| |
| |||||||
Log-Analyse und Auswertung: Mail-Anhang geöffnet seitdem Schadsoftware o.ä. auf dem LaptopWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.04.2013, 19:08
| #1 |
 |  Mail-Anhang geöffnet seitdem Schadsoftware o.ä. auf dem Laptop Hallo, ich hoffe ihr könnt mir helfen. Ich habe vor ca. 2 Wochen einen email-Anhang geöffnet (zip-Datei, als Rechnung ausgewiesen) und nun mir irgendeinen Schädling eingefangen. Die email ist aber verschwunden. avast hat unter andrem sowas wie win32 evo als Bedrohung gemeldet. Soll ich nach eurer Checkliste vorgehen oder was soll ich tun? Geändert von Dixiland (09.04.2013 um 19:30 Uhr) |
|
10.04.2013, 00:41
| #2 |
| /// TB-Ausbilder   |  Mail-Anhang geöffnet seitdem Schadsoftware o.ä. auf dem Laptop Hi,
__________________ich hab im Log gesehen, dass du bereits TDSSKiller und andere ausgeführt hast. Wurde damit etwas gefunden oder gelöscht? Falls ja, dann muss ich die entsprechenden Logs davon sehen. Und mach bitte zusätzlich noch einen Gmer-Scan: (Die Logfiles bitte nicht anhängen (das erschwert mir das Auswerten massiv), sondern deren Inhalt direkt innerhalb von Codetags einfügen: [code]Inhalt Logfile[/code].) Schritt 1 Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ |
|
10.04.2013, 20:24
| #3 |
| | Mail-Anhang geöffnet seitdem Schadsoftware o.ä. auf dem Laptop Hallo jetzt habe ich das GMER laufen lassen, allerdings mein avast vergessen auszuschalten . Soll ich nochmal? Hoffentlich mach ich das richtig, mit dem einfügen. Vielen Dank im Voraus für deine Mühen! Dixiland
__________________GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-10 21:09:05
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932042 rev.0002 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Martin\AppData\Local\Temp\agliypow.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[572] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077aceecd 1 byte [62]
.text C:\Windows\system32\services.exe[628] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077aceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[756] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077aceecd 1 byte [62]
.text C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[812] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007668a30a 1 byte [62]
.text C:\Windows\system32\winlogon.exe[844] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077aceecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077aceecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[532] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077aceecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[352] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077aceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1068] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077aceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1248] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077aceecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[1260] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077aceecd 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe[1348] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007668a30a 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1560] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077aceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1628] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077aceecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[1692] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077aceecd 1 byte [62]
.text C:\Windows\Explorer.EXE[1872] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077aceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1880] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077aceecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1196] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077aceecd 1 byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1596] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077aceecd 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe[2720] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007668a30a 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe[2880] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007668a30a 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077d8faa0 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077d8fb38 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d8fc90 5 bytes JMP 0000000100240c0c
.text C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d90018 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d91900 5 bytes JMP 0000000100240e10
.text C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077dac45a 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077db1217 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007668a30a 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076bfee09 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076c03982 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c07603 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076c0835c 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c1f52b 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077495181 5 bytes JMP 00000001002e1014
.text C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077495254 5 bytes JMP 00000001002e0804
.text C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000774953d5 5 bytes JMP 00000001002e0a08
.text C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000774954c2 5 bytes JMP 00000001002e0c0c
.text C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000774955e2 5 bytes JMP 00000001002e0e10
.text C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007749567c 5 bytes JMP 00000001002e01f8
.text C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007749589f 5 bytes JMP 00000001002e03fc
.text C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe[2096] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077495a22 5 bytes JMP 00000001002e0600
.text C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe[2164] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077d8faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe[2164] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077d8fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe[2164] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d8fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe[2164] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d90018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe[2164] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d91900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe[2164] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077dac45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe[2164] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077db1217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe[2164] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007668a30a 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe[2164] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076bfee09 5 bytes JMP 00000001003c01f8
.text C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe[2164] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076c03982 5 bytes JMP 00000001003c03fc
.text C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe[2164] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c07603 5 bytes JMP 00000001003c0804
.text C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe[2164] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076c0835c 5 bytes JMP 00000001003c0600
.text C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe[2164] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c1f52b 5 bytes JMP 00000001003c0a08
.text C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe[2164] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077495181 5 bytes JMP 00000001003d1014
.text C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe[2164] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077495254 5 bytes JMP 00000001003d0804
.text C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe[2164] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000774953d5 5 bytes JMP 00000001003d0a08
.text C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe[2164] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000774954c2 5 bytes JMP 00000001003d0c0c
.text C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe[2164] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000774955e2 5 bytes JMP 00000001003d0e10
.text C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe[2164] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007749567c 5 bytes JMP 00000001003d01f8
.text C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe[2164] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007749589f 5 bytes JMP 00000001003d03fc
.text C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe[2164] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077495a22 5 bytes JMP 00000001003d0600
.text C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe[2132] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077d8faa0 5 bytes JMP 00000001001d0600
.text C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe[2132] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077d8fb38 5 bytes JMP 00000001001d0804
.text C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe[2132] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d8fc90 5 bytes JMP 00000001001d0c0c
.text C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe[2132] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d90018 5 bytes JMP 00000001001d0a08
.text C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe[2132] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d91900 5 bytes JMP 00000001001d0e10
.text C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe[2132] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077dac45a 5 bytes JMP 00000001001d01f8
.text C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe[2132] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077db1217 5 bytes JMP 00000001001d03fc
.text C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe[2132] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007668a30a 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe[2132] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076bfee09 5 bytes JMP 00000001001e01f8
.text C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe[2132] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076c03982 5 bytes JMP 00000001001e03fc
.text C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe[2132] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c07603 5 bytes JMP 00000001001e0804
.text C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe[2132] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076c0835c 5 bytes JMP 00000001001e0600
.text C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe[2132] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c1f52b 5 bytes JMP 00000001001e0a08
.text C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe[2132] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077495181 5 bytes JMP 0000000100271014
.text C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe[2132] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077495254 5 bytes JMP 0000000100270804
.text C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe[2132] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000774953d5 5 bytes JMP 0000000100270a08
.text C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe[2132] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000774954c2 5 bytes JMP 0000000100270c0c
.text C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe[2132] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000774955e2 5 bytes JMP 0000000100270e10
.text C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe[2132] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007749567c 5 bytes JMP 00000001002701f8
.text C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe[2132] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007749589f 5 bytes JMP 00000001002703fc
.text C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe[2132] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077495a22 5 bytes JMP 0000000100270600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077bb3ae0 5 bytes JMP 000000010027075c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077bb7a90 5 bytes JMP 00000001002703a4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077be1490 5 bytes JMP 0000000100270b14
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077be14f0 5 bytes JMP 0000000100270ecc
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077be15d0 5 bytes JMP 000000010027163c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077be1810 5 bytes JMP 0000000100271284
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077be2840 5 bytes JMP 00000001002719f4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2860] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077aceecd 1 byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2860] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff976e00 5 bytes JMP 000007ff7f991dac
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2860] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff976f2c 5 bytes JMP 000007ff7f990ecc
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2860] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff977220 5 bytes JMP 000007ff7f991284
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2860] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff97739c 5 bytes JMP 000007ff7f99163c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2860] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff977538 5 bytes JMP 000007ff7f9919f4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2860] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9775e8 5 bytes JMP 000007ff7f9903a4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2860] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff97790c 5 bytes JMP 000007ff7f99075c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2860] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff977ab4 5 bytes JMP 000007ff7f990b14
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077bb3ae0 5 bytes JMP 000000010033075c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077bb7a90 5 bytes JMP 00000001003303a4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077be1490 5 bytes JMP 0000000100330b14
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077be14f0 5 bytes JMP 0000000100330ecc
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077be15d0 5 bytes JMP 000000010033163c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077be1810 5 bytes JMP 0000000100331284
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077be2840 5 bytes JMP 00000001003319f4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077aceecd 1 byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff976e00 5 bytes JMP 000007ff7f991dac
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff976f2c 5 bytes JMP 000007ff7f990ecc
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff977220 5 bytes JMP 000007ff7f991284
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff97739c 5 bytes JMP 000007ff7f99163c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff977538 5 bytes JMP 000007ff7f9919f4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9775e8 5 bytes JMP 000007ff7f9903a4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff97790c 5 bytes JMP 000007ff7f99075c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff977ab4 5 bytes JMP 000007ff7f990b14
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077bb3ae0 5 bytes JMP 00000001002e075c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077bb7a90 5 bytes JMP 00000001002e03a4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077be1490 5 bytes JMP 00000001002e0b14
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077be14f0 5 bytes JMP 00000001002e0ecc
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077be15d0 5 bytes JMP 00000001002e163c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077be1810 5 bytes JMP 00000001002e1284
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2744] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077be2840 5 bytes JMP 00000001002e19f4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2744] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077aceecd 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2744] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff976e00 5 bytes JMP 000007ff7f991dac
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2744] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff976f2c 5 bytes JMP 000007ff7f990ecc
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2744] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff977220 5 bytes JMP 000007ff7f991284
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2744] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff97739c 5 bytes JMP 000007ff7f99163c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2744] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff977538 5 bytes JMP 000007ff7f9919f4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2744] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9775e8 5 bytes JMP 000007ff7f9903a4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2744] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff97790c 5 bytes JMP 000007ff7f99075c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2744] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff977ab4 5 bytes JMP 000007ff7f990b14
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3136] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff976e00 5 bytes JMP 000007ff7f991dac
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3136] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff976f2c 5 bytes JMP 000007ff7f990ecc
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3136] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff977220 5 bytes JMP 000007ff7f991284
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3136] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff97739c 5 bytes JMP 000007ff7f99163c
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3136] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff977538 5 bytes JMP 000007ff7f9919f4
