| |
| |||||||
Log-Analyse und Auswertung: Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.04.2013, 17:11
| #1 |
 |  Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) Hallo, da ich hier schon einmal gute Erfahrungen gemacht habe wende ich mich mit meinen Problem erneut an euch. Das Problem beschreibt der Threadtitel ganz gut, Firefox öffnet random besagten Tab, manchmal tagelang garnicht und dann innerhalb weniger Stunden 3-4 mal. Da mir das ganze dann doch zu unegheuer wurde wollte ich nun etwas dagegen unternehmen. OTL und GMER Logs habe ich schon gesammelt, nur leider weiß ich nicht mehr wie man diese in die, für euch praktische, kleine Zusammenfassung zum scrollen packt und ich finde einfach nirgends wie man das macht. (wahrscheinlich überseh ich es einfach kompeltt, ich habe gesucht!!). Für eine erneute Anleitung wäre ich euch überaus dankbar.  Nun denn, ich hoffe auf gute Zusammenarbeit.  Edit: Oh man, bin ich wirklich im falschen Thread gelandet, Ich bitte vielmals um Verzeihung und um Verschieben ... Danke! Geändert von Supreme12 (20.04.2013 um 17:17 Uhr) |
|
20.04.2013, 18:31
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) Hallo und
__________________  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
21.04.2013, 07:34
| #3 |
| | Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) Guten Morgen
__________________ Danke für die Antwort, hier die Logs: OTL: Code:
ATTFilter OTL logfile created on: 20.04.2013 17:18:42 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BAUDI\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,37 Gb Available Physical Memory | 79,69% Memory free 16,00 Gb Paging File | 14,29 Gb Available in Paging File | 89,36% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 697,34 Gb Free Space | 74,87% Space Free | Partition Type: NTFS Drive D: | 1,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 6,71 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: BAUDI-PC | User Name: BAUDI | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.20 17:10:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BAUDI\Desktop\OTL.exe PRC - [2012.12.18 15:09:54 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.10.29 15:03:54 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe PRC - [2012.08.30 21:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.08.30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.01.19 04:31:26 | 000,072,304 | R--- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe PRC - [2009.11.20 13:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.06.04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe ========== Modules (No Company Name) ========== MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.04.12 01:58:10 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.13 19:49:56 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 15:09:54 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.11.09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.29 15:03:54 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2012.10.25 03:01:23 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.08.30 21:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.08.30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.07.17 16:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.19 04:31:26 | 000,072,304 | R--- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.29 15:04:30 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.07.03 17:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2010.03.04 15:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.01.27 10:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009.11.20 13:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.11.20 13:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 47 88 7C AE A0 38 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039 FF - prefs.js..extensions.enabledAddons: extension%40hidemyass.com:1.2.7 FF - prefs.js..extensions.enabledAddons: %7B25A1388B-6B18-46c3-BEBA-A81915D0DE8F%7D:1.7.8.5 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.29 15:04:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.10.29 15:04:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.29 15:04:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 01:58:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.14 19:02:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BAUDI\AppData\Roaming\mozilla\Extensions [2013.04.08 10:36:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BAUDI\AppData\Roaming\mozilla\Firefox\Profiles\6x3m62k1.default\extensions [2013.04.08 10:36:22 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\BAUDI\AppData\Roaming\mozilla\Firefox\Profiles\6x3m62k1.default\extensions\ich@maltegoetz.de [2012.09.15 17:53:27 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\BAUDI\AppData\Roaming\mozilla\firefox\profiles\6x3m62k1.default\extensions\DivXWebPlayer@divx.com.xpi [2013.01.13 10:45:10 | 000,053,803 | ---- | M] () (No name found) -- C:\Users\BAUDI\AppData\Roaming\mozilla\firefox\profiles\6x3m62k1.default\extensions\extension@hidemyass.com.xpi [2013.03.04 16:05:52 | 000,504,298 | ---- | M] () (No name found) -- C:\Users\BAUDI\AppData\Roaming\mozilla\firefox\profiles\6x3m62k1.default\extensions\{25A1388B-6B18-46c3-BEBA-A81915D0DE8F}.xpi [2013.02.14 16:12:40 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\BAUDI\AppData\Roaming\mozilla\firefox\profiles\6x3m62k1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.12 01:58:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.12 01:58:10 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 03:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.20 05:13:28 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.117.1.25 89.16.129.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E8CC5E4-0DBB-45A4-8952-163938700E31}: DhcpNameServer = 62.117.1.25 89.16.129.25 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.01.19 08:56:08 | 008,382,272 | R--- | M] (Electronic Arts, Inc.) - D:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2013.02.01 01:51:38 | 000,000,000 | R--D | M] - D:\Autorun -- [ UDF ] O32 - AutoRun File - [2013.01.19 08:59:08 | 000,163,254 | R--- | M] () - D:\Autorun.ico -- [ UDF ] O32 - AutoRun File - [2013.02.01 01:51:34 | 000,000,096 | R--- | M] () - D:\autorun.inf -- [ UDF ] O33 - MountPoints2\{0393c884-fe8a-11e1-be61-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0393c884-fe8a-11e1-be61-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe O33 - MountPoints2\{0393c884-fe8a-11e1-be61-806e6f6e6963}\Shell\DirectX\command - "" = E:\soft\directx_Jun2010_redist.exe O33 - MountPoints2\{0393c884-fe8a-11e1-be61-806e6f6e6963}\Shell\Install\command - "" = E:\autorun.exe O33 - MountPoints2\{cc3c0712-fe8c-11e1-b3ff-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{cc3c0712-fe8c-11e1-b3ff-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2013.01.19 08:56:08 | 008,382,272 | R--- | M] (Electronic Arts, Inc.) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.20 17:10:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\BAUDI\Desktop\OTL.exe [2013.04.12 01:58:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.10 08:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache ========== Files - Modified Within 30 Days ========== [2013.04.20 17:17:59 | 000,000,000 | ---- | M] () -- C:\Users\BAUDI\defogger_reenable [2013.04.20 17:10:58 | 000,377,856 | ---- | M] () -- C:\Users\BAUDI\Desktop\gmer_2.1.19163.exe [2013.04.20 17:10:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BAUDI\Desktop\OTL.exe [2013.04.20 17:08:47 | 000,050,477 | ---- | M] () -- C:\Users\BAUDI\Desktop\Defogger.exe [2013.04.20 16:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.20 15:07:54 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.20 15:07:54 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.20 15:05:35 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.20 15:05:35 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.20 15:05:35 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.20 15:05:35 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.20 15:05:35 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.20 15:00:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.20 15:00:36 | 2146,291,711 | -HS- | M] () -- C:\hiberfil.sys [2013.04.15 23:52:30 | 540,846,414 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.04.07 23:38:48 | 000,007,607 | ---- | M] () -- C:\Users\BAUDI\AppData\Local\Resmon.ResmonCfg ========== Files Created - No Company Name ========== [2013.04.20 17:17:59 | 000,000,000 | ---- | C] () -- C:\Users\BAUDI\defogger_reenable [2013.04.20 17:10:58 | 000,377,856 | ---- | C] () -- C:\Users\BAUDI\Desktop\gmer_2.1.19163.exe [2013.04.20 17:08:47 | 000,050,477 | ---- | C] () -- C:\Users\BAUDI\Desktop\Defogger.exe [2013.04.07 23:38:48 | 000,007,607 | ---- | C] () -- C:\Users\BAUDI\AppData\Local\Resmon.ResmonCfg [2012.12.18 14:23:12 | 000,281,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.12.18 14:22:51 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.11.08 07:12:18 | 000,741,889 | ---- | C] () -- C:\Users\BAUDI\C00FIUYA5ANK1336644988195.jpg [2012.11.08 07:12:18 | 000,713,018 | ---- | C] () -- C:\Users\BAUDI\4TE2DY6M0A8J1336644987730.jpg [2012.11.08 07:12:18 | 000,080,767 | ---- | C] () -- C:\Users\BAUDI\385655_361131910612039_855087110_n.jpg [2012.09.14 19:08:51 | 000,017,408 | ---- | C] () -- C:\Users\BAUDI\AppData\Local\WebpageIcons.db [2012.09.14 18:48:26 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe [2012.09.14 18:44:56 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2012.08.30 10:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2009.07.14 03:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.19 16:33:38 | 000,000,000 | ---D | M] -- C:\Users\BAUDI\AppData\Roaming\Amazon [2013.04.20 17:17:37 | 000,000,000 | ---D | M] -- C:\Users\BAUDI\AppData\Roaming\ICQ [2012.09.16 17:51:33 | 000,000,000 | ---D | M] -- C:\Users\BAUDI\AppData\Roaming\LolClient [2013.03.13 14:14:32 | 000,000,000 | ---D | M] -- C:\Users\BAUDI\AppData\Roaming\Origin [2013.04.19 23:08:58 | 000,000,000 | ---D | M] -- C:\Users\BAUDI\AppData\Roaming\TS3Client ========== Purity Check ========== < End of report > Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-20 17:34:51
