.Generic (1)
16:43:43.0026 0356 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:43:43.0097 0356 idsvc - ok
16:43:43.0141 0356 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:43:43.0169 0356 iirsp - ok
16:43:43.0198 0356 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:43:43.0254 0356 IKEEXT - ok
16:43:43.0271 0356 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:43:43.0278 0356 intelide - ok
16:43:43.0294 0356 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:43:43.0303 0356 intelppm - ok
16:43:43.0334 0356 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:43:43.0393 0356 IPBusEnum - ok
16:43:43.0426 0356 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:43:43.0501 0356 IpFilterDriver - ok
16:43:43.0544 0356 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:43:43.0622 0356 iphlpsvc - ok
16:43:43.0647 0356 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:43:43.0656 0356 IPMIDRV - ok
16:43:43.0671 0356 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:43:43.0703 0356 IPNAT - ok
16:43:43.0726 0356 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:43:43.0802 0356 IRENUM - ok
16:43:43.0839 0356 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:43:43.0853 0356 isapnp - ok
16:43:43.0884 0356 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:43:43.0901 0356 iScsiPrt - ok
16:43:43.0914 0356 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:43:43.0926 0356 kbdclass - ok
16:43:43.0956 0356 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:43:43.0991 0356 kbdhid - ok
16:43:44.0012 0356 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:43:44.0022 0356 KeyIso - ok
16:43:44.0062 0356 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:43:44.0087 0356 KSecDD - ok
16:43:44.0101 0356 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:43:44.0114 0356 KSecPkg - ok
16:43:44.0121 0356 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:43:44.0144 0356 ksthunk - ok
16:43:44.0186 0356 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:43:44.0279 0356 KtmRm - ok
16:43:44.0309 0356 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:43:44.0358 0356 LanmanServer - ok
16:43:44.0382 0356 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:43:44.0457 0356 LanmanWorkstation - ok
16:43:44.0561 0356 [ 6771CAC91BB89E15B13C27F1E3CDD320 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
16:43:44.0598 0356 LBTServ - ok
16:43:44.0644 0356 [ CEB6E18DCFAD5C72B81C7DA1AC3C1CC1 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
16:43:44.0654 0356 LHidFilt - ok
16:43:44.0689 0356 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
16:43:44.0713 0356 lirsgt - ok
16:43:44.0729 0356 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:43:44.0772 0356 lltdio - ok
16:43:44.0816 0356 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:43:44.0892 0356 lltdsvc - ok
16:43:44.0909 0356 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:43:44.0933 0356 lmhosts - ok
16:43:44.0946 0356 [ F9E48F18BE4D2B365F138987B8E7885B ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
16:43:44.0952 0356 LMouFilt - ok
16:43:44.0966 0356 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:43:44.0974 0356 LSI_FC - ok
16:43:44.0984 0356 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:43:44.0993 0356 LSI_SAS - ok
16:43:45.0002 0356 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:43:45.0011 0356 LSI_SAS2 - ok
16:43:45.0016 0356 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:43:45.0024 0356 LSI_SCSI - ok
16:43:45.0039 0356 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:43:45.0072 0356 luafv - ok
16:43:45.0111 0356 [ 51B20B742C9E35ADE40B840F6F4F5EE2 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
16:43:45.0133 0356 LUsbFilt - ok
16:43:45.0196 0356 [ 23488767CB18FC3FF39E3AF1DB3FB02C ] massfilter C:\Windows\system32\drivers\massfilter.sys
16:43:45.0246 0356 massfilter - ok
16:43:45.0287 0356 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:43:45.0322 0356 Mcx2Svc - ok
16:43:45.0341 0356 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:43:45.0349 0356 megasas - ok
16:43:45.0361 0356 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:43:45.0372 0356 MegaSR - ok
16:43:45.0451 0356 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
16:43:45.0477 0356 Microsoft Office Groove Audit Service - ok
16:43:45.0523 0356 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:43:45.0601 0356 MMCSS - ok
16:43:45.0631 0356 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:43:45.0656 0356 Modem - ok
16:43:45.0672 0356 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:43:45.0694 0356 monitor - ok
16:43:45.0744 0356 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:43:45.0768 0356 mouclass - ok
16:43:45.0797 0356 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:43:45.0838 0356 mouhid - ok
16:43:45.0873 0356 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:43:45.0884 0356 mountmgr - ok
16:43:45.0942 0356 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:43:45.0973 0356 MozillaMaintenance - ok
16:43:45.0986 0356 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:43:45.0999 0356 mpio - ok
16:43:46.0012 0356 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:43:46.0037 0356 mpsdrv - ok
16:43:46.0086 0356 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:43:46.0168 0356 MpsSvc - ok
16:43:46.0204 0356 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:43:46.0247 0356 MRxDAV - ok
16:43:46.0276 0356 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:43:46.0301 0356 mrxsmb - ok
16:43:46.0341 0356 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:43:46.0369 0356 mrxsmb10 - ok
16:43:46.0384 0356 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:43:46.0396 0356 mrxsmb20 - ok
16:43:46.0407 0356 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:43:46.0418 0356 msahci - ok
16:43:46.0452 0356 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:43:46.0483 0356 msdsm - ok
16:43:46.0497 0356 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:43:46.0522 0356 MSDTC - ok
16:43:46.0543 0356 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:43:46.0577 0356 Msfs - ok
16:43:46.0584 0356 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:43:46.0619 0356 mshidkmdf - ok
16:43:46.0654 0356 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:43:46.0662 0356 msisadrv - ok
16:43:46.0702 0356 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:43:46.0773 0356 MSiSCSI - ok
16:43:46.0777 0356 msiserver - ok
16:43:46.0797 0356 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:43:46.0864 0356 MSKSSRV - ok
16:43:46.0884 0356 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:43:46.0917 0356 MSPCLOCK - ok
16:43:46.0926 0356 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:43:46.0958 0356 MSPQM - ok
16:43:46.0993 0356 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:43:47.0028 0356 MsRPC - ok
16:43:47.0041 0356 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:43:47.0051 0356 mssmbios - ok
16:43:47.0084 0356 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:43:47.0139 0356 MSTEE - ok
16:43:47.0299 0356 [ CB4A082AF58D1A0969F931816D5CFB05 ] msvsmon90 C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
16:43:47.0419 0356 msvsmon90 - ok