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3136] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9775e8 5 bytes JMP 000007ff7f9903a4
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3136] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff97790c 5 bytes JMP 000007ff7f99075c
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3136] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff977ab4 5 bytes JMP 000007ff7f990b14
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077bb3ae0 5 bytes JMP 000000010030075c
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077bb7a90 5 bytes JMP 00000001003003a4
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077be1490 5 bytes JMP 0000000100300b14
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077be14f0 5 bytes JMP 0000000100300ecc
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077be15d0 5 bytes JMP 000000010030163c
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077be1810 5 bytes JMP 0000000100301284
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077be2840 5 bytes JMP 00000001003019f4
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077aceecd 1 byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff976e00 5 bytes JMP 000007ff7f991dac
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff976f2c 5 bytes JMP 000007ff7f990ecc
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff977220 5 bytes JMP 000007ff7f991284
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff97739c 5 bytes JMP 000007ff7f99163c
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff977538 5 bytes JMP 000007ff7f9919f4
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9775e8 5 bytes JMP 000007ff7f9903a4
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff97790c 5 bytes JMP 000007ff7f99075c
.text C:\Program Files\Windows Sidebar\sidebar.exe[3172] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff977ab4 5 bytes JMP 000007ff7f990b14
.text C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe[3328] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077d8faa0 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe[3328] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077d8fb38 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe[3328] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d8fc90 5 bytes JMP 0000000100240c0c
.text C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe[3328] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d90018 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe[3328] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d91900 5 bytes JMP 0000000100240e10
.text C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe[3328] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077dac45a 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe[3328] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077db1217 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe[3328] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007668a30a 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe[3328] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076bfee09 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe[3328] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076c03982 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe[3328] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c07603 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe[3328] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076c0835c 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe[3328] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c1f52b 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe[3328] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077495181 5 bytes JMP 0000000100261014
.text C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe[3328] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077495254 5 bytes JMP 0000000100260804
.text C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe[3328] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000774953d5 5 bytes JMP 0000000100260a08
.text C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe[3328] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000774954c2 5 bytes JMP 0000000100260c0c
.text C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe[3328] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000774955e2 5 bytes JMP 0000000100260e10
.text C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe[3328] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007749567c 5 bytes JMP 00000001002601f8
.text C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe[3328] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007749589f 5 bytes JMP 00000001002603fc
.text C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe[3328] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077495a22 5 bytes JMP 0000000100260600
.text C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077d8faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077d8fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d8fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d90018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d91900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe[3348] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077dac45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe[3348] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077db1217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe[3348] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007668a30a 1 byte [62]
.text C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe[3348] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076bfee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe[3348] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076c03982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe[3348] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c07603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe[3348] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076c0835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe[3348] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c1f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe[3348] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077495181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe[3348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077495254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe[3348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000774953d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe[3348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000774954c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe[3348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000774955e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe[3348] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007749567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe[3348] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007749589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe[3348] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077495a22 5 bytes JMP 0000000100250600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3356] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007668a30a 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765a1465 2 bytes [5A, 76]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765a14bb 2 bytes [5A, 76]
.text ... * 2
.text C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe[3364] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077d8faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe[3364] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077d8fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe[3364] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d8fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe[3364] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d90018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe[3364] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d91900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe[3364] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077dac45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe[3364] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077db1217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe[3364] C:\Windows\syswow64\KERNEL32.dll!SetUnhandledExceptionFilter 00000000766687b1 5 bytes [33, C0, C2, 04, 00]
.text C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe[3364] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007668a30a 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077bb3ae0 5 bytes JMP 00000001001b075c
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077bb7a90 5 bytes JMP 00000001001b03a4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077be1490 5 bytes JMP 00000001001b0b14
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077be14f0 5 bytes JMP 00000001001b0ecc
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077be15d0 5 bytes JMP 00000001001b163c
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077be1810 5 bytes JMP 00000001001b1284
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1948] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077be2840 5 bytes JMP 00000001001b19f4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1948] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077aceecd 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[4592] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000077aceecd 1 byte [62]
.text C:\Windows\system32\taskeng.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077bb3ae0 5 bytes JMP 000000010030075c
.text C:\Windows\system32\taskeng.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077bb7a90 5 bytes JMP 00000001003003a4
.text C:\Windows\system32\taskeng.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077be1490 5 bytes JMP 0000000100300b14
.text C:\Windows\system32\taskeng.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077be14f0 5 bytes JMP 0000000100300ecc
.text C:\Windows\system32\taskeng.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077be15d0 5 bytes JMP 000000010030163c
.text C:\Windows\system32\taskeng.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077be1810 5 bytes JMP 0000000100301284
.text C:\Windows\system32\taskeng.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077be2840 5 bytes JMP 00000001003019f4
.text C:\Windows\system32\taskeng.exe[4140] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff976e00 5 bytes JMP 000007ff7f991dac
.text C:\Windows\system32\taskeng.exe[4140] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff976f2c 5 bytes JMP 000007ff7f990ecc
.text C:\Windows\system32\taskeng.exe[4140] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff977220 5 bytes JMP 000007ff7f991284
.text C:\Windows\system32\taskeng.exe[4140] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff97739c 5 bytes JMP 000007ff7f99163c
.text C:\Windows\system32\taskeng.exe[4140] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff977538 5 bytes JMP 000007ff7f9919f4
.text C:\Windows\system32\taskeng.exe[4140] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9775e8 5 bytes JMP 000007ff7f9903a4
.text C:\Windows\system32\taskeng.exe[4140] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff97790c 5 bytes JMP 000007ff7f99075c
.text C:\Windows\system32\taskeng.exe[4140] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff977ab4 5 bytes JMP 000007ff7f990b14
.text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[3048] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077d8faa0 5 bytes JMP 0000000100030600
.text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[3048] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077d8fb38 5 bytes JMP 0000000100030804
.text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[3048] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077d8fc90 5 bytes JMP 0000000100030c0c
.text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[3048] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077d90018 5 bytes JMP 0000000100030a08
.text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[3048] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077d91900 5 bytes JMP 0000000100030e10
.text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[3048] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077dac45a 5 bytes JMP 00000001000301f8
.text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[3048] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077db1217 5 bytes JMP 00000001000303fc
.text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[3048] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007668a30a 1 byte [62]
.text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[3048] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077495181 5 bytes JMP 0000000100241014
.text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[3048] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077495254 5 bytes JMP 0000000100240804
.text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[3048] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000774953d5 5 bytes JMP 0000000100240a08
.text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[3048] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000774954c2 5 bytes JMP 0000000100240c0c
.text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[3048] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000774955e2 5 bytes JMP 0000000100240e10
.text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[3048] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007749567c 5 bytes JMP 00000001002401f8
.text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[3048] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007749589f 5 bytes JMP 00000001002403fc
.text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[3048] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077495a22 5 bytes JMP 0000000100240600
.text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[3048] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076bfee09 5 bytes JMP 00000001002501f8
.text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[3048] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076c03982 5 bytes JMP 00000001002503fc
.text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[3048] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076c07603 5 bytes JMP 0000000100250804
.text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[3048] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076c0835c 5 bytes JMP 0000000100250600
.text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[3048] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076c1f52b 5 bytes JMP 0000000100250a08
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 5
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@DisplayName aswKbd
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Group Keyboard Port
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Description avast! keyboard filter driver (aswKbd)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Tag 8
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 32
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 1069569
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 14
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243cc5b5b
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243cc5b5b@00219e725e48 0x6B 0x0A 0x90 0x1D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243cc5b5b@0023f188feb2 0x16 0xDF 0x0C 0xD0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243cc5b5b@0007ab981091 0x5A 0xF4 0x0A 0x38 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243cc5b5b@a8922c547c42 0x5E 0x95 0x9C 0x12 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB5 0x7B 0xE9 0xBF ...
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 5
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@DisplayName aswKbd
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Group Keyboard Port
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Description avast! keyboard filter driver (aswKbd)
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Tag 8
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 32
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 1069569
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 14
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243cc5b5b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243cc5b5b@00219e725e48 0x6B 0x0A 0x90 0x1D ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243cc5b5b@0023f188feb2 0x16 0xDF 0x0C 0xD0 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243cc5b5b@0007ab981091 0x5A 0xF4 0x0A 0x38 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243cc5b5b@a8922c547c42 0x5E 0x95 0x9C 0x12 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB5 0x7B 0xE9 0xBF ...
---- EOF - GMER 2.1 ----
|
|
10.04.2013, 20:38
| #4 |
| | Mail-Anhang geöffnet seitdem Schadsoftware o.ä. auf dem Laptop So jetzt hab ich den logfile vom tdss killer gefunden. Code:
ATTFilter 17:52:58.0399 2416 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:52:58.0665 2416 ============================================================
17:52:58.0665 2416 Current date / time: 2013/04/08 17:52:58.0665
17:52:58.0665 2416 SystemInfo:
17:52:58.0665 2416
17:52:58.0665 2416 OS Version: 6.1.7601 ServicePack: 1.0
17:52:58.0665 2416 Product type: Workstation
17:52:58.0665 2416 ComputerName: MARTIN-PC
17:52:58.0665 2416 UserName: Martin
17:52:58.0665 2416 Windows directory: C:\Windows
17:52:58.0665 2416 System windows directory: C:\Windows
17:52:58.0665 2416 Running under WOW64
17:52:58.0665 2416 Processor architecture: Intel x64
17:52:58.0665 2416 Number of processors: 2
17:52:58.0665 2416 Page size: 0x1000
17:52:58.0665 2416 Boot type: Normal boot
17:52:58.0665 2416 ============================================================
17:52:59.0523 2416 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:52:59.0554 2416 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x97695, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
17:52:59.0585 2416 ============================================================
17:52:59.0585 2416 \Device\Harddisk0\DR0:
17:52:59.0585 2416 MBR partitions:
17:52:59.0585 2416 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1963000, BlocksNum 0x12A17000
