| |
| |||||||
Log-Analyse und Auswertung: Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.05.2013, 16:20
| #1 |
 |  Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Hallo, ich hoffe hier auf kompetente Hilfe bei einem Problem, welches ich seit 4 Tagen habe. Offenbar scheine ich mir beim Surfen Malware eingefangen zu haben. Die Suche hier im Forum hat bereits einen Thread hervorgebracht, wo jemand offenbar das Gleiche Problem hat. Leider gab es dort noch keinen konkreten Lösungsvorschlag. http://www.trojaner-board.de/134789-...-maleware.html Als Antivirensoftware nutze ich eine Avast Vollversion, den Avira Free Antivirus und lasse außerdem in unregelmäßigen Abständen auch noch Antimalwarebytes mitlaufen. Seit nun 4 Tagen bekomme ich bei jedem Systemstart die Meldung von Avast, das eine unerwünschte Anwedung/Prozess blockiert wurde. Da ich nun bei Avast mittlerweile schon 9 Dateien im Viruscontainer habe und die Meldung beim Systemstart immer wieder auftaucht, wende ich mich hilfesuchend an Euch. Die von Avast als Win32:Malware-gen identifizierten Dateien befanden sich alle in C:\Users\Atelco\AppData\Local\Temp Den Prozess meldete Avast ausgehend von c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Die Suchläufe von Avira und Antimalwarebytes ergaben keine Funde. Eure Anleitung zum Posten von Logs habe ich Schritt für Schritt befolgt und die Logs wurden diesem Post angehängt. Außerdem habe ich mir erlaubt den TDSSKiller ebenfalls auszuführen, was von dem betreuenden Helfer des, am Anfang meines Beitrags erwähnten Threads, empfohlen wurde. Diesen Log habe ich ebenfalls in den Anhang des Beitrages geladen. Ich bin für jede Hilfe dankbar! Gruß |
|
11.05.2013, 16:24
| #2 |
| /// Malware-holic   | Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Hi
__________________bitte deinstaliere avast oder Avira, immer nur ein antimalware programm auf einmal, sonst kanns probleme geben. poste bitte die Avast Fundmeldungen. mit genauen Pfadangaben
__________________ |
|
11.05.2013, 16:43
| #3 | |
| | Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exeZitat:
Ich habe deinen Rat befolgt und Avira so eben deinstalliert. Da ich nun schon ein paar Neustarts hinter mir habe, sind es mehr Dateien geworden, dank besagter Problematik. Da ich ein bißchen doof bin (  ) und die Copy-Paste Funktion bei Avast nicht finde habe ich ein jpeg angehängt. |
|
11.05.2013, 16:51
| #4 |
| /// Malware-holic | Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe bitte mal als text posten, kanns so nicht lesen. wenns immer die selben Pfade sind, musst du den nur einmal posten und evtl. 2 3 dateinamen. Danach: Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.05.2013, 17:41
| #5 |
| | Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Hallo, alles erledigt, wie gewünscht. Code:
ATTFilter Prozess:
c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
Dateinamen (4 von 13):
2jpmfbf0.dll
h4otot3c.dll
owom1zlf.dll
ydukdklz.dll
Ursprünglicher Ort der Dateien wird von Avast als:
c:\Users\Atelco\AppData\Local\Temp
angegeben.