16:43:47.0433 0356 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:43:47.0452 0356 MTConfig - ok
16:43:47.0466 0356 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:43:47.0474 0356 Mup - ok
16:43:47.0513 0356 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:43:47.0578 0356 napagent - ok
16:43:47.0612 0356 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:43:47.0646 0356 NativeWifiP - ok
16:43:47.0703 0356 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
16:43:47.0757 0356 NDIS - ok
16:43:47.0772 0356 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:43:47.0796 0356 NdisCap - ok
16:43:47.0808 0356 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:43:47.0846 0356 NdisTapi - ok
16:43:47.0888 0356 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:43:47.0944 0356 Ndisuio - ok
16:43:47.0978 0356 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:43:48.0054 0356 NdisWan - ok
16:43:48.0086 0356 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:43:48.0153 0356 NDProxy - ok
16:43:48.0171 0356 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:43:48.0210 0356 NetBIOS - ok
16:43:48.0247 0356 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:43:48.0300 0356 NetBT - ok
16:43:48.0312 0356 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:43:48.0322 0356 Netlogon - ok
16:43:48.0367 0356 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:43:48.0421 0356 Netman - ok
16:43:48.0457 0356 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:43:48.0541 0356 NetMsmqActivator - ok
16:43:48.0572 0356 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:43:48.0582 0356 NetPipeActivator - ok
16:43:48.0615 0356 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:43:48.0683 0356 netprofm - ok
16:43:48.0693 0356 netr28ux - ok
16:43:48.0697 0356 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:43:48.0705 0356 NetTcpActivator - ok
16:43:48.0707 0356 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:43:48.0715 0356 NetTcpPortSharing - ok
16:43:48.0721 0356 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:43:48.0730 0356 nfrd960 - ok
16:43:48.0771 0356 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:43:48.0870 0356 NlaSvc - ok
16:43:48.0890 0356 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:43:48.0921 0356 Npfs - ok
16:43:48.0951 0356 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:43:48.0986 0356 nsi - ok
16:43:49.0003 0356 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:43:49.0038 0356 nsiproxy - ok
16:43:49.0093 0356 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:43:49.0136 0356 Ntfs - ok
16:43:49.0146 0356 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:43:49.0176 0356 Null - ok
16:43:49.0226 0356 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:43:49.0250 0356 nvraid - ok
16:43:49.0263 0356 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:43:49.0276 0356 nvstor - ok
16:43:49.0321 0356 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:43:49.0353 0356 nv_agp - ok
16:43:49.0441 0356 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:43:49.0487 0356 odserv - ok
16:43:49.0523 0356 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:43:49.0563 0356 ohci1394 - ok
16:43:49.0617 0356 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:43:49.0647 0356 ose - ok
16:43:49.0690 0356 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:43:49.0743 0356 p2pimsvc - ok
16:43:49.0782 0356 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:43:49.0798 0356 p2psvc - ok
16:43:49.0812 0356 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:43:49.0833 0356 Parport - ok
16:43:49.0867 0356 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:43:49.0878 0356 partmgr - ok
16:43:49.0890 0356 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:43:49.0918 0356 PcaSvc - ok
16:43:49.0956 0356 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:43:49.0970 0356 pci - ok
16:43:49.0976 0356 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:43:49.0987 0356 pciide - ok
16:43:50.0020 0356 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:43:50.0048 0356 pcmcia - ok
16:43:50.0058 0356 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:43:50.0070 0356 pcw - ok
16:43:50.0120 0356 [ 958754A37C85E18EB53FA2139787113C ] pe3ah4nc C:\Windows\system32\drivers\pe3ah4nc.sys
16:43:50.0145 0356 pe3ah4nc - ok
16:43:50.0165 0356 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:43:50.0236 0356 PEAUTH - ok
16:43:50.0332 0356 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:43:50.0376 0356 PerfHost - ok
16:43:50.0437 0356 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:43:50.0518 0356 pla - ok
16:43:50.0561 0356 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:43:50.0598 0356 PlugPlay - ok
16:43:50.0620 0356 PnkBstrA - ok
16:43:50.0655 0356 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:43:50.0678 0356 PNRPAutoReg - ok
16:43:50.0726 0356 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:43:50.0751 0356 PNRPsvc - ok
16:43:50.0776 0356 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:43:50.0828 0356 PolicyAgent - ok
16:43:50.0863 0356 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:43:50.0947 0356 Power - ok
16:43:50.0983 0356 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:43:51.0036 0356 PptpMiniport - ok
16:43:51.0043 0356 pr2ah4nc - ok
16:43:51.0072 0356 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:43:51.0096 0356 Processor - ok
16:43:51.0118 0356 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
16:43:51.0163 0356 ProfSvc - ok
16:43:51.0178 0356 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:43:51.0186 0356 ProtectedStorage - ok
16:43:51.0221 0356 [ 0E998144E0C05AFFBB6CC66B5999958C ] ps6ah4nc C:\Windows\system32\drivers\ps6ah4nc.sys
16:43:51.0236 0356 ps6ah4nc - ok
16:43:51.0271 0356 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:43:51.0331 0356 Psched - ok
16:43:51.0373 0356 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:43:51.0432 0356 ql2300 - ok
16:43:51.0445 0356 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:43:51.0453 0356 ql40xx - ok
16:43:51.0497 0356 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:43:51.0553 0356 QWAVE - ok
16:43:51.0566 0356 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:43:51.0582 0356 QWAVEdrv - ok
16:43:51.0598 0356 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:43:51.0665 0356 RasAcd - ok
16:43:51.0708 0356 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:43:51.0758 0356 RasAgileVpn - ok
16:43:51.0776 0356 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:43:51.0801 0356 RasAuto - ok
16:43:51.0830 0356 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:43:51.0867 0356 Rasl2tp - ok
16:43:51.0902 0356 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:43:51.0938 0356 RasMan - ok
16:43:51.0960 0356 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:43:51.0992 0356 RasPppoe - ok
16:43:52.0020 0356 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:43:52.0043 0356 RasSstp - ok
16:43:52.0082 0356 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:43:52.0146 0356 rdbss - ok
16:43:52.0156 0356 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:43:52.0177 0356 rdpbus - ok
16:43:52.0193 0356 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:43:52.0216 0356 RDPCDD - ok