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 ST1000DM rev.1AJ1 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\BAUDI\AppData\Local\Temp\pgloqpob.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000721b17fa 2 bytes CALL 74e51199 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 00000000721b1860 2 bytes CALL 74e51199 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 00000000721b1942 2 bytes JMP 762fc29f C:\Windows\syswow64\WS2_32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 00000000721b194d 2 bytes JMP 762f418d C:\Windows\syswow64\WS2_32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074b21401 2 bytes JMP 74e6eb26 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074b21419 2 bytes JMP 74e7b513 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074b21431 2 bytes JMP 74ef8609 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074b2144a 2 bytes CALL 74e51dfa C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074b214dd 2 bytes JMP 74ef7efe C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074b214f5 2 bytes JMP 74ef80d8 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074b2150d 2 bytes JMP 74ef7df4 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074b21525 2 bytes JMP 74ef81c2 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074b2153d 2 bytes JMP 74e6f088 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074b21555 2 bytes JMP 74e7b885 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074b2156d 2 bytes JMP 74ef86c1 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074b21585 2 bytes JMP 74ef8222 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074b2159d 2 bytes JMP 74ef7db8 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074b215b5 2 bytes JMP 74e6f121 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074b215cd 2 bytes JMP 74e7b29f C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074b216b2 2 bytes JMP 74ef8584 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074b216bd 2 bytes JMP 74ef7d4d C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074b21401 2 bytes JMP 74e6eb26 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074b21419 2 bytes JMP 74e7b513 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074b21431 2 bytes JMP 74ef8609 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074b2144a 2 bytes CALL 74e51dfa C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074b214dd 2 bytes JMP 74ef7efe C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074b214f5 2 bytes JMP 74ef80d8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074b2150d 2 bytes JMP 74ef7df4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074b21525 2 bytes JMP 74ef81c2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074b2153d 2 bytes JMP 74e6f088 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074b21555 2 bytes JMP 74e7b885 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074b2156d 2 bytes JMP 74ef86c1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074b21585 2 bytes JMP 74ef8222 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074b2159d 2 bytes JMP 74ef7db8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074b215b5 2 bytes JMP 74e6f121 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074b215cd 2 bytes JMP 74e7b29f C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074b216b2 2 bytes JMP 74ef8584 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074b216bd 2 bytes JMP 74ef7d4d C:\Windows\syswow64\kernel32.dll
---- EOF - GMER 2.1 ----
|
|
21.04.2013, 21:59
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088)Zitat:
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.04.2013, 11:14
| #5 |
| | Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) Nunja, da kann man sicherlich drüber streiten ob man das als Privatanwender braucht. Ich hab mir meinen Rechner vor 2 oder 3 Jahren im Internet zusammen gestellt (keine Ahnung ob ich hier externe Links posten darf, kann ich gerne auf Anfrage nachholen). Der Preisunterschied war nicht besonders signifikant daher habe ich mich damals für Ultimate entschieden. |
|
22.04.2013, 13:27
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) Ok, danke für die Erklärung Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) |
|
22.04.2013, 14:53
| #7 |
| | Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) Vielen Dank für die Antwort ! Hier die Logs: MBAR hatte nichts gefunden daher habe ich auf einen reboot verzichtet. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.04.22.04
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
BAUDI :: BAUDI-PC [administrator]
22.04.2013 15:23:36
mbar-log-2013-04-22 (15-23-36).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28437
Time elapsed: 5 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-22 15:40:43
-----------------------------
15:40:43.133 OS Version: Windows x64 6.1.7600
15:40:43.133 Number of processors: 8 586 0x1A05
15:40:43.133 ComputerName: BAUDI-PC UserName: BAUDI
15:40:45.427 Initialize success
15:40:59.253 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
15:40:59.253 Disk 0 Vendor: ST1000DM 1AJ1 Size: 953869MB BusType: 3
15:40:59.393 Disk 0 MBR read successfully
15:40:59.393 Disk 0 MBR scan
15:40:59.393 Disk 0 Windows 7 default MBR code
15:40:59.409 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:40:59.409 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
15:40:59.456 Disk 0 scanning C:\Windows\system32\drivers
15:41:03.761 Service scanning
15:41:06.975 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
15:41:06.991 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
15:41:07.053 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
15:41:07.069 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
15:41:13.137 Modules scanning
15:41:13.137 Disk 0 trace - called modules:
15:41:13.153 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:41:13.168 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008454060]
15:41:13.168 3 CLASSPNP.SYS[fffff8800205143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8007575050]
15:41:13.168 Scan finished successfully
15:41:23.605 Disk 0 MBR has been saved successfully to "C:\Users\BAUDI\Desktop\MBR.dat"
15:41:23.605 The log file has been saved successfully to "C:\Users\BAUDI\Desktop\aswMBR.txt"
 Code:
ATTFilter 15:43:31.0729 7400 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:43:31.0807 7400 ============================================================
15:43:31.0807 7400 Current date / time: 2013/04/22 15:43:31.0807
15:43:31.0807 7400 SystemInfo:
15:43:31.0807 7400
15:43:31.0807 7400 OS Version: 6.1.7600 ServicePack: 0.0
15:43:31.0807 7400 Product type: Workstation
15:43:31.0807 7400 ComputerName: BAUDI-PC
15:43:31.0807 7400 UserName: BAUDI
15:43:31.0807 7400 Windows directory: C:\Windows
15:43:31.0807 7400 System windows directory: C:\Windows
15:43:31.0807 7400 Running under WOW64
15:43:31.0807 7400 Processor architecture: Intel x64
15:43:31.0807 7400 Number of processors: 8
15:43:31.0807 7400 Page size: 0x1000
15:43:31.0807 7400 Boot type: Normal boot
15:43:31.0807 7400 ============================================================
15:43:32.0072 7400 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x700FC, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
15:43:32.0088 7400 ============================================================
15:43:32.0088 7400 \Device\Harddisk0\DR0:
15:43:32.0088 7400 MBR partitions:
15:43:32.0088 7400 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:43:32.0088 7400 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
15:43:32.0088 7400 ============================================================
15:43:32.0119 7400 C: <-> \Device\Harddisk0\DR0\Partition2
15:43:32.0119 7400 ============================================================
15:43:32.0119 7400 Initialize success
15:43:32.0119 7400 ============================================================
15:43:43.0382 1180 ============================================================
15:43:43.0382 1180 Scan started
15:43:43.0382 1180 Mode: Manual; SigCheck; TDLFS;
15:43:43.0382 1180 ============================================================
15:43:43.0647 1180 ================ Scan system memory ========================
15:43:43.0647 1180 System memory - ok
15:43:43.0647 1180 ================ Scan services =============================
15:43:43.0772 1180 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
15:43:43.0866 1180 1394ohci - ok
15:43:43.0881 1180 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
15:43:43.0897 1180 ACPI - ok
15:43:43.0928 1180 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
15:43:43.0991 1180 AcpiPmi - ok
15:43:44.0115 1180 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:43:44.0147 1180 AdobeFlashPlayerUpdateSvc ( UnsignedFile.Multi.Generic ) - warning
15:43:44.0147 1180 AdobeFlashPlayerUpdateSvc - detected UnsignedFile.Multi.Generic (1)
15:43:44.0178 1180 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:43:44.0193 1180 adp94xx - ok
15:43:44.0240 1180 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:43:44.0256 1180 adpahci - ok
15:43:44.0271 1180 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:43:44.0287 1180 adpu320 - ok
15:43:44.0318 1180 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:43:44.0490 1180 AeLookupSvc - ok
15:43:44.0537 1180 [ B9384E03479D2506BC924C16A3DB87BC ] AFD C:\Windows\system32\drivers\afd.sys
15:43:44.0615 1180 AFD - ok
15:43:44.0630 1180 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
15:43:44.0630 1180 agp440 - ok
15:43:44.0646 1180 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:43:44.0755 1180 ALG - ok
15:43:44.0786 1180 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
15:43:44.0786 1180 aliide - ok
15:43:44.0817 1180 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
15:43:44.0817 1180 amdide - ok
15:43:44.0849 1180 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:43:44.0911 1180 AmdK8 - ok
15:43:44.0942 1180 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:43:44.0942 1180 AmdPPM - ok
15:43:44.0989 1180 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
15:43:45.0005 1180 amdsata - ok
15:43:45.0067 1180 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:43:45.0083 1180 amdsbs - ok
15:43:45.0098 1180 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
15:43:45.0114 1180 amdxata - ok
15:43:45.0129 1180 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
15:43:45.0223 1180 AppID - ok
15:43:45.0254 1180 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:43:45.0301 1180 AppIDSvc - ok
15:43:45.0332 1180 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
15:43:45.0395 1180 Appinfo - ok
15:43:45.0488 1180 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
15:43:45.0504 1180 AppMgmt - ok
15:43:45.0519 1180 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:43:45.0535 1180 arc - ok
15:43:45.0566 1180 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:43:45.0582 1180 arcsas - ok
15:43:45.0597 1180 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:43:45.0644 1180 AsyncMac - ok
15:43:45.0675 1180 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