17:52:59.0601 2416 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1437A800, BlocksNum 0x110B3800
17:52:59.0601 2416 \Device\Harddisk1\DR1:
17:52:59.0601 2416 MBR partitions:
17:52:59.0601 2416 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A16800
17:52:59.0601 2416 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x12A17000, BlocksNum 0x12A166C1
17:52:59.0601 2416 ============================================================
17:52:59.0632 2416 C: <-> \Device\Harddisk0\DR0\Partition1
17:52:59.0647 2416 D: <-> \Device\Harddisk1\DR1\Partition1
17:52:59.0710 2416 F: <-> \Device\Harddisk0\DR0\Partition2
17:52:59.0725 2416 G: <-> \Device\Harddisk1\DR1\Partition2
17:52:59.0725 2416 ============================================================
17:52:59.0725 2416 Initialize success
17:52:59.0725 2416 ============================================================
17:54:44.0994 1188 ============================================================
17:54:44.0994 1188 Scan started
17:54:44.0994 1188 Mode: Manual; SigCheck; TDLFS;
17:54:44.0994 1188 ============================================================
17:54:46.0102 1188 ================ Scan system memory ========================
17:54:46.0102 1188 System memory - ok
17:54:46.0118 1188 ================ Scan services =============================
17:54:46.0305 1188 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:54:46.0586 1188 1394ohci - ok
17:54:46.0664 1188 [ 2D6434E957F7CFA0035C20890F77BBC6 ] a2acc C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
17:54:46.0742 1188 a2acc - ok
17:54:46.0866 1188 [ A7F08A73F2668FCD2B51A66751FA7FF3 ] a2AntiMalware C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
17:54:47.0038 1188 a2AntiMalware - ok
17:54:47.0069 1188 [ D27A8B7BB0E15DFBFC6B4E774EE17AD9 ] A2DDA C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
17:54:47.0116 1188 A2DDA - ok
17:54:47.0147 1188 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:54:47.0210 1188 ACPI - ok
17:54:47.0241 1188 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:54:47.0334 1188 AcpiPmi - ok
17:54:47.0428 1188 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:54:47.0490 1188 AdobeFlashPlayerUpdateSvc - ok
17:54:47.0537 1188 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:54:47.0615 1188 adp94xx - ok
17:54:47.0646 1188 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:54:47.0709 1188 adpahci - ok
17:54:47.0740 1188 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:54:47.0787 1188 adpu320 - ok
17:54:47.0818 1188 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:54:48.0005 1188 AeLookupSvc - ok
17:54:48.0052 1188 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:54:48.0161 1188 AFD - ok
17:54:48.0192 1188 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:54:48.0224 1188 agp440 - ok
17:54:48.0270 1188 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:54:48.0348 1188 ALG - ok
17:54:48.0364 1188 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:54:48.0411 1188 aliide - ok
17:54:48.0426 1188 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:54:48.0473 1188 amdide - ok
17:54:48.0504 1188 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:54:48.0567 1188 AmdK8 - ok
17:54:48.0582 1188 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:54:48.0645 1188 AmdPPM - ok
17:54:48.0676 1188 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:54:48.0723 1188 amdsata - ok
17:54:48.0754 1188 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:54:48.0801 1188 amdsbs - ok
17:54:48.0816 1188 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:54:48.0863 1188 amdxata - ok
17:54:48.0894 1188 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:54:49.0097 1188 AppID - ok
17:54:49.0128 1188 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:54:49.0253 1188 AppIDSvc - ok
17:54:49.0284 1188 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:54:49.0409 1188 Appinfo - ok
17:54:49.0425 1188 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:54:49.0472 1188 arc - ok
17:54:49.0503 1188 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:54:49.0534 1188 arcsas - ok
17:54:49.0596 1188 [ EB1807795CD3EEAA3288B4A30DE254E8 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
17:54:49.0643 1188 ASLDRService - ok
17:54:49.0706 1188 [ 2DB34EDD17D3A8DA7105A19C95A3DD68 ] ASMMAP64 C:\Program Files\ATKGFNEX\ASMMAP64.sys
17:54:49.0752 1188 ASMMAP64 - ok
17:54:49.0784 1188 [ B217378ED9A964E15346A67FEF609A17 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
17:54:49.0830 1188 aswFsBlk - ok
17:54:49.0862 1188 [ FA5820B2A57D098EE2DFDBF77A924A4D ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
17:54:49.0908 1188 aswKbd - ok
17:54:49.0940 1188 [ E92635BB235B03ED03B17CBB59F77FA4 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
17:54:50.0002 1188 aswMonFlt - ok
17:54:50.0033 1188 [ 8F90459AFB7FD4557D935CE639EF6110 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
17:54:50.0096 1188 aswRdr - ok
17:54:50.0111 1188 [ DE6759B8D8E62BF0FFF2B05F05AFCEE6 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
17:54:50.0158 1188 aswRvrt - ok
17:54:50.0205 1188 [ AB8B4D3136D18A20777036E0F0CFC5E1 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
17:54:50.0314 1188 aswSnx - ok
17:54:50.0345 1188 [ 97D4D725BD32C965119E6C8E252F8C64 ] aswSP C:\Windows\system32\drivers\aswSP.sys
17:54:50.0408 1188 aswSP - ok
17:54:50.0439 1188 [ D62C10D1829C65115111C160EA956260 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
17:54:50.0486 1188 aswTdi - ok
17:54:50.0501 1188 [ 7E44C2684A6CA779B9D07CB4BD3F649D ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
17:54:50.0564 1188 aswVmm - ok
17:54:50.0579 1188 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:54:50.0704 1188 AsyncMac - ok
17:54:50.0720 1188 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:54:50.0766 1188 atapi - ok
17:54:50.0829 1188 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
17:54:51.0000 1188 athr - ok
17:54:51.0016 1188 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe
17:54:51.0047 1188 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
17:54:51.0047 1188 ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
17:54:51.0094 1188 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:54:51.0234 1188 AudioEndpointBuilder - ok
17:54:51.0266 1188 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:54:51.0375 1188 AudioSrv - ok
17:54:51.0422 1188 [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:54:51.0468 1188 avast! Antivirus - ok
17:54:51.0500 1188 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:54:51.0609 1188 AxInstSV - ok
17:54:51.0640 1188 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:54:51.0734 1188 b06bdrv - ok
17:54:51.0780 1188 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:54:51.0827 1188 b57nd60a - ok
17:54:51.0874 1188 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:54:51.0936 1188 BDESVC - ok
17:54:51.0968 1188 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:54:52.0077 1188 Beep - ok
17:54:52.0124 1188 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:54:52.0280 1188 BFE - ok
17:54:52.0326 1188 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
17:54:52.0467 1188 BITS - ok
17:54:52.0482 1188 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:54:52.0545 1188 blbdrive - ok
17:54:52.0576 1188 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:54:52.0638 1188 bowser - ok
17:54:52.0654 1188 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:54:52.0716 1188 BrFiltLo - ok
17:54:52.0732 1188 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:54:52.0794 1188 BrFiltUp - ok
17:54:52.0841 1188 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:54:52.0919 1188 Browser - ok
17:54:53.0091 1188 [ A74AC411798DA32CFC655A9A9F2EB74A ] BrowserProtect C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
17:54:53.0231 1188 BrowserProtect - ok
17:54:53.0262 1188 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:54:53.0340 1188 Brserid - ok
17:54:53.0356 1188 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:54:53.0434 1188 BrSerWdm - ok
17:54:53.0450 1188 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:54:53.0512 1188 BrUsbMdm - ok
17:54:53.0528 1188 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:54:53.0590 1188 BrUsbSer - ok
17:54:53.0621 1188 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
17:54:53.0684 1188 BthEnum - ok
17:54:53.0715 1188 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:54:53.0777 1188 BTHMODEM - ok
17:54:53.0793 1188 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:54:53.0855 1188 BthPan - ok
17:54:53.0933 1188 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
17:54:54.0027 1188 BTHPORT - ok
17:54:54.0058 1188 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:54:54.0183 1188 bthserv - ok
17:54:54.0214 1188 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
17:54:54.0276 1188 BTHUSB - ok
17:54:54.0308 1188 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:54:54.0432 1188 cdfs - ok
17:54:54.0464 1188 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
17:54:54.0542 1188 cdrom - ok
17:54:54.0573 1188 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:54:54.0698 1188 CertPropSvc - ok
17:54:54.0713 1188 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:54:54.0776 1188 circlass - ok
17:54:54.0807 1188 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:54:54.0854 1188 CLFS - ok
17:54:54.0932 1188 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:54:54.0978 1188 clr_optimization_v2.0.50727_32 - ok
17:54:55.0041 1188 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:54:55.0072 1188 clr_optimization_v2.0.50727_64 - ok
17:54:55.0134 1188 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:54:55.0181 1188 clr_optimization_v4.0.30319_32 - ok
17:54:55.0212 1188 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:54:55.0259 1188 clr_optimization_v4.0.30319_64 - ok
17:54:55.0259 1188 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:54:55.0322 1188 CmBatt - ok
17:54:55.0353 1188 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:54:55.0384 1188 cmdide - ok
17:54:55.0431 1188 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
17:54:55.0524 1188 CNG - ok
17:54:55.0556 1188 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:54:55.0602 1188 Compbatt - ok
17:54:55.0649 1188 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:54:55.0712 1188 CompositeBus - ok
17:54:55.0727 1188 COMSysApp - ok
17:54:55.0758 1188 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:54:55.0805 1188 crcdisk - ok
17:54:55.0868 1188 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
17:54:55.0899 1188 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
17:54:55.0899 1188 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
17:54:55.0914 1188 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
17:54:55.0946 1188 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
17:54:55.0946 1188 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
17:54:55.0977 1188 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:54:56.0055 1188 CryptSvc - ok
17:54:56.0117 1188 [ 24B0B8D3CBB46ED5F16551974AE8D222 ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
17:54:56.0148 1188 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
17:54:56.0148 1188 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
17:54:56.0195 1188 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:54:56.0320 1188 DcomLaunch - ok
17:54:56.0351 1188 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:54:56.0460 1188 defragsvc - ok
17:54:56.0492 1188 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:54:56.0601 1188 DfsC - ok
17:54:56.0648 1188 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
17:54:56.0694 1188 dg_ssudbus - ok
17:54:56.0726 1188 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:54:56.0819 1188 Dhcp - ok
17:54:56.0850 1188 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:54:56.0975 1188 discache - ok
17:54:56.0991 1188 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:54:57.0038 1188 Disk - ok
17:54:57.0069 1188 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:54:57.0147 1188 Dnscache - ok
17:54:57.0178 1188 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:54:57.0303 1188 dot3svc - ok
17:54:57.0334 1188 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:54:57.0459 1188 DPS - ok
17:54:57.0474 1188 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:54:57.0537 1188 drmkaud - ok
17:54:57.0584 1188 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:54:57.0677 1188 DXGKrnl - ok
17:54:57.0724 1188 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:54:57.0833 1188 EapHost - ok
17:54:57.0942 1188 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:54:58.0130 1188 ebdrv - ok
17:54:58.0176 1188 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:54:58.0223 1188 EFS - ok
17:54:58.0286 1188 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:54:58.0379 1188 ehRecvr - ok
17:54:58.0410 1188 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:54:58.0473 1188 ehSched - ok
17:54:58.0520 1188 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:54:58.0598 1188 elxstor - ok
17:54:58.0613 1188 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:54:58.0660 1188 ErrDev - ok
17:54:58.0722 1188 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:54:58.0863 1188 EventSystem - ok
17:54:58.0878 1188 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:54:59.0003 1188 exfat - ok
17:54:59.0034 1188 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:54:59.0175 1188 fastfat - ok
17:54:59.0222 1188 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:54:59.0315 1188 Fax - ok
17:54:59.0331 1188 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:54:59.0393 1188 fdc - ok
17:54:59.0424 1188 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:54:59.0534 1188 fdPHost - ok
17:54:59.0565 1188 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:54:59.0690 1188 FDResPub - ok
17:54:59.0705 1188 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:54:59.0752 1188 FileInfo - ok
17:54:59.0768 1188 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:54:59.0892 1188 Filetrace - ok
17:54:59.0908 1188 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:54:59.0970 1188 flpydisk - ok
17:55:00.0002 1188 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:55:00.0048 1188 FltMgr - ok
17:55:00.0111 1188 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:55:00.0236 1188 FontCache - ok
17:55:00.0282 1188 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:55:00.0329 1188 FontCache3.0.0.0 - ok
17:55:00.0345 1188 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:55:00.0392 1188 FsDepends - ok
17:55:00.0407 1188 [ 53DAB1791917A72738539AD25C4EED7F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
17:55:00.0454 1188 fssfltr - ok
17:55:00.0532 1188 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
17:55:00.0610 1188 fsssvc - ok
17:55:00.0641 1188 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:55:00.0688 1188 Fs_Rec - ok
17:55:00.0735 1188 [ 434B6251710F3F2D19D5E040D336300D ] Futuremark SystemInfo Service C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
17:55:00.0782 1188 Futuremark SystemInfo Service - ok
17:55:00.0828 1188 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:55:00.0891 1188 fvevol - ok
17:55:00.0906 1188 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:55:00.0953 1188 gagp30kx - ok
17:55:00.0984 1188 [ A4198F2BD8AA592CB90476277A81B5E1 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
17:55:01.0031 1188 ggflt - ok
17:55:01.0031 1188 [ D266350BDAAB9EB6C1AEC370EEAAFF3A ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
17:55:01.0078 1188 ggsemc - ok
17:55:01.0125 1188 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:55:01.0281 1188 gpsvc - ok
17:55:01.0328 1188 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:55:01.0374 1188 gupdate - ok
17:55:01.0390 1188 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:55:01.0421 1188 gupdatem - ok
17:55:01.0452 1188 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:55:01.0515 1188 hcw85cir - ok
17:55:01.0546 1188 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:55:01.0624 1188 HdAudAddService - ok
17:55:01.0655 1188 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:55:01.0718 1188 HDAudBus - ok
17:55:01.0733 1188 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:55:01.0796 1188 HidBatt - ok
17:55:01.0827 1188 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:55:01.0889 1188 HidBth - ok
17:55:01.0920 1188 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:55:01.0983 1188 HidIr - ok
17:55:02.0014 1188 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
17:55:02.0139 1188 hidserv - ok
17:55:02.0170 1188 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:55:02.0217 1188 HidUsb - ok
17:55:02.0248 1188 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:55:02.0357 1188 hkmsvc - ok
17:55:02.0404 1188 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:55:02.0482 1188 HomeGroupListener - ok
17:55:02.0529 1188 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:55:02.0607 1188 HomeGroupProvider - ok
17:55:02.0622 1188 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:55:02.0669 1188 HpSAMD - ok
17:55:02.0716 1188 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:55:02.0856 1188 HTTP - ok
17:55:02.0872 1188 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:55:02.0919 1188 hwpolicy - ok
17:55:02.0934 1188 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:55:02.0981 1188 i8042prt - ok
17:55:03.0028 1188 [ 1ADAA4F16073FD0C7270F451FD024E97 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
17:55:03.0075 1188 iaStor - ok
17:55:03.0122 1188 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:55:03.0184 1188 iaStorV - ok
17:55:03.0246 1188 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:55:03.0340 1188 idsvc - ok
17:55:03.0387 1188 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:55:03.0418 1188 iirsp - ok
17:55:03.0465 1188 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:55:03.0621 1188 IKEEXT - ok
17:55:03.0714 1188 [ 13089F31AA37CDE1CE3784EE01A48484 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:55:03.0886 1188 IntcAzAudAddService - ok