16:43:52.0233 0356 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:43:52.0265 0356 RDPENCDD - ok
16:43:52.0282 0356 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:43:52.0306 0356 RDPREFMP - ok
16:43:52.0345 0356 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:43:52.0397 0356 RDPWD - ok
16:43:52.0446 0356 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:43:52.0482 0356 rdyboost - ok
16:43:52.0520 0356 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:43:52.0591 0356 RemoteAccess - ok
16:43:52.0622 0356 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:43:52.0686 0356 RemoteRegistry - ok
16:43:52.0703 0356 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:43:52.0740 0356 RpcEptMapper - ok
16:43:52.0770 0356 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:43:52.0815 0356 RpcLocator - ok
16:43:52.0858 0356 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:43:52.0906 0356 RpcSs - ok
16:43:52.0913 0356 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:43:52.0947 0356 rspndr - ok
16:43:52.0993 0356 [ 66F9F7161D147B6486A22FEB9425930D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:43:53.0025 0356 RTL8167 - ok
16:43:53.0036 0356 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:43:53.0047 0356 SamSs - ok
16:43:53.0088 0356 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:43:53.0117 0356 sbp2port - ok
16:43:53.0150 0356 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:43:53.0197 0356 SCardSvr - ok
16:43:53.0225 0356 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:43:53.0285 0356 scfilter - ok
16:43:53.0343 0356 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:43:53.0418 0356 Schedule - ok
16:43:53.0446 0356 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:43:53.0468 0356 SCPolicySvc - ok
16:43:53.0503 0356 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:43:53.0565 0356 SDRSVC - ok
16:43:53.0586 0356 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:43:53.0643 0356 secdrv - ok
16:43:53.0683 0356 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:43:53.0756 0356 seclogon - ok
16:43:53.0775 0356 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:43:53.0815 0356 SENS - ok
16:43:53.0825 0356 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:43:53.0840 0356 SensrSvc - ok
16:43:53.0851 0356 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:43:53.0858 0356 Serenum - ok
16:43:53.0871 0356 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:43:53.0896 0356 Serial - ok
16:43:53.0911 0356 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:43:53.0945 0356 sermouse - ok
16:43:53.0988 0356 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:43:54.0038 0356 SessionEnv - ok
16:43:54.0091 0356 [ 4FCACE92BB0345D58BB96ADBD69F5237 ] sfdrv01 C:\Windows\system32\drivers\sfdrv01.sys
16:43:54.0116 0356 sfdrv01 - ok
16:43:54.0155 0356 [ ADDC96399ACDF3C4DD690C74B835082E ] sfdrv01a C:\Windows\system32\drivers\sfdrv01a.sys
16:43:54.0178 0356 sfdrv01a - ok
16:43:54.0212 0356 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:43:54.0251 0356 sffdisk - ok
16:43:54.0267 0356 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:43:54.0308 0356 sffp_mmc - ok
16:43:54.0326 0356 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:43:54.0351 0356 sffp_sd - ok
16:43:54.0376 0356 [ 17F6BD95BF04B924F4C05CE78BEF8AE6 ] sfhlp02 C:\Windows\system32\drivers\sfhlp02.sys
16:43:54.0385 0356 sfhlp02 - ok
16:43:54.0392 0356 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:43:54.0403 0356 sfloppy - ok
16:43:54.0455 0356 [ 40CF333266E10137F805B8956FE19031 ] sfsync02 C:\Windows\system32\drivers\sfsync02.sys
16:43:54.0476 0356 sfsync02 - ok
16:43:54.0502 0356 [ F3B72568A6FA36E5D63D30B8186D1C48 ] sfvfs02 C:\Windows\system32\drivers\sfvfs02.sys
16:43:54.0526 0356 sfvfs02 - ok
16:43:54.0567 0356 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:43:54.0641 0356 SharedAccess - ok
16:43:54.0687 0356 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:43:54.0780 0356 ShellHWDetection - ok
16:43:54.0801 0356 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:43:54.0808 0356 SiSRaid2 - ok
16:43:54.0822 0356 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:43:54.0831 0356 SiSRaid4 - ok
16:43:54.0890 0356 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:43:54.0915 0356 SkypeUpdate - ok
16:43:54.0958 0356 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:43:55.0057 0356 Smb - ok
16:43:55.0120 0356 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:43:55.0157 0356 SNMPTRAP - ok
16:43:55.0188 0356 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:43:55.0200 0356 spldr - ok
16:43:55.0251 0356 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
16:43:55.0303 0356 Spooler - ok
16:43:55.0402 0356 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:43:55.0507 0356 sppsvc - ok
16:43:55.0522 0356 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:43:55.0560 0356 sppuinotify - ok
16:43:55.0621 0356 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\System32\Drivers\sptd.sys
16:43:55.0673 0356 sptd - ok
16:43:55.0711 0356 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:43:55.0776 0356 srv - ok
16:43:55.0828 0356 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:43:55.0895 0356 srv2 - ok
16:43:55.0915 0356 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:43:55.0937 0356 srvnet - ok
16:43:55.0956 0356 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:43:56.0001 0356 SSDPSRV - ok
16:43:56.0056 0356 [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
16:43:56.0078 0356 SSPORT - ok
16:43:56.0096 0356 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:43:56.0126 0356 SstpSvc - ok
16:43:56.0155 0356 StarOpen - ok
16:43:56.0173 0356 Steam Client Service - ok
16:43:56.0197 0356 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:43:56.0205 0356 stexstor - ok
16:43:56.0252 0356 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:43:56.0316 0356 stisvc - ok
16:43:56.0340 0356 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:43:56.0350 0356 swenum - ok
16:43:56.0392 0356 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:43:56.0453 0356 swprv - ok
16:43:56.0508 0356 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:43:56.0592 0356 SysMain - ok
16:43:56.0631 0356 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:43:56.0683 0356 TabletInputService - ok
16:43:56.0687 0356 tandpl - ok
16:43:56.0727 0356 [ F33FDC72298DF4BF9813A55D21F4EB31 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
16:43:56.0736 0356 taphss - ok
16:43:56.0773 0356 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:43:56.0857 0356 TapiSrv - ok
16:43:56.0875 0356 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:43:56.0898 0356 TBS - ok
16:43:56.0973 0356 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:43:57.0026 0356 Tcpip - ok
16:43:57.0063 0356 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:43:57.0090 0356 TCPIP6 - ok
16:43:57.0131 0356 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:43:57.0186 0356 tcpipreg - ok
16:43:57.0237 0356 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:43:57.0292 0356 TDPIPE - ok
16:43:57.0331 0356 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:43:57.0367 0356 TDTCP - ok
16:43:57.0410 0356 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:43:57.0481 0356 tdx - ok