15:43:45.0675 1180 atapi - ok
15:43:45.0691 1180 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:43:45.0753 1180 AudioEndpointBuilder - ok
15:43:45.0753 1180 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:43:45.0785 1180 AudioSrv - ok
15:43:45.0878 1180 [ 6C9D5BADC8F83D410A278717C2EEA6F6 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
15:43:45.0909 1180 AVP - ok
15:43:45.0941 1180 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:43:45.0987 1180 AxInstSV - ok
15:43:46.0065 1180 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:43:46.0112 1180 b06bdrv - ok
15:43:46.0128 1180 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:43:46.0159 1180 b57nd60a - ok
15:43:46.0190 1180 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:43:46.0237 1180 BDESVC - ok
15:43:46.0253 1180 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:43:46.0299 1180 Beep - ok
15:43:46.0346 1180 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
15:43:46.0393 1180 BFE - ok
15:43:46.0424 1180 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
15:43:46.0487 1180 BITS - ok
15:43:46.0502 1180 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:43:46.0533 1180 blbdrive - ok
15:43:46.0549 1180 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:43:46.0596 1180 bowser - ok
15:43:46.0596 1180 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:43:46.0627 1180 BrFiltLo - ok
15:43:46.0658 1180 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:43:46.0674 1180 BrFiltUp - ok
15:43:46.0689 1180 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
15:43:46.0767 1180 Browser - ok
15:43:46.0799 1180 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:43:46.0814 1180 Brserid - ok
15:43:46.0814 1180 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:43:46.0861 1180 BrSerWdm - ok
15:43:46.0877 1180 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:43:46.0892 1180 BrUsbMdm - ok
15:43:46.0908 1180 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:43:46.0908 1180 BrUsbSer - ok
15:43:46.0939 1180 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:43:47.0017 1180 BTHMODEM - ok
15:43:47.0033 1180 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:43:47.0079 1180 bthserv - ok
15:43:47.0095 1180 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:43:47.0126 1180 cdfs - ok
15:43:47.0142 1180 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:43:47.0142 1180 cdrom - ok
15:43:47.0157 1180 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
15:43:47.0189 1180 CertPropSvc - ok
15:43:47.0204 1180 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:43:47.0235 1180 circlass - ok
15:43:47.0267 1180 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:43:47.0282 1180 CLFS - ok
15:43:47.0345 1180 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:43:47.0360 1180 clr_optimization_v2.0.50727_32 - ok
15:43:47.0407 1180 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:43:47.0423 1180 clr_optimization_v2.0.50727_64 - ok
15:43:47.0485 1180 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:43:47.0485 1180 clr_optimization_v4.0.30319_32 - ok
15:43:47.0547 1180 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:43:47.0547 1180 clr_optimization_v4.0.30319_64 - ok
15:43:47.0563 1180 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:43:47.0594 1180 CmBatt - ok
15:43:47.0610 1180 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
15:43:47.0625 1180 cmdide - ok
15:43:47.0641 1180 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys
15:43:47.0672 1180 CNG - ok
15:43:47.0688 1180 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:43:47.0688 1180 Compbatt - ok
15:43:47.0703 1180 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:43:47.0719 1180 CompositeBus - ok
15:43:47.0719 1180 COMSysApp - ok
15:43:47.0797 1180 cpuz132 - ok
15:43:47.0813 1180 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:43:47.0813 1180 crcdisk - ok
15:43:47.0875 1180 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:43:47.0922 1180 CryptSvc - ok
15:43:47.0969 1180 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
15:43:47.0984 1180 CSC - ok
15:43:48.0015 1180 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
15:43:48.0047 1180 CscService - ok
15:43:48.0093 1180 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:43:48.0171 1180 DcomLaunch - ok
15:43:48.0187 1180 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:43:48.0249 1180 defragsvc - ok
15:43:48.0281 1180 [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:43:48.0296 1180 DfsC - ok
15:43:48.0312 1180 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
15:43:48.0452 1180 Dhcp - ok
15:43:48.0468 1180 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:43:48.0561 1180 discache - ok
15:43:48.0593 1180 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:43:48.0593 1180 Disk - ok
15:43:48.0624 1180 [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:43:48.0671 1180 Dnscache - ok
15:43:48.0686 1180 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
15:43:48.0702 1180 dot3svc - ok
15:43:48.0717 1180 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
15:43:48.0733 1180 DPS - ok
15:43:48.0795 1180 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:43:48.0811 1180 drmkaud - ok
15:43:48.0858 1180 [ 7CB7D2B73813CE05C7BC0F5F95D27CEC ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:43:48.0905 1180 DXGKrnl - ok
15:43:48.0936 1180 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:43:48.0967 1180 EapHost - ok
15:43:49.0014 1180 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:43:49.0061 1180 ebdrv - ok
15:43:49.0092 1180 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
15:43:49.0123 1180 EFS - ok
15:43:49.0201 1180 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:43:49.0248 1180 ehRecvr - ok
15:43:49.0263 1180 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:43:49.0295 1180 ehSched - ok
15:43:49.0326 1180 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:43:49.0341 1180 elxstor - ok
15:43:49.0373 1180 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
15:43:49.0404 1180 ErrDev - ok
15:43:49.0466 1180 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:43:49.0513 1180 EventSystem - ok
15:43:49.0513 1180 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:43:49.0544 1180 exfat - ok
15:43:49.0622 1180 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:43:49.0685 1180 fastfat - ok
15:43:49.0747 1180 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
15:43:49.0794 1180 Fax - ok
15:43:49.0809 1180 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:43:49.0841 1180 fdc - ok
15:43:49.0872 1180 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:43:49.0919 1180 fdPHost - ok
15:43:49.0934 1180 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:43:49.0950 1180 FDResPub - ok
15:43:49.0965 1180 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:43:49.0965 1180 FileInfo - ok
15:43:49.0981 1180 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:43:49.0997 1180 Filetrace - ok
15:43:49.0997 1180 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:43:50.0012 1180 flpydisk - ok
15:43:50.0028 1180 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:43:50.0043 1180 FltMgr - ok
15:43:50.0059 1180 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
15:43:50.0090 1180 FontCache - ok
15:43:50.0121 1180 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:43:50.0137 1180 FontCache3.0.0.0 - ok
15:43:50.0153 1180 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:43:50.0153 1180 FsDepends - ok
15:43:50.0168 1180 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:43:50.0168 1180 Fs_Rec - ok
15:43:50.0184 1180 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:43:50.0199 1180 fvevol - ok
15:43:50.0215 1180 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:43:50.0231 1180 gagp30kx - ok
15:43:50.0231 1180 gdrv - ok
15:43:50.0246 1180 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
15:43:50.0293 1180 gpsvc - ok
15:43:50.0309 1180 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:43:50.0355 1180 hcw85cir - ok
15:43:50.0387 1180 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:43:50.0402 1180 HdAudAddService - ok
15:43:50.0418 1180 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:43:50.0449 1180 HDAudBus - ok
15:43:50.0480 1180 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:43:50.0480 1180 HidBatt - ok
15:43:50.0496 1180 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:43:50.0527 1180 HidBth - ok
15:43:50.0543 1180 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:43:50.0574 1180 HidIr - ok
15:43:50.0589 1180 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:43:50.0621 1180 hidserv - ok
15:43:50.0652 1180 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:43:50.0652 1180 HidUsb - ok
15:43:50.0683 1180 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:43:50.0714 1180 hkmsvc - ok
15:43:50.0745 1180 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:43:50.0761 1180 HomeGroupListener - ok
15:43:50.0792 1180 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:43:50.0823 1180 HomeGroupProvider - ok
15:43:50.0855 1180 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
15:43:50.0855 1180 HpSAMD - ok
15:43:50.0886 1180 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:43:50.0933 1180 HTTP - ok
15:43:50.0933 1180 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:43:50.0933 1180 hwpolicy - ok
15:43:50.0964 1180 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:43:50.0964 1180 i8042prt - ok
15:43:51.0026 1180 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:43:51.0042 1180 IAANTMON - ok
15:43:51.0073 1180 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:43:51.0073 1180 iaStor - ok
15:43:51.0104 1180 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
15:43:51.0120 1180 iaStorV - ok
15:43:51.0135 1180 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:43:51.0151 1180 idsvc - ok
15:43:51.0167 1180 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:43:51.0167 1180 iirsp - ok
15:43:51.0198 1180 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
15:43:51.0229 1180 IKEEXT - ok
15:43:51.0323 1180 [ 163F94EBF8F8A98616A6B804AF08D736 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:43:51.0369 1180 IntcAzAudAddService - ok
15:43:51.0369 1180 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
15:43:51.0385 1180 intelide - ok
15:43:51.0401 1180 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:43:51.0432 1180 intelppm - ok
15:43:51.0463 1180 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:43:51.0525 1180 IPBusEnum - ok
15:43:51.0541 1180 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:43:51.0557 1180 IpFilterDriver - ok