OTL Code:
ATTFilter OTL logfile created on: 11.05.2013 18:26:39 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Atelco\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,98 Gb Total Physical Memory | 13,80 Gb Available Physical Memory | 86,36% Memory free 31,95 Gb Paging File | 29,79 Gb Available in Paging File | 93,24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 618,39 Gb Total Space | 497,94 Gb Free Space | 80,52% Space Free | Partition Type: NTFS Drive D: | 618,59 Gb Total Space | 615,04 Gb Free Space | 99,43% Space Free | Partition Type: NTFS Drive E: | 625,94 Gb Total Space | 447,98 Gb Free Space | 71,57% Space Free | Partition Type: NTFS Computer Name: AELTHRED | User Name: Atelco | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Atelco\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - D:\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - D:\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe () PRC - E:\Trust Gaming Mouse\Mouse.exe () PRC - C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe () PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ba58d64562391191a22ad0133512ed6f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll () MOD - C:\Users\Atelco\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll () MOD - D:\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe () MOD - E:\Trust Gaming Mouse\Mouse.exe () MOD - C:\Windows\twain_32\Samsung\SCX3200\SSOle.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (CGVPNCliSrvc) -- C:\Programme\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH) SRV - (DokanMounter) -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe () SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (Realtek11nCU) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe (Realtek) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- D:\Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys () DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys () DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RTLE8023x64) -- C:\Windows\SysNative\drivers\Rtenic64.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (Dokan) -- C:\Windows\SysNative\drivers\dokan.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (trustms) -- C:\Windows\SysNative\drivers\trustms.sys () DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros) DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (RTL8192cu) -- C:\Windows\SysNative\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC) DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-678325235-554912938-2678598872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE IE - HKU\S-1-5-21-678325235-554912938-2678598872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-678325235-554912938-2678598872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-678325235-554912938-2678598872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 C1 E8 FB B0 7D CC 01 [binary data] IE - HKU\S-1-5-21-678325235-554912938-2678598872-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-678325235-554912938-2678598872-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-678325235-554912938-2678598872-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-678325235-554912938-2678598872-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Adobe Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.11 17:53:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: D:\Firefox\components [2013.05.09 11:18:35 | 000,000,000 | ---D | M] [2011.09.23 13:27:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Atelco\AppData\Roaming\mozilla\Extensions [2013.05.08 18:19:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Atelco\AppData\Roaming\mozilla\Firefox\Profiles\92poh4uw.default-1355154101686\extensions [2012.12.10 17:43:49 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\Atelco\AppData\Roaming\mozilla\firefox\profiles\92poh4uw.default-1355154101686\extensions\testpilot@labs.mozilla.com.xpi [2013.05.08 18:19:12 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Atelco\AppData\Roaming\mozilla\firefox\profiles\92poh4uw.default-1355154101686\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.14 14:31:00 | 000,000,911 | ---- | M] () -- C:\Users\Atelco\AppData\Roaming\mozilla\firefox\profiles\92poh4uw.default-1355154101686\searchplugins\11-suche.xml [2012.12.14 14:31:00 | 000,002,273 | ---- | M] () -- C:\Users\Atelco\AppData\Roaming\mozilla\firefox\profiles\92poh4uw.default-1355154101686\searchplugins\englische-ergebnisse.xml [2012.12.14 14:31:00 | 000,010,563 | ---- | M] () -- C:\Users\Atelco\AppData\Roaming\mozilla\firefox\profiles\92poh4uw.default-1355154101686\searchplugins\gmx-suche.xml [2012.12.14 14:31:00 | 000,002,432 | ---- | M] () -- C:\Users\Atelco\AppData\Roaming\mozilla\firefox\profiles\92poh4uw.default-1355154101686\searchplugins\lastminute.xml [2012.12.14 14:31:00 | 000,005,545 | ---- | M] () -- C:\Users\Atelco\AppData\Roaming\mozilla\firefox\profiles\92poh4uw.default-1355154101686\searchplugins\webde-suche.xml [2013.05.11 17:53:42 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - homepage: hxxp://www.google.com CHR - Extension: YouTube = C:\Users\Atelco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\Atelco\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google Mail = C:\Users\Atelco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [CNAP2 Launcher] C:\Windows\SysNative\spool\drivers\x64\3\CNAP2LAK.EXE (CANON INC.) O4:64bit: - HKLM..\Run: [KiesTrayAgent] D:\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [3200 Scan2PC] C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [GrooveMonitor] D:\Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [KiesTrayAgent] D:\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [SCX3200_Scan2Pc] C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe () O4 - HKLM..\Run: [TQ566808] "F:\Setup.exe" File not found O4 - HKLM..\Run: [Trust Gaming Mouse] E:\Trust Gaming Mouse\Mouse.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-678325235-554912938-2678598872-1000..\Run: [Akamai NetSession Interface] C:\Users\Atelco\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKU\S-1-5-21-678325235-554912938-2678598872-1000..\Run: [EADM] E:\Origin\Origin.exe (Electronic Arts) O4 - HKU\S-1-5-21-678325235-554912938-2678598872-1000..\Run: [KiesHelper] D:\Kies\KiesHelper.exe (Samsung) O4 - HKU\S-1-5-21-678325235-554912938-2678598872-1000..