16:43:57.0511 0356 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:43:57.0520 0356 TermDD - ok
16:43:57.0566 0356 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:43:57.0648 0356 TermService - ok
16:43:57.0675 0356 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:43:57.0696 0356 Themes - ok
16:43:57.0722 0356 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:43:57.0746 0356 THREADORDER - ok
16:43:57.0751 0356 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:43:57.0786 0356 TrkWks - ok
16:43:57.0842 0356 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:43:57.0927 0356 TrustedInstaller - ok
16:43:57.0966 0356 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:43:58.0000 0356 tssecsrv - ok
16:43:58.0033 0356 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:43:58.0092 0356 TsUsbFlt - ok
16:43:58.0137 0356 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:43:58.0172 0356 tunnel - ok
16:43:58.0208 0356 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:43:58.0216 0356 uagp35 - ok
16:43:58.0255 0356 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:43:58.0330 0356 udfs - ok
16:43:58.0421 0356 [ 13BFF97E926BF8D9C1230CECC371A0C0 ] UI Assistant Service C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
16:43:58.0451 0356 UI Assistant Service - ok
16:43:58.0482 0356 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:43:58.0526 0356 UI0Detect - ok
16:43:58.0568 0356 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:43:58.0600 0356 uliagpkx - ok
16:43:58.0638 0356 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
16:43:58.0657 0356 umbus - ok
16:43:58.0672 0356 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:43:58.0683 0356 UmPass - ok
16:43:58.0723 0356 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:43:58.0780 0356 upnphost - ok
16:43:58.0836 0356 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:43:58.0876 0356 usbaudio - ok
16:43:58.0906 0356 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
16:43:58.0928 0356 usbccgp - ok
16:43:58.0977 0356 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:43:59.0013 0356 usbcir - ok
16:43:59.0032 0356 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:43:59.0043 0356 usbehci - ok
16:43:59.0067 0356 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
16:43:59.0083 0356 usbhub - ok
16:43:59.0095 0356 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:43:59.0106 0356 usbohci - ok
16:43:59.0117 0356 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:43:59.0131 0356 usbprint - ok
16:43:59.0137 0356 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:43:59.0156 0356 USBSTOR - ok
16:43:59.0172 0356 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:43:59.0196 0356 usbuhci - ok
16:43:59.0216 0356 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:43:59.0285 0356 UxSms - ok
16:43:59.0302 0356 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:43:59.0310 0356 VaultSvc - ok
16:43:59.0343 0356 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:43:59.0351 0356 vdrvroot - ok
16:43:59.0391 0356 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:43:59.0467 0356 vds - ok
16:43:59.0486 0356 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:43:59.0496 0356 vga - ok
16:43:59.0503 0356 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:43:59.0536 0356 VgaSave - ok
16:43:59.0555 0356 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:43:59.0566 0356 vhdmp - ok
16:43:59.0600 0356 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:43:59.0626 0356 viaide - ok
16:43:59.0637 0356 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:43:59.0648 0356 volmgr - ok
16:43:59.0686 0356 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:43:59.0720 0356 volmgrx - ok
16:43:59.0735 0356 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:43:59.0751 0356 volsnap - ok
16:43:59.0793 0356 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:43:59.0807 0356 vsmraid - ok
16:43:59.0867 0356 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:43:59.0948 0356 VSS - ok
16:43:59.0960 0356 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:43:59.0986 0356 vwifibus - ok
16:44:00.0003 0356 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:44:00.0013 0356 vwififlt - ok
16:44:00.0016 0356 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
16:44:00.0027 0356 vwifimp - ok
16:44:00.0068 0356 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:44:00.0096 0356 W32Time - ok
16:44:00.0105 0356 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:44:00.0127 0356 WacomPen - ok
16:44:00.0151 0356 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:44:00.0213 0356 WANARP - ok
16:44:00.0226 0356 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:44:00.0248 0356 Wanarpv6 - ok
16:44:00.0316 0356 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:44:00.0408 0356 wbengine - ok
16:44:00.0422 0356 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:44:00.0438 0356 WbioSrvc - ok
16:44:00.0477 0356 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:44:00.0510 0356 wcncsvc - ok
16:44:00.0528 0356 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:44:00.0545 0356 WcsPlugInService - ok
16:44:00.0550 0356 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:44:00.0557 0356 Wd - ok
16:44:00.0577 0356 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:44:00.0602 0356 Wdf01000 - ok
16:44:00.0615 0356 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:44:00.0705 0356 WdiServiceHost - ok
16:44:00.0708 0356 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:44:00.0725 0356 WdiSystemHost - ok
16:44:00.0760 0356 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:44:00.0780 0356 WebClient - ok
16:44:00.0791 0356 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:44:00.0822 0356 Wecsvc - ok
16:44:00.0837 0356 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:44:00.0865 0356 wercplsupport - ok
16:44:00.0882 0356 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:44:00.0918 0356 WerSvc - ok
16:44:00.0938 0356 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:44:00.0961 0356 WfpLwf - ok
16:44:00.0988 0356 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:44:00.0997 0356 WIMMount - ok
16:44:01.0010 0356 WinDefend - ok
16:44:01.0015 0356 WinHttpAutoProxySvc - ok
16:44:01.0081 0356 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:44:01.0107 0356 Winmgmt - ok
16:44:01.0185 0356 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:44:01.0257 0356 WinRM - ok
16:44:01.0318 0356 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:44:01.0365 0356 WinUsb - ok
16:44:01.0408 0356 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:44:01.0458 0356 Wlansvc - ok
16:44:01.0592 0356 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:44:01.0645 0356 wlidsvc - ok
16:44:01.0691 0356 [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
16:44:01.0703 0356 WmBEnum - ok
16:44:01.0718 0356 [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
16:44:01.0731 0356 WmFilter - ok
16:44:01.0767 0356 [ AC4331AF118A720F13C9C5CABBFE27BD ] WmHidLo C:\Windows\system32\drivers\WmHidLo.sys
16:44:01.0776 0356 WmHidLo - ok
16:44:01.0817 0356 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:44:01.0845 0356 WmiAcpi - ok