15:43:51.0572 1180 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:43:51.0603 1180 iphlpsvc - ok
15:43:51.0619 1180 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:43:51.0635 1180 IPMIDRV - ok
15:43:51.0650 1180 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:43:51.0713 1180 IPNAT - ok
15:43:51.0728 1180 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:43:51.0744 1180 IRENUM - ok
15:43:51.0759 1180 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
15:43:51.0759 1180 isapnp - ok
15:43:51.0775 1180 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:43:51.0791 1180 iScsiPrt - ok
15:43:51.0853 1180 [ F3A41EC4C6506E76E07A219B3A1DF8D2 ] JMB36X C:\Windows\SysWOW64\XSrvSetup.exe
15:43:51.0853 1180 JMB36X - ok
15:43:51.0900 1180 [ 1C368C1A2733DCC5B8E15420AA2B0F6D ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
15:43:51.0900 1180 JRAID - ok
15:43:51.0915 1180 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:43:51.0931 1180 kbdclass - ok
15:43:51.0947 1180 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:43:51.0993 1180 kbdhid - ok
15:43:52.0025 1180 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
15:43:52.0040 1180 KeyIso - ok
15:43:52.0071 1180 [ E656FE10D6D27794AFA08136685A69E8 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
15:43:52.0087 1180 KL1 - ok
15:43:52.0087 1180 [ D865DD8B0448E3F963D68C04C532858F ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
15:43:52.0103 1180 kl2 - ok
15:43:52.0149 1180 [ 8490798365236B6C8E54DEDD27A42D07 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
15:43:52.0165 1180 KLIF - ok
15:43:52.0181 1180 [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
15:43:52.0181 1180 KLIM6 - ok
15:43:52.0196 1180 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
15:43:52.0196 1180 klmouflt - ok
15:43:52.0212 1180 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:43:52.0227 1180 KSecDD - ok
15:43:52.0227 1180 [ BBE1BF6D9B661C354D4857D5FADB943B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:43:52.0227 1180 KSecPkg - ok
15:43:52.0243 1180 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:43:52.0290 1180 ksthunk - ok
15:43:52.0305 1180 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:43:52.0352 1180 KtmRm - ok
15:43:52.0383 1180 [ C926920B8978DE6ACFE9E15C709E9B57 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:43:52.0415 1180 LanmanServer - ok
15:43:52.0430 1180 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:43:52.0461 1180 LanmanWorkstation - ok
15:43:52.0493 1180 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:43:52.0539 1180 lltdio - ok
15:43:52.0555 1180 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:43:52.0586 1180 lltdsvc - ok
15:43:52.0602 1180 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:43:52.0617 1180 lmhosts - ok
15:43:52.0649 1180 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:43:52.0649 1180 LSI_FC - ok
15:43:52.0664 1180 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:43:52.0664 1180 LSI_SAS - ok
15:43:52.0680 1180 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:43:52.0680 1180 LSI_SAS2 - ok
15:43:52.0680 1180 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:43:52.0695 1180 LSI_SCSI - ok
15:43:52.0711 1180 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:43:52.0742 1180 luafv - ok
15:43:52.0773 1180 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:43:52.0805 1180 Mcx2Svc - ok
15:43:52.0820 1180 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:43:52.0836 1180 megasas - ok
15:43:52.0851 1180 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:43:52.0867 1180 MegaSR - ok
15:43:52.0883 1180 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:43:52.0961 1180 MMCSS - ok
15:43:52.0976 1180 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:43:53.0007 1180 Modem - ok
15:43:53.0039 1180 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:43:53.0070 1180 monitor - ok
15:43:53.0085 1180 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:43:53.0101 1180 mouclass - ok
15:43:53.0117 1180 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:43:53.0132 1180 mouhid - ok
15:43:53.0163 1180 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:43:53.0163 1180 mountmgr - ok
15:43:53.0195 1180 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:43:53.0210 1180 MozillaMaintenance - ok
15:43:53.0226 1180 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
15:43:53.0241 1180 mpio - ok
15:43:53.0257 1180 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:43:53.0288 1180 mpsdrv - ok
15:43:53.0319 1180 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:43:53.0366 1180 MpsSvc - ok
15:43:53.0382 1180 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:43:53.0413 1180 MRxDAV - ok
15:43:53.0429 1180 [ CFDCD8CA87C2A657DEBC150AC35B5E08 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:43:53.0491 1180 mrxsmb - ok
15:43:53.0522 1180 [ 1BEE517B220B7F024F411AEC1571DD5A ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:43:53.0538 1180 mrxsmb10 - ok
15:43:53.0553 1180 [ 6B2D5FEF385828B6E485C1C90AFB8195 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:43:53.0585 1180 mrxsmb20 - ok
15:43:53.0585 1180 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
15:43:53.0585 1180 msahci - ok
15:43:53.0600 1180 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
15:43:53.0600 1180 msdsm - ok
15:43:53.0616 1180 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:43:53.0647 1180 MSDTC - ok
15:43:53.0663 1180 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:43:53.0709 1180 Msfs - ok
15:43:53.0709 1180 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:43:53.0741 1180 mshidkmdf - ok
15:43:53.0756 1180 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
15:43:53.0772 1180 msisadrv - ok
15:43:53.0819 1180 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:43:53.0865 1180 MSiSCSI - ok
15:43:53.0865 1180 msiserver - ok
15:43:53.0881 1180 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:43:53.0928 1180 MSKSSRV - ok
15:43:53.0943 1180 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:43:53.0959 1180 MSPCLOCK - ok
15:43:53.0975 1180 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:43:54.0006 1180 MSPQM - ok
15:43:54.0037 1180 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:43:54.0037 1180 MsRPC - ok
15:43:54.0068 1180 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:43:54.0084 1180 mssmbios - ok
15:43:54.0084 1180 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:43:54.0115 1180 MSTEE - ok
15:43:54.0131 1180 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:43:54.0146 1180 MTConfig - ok
15:43:54.0193 1180 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:43:54.0209 1180 Mup - ok
15:43:54.0240 1180 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
15:43:54.0287 1180 napagent - ok
15:43:54.0302 1180 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:43:54.0333 1180 NativeWifiP - ok
15:43:54.0365 1180 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
15:43:54.0396 1180 NDIS - ok
15:43:54.0411 1180 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:43:54.0427 1180 NdisCap - ok
15:43:54.0458 1180 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:43:54.0474 1180 NdisTapi - ok
15:43:54.0474 1180 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:43:54.0567 1180 Ndisuio - ok
15:43:54.0583 1180 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:43:54.0599 1180 NdisWan - ok
15:43:54.0614 1180 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:43:54.0630 1180 NDProxy - ok
15:43:54.0661 1180 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:43:54.0677 1180 NetBIOS - ok
15:43:54.0692 1180 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:43:54.0708 1180 NetBT - ok
15:43:54.0708 1180 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
15:43:54.0723 1180 Netlogon - ok
15:43:54.0786 1180 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:43:54.0848 1180 Netman - ok
15:43:54.0848 1180 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:43:54.0879 1180 netprofm - ok
15:43:54.0895 1180 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:43:54.0911 1180 NetTcpPortSharing - ok
15:43:54.0926 1180 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:43:54.0926 1180 nfrd960 - ok
15:43:54.0957 1180 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:43:55.0004 1180 NlaSvc - ok
15:43:55.0020 1180 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:43:55.0035 1180 Npfs - ok
15:43:55.0051 1180 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:43:55.0067 1180 nsi - ok
15:43:55.0082 1180 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:43:55.0113 1180 nsiproxy - ok
15:43:55.0160 1180 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:43:55.0191 1180 Ntfs - ok
15:43:55.0191 1180 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:43:55.0223 1180 Null - ok
15:43:55.0269 1180 [ 785298579B5F9B4032152DFBB992FDB6 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
15:43:55.0285 1180 nusb3hub - ok
15:43:55.0301 1180 [ DF2750481B4964814467C974F2B0EEF1 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
15:43:55.0316 1180 nusb3xhc - ok
15:43:55.0347 1180 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
15:43:55.0347 1180 NVHDA - ok
15:43:55.0550 1180 [ BF7A24A71E1932200D864BC1CE15E596 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:43:55.0675 1180 nvlddmkm - ok
15:43:55.0691 1180 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
15:43:55.0706 1180 nvraid - ok
15:43:55.0706 1180 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
15:43:55.0722 1180 nvstor - ok
15:43:55.0753 1180 [ 43F91595049DE14C4B61D1E76436164F ] NVSvc C:\Windows\system32\nvvsvc.exe
15:43:55.0753 1180 NVSvc - ok
15:43:55.0815 1180 [ 322B69422836F97B76F4AA59B47507BA ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:43:55.0847 1180 nvUpdatusService - ok
15:43:55.0847 1180 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
15:43:55.0847 1180 nv_agp - ok
15:43:55.0862 1180 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:43:55.0862 1180 ohci1394 - ok
15:43:55.0893 1180 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:43:55.0940 1180 p2pimsvc - ok
15:43:55.0956 1180 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:43:55.0971 1180 p2psvc - ok
15:43:56.0003 1180 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:43:56.0003 1180 Parport - ok
15:43:56.0018 1180 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:43:56.0018 1180 partmgr - ok
15:43:56.0034 1180 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:43:56.0065 1180 PcaSvc - ok
15:43:56.0081 1180 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
15:43:56.0096 1180 pci - ok