17:55:03.0933 1188 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:55:03.0980 1188 intelide - ok
17:55:03.0995 1188 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:55:04.0058 1188 intelppm - ok
17:55:04.0089 1188 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:55:04.0214 1188 IPBusEnum - ok
17:55:04.0245 1188 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:55:04.0370 1188 IpFilterDriver - ok
17:55:04.0401 1188 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:55:04.0494 1188 iphlpsvc - ok
17:55:04.0526 1188 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:55:04.0572 1188 IPMIDRV - ok
17:55:04.0604 1188 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:55:04.0713 1188 IPNAT - ok
17:55:04.0728 1188 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:55:04.0838 1188 IRENUM - ok
17:55:04.0869 1188 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:55:04.0900 1188 isapnp - ok
17:55:04.0931 1188 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:55:04.0994 1188 iScsiPrt - ok
17:55:05.0025 1188 [ 5FEF11C18EC25CDCB27E6C8680690B69 ] itecir C:\Windows\system32\DRIVERS\itecir.sys
17:55:05.0072 1188 itecir - ok
17:55:05.0087 1188 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:55:05.0134 1188 kbdclass - ok
17:55:05.0150 1188 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:55:05.0212 1188 kbdhid - ok
17:55:05.0243 1188 [ 4C9B832435061634DFBEB980AD67BFFF ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
17:55:05.0290 1188 kbfiltr - ok
17:55:05.0306 1188 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:55:05.0352 1188 KeyIso - ok
17:55:05.0384 1188 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:55:05.0415 1188 KSecDD - ok
17:55:05.0446 1188 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:55:05.0493 1188 KSecPkg - ok
17:55:05.0493 1188 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:55:05.0618 1188 ksthunk - ok
17:55:05.0649 1188 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:55:05.0789 1188 KtmRm - ok
17:55:05.0836 1188 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:55:05.0976 1188 LanmanServer - ok
17:55:06.0008 1188 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:55:06.0132 1188 LanmanWorkstation - ok
17:55:06.0179 1188 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:55:06.0304 1188 lltdio - ok
17:55:06.0335 1188 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:55:06.0476 1188 lltdsvc - ok
17:55:06.0491 1188 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:55:06.0616 1188 lmhosts - ok
17:55:06.0663 1188 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:55:06.0710 1188 LSI_FC - ok
17:55:06.0725 1188 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:55:06.0772 1188 LSI_SAS - ok
17:55:06.0803 1188 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:55:06.0850 1188 LSI_SAS2 - ok
17:55:06.0866 1188 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:55:06.0912 1188 LSI_SCSI - ok
17:55:06.0944 1188 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:55:07.0053 1188 luafv - ok
17:55:07.0100 1188 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:55:07.0146 1188 Mcx2Svc - ok
17:55:07.0162 1188 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:55:07.0209 1188 megasas - ok
17:55:07.0240 1188 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:55:07.0287 1188 MegaSR - ok
17:55:07.0318 1188 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:55:07.0427 1188 MMCSS - ok
17:55:07.0443 1188 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:55:07.0568 1188 Modem - ok
17:55:07.0583 1188 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:55:07.0646 1188 monitor - ok
17:55:07.0677 1188 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:55:07.0708 1188 mouclass - ok
17:55:07.0739 1188 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:55:07.0802 1188 mouhid - ok
17:55:07.0833 1188 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:55:07.0880 1188 mountmgr - ok
17:55:07.0911 1188 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:55:07.0958 1188 MozillaMaintenance - ok
17:55:07.0989 1188 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:55:08.0036 1188 mpio - ok
17:55:08.0051 1188 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:55:08.0160 1188 mpsdrv - ok
17:55:08.0207 1188 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:55:08.0348 1188 MpsSvc - ok
17:55:08.0379 1188 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:55:08.0441 1188 MRxDAV - ok
17:55:08.0472 1188 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:55:08.0535 1188 mrxsmb - ok
17:55:08.0566 1188 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:55:08.0628 1188 mrxsmb10 - ok
17:55:08.0660 1188 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:55:08.0706 1188 mrxsmb20 - ok
17:55:08.0738 1188 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:55:08.0769 1188 msahci - ok
17:55:08.0800 1188 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:55:08.0847 1188 msdsm - ok
17:55:08.0862 1188 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:55:08.0940 1188 MSDTC - ok
17:55:08.0987 1188 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:55:09.0096 1188 Msfs - ok
17:55:09.0128 1188 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:55:09.0237 1188 mshidkmdf - ok
17:55:09.0268 1188 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:55:09.0299 1188 msisadrv - ok
17:55:09.0408 1188 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:55:09.0533 1188 MSiSCSI - ok
17:55:09.0533 1188 msiserver - ok
17:55:09.0564 1188 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:55:09.0689 1188 MSKSSRV - ok
17:55:09.0705 1188 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:55:09.0814 1188 MSPCLOCK - ok
17:55:09.0845 1188 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:55:09.0970 1188 MSPQM - ok
17:55:10.0017 1188 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:55:10.0064 1188 MsRPC - ok
17:55:10.0110 1188 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:55:10.0142 1188 mssmbios - ok
17:55:10.0173 1188 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:55:10.0298 1188 MSTEE - ok
17:55:10.0313 1188 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:55:10.0376 1188 MTConfig - ok
17:55:10.0407 1188 [ A523D9F6AEB152C4480D754DF7FA9F7F ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
17:55:10.0469 1188 MTsensor - ok
17:55:10.0485 1188 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:55:10.0532 1188 Mup - ok
17:55:10.0563 1188 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:55:10.0703 1188 napagent - ok
17:55:10.0719 1188 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:55:10.0797 1188 NativeWifiP - ok
17:55:10.0844 1188 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:55:10.0937 1188 NDIS - ok
17:55:10.0968 1188 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:55:11.0078 1188 NdisCap - ok
17:55:11.0109 1188 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:55:11.0218 1188 NdisTapi - ok
17:55:11.0249 1188 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:55:11.0374 1188 Ndisuio - ok
17:55:11.0405 1188 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:55:11.0514 1188 NdisWan - ok
17:55:11.0546 1188 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:55:11.0655 1188 NDProxy - ok
17:55:11.0670 1188 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:55:11.0748 1188 NetBIOS - ok
17:55:11.0780 1188 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:55:11.0858 1188 NetBT - ok
17:55:11.0889 1188 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:55:11.0904 1188 Netlogon - ok
17:55:11.0951 1188 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:55:12.0092 1188 Netman - ok
17:55:12.0123 1188 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:55:12.0294 1188 netprofm - ok
17:55:12.0326 1188 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:55:12.0372 1188 NetTcpPortSharing - ok
17:55:12.0591 1188 [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
17:55:12.0918 1188 NETw5s64 - ok
17:55:13.0090 1188 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
17:55:13.0355 1188 netw5v64 - ok
17:55:13.0402 1188 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:55:13.0433 1188 nfrd960 - ok
17:55:13.0480 1188 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:55:13.0542 1188 NlaSvc - ok
17:55:13.0605 1188 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess F:\CDBurnerXP\NMSAccessU.exe
17:55:13.0652 1188 NMSAccess - ok
17:55:13.0683 1188 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:55:13.0792 1188 Npfs - ok
17:55:13.0823 1188 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:55:13.0995 1188 nsi - ok
17:55:14.0010 1188 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:55:14.0135 1188 nsiproxy - ok
17:55:14.0198 1188 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:55:14.0322 1188 Ntfs - ok
17:55:14.0338 1188 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:55:14.0463 1188 Null - ok
17:55:14.0853 1188 [ 26D6ABD49079A07BEC0F652C6EBEA17C ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:55:15.0461 1188 nvlddmkm - ok
17:55:15.0492 1188 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:55:15.0524 1188 nvraid - ok
17:55:15.0539 1188 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:55:15.0555 1188 nvstor - ok
17:55:15.0570 1188 [ 21D5F3B93B6B85EAE889D90C5A95AE3B ] nvsvc C:\Windows\system32\nvvsvc.exe
17:55:15.0602 1188 nvsvc - ok
17:55:15.0617 1188 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:55:15.0648 1188 nv_agp - ok
17:55:15.0695 1188 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:55:15.0742 1188 odserv - ok
17:55:15.0758 1188 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:55:15.0804 1188 ohci1394 - ok
17:55:15.0836 1188 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:55:15.0882 1188 ose - ok
17:55:15.0929 1188 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:55:16.0023 1188 p2pimsvc - ok
17:55:16.0070 1188 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:55:16.0163 1188 p2psvc - ok
17:55:16.0210 1188 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:55:16.0257 1188 Parport - ok
17:55:16.0288 1188 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:55:16.0335 1188 partmgr - ok
17:55:16.0350 1188 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:55:16.0444 1188 PcaSvc - ok
17:55:16.0475 1188 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:55:16.0522 1188 pci - ok
17:55:16.0538 1188 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:55:16.0584 1188 pciide - ok
17:55:16.0600 1188 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:55:16.0647 1188 pcmcia - ok
17:55:16.0678 1188 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:55:16.0709 1188 pcw - ok
17:55:16.0756 1188 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:55:16.0896 1188 PEAUTH - ok
17:55:16.0990 1188 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:55:17.0052 1188 PerfHost - ok
17:55:17.0130 1188 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:55:17.0318 1188 pla - ok
17:55:17.0364 1188 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:55:17.0458 1188 PlugPlay - ok
17:55:17.0489 1188 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:55:17.0552 1188 PNRPAutoReg - ok
17:55:17.0583 1188 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:55:17.0645 1188 PNRPsvc - ok
17:55:17.0692 1188 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:55:17.0832 1188 PolicyAgent - ok
17:55:17.0879 1188 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:55:18.0004 1188 Power - ok
17:55:18.0035 1188 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:55:18.0144 1188 PptpMiniport - ok
17:55:18.0176 1188 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:55:18.0238 1188 Processor - ok
17:55:18.0254 1188 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:55:18.0316 1188 ProfSvc - ok
17:55:18.0332 1188 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:55:18.0378 1188 ProtectedStorage - ok
17:55:18.0410 1188 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:55:18.0534 1188 Psched - ok
17:55:18.0597 1188 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:55:18.0737 1188 ql2300 - ok
17:55:18.0753 1188 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:55:18.0800 1188 ql40xx - ok
17:55:18.0846 1188 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:55:18.0924 1188 QWAVE - ok
17:55:18.0940 1188 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:55:19.0018 1188 QWAVEdrv - ok
17:55:19.0034 1188 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:55:19.0158 1188 RasAcd - ok
17:55:19.0190 1188 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:55:19.0314 1188 RasAgileVpn - ok
17:55:19.0361 1188 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:55:19.0486 1188 RasAuto - ok
17:55:19.0517 1188 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:55:19.0642 1188 Rasl2tp - ok
17:55:19.0673 1188 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:55:19.0814 1188 RasMan - ok
17:55:19.0829 1188 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:55:19.0954 1188 RasPppoe - ok
17:55:19.0985 1188 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:55:20.0110 1188 RasSstp - ok
17:55:20.0141 1188 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:55:20.0250 1188 rdbss - ok
17:55:20.0282 1188 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:55:20.0344 1188 rdpbus - ok
17:55:20.0360 1188 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:55:20.0484 1188 RDPCDD - ok
17:55:20.0516 1188 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:55:20.0609 1188 RDPENCDD - ok
17:55:20.0640 1188 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:55:20.0765 1188 RDPREFMP - ok
17:55:20.0812 1188 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:55:20.0874 1188 RdpVideoMiniport - ok
17:55:20.0921 1188 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:55:20.0984 1188 RDPWD - ok
17:55:21.0015 1188 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:55:21.0062 1188 rdyboost - ok
17:55:21.0124 1188 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:55:21.0233 1188 RemoteAccess - ok
17:55:21.0264 1188 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:55:21.0389 1188 RemoteRegistry - ok
17:55:21.0436 1188 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
17:55:21.0498 1188 RFCOMM - ok
17:55:21.0514 1188 [ 528D70EABE8305A02F387FEC839B9A47 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
17:55:21.0576 1188 rimmptsk - ok
17:55:21.0608 1188 [ BB9EDC55B0B8CB4FCD713428820E0776 ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys
17:55:21.0670 1188 rimsptsk - ok
17:55:21.0701 1188 [ 2A43F9E6DBDE12BC0C104785C3B3F5DF ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
17:55:21.0748 1188 rismxdp - ok
17:55:21.0764 1188 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:55:21.0888 1188 RpcEptMapper - ok
17:55:21.0935 1188 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:55:21.0982 1188 RpcLocator - ok
17:55:22.0013 1188 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:55:22.0138 1188 RpcSs - ok
17:55:22.0169 1188 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:55:22.0294 1188 rspndr - ok
17:55:22.0341 1188 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:55:22.0403 1188 RTL8167 - ok
17:55:22.0450 1188 [ 8B91737DA75ADD21CB1554B38089196A ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
17:55:22.0544 1188 RTL8169 - ok
17:55:22.0590 1188 [ 032F537623A7B2FB81AAA184C30B70C3 ] s0017bus C:\Windows\system32\DRIVERS\s0017bus.sys
17:55:22.0622 1188 s0017bus - ok
17:55:22.0653 1188 [ 9964A28E569B4FF105B446EF8978FD5C ] s0017mdfl C:\Windows\system32\DRIVERS\s0017mdfl.sys
17:55:22.0700 1188 s0017mdfl - ok
17:55:22.0731 1188 [ 06347087D274C23DCFA8C4AB5C4314DB ] s0017mdm C:\Windows\system32\DRIVERS\s0017mdm.sys
17:55:22.0778 1188 s0017mdm - ok
17:55:22.0793 1188 [ F0F0747B3FA50272DE6B1BF575FA4700 ] s0017mgmt C:\Windows\system32\DRIVERS\s0017mgmt.sys
17:55:22.0840 1188 s0017mgmt - ok
17:55:22.0871 1188 [ 7224412CEA2FF2DF7D4842C1B0E71045 ] s0017nd5 C:\Windows\system32\DRIVERS\s0017nd5.sys
17:55:22.0902 1188 s0017nd5 - ok
17:55:22.0934 1188 [ 3FEADBC7F09B8B596CBFB82F12ABA87F ] s0017obex C:\Windows\system32\DRIVERS\s0017obex.sys
17:55:22.0980 1188 s0017obex - ok
17:55:22.0996 1188 [ 2B63BEA31D939888B2A8F3F14D89B5C1 ] s0017unic C:\Windows\system32\DRIVERS\s0017unic.sys
17:55:23.0043 1188 s0017unic - ok
17:55:23.0058 1188 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:55:23.0105 1188 SamSs - ok
17:55:23.0152 1188 SANDRA - ok
17:55:23.0199 1188 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:55:23.0230 1188 sbp2port - ok
17:55:23.0277 1188 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:55:23.0417 1188 SCardSvr - ok
17:55:23.0464 1188 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:55:23.0573 1188 scfilter - ok
17:55:23.0636 1188 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:55:23.0792 1188 Schedule - ok
17:55:23.0838 1188 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:55:23.0932 1188 SCPolicySvc - ok
17:55:24.0010 1188 [ B60E9769655DDEE8368E3ABB6668E076 ] ScrybeUpdater C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
17:55:24.0119 1188 ScrybeUpdater - ok
17:55:24.0150 1188 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
17:55:24.0213 1188 sdbus - ok
17:55:24.0244 1188 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:55:24.0322 1188 SDRSVC - ok
17:55:24.0353 1188 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:55:24.0478 1188 secdrv - ok
17:55:24.0509 1188 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:55:24.0634 1188 seclogon - ok
17:55:24.0650 1188 [ EDE7A1D2715AAC2190D51DC07AFD44E3 ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
17:55:24.0712 1188 seehcri - ok
17:55:24.0743 1188 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
17:55:24.0884 1188 SENS - ok
17:55:24.0899 1188 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:55:24.0977 1188 SensrSvc - ok
17:55:25.0008 1188 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:55:25.0055 1188 Serenum - ok
17:55:25.0071 1188 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:55:25.0133 1188 Serial - ok
17:55:25.0149 1188 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:55:25.0211 1188 sermouse - ok
17:55:25.0258 1188 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:55:25.0398 1188 SessionEnv - ok
17:55:25.0430 1188 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