16:44:01.0881 0356 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:44:01.0971 0356 wmiApSrv - ok
16:44:02.0126 0356 WMPNetworkSvc - ok
16:44:02.0178 0356 [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
16:44:02.0198 0356 WmVirHid - ok
16:44:02.0247 0356 [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
16:44:02.0266 0356 WmXlCore - ok
16:44:02.0313 0356 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:44:02.0343 0356 WPCSvc - ok
16:44:02.0378 0356 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:44:02.0391 0356 WPDBusEnum - ok
16:44:02.0426 0356 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:44:02.0470 0356 ws2ifsl - ok
16:44:02.0490 0356 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
16:44:02.0508 0356 wscsvc - ok
16:44:02.0511 0356 WSearch - ok
16:44:02.0596 0356 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:44:02.0687 0356 wuauserv - ok
16:44:02.0722 0356 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:44:02.0793 0356 WudfPf - ok
16:44:02.0817 0356 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:44:02.0883 0356 WUDFRd - ok
16:44:02.0923 0356 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:44:02.0975 0356 wudfsvc - ok
16:44:03.0006 0356 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:44:03.0046 0356 WwanSvc - ok
16:44:03.0116 0356 [ 4A5CE13408945E525503B5F73D29B9C5 ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
16:44:03.0180 0356 xnacc - ok
16:44:03.0218 0356 [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
16:44:03.0258 0356 ZTEusbmdm6k - ok
16:44:03.0272 0356 [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
16:44:03.0290 0356 ZTEusbnmea - ok
16:44:03.0303 0356 [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
16:44:03.0315 0356 ZTEusbser6k - ok
16:44:03.0342 0356 ================ Scan global ===============================
16:44:03.0378 0356 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:44:03.0422 0356 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
16:44:03.0447 0356 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
16:44:03.0485 0356 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:44:03.0526 0356 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:44:03.0533 0356 [Global] - ok
16:44:03.0535 0356 ================ Scan MBR ==================================
16:44:03.0548 0356 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:44:03.0842 0356 \Device\Harddisk0\DR0 - ok
16:44:03.0843 0356 ================ Scan VBR ==================================
16:44:03.0852 0356 [ 16FA8AE7AB8275D264D37461B124F92C ] \Device\Harddisk0\DR0\Partition1
16:44:03.0856 0356 \Device\Harddisk0\DR0\Partition1 - ok
16:44:03.0857 0356 ============================================================
16:44:03.0857 0356 Scan finished
16:44:03.0857 0356 ============================================================
16:44:03.0880 3228 Detected object count: 3
16:44:03.0881 3228 Actual detected object count: 3
16:44:07.0959 3228 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:44:07.0959 3228 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:44:07.0962 3228 BEService ( UnsignedFile.Multi.Generic ) - skipped by user
16:44:07.0962 3228 BEService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:44:07.0965 3228 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:44:07.0965 3228 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:44:12.0290 3192 Deinitialize success
|
|
20.03.2013, 17:02
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Eigene E-Mail Adresse verschickt Spam Mails Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.03.2013, 17:36
| #13 |
| | Eigene E-Mail Adresse verschickt Spam Mails Das Combofix Log: Code:
ATTFilter ComboFix 13-03-20.02 - *** 20.03.2013 17:11:46.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4094.2741 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\PFRO.log
c:\windows\SysWow64\tmp74F4.tmp
c:\windows\SysWow64\tmp7524.tmp
c:\windows\SysWow64\tmpCD3D.tmp
c:\windows\SysWow64\tmpCD5D.tmp
c:\windows\SysWow64\tmpF0D.tmp
c:\windows\SysWow64\tmpF2E.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-20 bis 2013-03-20 ))))))))))))))))))))))))))))))
.
.
2013-03-20 16:19 . 2013-03-20 16:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-17 16:46 . 2013-03-17 16:46 -------- dc----w- c:\users\***\AppData\Local\MigWiz
2013-03-17 13:07 . 2013-02-19 03:57 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{514D81A3-50F7-4D68-BC5A-66D05FA2CCD9}\mpengine.dll
2013-03-15 22:54 . 2013-03-15 22:54 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2013-03-15 22:54 . 2013-03-15 22:54 -------- d-----w- c:\programdata\Malwarebytes
2013-03-15 22:54 . 2013-03-15 22:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-15 22:54 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-15 22:53 . 2013-03-15 22:53 -------- d-----w- c:\users\***\AppData\Local\Programs
2013-03-15 22:44 . 2013-03-15 22:44 -------- d-----w- c:\programdata\Simply Super Software
2013-03-15 13:00 . 2013-03-15 13:06 -------- d-----w- c:\users\***\AppData\Roaming\TIPP10
2013-03-15 13:00 . 2013-03-15 13:00 -------- d-----w- c:\program files (x86)\Tipp10
2013-03-09 20:20 . 2013-03-09 20:20 -------- d-----w- c:\users\***\cityguide
2013-03-05 12:49 . 2013-03-05 12:49 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-05 12:49 . 2013-03-05 12:49 -------- d-----w- c:\program files (x86)\Java
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-15 11:18 . 2010-05-19 20:19 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-03-15 11:18 . 2010-05-08 16:04 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-03-15 11:15 . 2010-05-08 16:04 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-03-05 12:49 . 2012-06-27 18:25 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-03-05 12:49 . 2010-05-29 17:28 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-04 09:48 . 2012-04-13 16:48 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-04 09:48 . 2012-01-24 13:45 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-18 19:19 . 2012-07-01 11:33 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2013-01-17 00:28 . 2010-05-05 13:48 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-09 15:44 . 2010-05-15 07:28 67599240 ----a-w- c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"UIExec"="c:\program files (x86)\1&1 Surf-Stick\UIExec.exe" [2010-09-30 139088]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 ALSysIO;ALSysIO;c:\users\KONSTA~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe [2013-03-01 49152]
R3 cpuz130;cpuz130;c:\users\KONSTA~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-10-29 11776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-10 834544]
S0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [2007-05-18 72560]
S0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [2007-05-18 77176]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2009-02-03 77432]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-03 136360]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2010-12-23 11576]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\1&1 Surf-Stick\AssistantServices.exe [2010-09-30 253264]
S3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-03-10 2725376]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-12-19 314400]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-21 15:36]
.