15:43:56.0112 1180 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
15:43:56.0127 1180 pciide - ok
15:43:56.0143 1180 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:43:56.0143 1180 pcmcia - ok
15:43:56.0159 1180 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:43:56.0159 1180 pcw - ok
15:43:56.0174 1180 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:43:56.0205 1180 PEAUTH - ok
15:43:56.0237 1180 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:43:56.0283 1180 PeerDistSvc - ok
15:43:56.0346 1180 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:43:56.0377 1180 PerfHost - ok
15:43:56.0408 1180 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
15:43:56.0471 1180 pla - ok
15:43:56.0502 1180 [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:43:56.0549 1180 PlugPlay - ok
15:43:56.0580 1180 PnkBstrA - ok
15:43:56.0595 1180 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:43:56.0611 1180 PNRPAutoReg - ok
15:43:56.0611 1180 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:43:56.0627 1180 PNRPsvc - ok
15:43:56.0658 1180 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:43:56.0720 1180 PolicyAgent - ok
15:43:56.0751 1180 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:43:56.0798 1180 Power - ok
15:43:56.0829 1180 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:43:56.0845 1180 PptpMiniport - ok
15:43:56.0861 1180 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:43:56.0876 1180 Processor - ok
15:43:56.0923 1180 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
15:43:56.0954 1180 ProfSvc - ok
15:43:56.0970 1180 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
15:43:56.0985 1180 ProtectedStorage - ok
15:43:57.0001 1180 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:43:57.0017 1180 Psched - ok
15:43:57.0048 1180 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:43:57.0063 1180 ql2300 - ok
15:43:57.0063 1180 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:43:57.0079 1180 ql40xx - ok
15:43:57.0095 1180 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:43:57.0110 1180 QWAVE - ok
15:43:57.0141 1180 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:43:57.0173 1180 QWAVEdrv - ok
15:43:57.0204 1180 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:43:57.0251 1180 RasAcd - ok
15:43:57.0266 1180 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:43:57.0297 1180 RasAgileVpn - ok
15:43:57.0297 1180 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:43:57.0329 1180 RasAuto - ok
15:43:57.0360 1180 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:43:57.0375 1180 Rasl2tp - ok
15:43:57.0391 1180 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
15:43:57.0438 1180 RasMan - ok
15:43:57.0453 1180 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:43:57.0516 1180 RasPppoe - ok
15:43:57.0531 1180 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:43:57.0594 1180 RasSstp - ok
15:43:57.0625 1180 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:43:57.0641 1180 rdbss - ok
15:43:57.0656 1180 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:43:57.0672 1180 rdpbus - ok
15:43:57.0687 1180 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:43:57.0719 1180 RDPCDD - ok
15:43:57.0734 1180 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:43:57.0750 1180 RDPDR - ok
15:43:57.0765 1180 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:43:57.0828 1180 RDPENCDD - ok
15:43:57.0828 1180 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:43:57.0843 1180 RDPREFMP - ok
15:43:57.0859 1180 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:43:57.0890 1180 RDPWD - ok
15:43:57.0906 1180 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:43:57.0921 1180 rdyboost - ok
15:43:57.0937 1180 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:43:57.0968 1180 RemoteAccess - ok
15:43:57.0999 1180 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:43:58.0015 1180 RemoteRegistry - ok
15:43:58.0031 1180 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:43:58.0046 1180 RpcEptMapper - ok
15:43:58.0062 1180 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:43:58.0077 1180 RpcLocator - ok
15:43:58.0109 1180 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
15:43:58.0140 1180 RpcSs - ok
15:43:58.0155 1180 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:43:58.0187 1180 rspndr - ok
15:43:58.0249 1180 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:43:58.0265 1180 RTL8167 - ok
15:43:58.0280 1180 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
15:43:58.0296 1180 s3cap - ok
15:43:58.0311 1180 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
15:43:58.0327 1180 SamSs - ok
15:43:58.0327 1180 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
15:43:58.0343 1180 sbp2port - ok
15:43:58.0343 1180 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:43:58.0389 1180 SCardSvr - ok
15:43:58.0405 1180 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:43:58.0436 1180 scfilter - ok
15:43:58.0452 1180 [ EC56B171F85C7E855E7B0588AC503EEA ] Schedule C:\Windows\system32\schedsvc.dll
15:43:58.0483 1180 Schedule - ok
15:43:58.0499 1180 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:43:58.0530 1180 SCPolicySvc - ok
15:43:58.0530 1180 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:43:58.0592 1180 SDRSVC - ok
15:43:58.0608 1180 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:43:58.0670 1180 secdrv - ok
15:43:58.0686 1180 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
15:43:58.0717 1180 seclogon - ok
15:43:58.0733 1180 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:43:58.0748 1180 SENS - ok
15:43:58.0764 1180 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:43:58.0826 1180 SensrSvc - ok
15:43:58.0857 1180 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:43:58.0857 1180 Serenum - ok
15:43:58.0889 1180 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:43:58.0920 1180 Serial - ok
15:43:58.0935 1180 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:43:58.0967 1180 sermouse - ok
15:43:58.0998 1180 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
15:43:59.0045 1180 SessionEnv - ok
15:43:59.0060 1180 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
15:43:59.0091 1180 sffdisk - ok
15:43:59.0091 1180 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:43:59.0091 1180 sffp_mmc - ok
15:43:59.0107 1180 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
15:43:59.0123 1180 sffp_sd - ok
15:43:59.0123 1180 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:43:59.0154 1180 sfloppy - ok
15:43:59.0201 1180 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:43:59.0232 1180 SharedAccess - ok
15:43:59.0247 1180 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:43:59.0279 1180 ShellHWDetection - ok
15:43:59.0325 1180 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:43:59.0325 1180 SiSRaid2 - ok
15:43:59.0341 1180 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:43:59.0357 1180 SiSRaid4 - ok
15:43:59.0403 1180 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:43:59.0403 1180 SkypeUpdate - ok
15:43:59.0435 1180 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:43:59.0497 1180 Smb - ok
15:43:59.0513 1180 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:43:59.0528 1180 SNMPTRAP - ok
15:43:59.0622 1180 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys
15:43:59.0637 1180 speedfan - ok
15:43:59.0653 1180 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:43:59.0669 1180 spldr - ok
15:43:59.0684 1180 [ 89E8550C5862999FCF482EA562B0E98E ] Spooler C:\Windows\System32\spoolsv.exe
15:43:59.0700 1180 Spooler - ok
15:43:59.0762 1180 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
15:43:59.0809 1180 sppsvc - ok
15:43:59.0825 1180 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:43:59.0840 1180 sppuinotify - ok
15:43:59.0856 1180 [ EC8F67289105BF270498095F14963464 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:43:59.0887 1180 srv - ok
15:43:59.0903 1180 [ F773D2ED090B7BAA1C1A034F3CA476C8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:43:59.0949 1180 srv2 - ok
15:43:59.0965 1180 [ 26E84D3649019C3244622E654DFCD75B ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:44:00.0027 1180 srvnet - ok
15:44:00.0074 1180 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:44:00.0137 1180 SSDPSRV - ok
15:44:00.0137 1180 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:44:00.0168 1180 SstpSvc - ok
15:44:00.0183 1180 Steam Client Service - ok
15:44:00.0277 1180 [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:44:00.0293 1180 Stereo Service - ok
15:44:00.0324 1180 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:44:00.0324 1180 stexstor - ok
15:44:00.0371 1180 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
15:44:00.0402 1180 stisvc - ok
15:44:00.0417 1180 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
15:44:00.0433 1180 storflt - ok
15:44:00.0433 1180 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
15:44:00.0449 1180 storvsc - ok
15:44:00.0464 1180 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:44:00.0464 1180 swenum - ok
15:44:00.0480 1180 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:44:00.0511 1180 swprv - ok
15:44:00.0542 1180 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
15:44:00.0589 1180 SysMain - ok
15:44:00.0636 1180 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:44:00.0667 1180 TabletInputService - ok
15:44:00.0698 1180 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
15:44:00.0761 1180 TapiSrv - ok
15:44:00.0776 1180 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:44:00.0792 1180 TBS - ok
15:44:00.0823 1180 [ 912107716BAB424C7870E8E6AF5E07E1 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:44:00.0839 1180 Tcpip - ok
15:44:00.0870 1180 [ 912107716BAB424C7870E8E6AF5E07E1 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:44:00.0885 1180 TCPIP6 - ok
15:44:00.0901 1180 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:44:00.0917 1180 tcpipreg - ok
15:44:00.0932 1180 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:44:01.0010 1180 TDPIPE - ok
15:44:01.0010 1180 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:44:01.0041 1180 TDTCP - ok
15:44:01.0057 1180 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:44:01.0135 1180 tdx - ok
15:44:01.0151 1180 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:44:01.0151 1180 TermDD - ok
15:44:01.0166 1180 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
15:44:01.0213 1180 TermService - ok
15:44:01.0229 1180 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:44:01.0260 1180 Themes - ok
15:44:01.0275 1180 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:44:01.0291 1180 THREADORDER - ok