17:55:25.0492 1188 sffdisk - ok
17:55:25.0523 1188 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:55:25.0570 1188 sffp_mmc - ok
17:55:25.0586 1188 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
17:55:25.0648 1188 sffp_sd - ok
17:55:25.0664 1188 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:55:25.0726 1188 sfloppy - ok
17:55:25.0773 1188 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:55:25.0898 1188 SharedAccess - ok
17:55:25.0944 1188 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:55:26.0085 1188 ShellHWDetection - ok
17:55:26.0116 1188 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
17:55:26.0178 1188 SiSGbeLH - ok
17:55:26.0194 1188 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:55:26.0241 1188 SiSRaid2 - ok
17:55:26.0256 1188 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:55:26.0303 1188 SiSRaid4 - ok
17:55:26.0350 1188 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:55:26.0397 1188 SkypeUpdate - ok
17:55:26.0412 1188 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:55:26.0522 1188 Smb - ok
17:55:26.0584 1188 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:55:26.0646 1188 SNMPTRAP - ok
17:55:26.0724 1188 [ 1A5806E5C2E232C193B90D2ADE8A977C ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
17:55:26.0849 1188 SNP2UVC - ok
17:55:26.0865 1188 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:55:26.0912 1188 spldr - ok
17:55:26.0943 1188 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:55:27.0052 1188 Spooler - ok
17:55:27.0177 1188 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:55:27.0458 1188 sppsvc - ok
17:55:27.0504 1188 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:55:27.0645 1188 sppuinotify - ok
17:55:27.0660 1188 sptd - ok
17:55:27.0707 1188 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:55:27.0785 1188 srv - ok
17:55:27.0816 1188 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:55:27.0894 1188 srv2 - ok
17:55:27.0926 1188 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:55:27.0988 1188 srvnet - ok
17:55:28.0004 1188 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:55:28.0113 1188 SSDPSRV - ok
17:55:28.0144 1188 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:55:28.0253 1188 SstpSvc - ok
17:55:28.0284 1188 [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
17:55:28.0347 1188 ssudmdm - ok
17:55:28.0362 1188 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
17:55:28.0378 1188 StarOpen ( UnsignedFile.Multi.Generic ) - warning
17:55:28.0378 1188 StarOpen - detected UnsignedFile.Multi.Generic (1)
17:55:28.0409 1188 Steam Client Service - ok
17:55:28.0440 1188 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:55:28.0487 1188 stexstor - ok
17:55:28.0518 1188 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:55:28.0643 1188 stisvc - ok
17:55:28.0659 1188 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:55:28.0706 1188 swenum - ok
17:55:28.0737 1188 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:55:28.0877 1188 swprv - ok
17:55:28.0940 1188 [ 8DF6C536ECE3B538978B53C223AB905D ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:55:29.0049 1188 SynTP - ok
17:55:29.0127 1188 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:55:29.0298 1188 SysMain - ok
17:55:29.0330 1188 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:55:29.0408 1188 TabletInputService - ok
17:55:29.0439 1188 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:55:29.0579 1188 TapiSrv - ok
17:55:29.0595 1188 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:55:29.0720 1188 TBS - ok
17:55:29.0798 1188 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:55:29.0954 1188 Tcpip - ok
17:55:30.0016 1188 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:55:30.0125 1188 TCPIP6 - ok
17:55:30.0141 1188 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:55:30.0188 1188 tcpipreg - ok
17:55:30.0234 1188 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:55:30.0312 1188 TDPIPE - ok
17:55:30.0344 1188 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:55:30.0406 1188 TDTCP - ok
17:55:30.0437 1188 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:55:30.0546 1188 tdx - ok
17:55:30.0578 1188 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:55:30.0624 1188 TermDD - ok
17:55:30.0656 1188 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:55:30.0796 1188 TermService - ok
17:55:30.0827 1188 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:55:30.0905 1188 Themes - ok
17:55:30.0936 1188 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:55:31.0046 1188 THREADORDER - ok
17:55:31.0061 1188 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:55:31.0202 1188 TrkWks - ok
17:55:31.0248 1188 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:55:31.0373 1188 TrustedInstaller - ok
17:55:31.0420 1188 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:55:31.0529 1188 tssecsrv - ok
17:55:31.0545 1188 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:55:31.0592 1188 TsUsbFlt - ok
17:55:31.0638 1188 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:55:31.0748 1188 tunnel - ok
17:55:31.0794 1188 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:55:31.0826 1188 uagp35 - ok
17:55:31.0857 1188 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:55:31.0997 1188 udfs - ok
17:55:32.0044 1188 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:55:32.0122 1188 UI0Detect - ok
17:55:32.0153 1188 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:55:32.0184 1188 uliagpkx - ok
17:55:32.0231 1188 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
17:55:32.0294 1188 umbus - ok
17:55:32.0309 1188 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:55:32.0372 1188 UmPass - ok
17:55:32.0403 1188 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:55:32.0543 1188 upnphost - ok
17:55:32.0574 1188 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:55:32.0637 1188 usbccgp - ok
17:55:32.0668 1188 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
17:55:32.0730 1188 usbcir - ok
17:55:32.0762 1188 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:55:32.0808 1188 usbehci - ok
17:55:32.0840 1188 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:55:32.0918 1188 usbhub - ok
17:55:32.0933 1188 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:55:32.0996 1188 usbohci - ok
17:55:33.0027 1188 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:55:33.0089 1188 usbprint - ok
17:55:33.0120 1188 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:55:33.0183 1188 usbscan - ok
17:55:33.0214 1188 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:55:33.0292 1188 USBSTOR - ok
17:55:33.0308 1188 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:55:33.0370 1188 usbuhci - ok
17:55:33.0401 1188 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
17:55:33.0464 1188 usbvideo - ok
17:55:33.0495 1188 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
17:55:33.0573 1188 usb_rndisx - ok
17:55:33.0604 1188 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:55:33.0729 1188 UxSms - ok
17:55:33.0744 1188 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:55:33.0791 1188 VaultSvc - ok
17:55:33.0807 1188 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:55:33.0854 1188 vdrvroot - ok
17:55:33.0900 1188 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:55:34.0041 1188 vds - ok
17:55:34.0072 1188 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:55:34.0119 1188 vga - ok
17:55:34.0150 1188 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:55:34.0275 1188 VgaSave - ok
17:55:34.0290 1188 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:55:34.0353 1188 vhdmp - ok
17:55:34.0384 1188 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:55:34.0415 1188 viaide - ok
17:55:34.0446 1188 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:55:34.0493 1188 volmgr - ok
17:55:34.0524 1188 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:55:34.0587 1188 volmgrx - ok
17:55:34.0602 1188 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:55:34.0665 1188 volsnap - ok
17:55:34.0696 1188 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:55:34.0743 1188 vsmraid - ok
17:55:34.0805 1188 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:55:34.0992 1188 VSS - ok
17:55:35.0024 1188 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:55:35.0086 1188 vwifibus - ok
17:55:35.0117 1188 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:55:35.0180 1188 vwififlt - ok
17:55:35.0195 1188 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
17:55:35.0273 1188 vwifimp - ok
17:55:35.0320 1188 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:55:35.0445 1188 W32Time - ok
17:55:35.0476 1188 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:55:35.0523 1188 WacomPen - ok
17:55:35.0554 1188 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:55:35.0663 1188 WANARP - ok
17:55:35.0679 1188 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:55:35.0788 1188 Wanarpv6 - ok
17:55:35.0850 1188 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:55:35.0991 1188 wbengine - ok
17:55:36.0022 1188 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:55:36.0116 1188 WbioSrvc - ok
17:55:36.0147 1188 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:55:36.0256 1188 wcncsvc - ok
17:55:36.0272 1188 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:55:36.0350 1188 WcsPlugInService - ok
17:55:36.0396 1188 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:55:36.0443 1188 Wd - ok
17:55:36.0490 1188 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:55:36.0568 1188 Wdf01000 - ok
17:55:36.0584 1188 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:55:36.0724 1188 WdiServiceHost - ok
17:55:36.0740 1188 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:55:36.0802 1188 WdiSystemHost - ok
17:55:36.0849 1188 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:55:36.0927 1188 WebClient - ok
17:55:36.0958 1188 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:55:37.0098 1188 Wecsvc - ok
17:55:37.0130 1188 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:55:37.0270 1188 wercplsupport - ok
17:55:37.0301 1188 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:55:37.0442 1188 WerSvc - ok
17:55:37.0473 1188 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:55:37.0582 1188 WfpLwf - ok
17:55:37.0598 1188 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:55:37.0644 1188 WIMMount - ok
17:55:37.0676 1188 WinDefend - ok
17:55:37.0691 1188 WinHttpAutoProxySvc - ok
17:55:37.0769 1188 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:55:37.0894 1188 Winmgmt - ok
17:55:37.0972 1188 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:55:38.0190 1188 WinRM - ok
17:55:38.0222 1188 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:55:38.0284 1188 WinUsb - ok
17:55:38.0346 1188 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:55:38.0471 1188 Wlansvc - ok
17:55:38.0612 1188 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:55:38.0783 1188 wlidsvc - ok
17:55:38.0799 1188 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:55:38.0861 1188 WmiAcpi - ok
17:55:38.0908 1188 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:55:38.0970 1188 wmiApSrv - ok
17:55:39.0002 1188 WMPNetworkSvc - ok
17:55:39.0048 1188 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:55:39.0126 1188 WPCSvc - ok
17:55:39.0158 1188 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:55:39.0220 1188 WPDBusEnum - ok
17:55:39.0251 1188 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:55:39.0376 1188 ws2ifsl - ok
17:55:39.0407 1188 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
17:55:39.0501 1188 wscsvc - ok
17:55:39.0501 1188 WSearch - ok
17:55:39.0610 1188 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:55:39.0750 1188 wuauserv - ok
17:55:39.0782 1188 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:55:39.0844 1188 WudfPf - ok
17:55:39.0860 1188 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:55:39.0922 1188 WUDFRd - ok
17:55:39.0953 1188 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:55:40.0016 1188 wudfsvc - ok
17:55:40.0047 1188 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:55:40.0140 1188 WwanSvc - ok
17:55:40.0187 1188 ================ Scan global ===============================
17:55:40.0234 1188 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:55:40.0265 1188 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
17:55:40.0296 1188 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
17:55:40.0343 1188 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:55:40.0390 1188 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:55:40.0421 1188 [Global] - ok
17:55:40.0421 1188 ================ Scan MBR ==================================
17:55:40.0437 1188 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:55:40.0889 1188 \Device\Harddisk0\DR0 - ok
17:55:40.0889 1188 [ 64B1E91C5C6C2157642651010728F90F ] \Device\Harddisk1\DR1
17:55:41.0248 1188 \Device\Harddisk1\DR1 - ok
17:55:41.0248 1188 ================ Scan VBR ==================================
17:55:41.0248 1188 [ A5AC1BA18B5708994C3D8E0B09161C2D ] \Device\Harddisk0\DR0\Partition1
17:55:41.0264 1188 \Device\Harddisk0\DR0\Partition1 - ok
17:55:41.0279 1188 [ 48C96EE7F38B1364ED367204BF78384D ] \Device\Harddisk0\DR0\Partition2
17:55:41.0295 1188 \Device\Harddisk0\DR0\Partition2 - ok
17:55:41.0295 1188 [ BD37932FDF93F36579909F2181D9DCA9 ] \Device\Harddisk1\DR1\Partition1
17:55:41.0295 1188 \Device\Harddisk1\DR1\Partition1 - ok
17:55:41.0326 1188 [ 909ED3246B3A2E36D7764671381CD2B7 ] \Device\Harddisk1\DR1\Partition2
17:55:41.0326 1188 \Device\Harddisk1\DR1\Partition2 - ok
17:55:41.0342 1188 ============================================================
17:55:41.0342 1188 Scan finished
17:55:41.0342 1188 ============================================================
17:55:41.0373 5004 Detected object count: 5
17:55:41.0373 5004 Actual detected object count: 5
17:56:34.0709 5004 C:\Program Files\ATKGFNEX\GFNEXSrv.exe - copied to quarantine
17:56:34.0772 5004 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
17:56:34.0819 5004 C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe - copied to quarantine
17:56:34.0881 5004 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
17:56:34.0912 5004 C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe - copied to quarantine
17:56:34.0928 5004 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
17:56:34.0990 5004 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe - copied to quarantine
17:56:35.0068 5004 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
17:56:35.0099 5004 C:\Windows\system32\drivers\StarOpen.sys - copied to quarantine
17:56:35.0146 5004 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
17:58:13.0317 4180 Deinitialize success
|
|
11.04.2013, 00:26
| #5 | |
| /// TB-Ausbilder | Mail-Anhang geöffnet seitdem Schadsoftware o.ä. auf dem Laptop Hi, du hast den TDSSKiller völlig legitime Files löschen lassen. Das ist der Grund, warum man solche Tools nicht selbständig verwenden sollte, wenn man nicht weiss, was man tut. Das kann bös ins Auge gehen! Schritt 1 Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
Schritt 2 Warnung für Mitleser: Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix.
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Schritt 3 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
11.04.2013, 12:34
| #6 |
| | Mail-Anhang geöffnet seitdem Schadsoftware o.ä. auf dem Laptop Ok erstmal die log von adwcleaner Code:
ATTFilter # AdwCleaner v2.200 - Datei am 11/04/2013 um 13:26:10 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Martin - MARTIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Martin\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : BrowserProtect
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\fj2i3llh.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\fj2i3llh.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\fj2i3llh.default\searchplugins\delta.xml
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\DealPly
Ordner Gelöscht : C:\Program Files (x86)\Delta
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\Delta
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\fj2i3llh.default\Conduit
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\fj2i3llh.default\extensions\amo@dealplyshopping.com
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\fj2i3llh.default\extensions\ffxtlbr@delta.com
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\fj2i3llh.default\jetpack
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\DealPly
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\d538cdbb034e415
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\CToolbar
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\d538cdbb034e415
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=FEB290E6BA426076 --> hxxp://www.google.com
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\fj2i3llh.default\prefs.js
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\fj2i3llh.default\user.js ... Gelöscht !
Gelöscht : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntr[...]
Gelöscht : user_pref("avg.install.userSPSettings", "Delta Search");
Gelöscht : user_pref("browser.search.selectedEngine", "Delta Search");
Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.dfltLng", "en");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.id", "feb2488d00000000000090e6ba426076");
Gelöscht : user_pref("extensions.delta.instlDay", "15803");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.10.0");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.10.015:26:52");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.10.0");
Gelöscht : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Gelöscht : user_pref("surfcanyon.fractions", "0.0_0.0\r\n");
Gelöscht : user_pref("surfcanyon.last_checked_ts", "1266957179415");
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v [Version kann nicht ermittelt werden]
Datei : C:\Users\Martin\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [11704 octets] - [11/04/2013 13:26:10]
########## EOF - C:\AdwCleaner[S1].txt - [11765 octets] ##########
|
|
11.04.2013, 12:41
| #7 |
| /// TB-Ausbilder | Mail-Anhang geöffnet seitdem Schadsoftware o.ä. auf dem Laptop Ok, sobald Combofix und OTL da sind, geht's weiter.