2013-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-21 15:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1612880]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\h8hbr2c8.default\
FF - prefs.js: browser.startup.homepage - www.aero.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q=
FF - ExtSQL: 2013-02-17 20:19; ich@maltegoetz.de; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\h8hbr2c8.default\extensions\ich@maltegoetz.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files\Hotspot Shield\HssIE\HssIE_64.dll
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-BattlEye for A2 - c:\program files (x86)\Bohemia Interactive\ArmA IIBattlEye\UnInstallBE.exe
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
AddRemove-{A99968BE-C155-474C-0089-33239DEE1CE2} - c:\program files (x86)\EA GAMES\NFS Underground\EAUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2999285150-333783204-2952227286-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:40,9d,fb,09,a2,d6,46,38,3e,6a,bb,af,26,ac,9f,8d,29,c0,43,a7,a5,ef,15,
ca,c5,0b,9f,f1,c5,b3,7d,b8,a4,d4,5d,8e,e5,94,0b,f3,80,df,c1,6a,ba,24,8d,96,\
"??"=hex:59,e5,97,70,47,08,a5,1e,f6,13,83,cc,52,0d,a6,6c
.
[HKEY_USERS\S-1-5-21-2999285150-333783204-2952227286-1001\Software\SecuROM\License information*]
"datasecu"=hex:81,f9,86,34,81,c7,d4,af,e1,ea,10,76,4c,6b,b8,98,a0,60,0a,48,8e,
ad,70,7a,66,14,aa,22,46,36,f5,ed,f6,db,9b,23,55,5c,c5,34,86,91,6e,08,03,12,\
"rkeysecu"=hex:42,17,4f,2f,e5,f3,a6,a5,52,81,c4,3d,fa,79,47,a7
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-20 17:21:24
ComboFix-quarantined-files.txt 2013-03-20 16:21
.
Vor Suchlauf: 16 Verzeichnis(se), 124.652.847.104 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 124.588.318.720 Bytes frei
.
- - End Of File - - 1EFCA8594464B839145242EA4B4A8B7E
|
|
20.03.2013, 22:47
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Eigene E-Mail Adresse verschickt Spam Mails JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.03.2013, 12:20
| #15 |
| | Eigene E-Mail Adresse verschickt Spam MailsCode:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by *** on 21.03.2013 at 7:33:46,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\***\AppData\Roaming\dvdvideosoftiehelpers"
~~~ FireFox
Successfully deleted: [Folder] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\h8hbr2c8.default\extensions\jid1-qQSMEVsYTOjgYA@jetpack
Successfully deleted the following from C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\h8hbr2c8.default\prefs.js
user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2269050.CTID", "CT2269050");
user_pref("CT2269050.CurrentServerDate", "16-8-2010");
user_pref("CT2269050.DialogsAlignMode", "LTR");
user_pref("CT2269050.DownloadReferralCookieData", "");
user_pref("CT2269050.EMailNotifierPollDate", "Mon Aug 16 2010 13:31:02 GMT+0200");
user_pref("CT2269050.FirstServerDate", "16-8-2010");
user_pref("CT2269050.FirstTime", true);
user_pref("CT2269050.FirstTimeFF3", true);
user_pref("CT2269050.FirstTimeSettingsDone", true);
user_pref("CT2269050.FixPageNotFoundErrors", true);
user_pref("CT2269050.GroupingServerCheckInterval", 1440);
user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2269050.Initialize", true);
user_pref("CT2269050.InitializeCommonPrefs", true);
user_pref("CT2269050.InstallationAndCookieDataSentCount", 1);
user_pref("CT2269050.InstallationType", "UnknownIntegration");
user_pref("CT2269050.InstalledDate", "Mon Aug 16 2010 13:31:02 GMT+0200");
user_pref("CT2269050.InvalidateCache", false);
user_pref("CT2269050.IsGrouping", false);
user_pref("CT2269050.IsMulticommunity", false);
user_pref("CT2269050.IsOpenThankYouPage", false);
user_pref("CT2269050.IsOpenUninstallPage", false);
user_pref("CT2269050.LanguagePackLastCheckTime", "Mon Aug 16 2010 13:31:07 GMT+0200");
user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2269050.LastLogin_2.7.0.14", "Mon Aug 16 2010 13:31:03 GMT+0200");
user_pref("CT2269050.LatestVersion", "2.1.0.18");
user_pref("CT2269050.Locale", "en");
user_pref("CT2269050.LoginCache", 4);
user_pref("CT2269050.MCDetectTooltipHeight", "83");
user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2269050.MCDetectTooltipWidth", "295");
user_pref("CT2269050.RadioIsPodcast", false);
user_pref("CT2269050.RadioLastCheckTime", "Mon Aug 16 2010 13:31:03 GMT+0200");
user_pref("CT2269050.RadioLastUpdateIPServer", "3");
user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
user_pref("CT2269050.RadioMediaID", "12473383");
user_pref("CT2269050.RadioMediaType", "Media Player");
user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
user_pref("CT2269050.RadioStationName", "Hotmix%20108");
user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2269050&octid=EB_ORIGINAL_CTID&SearchSource=1");
user_pref("CT2269050.SearchFromAddressBarIsInit", true);
user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=");
user_pref("CT2269050.SearchInNewTabEnabled", true);
user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
user_pref("CT2269050.SearchInNewTabLastCheckTime", "Mon Aug 16 2010 13:31:03 GMT+0200");
user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT2269050.SettingsCheckIntervalMin", 120);
user_pref("CT2269050.SettingsLastCheckTime", "Mon Aug 16 2010 13:31:01 GMT+0200");
user_pref("CT2269050.SettingsLastUpdate", "1281875761");
user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Mon Aug 16 2010 13:31:01 GMT+0200");
user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
user_pref("CT2269050.UserID", "UN57897085977206640");
user_pref("CT2269050.WeatherNetwork", "");
user_pref("CT2269050.WeatherPollDate", "Mon Aug 16 2010 13:31:03 GMT+0200");
user_pref("CT2269050.WeatherUnit", "C");
user_pref("CT2269050.alertChannelId", "666138");
user_pref("CT2269050.clientLogIsEnabled", false);
user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2269050.myStuffEnabled", true);
user_pref("CT2269050.myStuffPublihserMinWidth", 400);
user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=");
user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Aug 16 2010 13:31:02 GMT+0200");
user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
user_pref("CommunityToolbar.alert.locale", "en");
user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Aug 16 2010 13:31:01 GMT+0200");
user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1276093853");
user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.alert.showTrayIcon", false);
user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.alert.userId", "{69c0adc7-5f81-4a51-aadd-7798f98bcf4f}");
user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Aug 16 2010 13:31:03 GMT+0200");
user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q=");
user_pref("vshare.install.date", "1287446400000");
user_pref("vshare.install.finished", "1.0.0");
user_pref("vshare.install.guid", "{bfc2ffbf-c434-4ba5-b23e-a099981ff37b}");
user_pref("vshare.install.isDisabled", true);
user_pref("vshare.install.isHidden", true);
user_pref("vshare.install.laststatreq", "1287532800000");
user_pref("vshare.install.newtab", false);
Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\h8hbr2c8.default\minidumps [543 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.03.2013 at 7:38:25,08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.115 - Datei am 21/03/2013 um 11:44:51 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ANTEC300HEPP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\h8hbr2c8.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\h8hbr2c8.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\h8hbr2c8.default\searchplugins\icqplugin-1.xml
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\h8hbr2c8.default\Conduit
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\h8hbr2c8.default\extensions\vshare@toolbar
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\h8hbr2c8.default\jetpack
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\h8hbr2c8.default\prefs.js
Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.engineVerified", false);
Gelöscht : user_pref("icqtoolbar.geolastmodified", 1313096675);
Gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Gelöscht : user_pref("icqtoolbar.installTime", "1313096675");
Gelöscht : user_pref("icqtoolbar.newtab_state", "1");
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "4.0");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uninstStatSent", true);
Gelöscht : user_pref("icqtoolbar.uniqueID", "127307164612730716831273072673215");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1313096678);
Gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherWasShown", 0);
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
*************************
AdwCleaner[S1].txt - [3315 octets] - [21/03/2013 11:44:51]
########## EOF - C:\AdwCleaner[S1].txt - [3375 octets] ##########
Code:
ATTFilter OTL logfile created on: 21.03.2013 11:51:11 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 67,11% Memory free 7,99 Gb Paging File | 6,62 Gb Available in Paging File | 82,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 596,17 Gb Total Space | 116,08 Gb Free Space | 19,47% Space Free | Partition Type: NTFS Computer Name: ANTEC300HEPP | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe (CMedia) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe () PRC - C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe () PRC - C:\Windows\SysWOW64\HsMgr.exe () ========== Modules (No Company Name) ========== MOD - C:\Programme\ASUS Xonar DG Audio\Customapp\VmixP8.dll () MOD - C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe () MOD - C:\Windows\SysWOW64\HsMgr.exe () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation) SRV:64bit: - (pr2ah4nc) -- C:\Windows\SysNative\pr2ah4nc.exe (CODEMASTERS) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (BEService) -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (UI Assistant Service) -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys File not found DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (cmudaxp) -- C:\Windows\SysNative\drivers\cmudaxp.sys (C-Media Inc) DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.) DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.) DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.) DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.) DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (sfdrv01a) -- C:\Windows\SysNative\drivers\sfdrv01a.sys (Protection Technology (StarForce)) DRV:64bit: - (sfdrv01) -- C:\Windows\SysNative\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV:64bit: - (pe3ah4nc) -- C:\Windows\SysNative\drivers\pe3ah4nc.sys (CODEMASTERS) DRV:64bit: - (ps6ah4nc) -- C:\Windows\SysNative\drivers\ps6ah4nc.sys (CODEMASTERS) DRV:64bit: - (sfvfs02) -- C:\Windows\SysNative\drivers\sfvfs02.sys (Protection Technology (StarForce)) DRV:64bit: - (sfsync02) -- C:\Windows\SysNative\drivers\sfsync02.sys (Protection Technology) DRV:64bit: - (sfhlp02) -- C:\Windows\SysNative\drivers\sfhlp02.sys (Protection Technology (StarForce)) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (pe3ah4nc) -- C:\Windows\SysWOW64\drivers\pe3ah4nc.sys (Protection Technology (StarForce)) DRV - (ps6ah4nc) -- C:\Windows\SysWOW64\drivers\ps6ah4nc.sys (Protection Technology (StarForce)) DRV - (tandpl) -- C:\Windows\SysWOW64\drivers\tandpl.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 41 AA FE 02 61 F6 CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcATI.ACE\Fuel\amd64\AODDriver2.sys IE - HKCU\..\SearchScopes\{B53FC187-312F-475C-872F-14B1EB9F02C5}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "www.aero.de" FF - prefs.js..extensions.enabledAddons: %7B11483926-db67-4190-91b1-ef20fcec5f33%7D:0.4.5 FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:1.3.1 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.7 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {11483926-db67-4190-91b1-ef20fcec5f33}:0.4.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 16:57:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 16:57:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.05.05 15:47:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.03.21 11:44:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\h8hbr2c8.default\extensions [2012.12.08 23:44:50 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\h8hbr2c8.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2013.02.17 20:19:20 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\h8hbr2c8.default\extensions\ich@maltegoetz.de [2011.12.30 15:39:21 | 000,074,526 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\h8hbr2c8.default\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}.xpi [2012.12.08 23:44:58 | 000,269,905 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\h8hbr2c8.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012.12.08 23:44:50 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\h8hbr2c8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.08 16:57:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.08 16:57:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.03.08 16:57:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.19 20:57:03 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 06:31:50 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.19 20:57:03 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.19 20:57:03 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.19 20:57:03 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.19 20:57:03 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.03.20 17:19:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation) O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe () O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe () O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23FAC921-CAF7-485B-B5D8-C376F7EE5498}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1B9E70A-71F9-46FA-BA51-99BDE8C13E47}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5AF483A-507B-4E14-B698-AB34CC3D662D}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.21 07:33:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.21 07:33:37 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.21 07:31:25 | 000,549,920 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Konstantin Hepp\Desktop\JRT.exe [2013.03.20 22:39:23 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Log [2013.03.20 17:21:26 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.20 17:10:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.20 17:10:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.20 17:10:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.20 17:09:07 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.20 17:08:50 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.20 17:03:06 | 005,042,364 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.03.20 16:01:05 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2013.03.19 13:49:45 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar [2013.03.18 14:15:00 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\AntiMalware [2013.03.18 13:15:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.03.17 21:51:12 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\M GK Q1 Bruns [2013.03.17 18:24:31 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Anhang [2013.03.17 17:46:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\MigWiz [2013.03.15 23:54:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.03.15 23:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.15 23:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.15 23:54:05 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.15 23:54:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.15 23:53:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2013.03.15 23:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2013.03.15 14:00:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TIPP10 [2013.03.15 14:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TIPP10 [2013.03.15 14:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tipp10 [2013.03.12 17:23:11 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Bax [2013.03.09 21:20:31 | 000,000,000 | ---D | C] -- C:\Users\***\cityguide [2013.03.09 16:10:29 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Facharbeit Quellen [2013.03.09 14:47:13 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\EC 135 [2013.03.08 16:57:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.05 13:49:51 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.05 13:49:42 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.05 13:49:42 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.05 13:49:42 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.05 13:49:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.03 22:39:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{58C9229F-45DA-4A19-A127-F10582CFD5F7} [2013.03.01 14:53:38 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\NFS Most Wanted [2010.10.15 14:29:27 | 014,321,664 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Users\***\atioglxx.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.21 11:54:05 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.21 11:54:05 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.21 11:51:24 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.21 11:51:24 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.21 11:51:24 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.21 11:51:24 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.21 11:51:24 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.21 11:46:46 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.21 11:46:40 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2013.03.21 11:46:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.21 11:46:29 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys [2013.03.21 07:31:56 | 000,609,993 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.03.21 07:31:30 | 000,549,920 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe [2013.03.20 22:41:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.20 17:19:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.03.20 17:03:38 | 005,042,364 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.03.20 16:40:00 | 000,000,512 | ---- | M] () -- C:\Users\***\Desktop\MBR.dat [2013.03.20 16:19:54 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\TDSSKiller.exe [2013.03.20 16:02:30 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2013.03.19 13:50:21 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\8k5rdpv8.exe [2013.03.18 13:21:25 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.03.18 13:15:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.03.17 18:08:30 | 000,016,947 | ---- | M] () -- C:\Users\***\.recently-used.xbel [2013.03.17 11:30:00 | 000,316,568 | ---- | M] () -- C:\Users\***\Desktop\comp_IMG_1236_2.jpg [2013.03.17 11:29:58 | 003,814,958 | ---- | M] () -- C:\Users\***\Desktop\IMG_1236_2.jpg [2013.03.16 20:47:49 | 001,699,660 | ---- | M] () -- C:\Users\***\Desktop\IMG_0100.jpg [2013.03.15 14:00:23 | 000,000,979 | ---- | M] () -- C:\Users\***\Desktop\TIPP10.lnk [2013.03.15 12:18:45 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.03.15 12:18:45 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.03.15 12:15:03 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.03.10 17:09:03 | 000,001,192 | ---- | M] () -- C:\Users\***\Desktop\Facharbeit Q1 - Verknüpfung.lnk [2013.03.05 13:49:38 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.05 13:49:37 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.05 13:49:37 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.05 13:49:37 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.05 13:49:36 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2013.03.05 13:49:36 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.03.04 14:07:47 | 000,001,865 | ---- | M] () -- C:\Users\***p\Desktop\Fraps.lnk [2013.03.04 10:48:49 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.04 10:48:49 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.01 14:31:41 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk [2013.02.23 19:04:28 | 005,292,054 | ---- | M] () -- C:\Users\***\Desktop\fsscr001.bmp [2013.02.23 19:04:17 | 005,292,054 | ---- | M] () -- C:\Users\***\Desktop\fsscr000.bmp [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.21 07:31:52 | 000,609,993 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.03.20 17:10:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.20 17:10:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.20 17:10:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.20 17:10:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.20 17:10:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.20 16:15:10 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat [2013.03.19 13:50:20 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\8k5rdpv8.exe [2013.03.18 13:21:25 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.03.17 18:08:30 | 000,016,947 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2013.03.17 11:30:00 | 000,316,568 | ---- | C] () -- C:\Users\***\Desktop\comp_IMG_1236_2.jpg [2013.03.16 21:11:29 | 003,814,958 | ---- | C] () -- C:\Users\***\Desktop\IMG_1236_2.jpg [2013.03.16 20:47:48 | 001,699,660 | ---- | C] () -- C:\Users\***\Desktop\IMG_0100.jpg [2013.03.15 14:00:23 | 000,000,979 | ---- | C] () -- C:\Users\***\Desktop\TIPP10.lnk [2013.03.10 17:09:03 | 000,001,192 | ---- | C] () -- C:\Users\***\Desktop\Facharbeit Q1 - Verknüpfung.lnk [2013.03.04 14:07:47 | 000,001,865 | ---- | C] () -- C:\Users\***\Desktop\Fraps.lnk [2013.03.01 14:31:41 | 000,002,181 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk [2013.02.23 19:04:28 | 005,292,054 | ---- | C] () -- C:\Users\***\Desktop\fsscr001.bmp [2013.02.23 19:04:17 | 005,292,054 | ---- | C] () -- C:\Users\***\Desktop\fsscr000.bmp [2012.07.01 12:33:08 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2012.05.15 18:15:03 | 000,000,048 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini [2012.05.15 18:15:01 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe [2012.05.15 18:14:50 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll [2012.05.15 18:14:26 | 000,042,457 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl [2012.05.15 18:13:42 | 000,000,861 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi [2012.05.15 18:13:35 | 000,005,060 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg [2012.02.18 14:24:19 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.11.24 18:41:27 | 000,000,000 | ---- | C] () -- C:\Users\Konstantin Hepp\AppData\Local\{682C220D-04D8-435A-81B2-5F655AF6994A} [2011.11.10 03:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011.11.10 03:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.10.16 15:19:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.09.04 19:20:57 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll [2011.04.30 13:10:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.04.26 18:25:12 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.10.15 14:29:27 | 006,350,419 | ---- | C] () -- C:\Users\***\atioglxx.dl_ [2010.05.24 17:26:39 | 000,007,602 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2004.01.26 17:15:29 | 000,233,472 | R--- | C] () -- C:\Users\***\AppData\Roaming\MafiaSetup.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > |
|
| Themen zu Eigene E-Mail Adresse verschickt Spam Mails |
| antivir, avira, bho, computer, e-mail, error, firefox, format, helper, home, hotspot, langsam, launch, logfile, malware, mozilla, object, plug-in, problem, problem gelöst, realtek, registry, sehr langsam, sekunden, senden, software, spam, spammail, super, system, trojaner, trojaner board, viren, visual studio |
Linear-Darstellung