15:44:01.0322 1180 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:44:01.0338 1180 TrkWks - ok
15:44:01.0400 1180 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:44:01.0431 1180 TrustedInstaller - ok
15:44:01.0463 1180 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:44:01.0494 1180 tssecsrv - ok
15:44:01.0525 1180 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:44:01.0572 1180 tunnel - ok
15:44:01.0572 1180 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:44:01.0587 1180 uagp35 - ok
15:44:01.0603 1180 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:44:01.0681 1180 udfs - ok
15:44:01.0697 1180 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:44:01.0728 1180 UI0Detect - ok
15:44:01.0743 1180 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
15:44:01.0759 1180 uliagpkx - ok
15:44:01.0775 1180 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:44:01.0806 1180 umbus - ok
15:44:01.0821 1180 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:44:01.0837 1180 UmPass - ok
15:44:01.0853 1180 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
15:44:01.0868 1180 UmRdpService - ok
15:44:01.0884 1180 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:44:01.0931 1180 upnphost - ok
15:44:01.0962 1180 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:44:02.0009 1180 usbaudio - ok
15:44:02.0024 1180 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:44:02.0102 1180 usbccgp - ok
15:44:02.0118 1180 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
15:44:02.0149 1180 usbcir - ok
15:44:02.0180 1180 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:44:02.0196 1180 usbehci - ok
15:44:02.0211 1180 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:44:02.0243 1180 usbhub - ok
15:44:02.0289 1180 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:44:02.0305 1180 usbohci - ok
15:44:02.0321 1180 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:44:02.0352 1180 usbprint - ok
15:44:02.0367 1180 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:44:02.0383 1180 USBSTOR - ok
15:44:02.0399 1180 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:44:02.0399 1180 usbuhci - ok
15:44:02.0414 1180 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:44:02.0430 1180 UxSms - ok
15:44:02.0445 1180 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
15:44:02.0445 1180 VaultSvc - ok
15:44:02.0461 1180 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
15:44:02.0477 1180 vdrvroot - ok
15:44:02.0492 1180 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
15:44:02.0508 1180 vds - ok
15:44:02.0508 1180 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:44:02.0523 1180 vga - ok
15:44:02.0539 1180 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:44:02.0570 1180 VgaSave - ok
15:44:02.0586 1180 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
15:44:02.0601 1180 vhdmp - ok
15:44:02.0617 1180 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
15:44:02.0617 1180 viaide - ok
15:44:02.0648 1180 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
15:44:02.0648 1180 vmbus - ok
15:44:02.0664 1180 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
15:44:02.0664 1180 VMBusHID - ok
15:44:02.0679 1180 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
15:44:02.0679 1180 volmgr - ok
15:44:02.0711 1180 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:44:02.0711 1180 volmgrx - ok
15:44:02.0757 1180 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
15:44:02.0757 1180 volsnap - ok
15:44:02.0773 1180 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:44:02.0789 1180 vsmraid - ok
15:44:02.0804 1180 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
15:44:02.0835 1180 VSS - ok
15:44:02.0835 1180 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:44:02.0851 1180 vwifibus - ok
15:44:02.0867 1180 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:44:02.0898 1180 W32Time - ok
15:44:02.0913 1180 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:44:02.0929 1180 WacomPen - ok
15:44:02.0991 1180 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:44:03.0038 1180 WANARP - ok
15:44:03.0038 1180 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:44:03.0054 1180 Wanarpv6 - ok
15:44:03.0085 1180 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
15:44:03.0147 1180 wbengine - ok
15:44:03.0163 1180 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:44:03.0179 1180 WbioSrvc - ok
15:44:03.0194 1180 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:44:03.0210 1180 wcncsvc - ok
15:44:03.0225 1180 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:44:03.0225 1180 WcsPlugInService - ok
15:44:03.0257 1180 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:44:03.0257 1180 Wd - ok
15:44:03.0272 1180 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:44:03.0288 1180 Wdf01000 - ok
15:44:03.0303 1180 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:44:03.0319 1180 WdiServiceHost - ok
15:44:03.0319 1180 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:44:03.0335 1180 WdiSystemHost - ok
15:44:03.0366 1180 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
15:44:03.0397 1180 WebClient - ok
15:44:03.0413 1180 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:44:03.0460 1180 Wecsvc - ok
15:44:03.0475 1180 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:44:03.0522 1180 wercplsupport - ok
15:44:03.0538 1180 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:44:03.0553 1180 WerSvc - ok
15:44:03.0569 1180 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:44:03.0584 1180 WfpLwf - ok
15:44:03.0600 1180 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:44:03.0616 1180 WIMMount - ok
15:44:03.0616 1180 WinDefend - ok
15:44:03.0616 1180 WinHttpAutoProxySvc - ok
15:44:03.0694 1180 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:44:03.0725 1180 Winmgmt - ok
15:44:03.0756 1180 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
15:44:03.0818 1180 WinRM - ok
15:44:03.0881 1180 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:44:03.0896 1180 WinUsb - ok
15:44:03.0928 1180 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:44:03.0959 1180 Wlansvc - ok
15:44:04.0146 1180 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:44:04.0177 1180 wlidsvc - ok
15:44:04.0193 1180 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:44:04.0208 1180 WmiAcpi - ok
15:44:04.0224 1180 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:44:04.0255 1180 wmiApSrv - ok
15:44:04.0302 1180 WMPNetworkSvc - ok
15:44:04.0318 1180 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:44:04.0333 1180 WPCSvc - ok
15:44:04.0349 1180 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:44:04.0380 1180 WPDBusEnum - ok
15:44:04.0396 1180 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:44:04.0427 1180 ws2ifsl - ok
15:44:04.0442 1180 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:44:04.0474 1180 wscsvc - ok
15:44:04.0474 1180 WSearch - ok
15:44:04.0536 1180 [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv C:\Windows\system32\wuaueng.dll
15:44:04.0583 1180 wuauserv - ok
15:44:04.0598 1180 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:44:04.0614 1180 WudfPf - ok
15:44:04.0630 1180 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:44:04.0661 1180 WUDFRd - ok
15:44:04.0692 1180 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:44:04.0723 1180 wudfsvc - ok
15:44:04.0739 1180 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:44:04.0770 1180 WwanSvc - ok
15:44:04.0801 1180 ================ Scan global ===============================
15:44:04.0832 1180 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:44:04.0848 1180 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
15:44:04.0848 1180 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
15:44:04.0879 1180 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:44:04.0895 1180 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:44:04.0910 1180 [Global] - ok
15:44:04.0910 1180 ================ Scan MBR ==================================
15:44:04.0942 1180 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:44:05.0098 1180 \Device\Harddisk0\DR0 - ok
15:44:05.0098 1180 ================ Scan VBR ==================================
15:44:05.0098 1180 [ B4CDBDB24231AF2CFBA4844E68A33333 ] \Device\Harddisk0\DR0\Partition1
15:44:05.0098 1180 \Device\Harddisk0\DR0\Partition1 - ok
15:44:05.0098 1180 [ D52B93CCD42B55469544F56821FC0B5E ] \Device\Harddisk0\DR0\Partition2
15:44:05.0098 1180 \Device\Harddisk0\DR0\Partition2 - ok
15:44:05.0098 1180 ============================================================
15:44:05.0098 1180 Scan finished
15:44:05.0098 1180 ============================================================
15:44:05.0113 6484 Detected object count: 1
15:44:05.0113 6484 Actual detected object count: 1
15:44:20.0167 6484 AdobeFlashPlayerUpdateSvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:44:20.0167 6484 AdobeFlashPlayerUpdateSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:44:29.0309 7456 Deinitialize success
|
|
22.04.2013, 15:12
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.04.2013, 11:16
| #9 |
| | Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) Hab alles erledigt, ich wollte noch erwähnen das als JRT lief, meldete sich Adobe-Updater zwecks eines Updates des Flashplayers. War das nun einfach Zufall ? Hier die Logs! JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.9 (04.22.2013:1)
OS: Windows 7 Ultimate x64
Ran by BAUDI on 23.04.2013 at 7:11:23,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
~~~ Files
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
~~~ Folders
~~~ FireFox
Successfully deleted: [File] "C:\Users\BAUDI\AppData\Roaming\mozilla\firefox\profiles\6x3m62k1.default\extensions\DivXWebPlayer@divx.com.xpi"
Emptied folder: C:\Users\BAUDI\AppData\Roaming\mozilla\firefox\profiles\6x3m62k1.default\minidumps [97 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.04.2013 at 7:13:20,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.202 - Datei am 23/04/2013 um 07:14:17 erstellt
# Aktualisiert am 23/04/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate (64 bits)
# Benutzer : BAUDI - BAUDI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\BAUDI\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\BAUDI\AppData\Roaming\Mozilla\Firefox\Profiles\6x3m62k1.default\foxydeal.sqlite
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7600.16385
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (en-US)
Datei : C:\Users\BAUDI\AppData\Roaming\Mozilla\Firefox\Profiles\6x3m62k1.default\prefs.js
Gelöscht : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,extension%40hidemyass.com:[...]