__________________ cheers, Leo |
|
11.04.2013, 14:22
| #8 |
| | Mail-Anhang geöffnet seitdem Schadsoftware o.ä. auf dem Laptop Hier kommt combofix Code:
ATTFilter ComboFix 13-04-10.02 - Martin 11.04.2013 13:48:52.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2915 [GMT 2:00]
ausgeführt von:: c:\users\Martin\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Emsisoft Anti-Malware *Disabled/Outdated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Emsisoft Anti-Malware *Disabled/Outdated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xml7C31.tmp
c:\programdata\xml8056.tmp
c:\programdata\xml81FD.tmp
c:\programdata\xml820D.tmp
c:\users\Martin\AppData\Roaming\BabMaint.exe
c:\windows\msvcr71.dll
c:\windows\SysWow64\muzapp.exe
F:\setup.exe
G:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-11 bis 2013-04-11 ))))))))))))))))))))))))))))))
.
.
2013-04-11 11:56 . 2013-04-11 11:56 -------- d-----w- c:\users\Gast\AppData\Local\temp
2013-04-11 11:56 . 2013-04-11 11:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-09 16:27 . 2013-04-09 16:27 -------- d-----w- c:\program files (x86)\ESET
2013-04-08 20:39 . 2013-04-08 20:39 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-04-08 20:39 . 2013-04-08 20:39 -------- d-----w- c:\windows\SysWow64\Extensions
2013-04-08 15:56 . 2013-04-08 20:39 -------- d-----w- C:\TDSSKiller_Quarantine
2013-04-08 12:56 . 2013-04-08 12:56 310688 ----a-w- c:\windows\system32\javaws.exe
2013-04-08 12:56 . 2013-04-08 12:56 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-08 12:56 . 2013-04-08 12:56 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-04-08 12:56 . 2013-04-08 12:56 188832 ----a-w- c:\windows\system32\javaw.exe
2013-04-08 12:56 . 2013-04-08 12:56 188320 ----a-w- c:\windows\system32\java.exe
2013-04-08 12:56 . 2013-04-08 12:56 -------- d-----w- c:\program files\Java
2013-04-03 01:38 . 2013-04-03 01:38 -------- d-----w- C:\Stinger_Quarantine
2013-04-03 01:37 . 2013-04-09 16:26 -------- d-----w- c:\program files\stinger
2013-03-19 17:45 . 2013-04-09 16:05 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2013-03-19 15:51 . 2013-03-19 15:51 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes
2013-03-19 15:51 . 2013-03-19 15:51 -------- d-----w- c:\programdata\Malwarebytes
2013-03-19 15:51 . 2013-03-19 15:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-19 15:51 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-19 15:51 . 2013-03-19 15:51 -------- d-----w- c:\users\Martin\AppData\Local\Programs
2013-03-12 18:08 . 2013-03-12 18:08 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2013-03-12 18:08 . 2013-03-12 18:08 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2013-03-12 18:08 . 2013-03-12 18:08 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2013-03-12 18:08 . 2013-03-12 18:08 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2013-03-12 18:08 . 2013-03-12 18:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-03-12 18:08 . 2013-03-12 18:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-03-12 18:08 . 2013-03-12 18:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-03-12 18:08 . 2013-03-12 18:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-03-12 18:08 . 2013-03-12 18:08 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2013-03-12 18:08 . 2013-03-12 18:08 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-03-12 18:06 . 2013-03-12 18:06 -------- d-----w- c:\program files (x86)\Common Files\Apple
2013-03-12 18:06 . 2013-03-12 18:06 -------- d-----w- c:\program files (x86)\Apple Software Update
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-08 13:11 . 2012-04-08 09:59 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-08 13:11 . 2012-03-13 16:59 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-08 12:56 . 2011-02-22 16:38 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-11 17:28 . 2013-03-11 17:28 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-11 17:28 . 2012-11-08 21:43 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-11 17:28 . 2010-04-28 17:01 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-06 23:33 . 2013-03-01 06:07 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-06 23:33 . 2013-03-01 06:07 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-06 23:33 . 2012-03-27 14:22 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 23:33 . 2011-11-24 19:00 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2011-11-24 19:00 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2011-11-24 19:00 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2011-11-24 19:00 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:33 . 2011-11-24 19:00 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:32 . 2011-11-24 19:00 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2011-11-24 19:00 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-02-28 08:36 . 2013-03-01 06:07 22664 ----a-w- c:\windows\system32\drivers\aswKbd.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"VolPanel"="c:\program files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" [2008-12-29 237693]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-06-17 296056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Firefox Service;Firefox Service; [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-06-20 13352]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-01-04 19456]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 113704]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 19496]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 152616]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 133160]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 34856]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 128552]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 145960]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-01-04 57856]
R4 ScrybeUpdater;Scrybe-Updateprogramm;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
R4 sptd;sptd; [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2013-03-29 26176]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2013-03-29 3089856]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-04-30 66320]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-06-20 34032]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - kl1
*Deregistered* - KLBG
*Deregistered* - KLIF
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 13:11]
.
2013-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-21 14:59]
.
2013-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-21 14:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 14829160]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-18 11775592]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.179.1
TCP: Interfaces\{C7D1E8AA-12B5-48BD-90EE-F26F2982CFC9}: NameServer = 217.237.147.17
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\fj2i3llh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=
FF - prefs.js: network.proxy.type - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
SafeBoot-44998133.sys
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-bi_uninstaller - c:\users\Martin\Local Settings\Application Data\Bundled software uninstaller\biclient.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:ee,86,a8,9c,c2,fa,cd,01
.
[HKEY_USERS\S-1-5-21-2022158356-3574416758-3875192920-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:fb,89,64,49,37,3d,98,99,7e,c4,41,7b,98,b9,1d,90,f7,48,4b,99,83,b0,95,
f6,56,94,45,ca,fd,9e,10,a9,9c,7d,6c,3a,33,8d,1b,2a,d1,8e,a8,e4,e7,e9,69,98,\
"??"=hex:01,0f,d6,1b,33,25,d2,b1,11,e8,b3,cf,ac,72,39,0b
.
[HKEY_USERS\S-1-5-21-2022158356-3574416758-3875192920-1000\Software\SecuROM\License information*]
"datasecu"=hex:26,64,c6,2d,93,bc,8c,f1,6e,82,48,37,52,5e,5f,cd,ee,75,ce,97,5f,
ad,56,ba,c2,73,04,3a,6f,9e,75,b5,57,c0,03,1f,c3,5c,97,ef,31,67,50,44,ea,57,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\VMware, Inc.\VMnetLibSaved\VMnetBridge]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-11 14:03:04 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-04-11 12:03
.
Vor Suchlauf: 17 Verzeichnis(se), 40.133.570.560 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 39.963.549.696 Bytes frei
.
- - End Of File - - F63BB728A5DC78EA97E9A9209EF49911
Code:
ATTFilter OTL logfile created on: 11.04.2013 15:24:32 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martin\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 64,37% Memory free 8,00 Gb Paging File | 5,93 Gb Available in Paging File | 74,11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 37,40 Gb Free Space | 25,09% Space Free | Partition Type: NTFS Drive D: | 149,04 Gb Total Space | 147,38 Gb Free Space | 98,88% Space Free | Partition Type: NTFS Drive F: | 136,35 Gb Total Space | 135,94 Gb Free Space | 99,70% Space Free | Partition Type: NTFS Drive G: | 149,04 Gb Total Space | 148,76 Gb Free Space | 99,81% Space Free | Partition Type: NTFS Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - C:\Users\Martin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe () PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe () PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\fj2i3llh.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll () MOD - C:\Windows\SysWOW64\APOMngr.DLL () MOD - C:\Windows\SysWOW64\CmdRtr.DLL () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (ScrybeUpdater) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe (Synaptics, Inc.) SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NMSAccess) -- F:\CDBurnerXP\NMSAccessU.exe () SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys () DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys () DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys.vir (Duplex Secure Ltd.) DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (s0017unic) -- C:\Windows\SysNative\drivers\s0017unic.sys (MCCI Corporation) DRV:64bit: - (s0017obex) -- C:\Windows\SysNative\drivers\s0017obex.sys (MCCI Corporation) DRV:64bit: - (s0017nd5) -- C:\Windows\SysNative\drivers\s0017nd5.sys (MCCI Corporation) DRV:64bit: - (s0017mdm) -- C:\Windows\SysNative\drivers\s0017mdm.sys (MCCI Corporation) DRV:64bit: - (s0017mgmt) -- C:\Windows\SysNative\drivers\s0017mgmt.sys (MCCI Corporation) DRV:64bit: - (s0017mdfl) -- C:\Windows\SysNative\drivers\s0017mdfl.sys (MCCI Corporation) DRV:64bit: - (s0017bus) -- C:\Windows\SysNative\drivers\s0017bus.sys (MCCI Corporation) DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek Corporation ) DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. ) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys () DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsisoft GmbH) DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Programme\ATKGFNEX\ASMMAP64.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2022158356-3574416758-3875192920-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2022158356-3574416758-3875192920-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2022158356-3574416758-3875192920-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2022158356-3574416758-3875192920-1000\..\SearchScopes\{EF1C9035-C69F-4705-8B67-D1AC6862DDC9}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms} IE - HKU\S-1-5-21-2022158356-3574416758-3875192920-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.0 FF - prefs.js..extensions.enabledAddons: %7B1A2D0EC4-75F5-4c91-89C4-3656F6E44B68%7D:0.4.6 FF - prefs.js..extensions.enabledAddons: %7Bada4b710-8346-4b82-8199-5de2b400a6ae%7D:2.0.2 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:17.8 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402 FF - prefs.js..extensions.enabledAddons: firegestures%40xuldev.org:1.6.22 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.30 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44026 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0 FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.6 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1 FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6 FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3 FF - prefs.js..extensions.enabledItems: {2f17f610-5e97-4fed-828f-9940b7b577a4}:1.6.5 FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.0 FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.1 FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590 FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {31a48160-39fc-11de-8a39-0800200c9a66}:3.6.0.1 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=" FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20((url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1)%20%7B%20return%20'PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us06.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF - prefs.js..network.proxy.type: 2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: F:\Veetle\VLCBroadcast\npvbp.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.17 10:30:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.17 10:30:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.12 20:08:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.12 20:08:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.12 20:08:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.12 20:08:21 | 000,000,000 | ---D | M] [2009.12.06 01:45:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions [2013.04.11 13:26:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\fj2i3llh.default\extensions [2013.03.29 12:19:53 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\fj2i3llh.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2011.01.04 20:32:52 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\fj2i3llh.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} [2013.04.03 09:51:40 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\fj2i3llh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.11.16 07:23:23 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\fj2i3llh.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2013.02.24 09:27:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\fj2i3llh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.07.25 17:50:58 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\fj2i3llh.default\extensions\support@lastpass.com [2013.04.03 09:51:40 | 000,140,792 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\fj2i3llh.default\extensions\firegestures@xuldev.org.xpi [2013.03.31 14:49:31 | 000,651,818 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\fj2i3llh.default\extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2013.03.05 22:23:36 | 000,370,423 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\fj2i3llh.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013.02.14 19:41:45 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\fj2i3llh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.09 16:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.09 16:52:36 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.17 10:29:53 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.17 16:43:57 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://de.search.yahoo.com?type=198484&fr=spigot-yhp-ch CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma\3.5.0.0_0\ CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_0\ CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2013.04.11 13:58:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (no name) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - No CLSID value found. O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2022158356-3574416758-3875192920-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2022158356-3574416758-3875192920-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2022158356-3574416758-3875192920-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2022158356-3574416758-3875192920-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.179.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F61A4B0-00F1-47C4-868D-92B6D131DD36}: DhcpNameServer = 192.168.179.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7D1E8AA-12B5-48BD-90EE-F26F2982CFC9}: NameServer = 217.237.147.17 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.11 13:58:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.04.11 13:47:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.04.11 13:47:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.04.11 13:47:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.04.11 13:47:13 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.11 13:47:04 | 000,000,000 | R--D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp [2013.04.11 13:47:04 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [2013.04.11 13:46:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.04.11 13:35:14 | 005,050,592 | R--- | C] (Swearware) -- C:\Users\Martin\Desktop\ComboFix.exe [2013.04.09 18:27:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.04.09 18:26:40 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Martin\Desktop\esetsmartinstaller_enu.exe [2013.04.09 18:04:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\stinger64-epo [2013.04.08 22:39:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.04.08 22:39:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.04.08 17:56:34 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2013.04.08 16:02:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Bright eyes [2013.04.08 15:27:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\SciLor's Grooveshark.com Downloader [2013.04.08 14:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.04.03 03:38:53 | 000,000,000 | ---D | C] -- C:\Stinger_Quarantine [2013.04.03 03:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\stinger [2013.04.02 22:51:33 | 030,261,464 | ---- | C] (Baidu, Inc.) -- C:\Users\Martin\Desktop\PC_Faster_Setup.exe [2013.03.20 01:08:34 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Viren [2013.03.20 00:13:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe [2013.03.19 19:46:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2013.03.19 19:45:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware [2013.03.19 19:45:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\Anti-Malware [2013.03.19 17:51:58 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Malwarebytes [2013.03.19 17:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.19 17:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.19 17:51:26 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.19 17:51:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.19 17:51:03 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Programs [2013.03.17 10:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013.03.16 10:41:36 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Klassenfahrt [2013.03.14 18:16:40 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\RS-Übungen [2013.03.12 20:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.03.12 20:06:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013.03.12 20:06:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [3 C:\Users\Martin\Desktop\*.tmp files -> C:\Users\Martin\Desktop\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.11 15:28:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.11 15:22:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.11 14:13:30 | 000,016,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.11 14:13:30 | 000,016,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.11 14:11:40 | 000,623,288 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.11 14:11:40 | 000,109,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.11 14:11:39 | 001,521,082 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.11 14:11:39 | 000,662,748 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.11 14:11:39 | 000,133,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.11 14:06:21 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.11 14:06:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.11 14:05:59 | 3220,672,512 | -HS- | M] () -- C:\hiberfil.sys [2013.04.11 13:58:03 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.04.11 13:35:34 | 005,050,592 | R--- | M] (Swearware) -- C:\Users\Martin\Desktop\ComboFix.exe [2013.04.10 04:16:34 | 000,290,810 | ---- | M] () -- C:\Users\Martin\Desktop\2008 Teil A.pdf [2013.04.10 04:13:41 | 000,297,969 | ---- | M] () -- C:\Users\Martin\Desktop\2007 Teil A Loesung.pdf [2013.04.10 04:13:23 | 000,429,222 | ---- | M] () -- C:\Users\Martin\Desktop\2007 TeilA.pdf [2013.04.09 21:46:30 | 000,000,163 | ---- | M] () -- C:\Users\Martin\Desktop\Prozente.url [2013.04.09 20:50:49 | 001,656,560 | ---- | M] () -- C:\Users\Martin\Desktop\2011 teil a loesung.pdf [2013.04.09 20:45:43 | 000,619,727 | ---- | M] () -- C:\Users\Martin\Desktop\2011 teil a aufgabe.pdf [2013.04.09 20:03:49 | 000,000,020 | ---- | M] () -- C:\Users\Martin\defogger_reenable [2013.04.09 19:32:02 | 000,050,477 | ---- | M] () -- C:\Users\Martin\Desktop\Defogger.exe [2013.04.09 18:26:41 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Martin\Desktop\esetsmartinstaller_enu.exe [2013.04.08 20:13:54 | 000,023,552 | ---- | M] () -- C:\Users\Martin\AppData\Local\WebpageIcons.db [2013.04.03 04:02:11 | 000,000,112 | RH-- | M] () -- C:\Users\Martin\Desktop\Stinger.opt [2013.04.03 03:57:44 | 000,000,642 | ---- | M] () -- C:\Users\Martin\Desktop\Stinger_03042013_033853.html [2013.04.02 22:54:48 | 000,941,570 | ---- | M] () -- C:\Users\Martin\Desktop\ShouldIRemoveIt_Setup104.zip [2013.04.02 22:51:55 | 030,261,464 | ---- | M] (Baidu, Inc.) -- C:\Users\Martin\Desktop\PC_Faster_Setup.exe [2013.03.20 00:13:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe [2013.03.18 21:26:05 | 000,058,910 | ---- | M] () -- C:\Users\Martin\Desktop\HM_AU003.pdf [2013.03.17 10:41:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [3 C:\Users\Martin\Desktop\*.tmp files -> C:\Users\Martin\Desktop\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.11 13:47:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.04.11 13:47:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.04.11 13:47:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.04.11 13:47:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.04.11 13:47:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.10 04:16:33 | 000,290,810 | ---- | C] () -- C:\Users\Martin\Desktop\2008 Teil A.pdf [2013.04.10 04:13:40 | 000,297,969 | ---- | C] () -- C:\Users\Martin\Desktop\2007 Teil A Loesung.pdf [2013.04.10 04:13:22 | 000,429,222 | ---- | C] () -- C:\Users\Martin\Desktop\2007 TeilA.pdf [2013.04.09 21:45:54 | 000,000,163 | ---- | C] () -- C:\Users\Martin\Desktop\Prozente.url [2013.04.09 20:50:46 | 001,656,560 | ---- | C] () -- C:\Users\Martin\Desktop\2011 teil a loesung.pdf [2013.04.09 20:45:43 | 000,619,727 | ---- | C] () -- C:\Users\Martin\Desktop\2011 teil a aufgabe.pdf [2013.04.09 20:03:49 | 000,000,020 | ---- | C] () -- C:\Users\Martin\defogger_reenable [2013.04.09 19:31:59 | 000,050,477 | ---- | C] () -- C:\Users\Martin\Desktop\Defogger.exe [2013.04.03 04:02:11 | 000,000,112 | RH-- | C] () -- C:\Users\Martin\Desktop\Stinger.opt [2013.04.03 03:38:53 | 000,000,642 | ---- | C] () -- C:\Users\Martin\Desktop\Stinger_03042013_033853.html [2013.04.02 22:54:47 | 000,941,570 | ---- | C] () -- C:\Users\Martin\Desktop\ShouldIRemoveIt_Setup104.zip [2013.03.18 21:26:03 | 000,058,910 | ---- | C] () -- C:\Users\Martin\Desktop\HM_AU003.pdf [2013.03.12 20:06:44 | 000,002,563 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.01.31 13:47:15 | 000,663,552 | ---- | C] () -- C:\Windows\SysWow64\Tx12.dll [2013.01.31 13:47:15 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx12_ic.ini [2012.10.29 13:09:28 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.10.29 13:09:28 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.10.29 13:09:28 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.10.29 13:09:28 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.10.29 13:09:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.03.05 23:12:25 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2011.11.08 13:10:13 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.05.31 16:43:21 | 000,000,070 | ---- | C] () -- C:\Windows\sbwin.ini [2011.01.08 16:35:23 | 000,007,669 | ---- | C] () -- C:\Users\Martin\AppData\Local\resmon.resmoncfg [2010.07.05 23:47:03 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc [2010.02.24 00:41:41 | 000,023,552 | ---- | C] () -- C:\Users\Martin\AppData\Local\WebpageIcons.db [2010.01.03 18:27:30 | 000,009,216 | ---- | C] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.18 13:06:27 | 000,000,045 | ---- | C] () -- C:\Users\Martin\.edu.xtec.properties ========== ZeroAccess Check ========== [2012.11.10 00:09:20 | 000,000,596 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\fj2i3llh.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.01.04 14:41:14 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.01.04 14:41:14 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.05.17 20:55:17 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\COMPUTERBILD-Abzockschutz [2010.07.08 08:22:07 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Canneverbe Limited [2010.12.26 15:28:05 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Codemasters [2009.12.06 01:45:48 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\COMPUTERBILD-Abzockschutz [2010.04.15 22:22:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\concept design [2010.06.06 12:31:09 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DAEMON Tools Lite [2009.12.22 18:23:21 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DAEMON Tools Pro [2012.12.16 12:38:31 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Dropbox [2010.09.16 21:54:52 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\FlashGet [2010.10.05 20:05:50 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\GlarySoft [2010.02.14 18:58:12 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Inventivio [2012.12.16 01:00:36 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\IObit [2010.09.13 18:43:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\mp3DirectCut [2009.12.06 01:46:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\OpenOffice.org [2011.12.19 21:41:32 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Opera [2010.06.02 22:48:19 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PixelPlanet [2010.03.13 11:38:54 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PlotSoft LLC [2012.12.16 18:56:03 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Samsung [2010.09.13 18:43:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Soluto [2010.02.14 19:00:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Speak-A-Message [2010.09.29 08:42:23 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\SPlayer [2011.11.09 09:21:37 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Synaptics [2009.12.08 21:31:03 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Thunderbird [2011.08.14 15:57:38 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Unified Remote ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:CB0AACC9 < End of report > Code:
ATTFilter OTL logfile created on: 11.04.2013 15:24:32 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martin\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 64,37% Memory free 8,00 Gb Paging File | 5,93 Gb Available in Paging File | 74,11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 37,40 Gb Free Space | 25,09% Space Free | Partition Type: NTFS Drive D: | 149,04 Gb Total Space | 147,38 Gb Free Space | 98,88% Space Free | Partition Type: NTFS Drive F: | 136,35 Gb Total Space | 135,94 Gb Free Space | 99,70% Space Free | Partition Type: NTFS Drive G: | 149,04 Gb Total Space | 148,76 Gb Free Space | 99,81% Space Free | Partition Type: NTFS Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - C:\Users\Martin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe () PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe () PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\fj2i3llh.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll () MOD - C:\Windows\SysWOW64\APOMngr.DLL () MOD - C:\Windows\SysWOW64\CmdRtr.DLL () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (ScrybeUpdater) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe (Synaptics, Inc.) SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NMSAccess) -- F:\CDBurnerXP\NMSAccessU.exe () SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys () DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys () DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys.vir (Duplex Secure Ltd.) DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (s0017unic) -- C:\Windows\SysNative\drivers\s0017unic.sys (MCCI Corporation) DRV:64bit: - (s0017obex) -- C:\Windows\SysNative\drivers\s0017obex.sys (MCCI Corporation) DRV:64bit: - (s0017nd5) -- C:\Windows\SysNative\drivers\s0017nd5.sys (MCCI Corporation) DRV:64bit: - (s0017mdm) -- C:\Windows\SysNative\drivers\s0017mdm.sys (MCCI Corporation) DRV:64bit: - (s0017mgmt) -- C:\Windows\SysNative\drivers\s0017mgmt.sys (MCCI Corporation) DRV:64bit: - (s0017mdfl) -- C:\Windows\SysNative\drivers\s0017mdfl.sys (MCCI Corporation) DRV:64bit: - (s0017bus) -- C:\Windows\SysNative\drivers\s0017bus.sys (MCCI Corporation) DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek Corporation ) DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. ) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys () DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsisoft GmbH) DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Programme\ATKGFNEX\ASMMAP64.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2022158356-3574416758-3875192920-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2022158356-3574416758-3875192920-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2022158356-3574416758-3875192920-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2022158356-3574416758-3875192920-1000\..\SearchScopes\{EF1C9035-C69F-4705-8B67-D1AC6862DDC9}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms} IE - HKU\S-1-5-21-2022158356-3574416758-3875192920-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.0 FF - prefs.js..extensions.enabledAddons: %7B1A2D0EC4-75F5-4c91-89C4-3656F6E44B68%7D:0.4.6 FF - prefs.js..extensions.enabledAddons: %7Bada4b710-8346-4b82-8199-5de2b400a6ae%7D:2.0.2 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:17.8 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402 FF - prefs.js..extensions.enabledAddons: firegestures%40xuldev.org:1.6.22 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.30 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44026 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0 FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.6 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1 FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6 FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3 FF - prefs.js..extensions.enabledItems: {2f17f610-5e97-4fed-828f-9940b7b577a4}:1.6.5 FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.0 FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.1 FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590 FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {31a48160-39fc-11de-8a39-0800200c9a66}:3.6.0.1 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=" FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20((url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1)%20%7B%20return%20'PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us06.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF - prefs.js..network.proxy.type: 2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: F:\Veetle\VLCBroadcast\npvbp.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.17 10:30:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.17 10:30:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.12 20:08:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.12 20:08:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.12 20:08:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.12 20:08:21 | 000,000,000 | ---D | M] [2009.12.06 01:45:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions [2013.04.11 13:26:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\fj2i3llh.default\extensions [2013.03.29 12:19:53 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\fj2i3llh.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2011.01.04 20:32:52 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\fj2i3llh.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} [2013.04.03 09:51:40 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\fj2i3llh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.11.16 07:23:23 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\fj2i3llh.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2013.02.24 09:27:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\fj2i3llh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.07.25 17:50:58 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\fj2i3llh.default\extensions\support@lastpass.com [2013.04.03 09:51:40 | 000,140,792 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\fj2i3llh.default\extensions\firegestures@xuldev.org.xpi [2013.03.31 14:49:31 | 000,651,818 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\fj2i3llh.default\extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2013.03.05 22:23:36 | 000,370,423 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\fj2i3llh.