*************************
AdwCleaner[S1].txt - [907 octets] - [23/04/2013 07:14:17]
########## EOF - C:\AdwCleaner[S1].txt - [966 octets] ##########
Code:
ATTFilter OTL logfile created on: 23.04.2013 07:19:31 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BAUDI\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,29 Gb Available Physical Memory | 78,64% Memory free 16,00 Gb Paging File | 14,16 Gb Available in Paging File | 88,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 697,05 Gb Free Space | 74,84% Space Free | Partition Type: NTFS Drive D: | 1,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 6,71 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: BAUDI-PC | User Name: BAUDI | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\BAUDI\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\SysWOW64\XSrvSetup.exe () PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\SDL2.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll () ========== Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (JMB36X) -- C:\Windows\SysWOW64\XSrvSetup.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO) DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1808996237-2003877586-2120010000-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1808996237-2003877586-2120010000-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1808996237-2003877586-2120010000-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 47 88 7C AE A0 38 CE 01 [binary data] IE - HKU\S-1-5-21-1808996237-2003877586-2120010000-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1808996237-2003877586-2120010000-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1808996237-2003877586-2120010000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1808996237-2003877586-2120010000-1003\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: extension%40hidemyass.com:1.2.7 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.29 15:04:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.10.29 15:04:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.29 15:04:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 01:58:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.14 19:02:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BAUDI\AppData\Roaming\mozilla\Extensions [2013.04.23 07:13:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BAUDI\AppData\Roaming\mozilla\Firefox\Profiles\6x3m62k1.default\extensions [2013.04.08 10:36:22 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\BAUDI\AppData\Roaming\mozilla\Firefox\Profiles\6x3m62k1.default\extensions\ich@maltegoetz.de [2013.01.13 10:45:10 | 000,053,803 | ---- | M] () (No name found) -- C:\Users\BAUDI\AppData\Roaming\mozilla\firefox\profiles\6x3m62k1.default\extensions\extension@hidemyass.com.xpi [2013.02.14 16:12:40 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\BAUDI\AppData\Roaming\mozilla\firefox\profiles\6x3m62k1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.12 01:58:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.12 01:58:10 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 03:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.20 05:13:28 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1808996237-2003877586-2120010000-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-1808996237-2003877586-2120010000-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-1808996237-2003877586-2120010000-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1808996237-2003877586-2120010000-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.117.1.25 89.16.129.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E8CC5E4-0DBB-45A4-8952-163938700E31}: DhcpNameServer = 62.117.1.25 89.16.129.25 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.01.19 08:56:08 | 008,382,272 | R--- | M] (Electronic Arts, Inc.) - D:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2013.02.01 01:51:38 | 000,000,000 | R--D | M] - D:\Autorun -- [ UDF ] O32 - AutoRun File - [2013.01.19 08:59:08 | 000,163,254 | R--- | M] () - D:\Autorun.ico -- [ UDF ] O32 - AutoRun File - [2013.02.01 01:51:34 | 000,000,096 | R--- | M] () - D:\autorun.inf -- [ UDF ] O33 - MountPoints2\{0393c884-fe8a-11e1-be61-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0393c884-fe8a-11e1-be61-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe O33 - MountPoints2\{0393c884-fe8a-11e1-be61-806e6f6e6963}\Shell\DirectX\command - "" = E:\soft\directx_Jun2010_redist.exe O33 - MountPoints2\{0393c884-fe8a-11e1-be61-806e6f6e6963}\Shell\Install\command - "" = E:\autorun.exe O33 - MountPoints2\{cc3c0712-fe8c-11e1-b3ff-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{cc3c0712-fe8c-11e1-b3ff-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2013.01.19 08:56:08 | 008,382,272 | R--- | M] (Electronic Arts, Inc.) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.23 07:11:23 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.23 07:11:18 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.23 07:09:13 | 000,535,764 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\BAUDI\Desktop\JRT.exe [2013.04.22 15:42:45 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\BAUDI\Desktop\tdsskiller.exe [2013.04.22 15:37:11 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\BAUDI\Desktop\aswMBR.exe [2013.04.22 15:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.22 15:16:08 | 000,000,000 | ---D | C] -- C:\Users\BAUDI\Desktop\mbar [2013.04.20 17:10:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\BAUDI\Desktop\OTL.exe [2013.04.12 01:58:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.10 08:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache ========== Files - Modified Within 30 Days ========== [2013.04.23 07:21:44 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.23 07:21:44 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.23 07:21:44 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.23 07:21:44 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.23 07:21:44 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.23 07:16:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.23 07:16:19 | 2146,291,711 | -HS- | M] () -- C:\hiberfil.sys [2013.04.23 07:10:02 | 000,619,461 | ---- | M] () -- C:\Users\BAUDI\Desktop\adwcleaner.exe [2013.04.23 07:09:17 | 000,535,764 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\BAUDI\Desktop\JRT.exe [2013.04.23 06:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.22 15:54:12 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.22 15:54:12 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.22 15:42:45 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\BAUDI\Desktop\tdsskiller.exe [2013.04.22 15:41:23 | 000,000,512 | ---- | M] () -- C:\Users\BAUDI\Desktop\MBR.dat [2013.04.22 15:38:39 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\BAUDI\Desktop\aswMBR.exe [2013.04.20 17:17:59 | 000,000,000 | ---- | M] () -- C:\Users\BAUDI\defogger_reenable [2013.04.20 17:10:58 | 000,377,856 | ---- | M] () -- C:\Users\BAUDI\Desktop\gmer_2.1.19163.exe [2013.04.20 17:10:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BAUDI\Desktop\OTL.exe [2013.04.20 17:08:47 | 000,050,477 | ---- | M] () -- C:\Users\BAUDI\Desktop\Defogger.exe [2013.04.15 23:52:30 | 540,846,414 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.04.07 23:38:48 | 000,007,607 | ---- | M] () -- C:\Users\BAUDI\AppData\Local\Resmon.ResmonCfg ========== Files Created - No Company Name ========== [2013.04.23 07:10:00 | 000,619,461 | ---- | C] () -- C:\Users\BAUDI\Desktop\adwcleaner.exe [2013.04.22 15:41:23 | 000,000,512 | ---- | C] () -- C:\Users\BAUDI\Desktop\MBR.dat [2013.04.20 17:17:59 | 000,000,000 | ---- | C] () -- C:\Users\BAUDI\defogger_reenable [2013.04.20 17:10:58 | 000,377,856 | ---- | C] () -- C:\Users\BAUDI\Desktop\gmer_2.1.19163.exe [2013.04.20 17:08:47 | 000,050,477 | ---- | C] () -- C:\Users\BAUDI\Desktop\Defogger.exe [2013.04.07 23:38:48 | 000,007,607 | ---- | C] () -- C:\Users\BAUDI\AppData\Local\Resmon.ResmonCfg [2012.12.18 14:23:12 | 000,281,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.12.18 14:22:51 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.11.08 07:12:18 | 000,741,889 | ---- | C] () -- C:\Users\BAUDI\C00FIUYA5ANK1336644988195.jpg [2012.11.08 07:12:18 | 000,713,018 | ---- | C] () -- C:\Users\BAUDI\4TE2DY6M0A8J1336644987730.jpg [2012.11.08 07:12:18 | 000,080,767 | ---- | C] () -- C:\Users\BAUDI\385655_361131910612039_855087110_n.jpg [2012.09.14 19:08:51 | 000,017,408 | ---- | C] () -- C:\Users\BAUDI\AppData\Local\WebpageIcons.db [2012.09.14 18:48:26 | 000,072,304 | R--- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe [2012.09.14 18:44:56 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2012.08.30 10:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2009.07.14 03:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.04.2013 07:19:31 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BAUDI\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,29 Gb Available Physical Memory | 78,64% Memory free
16,00 Gb Paging File | 14,16 Gb Available in Paging File | 88,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 697,05 Gb Free Space | 74,84% Space Free | Partition Type: NTFS
Drive D: | 1,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 6,71 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: BAUDI-PC | User Name: BAUDI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1808996237-2003877586-2120010000-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F9B5861-D2BF-4F2B-9570-C33408D7ABF6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{202A66D3-49B0-4D40-9AE6-DDF761A869C3}" = lport=138 | protocol=17 | dir=in | app=system |
"{22BB3F82-72E8-4336-BBF3-593C869486BE}" = lport=445 | protocol=6 | dir=in | app=system |
"{52CB76FE-0BCE-410E-BB11-4461E5E28AAE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{566E875E-0059-4CB0-B755-514BC41E3DDF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{64648F29-BF7F-4738-8887-FF2B804FAE84}" = rport=138 | protocol=17 | dir=out | app=system |
"{6847EB08-6410-4DAE-8D0E-28E2C6E603DC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{75648BFC-044D-4F14-BA6D-615B0C1FBEFC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B4D4541-F275-41EF-B0A0-549980383694}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8165261A-93BD-4E1B-99E0-E81A30E64698}" = lport=57314 | protocol=6 | dir=in | name=pando media booster |
"{8B38A5C4-E5FC-4B83-A918-FF4D9E5E172A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8F313916-18DF-4842-B23A-40A78A98D6A7}" = lport=57314 | protocol=17 | dir=in | name=pando media booster |
"{9FFA0B6E-2BC9-410D-93B0-175C5B269702}" = rport=137 | protocol=17 | dir=out | app=system |
"{A46168D2-A1BE-4F36-8426-A2E6B2AEA545}" = lport=57314 | protocol=17 | dir=in | name=pando media booster |
"{ACF08328-133A-4554-9DA6-B60F96934F79}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B8AF867D-D99A-4B0A-8B67-0A8D8CBDC45E}" = lport=139 | protocol=6 | dir=in | app=system |
"{BF7CF3E9-FAD1-4ABC-BBAB-F9609FD16356}" = rport=445 | protocol=6 | dir=out | app=system |