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013.02.14 19:41:45 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\fj2i3llh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.09 16:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.09 16:52:36 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.17 10:29:53 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.17 16:43:57 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://de.search.yahoo.com?type=198484&fr=spigot-yhp-ch CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma\3.5.0.0_0\ CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_0\ CHR - Extension: No name found = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2013.04.11 13:58:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (no name) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - No CLSID value found. O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2022158356-3574416758-3875192920-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2022158356-3574416758-3875192920-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2022158356-3574416758-3875192920-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2022158356-3574416758-3875192920-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.179.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F61A4B0-00F1-47C4-868D-92B6D131DD36}: DhcpNameServer = 192.168.179.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7D1E8AA-12B5-48BD-90EE-F26F2982CFC9}: NameServer = 217.237.147.17 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.11 13:58:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.04.11 13:47:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.04.11 13:47:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.04.11 13:47:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.04.11 13:47:13 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.11 13:47:04 | 000,000,000 | R--D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp [2013.04.11 13:47:04 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [2013.04.11 13:46:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.04.11 13:35:14 | 005,050,592 | R--- | C] (Swearware) -- C:\Users\Martin\Desktop\ComboFix.exe [2013.04.09 18:27:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.04.09 18:26:40 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Martin\Desktop\esetsmartinstaller_enu.exe [2013.04.09 18:04:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\stinger64-epo [2013.04.08 22:39:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.04.08 22:39:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.04.08 17:56:34 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2013.04.08 16:02:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Bright eyes [2013.04.08 15:27:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\SciLor's Grooveshark.com Downloader [2013.04.08 14:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.04.03 03:38:53 | 000,000,000 | ---D | C] -- C:\Stinger_Quarantine [2013.04.03 03:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\stinger [2013.04.02 22:51:33 | 030,261,464 | ---- | C] (Baidu, Inc.) -- C:\Users\Martin\Desktop\PC_Faster_Setup.exe [2013.03.20 01:08:34 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Viren [2013.03.20 00:13:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe [2013.03.19 19:46:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2013.03.19 19:45:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware [2013.03.19 19:45:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\Anti-Malware [2013.03.19 17:51:58 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Malwarebytes [2013.03.19 17:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.19 17:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.19 17:51:26 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.19 17:51:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.19 17:51:03 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Programs [2013.03.17 10:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013.03.16 10:41:36 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Klassenfahrt [2013.03.14 18:16:40 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\RS-Übungen [2013.03.12 20:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.03.12 20:06:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013.03.12 20:06:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [3 C:\Users\Martin\Desktop\*.tmp files -> C:\Users\Martin\Desktop\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.11 15:28:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.11 15:22:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.11 14:13:30 | 000,016,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.11 14:13:30 | 000,016,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.11 14:11:40 | 000,623,288 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.11 14:11:40 | 000,109,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.11 14:11:39 | 001,521,082 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.11 14:11:39 | 000,662,748 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.11 14:11:39 | 000,133,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.11 14:06:21 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.11 14:06:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.11 14:05:59 | 3220,672,512 | -HS- | M] () -- C:\hiberfil.sys [2013.04.11 13:58:03 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.04.11 13:35:34 | 005,050,592 | R--- | M] (Swearware) -- C:\Users\Martin\Desktop\ComboFix.exe [2013.04.10 04:16:34 | 000,290,810 | ---- | M] () -- C:\Users\Martin\Desktop\2008 Teil A.pdf [2013.04.10 04:13:41 | 000,297,969 | ---- | M] () -- C:\Users\Martin\Desktop\2007 Teil A Loesung.pdf [2013.04.10 04:13:23 | 000,429,222 | ---- | M] () -- C:\Users\Martin\Desktop\2007 TeilA.pdf [2013.04.09 21:46:30 | 000,000,163 | ---- | M] () -- C:\Users\Martin\Desktop\Prozente.url [2013.04.09 20:50:49 | 001,656,560 | ---- | M] () -- C:\Users\Martin\Desktop\2011 teil a loesung.pdf [2013.04.09 20:45:43 | 000,619,727 | ---- | M] () -- C:\Users\Martin\Desktop\2011 teil a aufgabe.pdf [2013.04.09 20:03:49 | 000,000,020 | ---- | M] () -- C:\Users\Martin\defogger_reenable [2013.04.09 19:32:02 | 000,050,477 | ---- | M] () -- C:\Users\Martin\Desktop\Defogger.exe [2013.04.09 18:26:41 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Martin\Desktop\esetsmartinstaller_enu.exe [2013.04.08 20:13:54 | 000,023,552 | ---- | M] () -- C:\Users\Martin\AppData\Local\WebpageIcons.db [2013.04.03 04:02:11 | 000,000,112 | RH-- | M] () -- C:\Users\Martin\Desktop\Stinger.opt [2013.04.03 03:57:44 | 000,000,642 | ---- | M] () -- C:\Users\Martin\Desktop\Stinger_03042013_033853.html [2013.04.02 22:54:48 | 000,941,570 | ---- | M] () -- C:\Users\Martin\Desktop\ShouldIRemoveIt_Setup104.zip [2013.04.02 22:51:55 | 030,261,464 | ---- | M] (Baidu, Inc.) -- C:\Users\Martin\Desktop\PC_Faster_Setup.exe [2013.03.20 00:13:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe [2013.03.18 21:26:05 | 000,058,910 | ---- | M] () -- C:\Users\Martin\Desktop\HM_AU003.pdf [2013.03.17 10:41:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [3 C:\Users\Martin\Desktop\*.tmp files -> C:\Users\Martin\Desktop\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.11 13:47:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.04.11 13:47:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.04.11 13:47:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.04.11 13:47:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.04.11 13:47:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.10 04:16:33 | 000,290,810 | ---- | C] () -- C:\Users\Martin\Desktop\2008 Teil A.pdf [2013.04.10 04:13:40 | 000,297,969 | ---- | C] () -- C:\Users\Martin\Desktop\2007 Teil A Loesung.pdf [2013.04.10 04:13:22 | 000,429,222 | ---- | C] () -- C:\Users\Martin\Desktop\2007 TeilA.pdf [2013.04.09 21:45:54 | 000,000,163 | ---- | C] () -- C:\Users\Martin\Desktop\Prozente.url [2013.04.09 20:50:46 | 001,656,560 | ---- | C] () -- C:\Users\Martin\Desktop\2011 teil a loesung.pdf [2013.04.09 20:45:43 | 000,619,727 | ---- | C] () -- C:\Users\Martin\Desktop\2011 teil a aufgabe.pdf [2013.04.09 20:03:49 | 000,000,020 | ---- | C] () -- C:\Users\Martin\defogger_reenable [2013.04.09 19:31:59 | 000,050,477 | ---- | C] () -- C:\Users\Martin\Desktop\Defogger.exe [2013.04.03 04:02:11 | 000,000,112 | RH-- | C] () -- C:\Users\Martin\Desktop\Stinger.opt [2013.04.03 03:38:53 | 000,000,642 | ---- | C] () -- C:\Users\Martin\Desktop\Stinger_03042013_033853.html [2013.04.02 22:54:47 | 000,941,570 | ---- | C] () -- C:\Users\Martin\Desktop\ShouldIRemoveIt_Setup104.zip [2013.03.18 21:26:03 | 000,058,910 | ---- | C] () -- C:\Users\Martin\Desktop\HM_AU003.pdf [2013.03.12 20:06:44 | 000,002,563 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.01.31 13:47:15 | 000,663,552 | ---- | C] () -- C:\Windows\SysWow64\Tx12.dll [2013.01.31 13:47:15 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx12_ic.ini [2012.10.29 13:09:28 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.10.29 13:09:28 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.10.29 13:09:28 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.10.29 13:09:28 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.10.29 13:09:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.03.05 23:12:25 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2011.11.08 13:10:13 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.05.31 16:43:21 | 000,000,070 | ---- | C] () -- C:\Windows\sbwin.ini [2011.01.08 16:35:23 | 000,007,669 | ---- | C] () -- C:\Users\Martin\AppData\Local\resmon.resmoncfg [2010.07.05 23:47:03 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc [2010.02.24 00:41:41 | 000,023,552 | ---- | C] () -- C:\Users\Martin\AppData\Local\WebpageIcons.db [2010.01.03 18:27:30 | 000,009,216 | ---- | C] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.18 13:06:27 | 000,000,045 | ---- | C] () -- C:\Users\Martin\.edu.xtec.properties ========== ZeroAccess Check ========== [2012.11.10 00:09:20 | 000,000,596 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\fj2i3llh.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.01.04 14:41:14 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.01.04 14:41:14 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.05.17 20:55:17 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\COMPUTERBILD-Abzockschutz [2010.07.08 08:22:07 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Canneverbe Limited [2010.12.26 15:28:05 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Codemasters [2009.12.06 01:45:48 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\COMPUTERBILD-Abzockschutz [2010.04.15 22:22:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\concept design [2010.06.06 12:31:09 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DAEMON Tools Lite [2009.12.22 18:23:21 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DAEMON Tools Pro [2012.12.16 12:38:31 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Dropbox [2010.09.16 21:54:52 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\FlashGet [2010.10.05 20:05:50 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\GlarySoft [2010.02.14 18:58:12 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Inventivio [2012.12.16 01:00:36 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\IObit [2010.09.13 18:43:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\mp3DirectCut [2009.12.06 01:46:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\OpenOffice.org [2011.12.19 21:41:32 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Opera [2010.06.02 22:48:19 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PixelPlanet [2010.03.13 11:38:54 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PlotSoft LLC [2012.12.16 18:56:03 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Samsung [2010.09.13 18:43:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Soluto [2010.02.14 19:00:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Speak-A-Message [2010.09.29 08:42:23 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\SPlayer [2011.11.09 09:21:37 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Synaptics [2009.12.08 21:31:03 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Thunderbird [2011.08.14 15:57:38 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Unified Remote ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:CB0AACC9 < End of report > |
|
11.04.2013, 18:58
| #9 |
| /// TB-Ausbilder | Mail-Anhang geöffnet seitdem Schadsoftware o.ä. auf dem Laptop Hi, wie läuft der Rechner jetzt?  Hinweis: Mehrere AV-HintergrundwächterMir ist aufgefallen, dass du mehr als ein Antivirus-Programm mit Hintergrundwächter laufen hast:
Entscheide dich für eines dieser Programme und deinstalliere die anderen über Start -> Systemsteuerung -> Programme und Funktionen (Vista & Win 7) bzw. Start -> Systemsteuerung -> Software (Win XP). Schritt 1
Code:
ATTFilter :OTL
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:CB0AACC9
:commands
[emptytemp]
Schritt 2
Schritt 3 Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
Schritt 4 Downloade dir bitte SecurityCheck (Link 2).
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
11.04.2013, 20:14
| #10 |
| | Mail-Anhang geöffnet seitdem Schadsoftware o.ä. auf dem Laptop Hallo Leo, danke für deine aufwändigen Bemühungen!! Ich schau mal, dass ich das alles hinkrieg, vllt dauert es ein bisschen. Der Rechner läuft ohne Fehlermeldungen und gefühlt auch flotter. Code:
ATTFilter All processes killed
========== OTL ==========
ADS C:\ProgramData\Temp:CB0AACC9 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
User: Martin
->Temp folder emptied: 873813 bytes
->Temporary Internet Files folder emptied: 25656406 bytes
->Java cache emptied: 16160993 bytes
->FireFox cache emptied: 218655781 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1369 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5924 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85163 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytes
RecycleBin emptied: 331830 bytes
Total Files Cleaned = 250,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04112013_214401
Files\Folders moved on Reboot...
C:\Users\Martin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.11.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Martin :: MARTIN-PC [Administrator] 11.04.2013 21:55:11 mbam-log-2013-04-11 (21-55-11).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 242674 Laufzeit: 5 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Geändert von Dixiland (11.04.2013 um 21:05 Uhr) |
|
12.04.2013, 00:39
| #11 |
| /// TB-Ausbilder | Mail-Anhang geöffnet seitdem Schadsoftware o.ä. auf dem Laptop Sieht bis hierhin schon mal gut aus. Fehlen nur noch ESET und SecurityCheck.
__________________ cheers, Leo |
|
12.04.2013, 20:12
| #12 |
| | Mail-Anhang geöffnet seitdem Schadsoftware o.ä. auf dem Laptop Hi Leo, also der eset hat nichts gefunden und hier ist der check Code:
ATTFilter Results of screen317's Security Check version 0.99.62 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` avast! Internet Security Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 17 Adobe Flash Player 11.6.602.180 Mozilla Firefox 19.0.2 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
12.04.2013, 20:49
| #13 |
| /// TB-Ausbilder | Mail-Anhang geöffnet seitdem Schadsoftware o.ä. auf dem Laptop Hi, das sieht wieder besser aus. Noch Updates und dann räumen wir auf. Schritt 1 Dein Firefox ist nicht mehr aktuell. Starte deinen Firefox als Administrator, klicke Hilfe --> Über Firefox und führe das angebotene Update durch. Wiederhole diesen Schritt, bis Firefox als aktuell angezeigt wird. Schritt 2 Dein Flashplayer ist veraltet. Installiere folgendermassen die aktuelle Version:
Überprüfe dann mit diesem Plugin-Check, ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls. Cleanup Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus.  Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts Aktualität von System und SoftwareDas Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. 
__________________ cheers, Leo |
|
13.04.2013, 04:34
| #14 |
| | Mail-Anhang geöffnet seitdem Schadsoftware o.ä. auf dem Laptop Hi Leo, ich hab alles soweit durchgeführt, allerdings lassen sich die windows updates nicht installieren. es kommt "windows update fehlgeschlagen, 34 wichtige updates nicht installiert, fehler code 80246008". Hast du da eine Lösung? Der secunia check meldet das auch. |
|
13.04.2013, 12:06
| #15 |
| /// TB-Ausbilder | Mail-Anhang geöffnet seitdem Schadsoftware o.ä. auf dem Laptop
__________________ cheers, Leo |
|
| Themen zu Mail-Anhang geöffnet seitdem Schadsoftware o.ä. auf dem Laptop |
| avast, bedrohung, checkliste, eurer, hoffe, laptop, mail-anhang, rechnung, schadsoftware, schädling, seitdem, vorgehen, win, win32, woche, wochen, zip-datei |
Textbox.
Linear-Darstellung