"{C307699C-0291-4749-BF67-36162399365E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C52791CC-DA0E-4D25-AB15-3F2D754849E5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C866C5C5-8C58-422C-9B98-4BBC88D76AED}" = lport=137 | protocol=17 | dir=in | app=system |
"{CDACE959-7CFB-43A9-8C14-DDA3C8E2B284}" = rport=139 | protocol=6 | dir=out | app=system |
"{D85FF033-549D-477B-99B0-22DB991D4835}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E0143E99-8C5A-4A01-9F42-72369E636609}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F29F804C-D286-484C-8651-1BA5FBE976B9}" = lport=57314 | protocol=6 | dir=in | name=pando media booster |
"{F504AE2E-126B-4FA3-BE92-1C1C73F3608A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F58E63CB-7EB9-4EAD-8960-1B17954A7AEA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FB89078C-0F4D-4446-A422-929C26EC130C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E1C45E-6AB4-4C1F-9AD9-AC03D121B840}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{070A9B84-52BA-4D37-9C1D-7E817074D248}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{0909E070-4747-428E-8A8D-38E9965CC306}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0AD4869E-1B7C-403F-83F5-9643FDE73D5A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{0B60BB7A-96CD-4D01-B39F-91D11CCF8DAF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1106E236-CCE7-45CB-982A-3438E2B82FB7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{14292E12-E62F-43C6-926B-753223E8B015}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{1CBBA2C1-97AB-4A6D-91FE-2334DAE4CCB3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D4C4F3D-BF6F-4224-94A3-B6D3CFB468D4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{208AC5C4-CBAC-47B9-96BB-4CD531B239F8}" = protocol=6 | dir=out | app=system |
"{2971495F-F614-40AD-BBA6-D5CEF8FA666A}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{2E6BAF00-4193-4544-A8BA-9114DF28EED4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{3035ADF6-6FAE-4FF9-B33F-674110B8A596}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm |
"{349509C8-F126-475A-92B4-D2D5AA432532}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3A0A69A8-D18A-48E6-8841-F2796D752A02}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{3CFD4A01-6550-4141-A6AB-0A2024B70D04}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{3F7E9DDD-4E2A-4AE7-B133-F074DB019931}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{41E267CA-9D05-444A-BB67-ECAAEBBFBCE3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"{435369B1-25E2-4AC0-847D-10F4A5853B20}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{442FAF4C-57EB-4745-87CD-112A81C31AB5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{44574194-120B-4257-8BFC-063712DA4426}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{4ECDA534-B37D-42FD-AB06-23EAE0CD136B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe |
"{5214798B-91BA-4D21-B6E5-2AC72CEA8E6D}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{55A31A16-DE04-4238-AC5E-4F84ED6087C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{590BCD9F-D0CC-4371-97EC-2687EE81D4BB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe |
"{5B217B27-0973-47C7-B5C9-E8CBE4BE626E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{5B5F1157-A03C-4DD7-893B-5D12C8332839}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60356305-9BF5-4462-B25B-AA1C0A5384E3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6136DB32-8BB5-4D5F-9C0D-DEDFFDCF0942}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{619184E8-ACED-4D7C-B57D-A899DA95E8AF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{62330DF0-A8E1-490B-B729-871128BF4A52}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{69BD0236-DB49-40D2-9355-A0FBC4A722C9}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6AA8243D-A3ED-47AE-9301-213E43E18335}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{6AC58EED-0AE4-4AE0-807E-ACE64A93D12B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{6D817CA5-D686-4705-8DB7-EF6AF502078D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe |
"{6F9D4C34-16C9-43E1-B602-1D93C745AB3A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rusty hearts\clientlauncher.exe |
"{73D79FC1-7721-4C36-BD46-CA1AAA28137B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe |
"{82211BBD-A446-46B9-B068-78046855E1CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{8843ADA9-B509-460B-8202-A0F439D7D8AC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{88464F4B-9626-4142-851B-16B5612AB59C}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{990EE185-5B04-4A4B-AE0F-67736CBF4C08}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe |
"{9B0A6916-CAE0-4FCA-A492-09D5852060DA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe |
"{9E9349C2-CA42-4C09-89CE-CD9D0B1256D1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9FDE286E-AA1F-4F0D-946E-34BEC1AE6183}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe |
"{A2167C20-C3DB-4961-9FFC-34F43CE16519}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A2B110A1-2727-46A7-B37A-85F01B694182}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{A75AB379-2622-49C7-8020-67734A807231}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe |
"{AEF5649D-388D-46D9-8943-17BDFD56415E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{B457AF09-6D1B-4CC1-8E75-BBFCABEBFE21}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe |
"{BDA8DCB7-067B-407B-A3A0-B117C49459D3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C14E9611-DA60-4DA1-806A-512FCA8B9CDB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C3411B0A-D93F-4627-ADA9-20312B5346F0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C4C68CE6-ACB3-4B2B-9C3E-ACBA76E434D4}" = protocol=58 | dir=in | app=system |
"{C54D7DCD-0292-4AE5-991C-3E28A71513AA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{C8B95484-94CB-45D4-9E05-EF8CCC60EA04}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rusty hearts\clientlauncher.exe |
"{C93A0A03-F996-4C6C-9663-AD1D073F4388}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CCC35E99-A432-4266-8530-D3E7FEEF618B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |
"{D119BA35-A96A-4E82-8E78-4BE445BC6B6F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D1C2764F-6381-44D9-B05E-AAFA005C24BA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{D2AA593A-1ACD-43BF-B524-B19824E64D44}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{D5B4797F-DE55-4DBE-BA42-6E35CA3F5AB0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{D609DBB2-A25C-4C58-B966-5577FA7B10CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D61AB4D2-62C2-4BBD-BFA7-C22652F5274A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D7A2F105-2D84-485D-99A4-E0B0D9709916}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D8517A7F-5FA5-4039-B6DD-B463C179E536}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{DDA62776-847E-4809-9B57-FE44C8ACF122}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm |
"{DE5571C7-A704-4E77-B5FB-0074F7247924}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DFF4EA7F-D8E3-4596-9B1C-FEF48A91E490}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{E07D1244-95C8-4FF8-8A13-0193C379131E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E111A3A5-CCDB-481D-BE27-5EBCA9720AA6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E290EDAC-27F4-4964-9270-1AA7760E5136}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E995DBDD-C540-4B76-9D5B-0F6EBB25A2BA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{EEDAC0E1-82A3-43BF-ABD4-6D0327004898}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FB22F3D2-0B8A-4D71-930B-9B0CE154F1F0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FDBD4BC5-A2E7-4714-A9B3-A07743B62206}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{FE2421F0-88D5-459F-B3BC-65854967E4AA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FF855142-12A2-4202-B691-3BEE2C5211D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{D7ECB73B-5582-4EF0-A117-EA52D15EBC55}C:\program files (x86)\drivethelife\drivethelife.exe" = protocol=6 | dir=in | app=c:\program files (x86)\drivethelife\drivethelife.exe |
"UDP Query User{F1B5C911-AA14-48A3-9187-DAECF1EA06A0}C:\program files (x86)\drivethelife\drivethelife.exe" = protocol=17 | dir=in | app=c:\program files (x86)\drivethelife\drivethelife.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.23
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{90A4562F-D4A1-4B65-906D-41F236CF6902}" = Path of Exile
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"ASIO4ALL" = ASIO4ALL
"Diablo III" = Diablo III
"FL Studio 10" = FL Studio 10
"Guild Wars 2" = Guild Wars 2
"IL Download Manager" = IL Download Manager
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"SpeedFan" = SpeedFan (remove only)
"Steam App 104320" = Red Orchestra 2: Heroes of Stalingrad Beta
"Steam App 110800" = L.A. Noire
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 203160" = Tomb Raider
"Steam App 20570" = Warhammer® 40,000™: Dawn of War® II - Chaos Rising™
"Steam App 221380" = Age of Empires II: HD Edition
"Steam App 227300" = Euro Truck Simulator 2
"Steam App 24780" = SimCity 4 Deluxe
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 36630" = Rusty Hearts
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 49520" = Borderlands 2
"Steam App 55230" = Saints Row: The Third
"Steam App 730" = Counter-Strike: Global Offensive
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinLiveSuite" = Windows Live Essentials
< End of report >
|
|
23.04.2013, 16:00
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.04.2013, 12:16
| #11 |
| | Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) Beide Scans haben nichts gefunden. MBAM Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.24.01 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 BAUDI :: BAUDI-PC [Administrator] 24.04.2013 06:44:24 mbam-log-2013-04-24 (06-44-24).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 229832 Laufzeit: 1 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a43b8777a92e474db03459a3b71e7191
# engine=13681
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-24 05:35:17
# local_time=2013-04-24 07:35:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1285 16777214 100 98 87528 63105667 0 0
# compatibility_mode=5893 16776574 100 94 19101108 119187388 0 0
# scanned=173483
# found=0
# cleaned=0
# scan_time=2677
|
|
24.04.2013, 13:47
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.04.2013, 14:21
| #13 |
| | Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) Danke für die gute Hilfe, Ansonsten gibt es keine weiteren Probleme. Das mit dem HostFile werd ich mir mal ansehen. Vielen Dank nochmal !  Bis hoffentlich nicht so bald ! |
|
24.04.2013, 14:37
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) Dann wären wir durch! Falls du noch Lob oder Kritik loswerden möchtest => http://www.trojaner-board.de/lob-kritik-wuensche/ Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Firefox öffnet random Tab (http://e.ligatus.com/LigatusFallback.gif?ids=34088) |
| anleitung, einfach, erfahrungen, erneut, erneute, firefox, garnicht, gen, gesuch, gesucht, gmer, hoffe, innerhalb, kleine, leitung, nicht mehr, problem, random, scrollen, stunde, stunden, tab, thread, wahrscheinlich, öffnet |
Linear-Darstellung