\Run: [KiesPDLR] D:\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-678325235-554912938-2678598872-1000..\Run: [Steam] E:\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-678325235-554912938-2678598872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Atelco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Atelco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\Atelco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Atelco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Office\Office12\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-678325235-554912938-2678598872-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-678325235-554912938-2678598872-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-678325235-554912938-2678598872-1000\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-678325235-554912938-2678598872-1000\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.7.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31DB8712-863D-4708-9D69-5AE161D3146A}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65CE0C9C-D16C-48B7-97DF-FF0F5148CB93}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{01d2faec-8333-11e1-901b-f46d04ac6819}\Shell - "" = AutoRun O33 - MountPoints2\{01d2faec-8333-11e1-901b-f46d04ac6819}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{01d2fb07-8333-11e1-901b-f46d04ac6819}\Shell - "" = AutoRun O33 - MountPoints2\{01d2fb07-8333-11e1-901b-f46d04ac6819}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{0fc9d403-887d-11e1-9d06-f46d04ac6819}\Shell - "" = AutoRun O33 - MountPoints2\{0fc9d403-887d-11e1-9d06-f46d04ac6819}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{a0fa27d9-2104-11e1-aade-002683195149}\Shell - "" = AutoRun O33 - MountPoints2\{a0fa27d9-2104-11e1-aade-002683195149}\Shell\AutoRun\command - "" = H:\setup.exe O33 - MountPoints2\{a348dba2-e5c2-11e0-b1a9-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a348dba2-e5c2-11e0-b1a9-806e6f6e6963}\Shell\AutoRun\command - "" = F:\.\Bin\ASSETUP.exe O33 - MountPoints2\{e373e0c0-4a1f-11e2-be75-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e373e0c0-4a1f-11e2-be75-806e6f6e6963}\Shell\AutoRun\command - "" = I:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.05.11 17:53:44 | 000,022,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys [2013.05.11 17:52:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Pro Antivirus [2013.05.01 15:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.04.14 09:51:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2012.05.30 19:13:06 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Atelco\AppData\Roaming\pcouffin.sys [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.11 18:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.11 18:02:22 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.11 18:02:21 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.11 18:00:54 | 001,501,208 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.11 18:00:54 | 000,655,534 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.11 18:00:54 | 000,617,116 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.11 18:00:54 | 000,130,074 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.11 18:00:54 | 000,106,298 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.11 17:54:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.11 17:54:44 | 4276,781,054 | -HS- | M] () -- C:\hiberfil.sys [2013.05.11 17:53:43 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.05.11 17:52:23 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk [2013.05.11 17:41:50 | 000,190,605 | ---- | M] () -- C:\Users\Atelco\Desktop\avast.jpg [2013.05.11 16:00:51 | 001,889,560 | ---- | M] () -- C:\Users\Atelco\Desktop\Unbenannt.png [2013.05.11 15:20:32 | 000,000,020 | ---- | M] () -- C:\Users\Atelco\defogger_reenable [2013.05.09 10:59:07 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013.05.09 10:59:07 | 000,378,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013.05.09 10:59:07 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2013.05.09 10:59:06 | 000,022,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys [2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2013.05.09 10:58:11 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013.05.09 09:45:09 | 000,000,202 | ---- | M] () -- C:\Users\Atelco\Desktop\Cities XL Platinum.url [2013.05.09 08:42:58 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.01 15:32:40 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.04.21 10:06:33 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.04.21 10:06:33 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.04.20 15:51:56 | 000,000,729 | ---- | M] () -- C:\Users\Atelco\Desktop\WIC.lnk [2013.04.14 09:51:12 | 000,001,239 | ---- | M] () -- C:\Users\Atelco\Desktop\DVDVideoSoft Free Studio.lnk [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.11 17:52:23 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk [2013.05.11 17:38:28 | 000,190,605 | ---- | C] () -- C:\Users\Atelco\Desktop\avast.jpg [2013.05.11 16:00:51 | 001,889,560 | ---- | C] () -- C:\Users\Atelco\Desktop\Unbenannt.png [2013.05.11 15:20:32 | 000,000,020 | ---- | C] () -- C:\Users\Atelco\defogger_reenable [2013.05.09 09:45:09 | 000,000,202 | ---- | C] () -- C:\Users\Atelco\Desktop\Cities XL Platinum.url [2013.05.09 08:42:58 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.01 15:32:40 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.12.20 17:05:39 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2012.12.20 17:05:38 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.12.20 17:05:38 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.12.20 17:05:38 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.12.20 17:05:37 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012.12.20 01:17:22 | 000,280,792 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.12.20 01:17:15 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.05.31 11:04:32 | 000,003,491 | ---- | C] () -- C:\Users\Atelco\.recently-used.xbel [2012.05.30 19:13:06 | 000,099,384 | ---- | C] () -- C:\Users\Atelco\AppData\Roaming\inst.exe [2012.05.30 19:13:06 | 000,007,859 | ---- | C] () -- C:\Users\Atelco\AppData\Roaming\pcouffin.cat [2012.05.30 19:13:06 | 000,001,167 | ---- | C] () -- C:\Users\Atelco\AppData\Roaming\pcouffin.inf [2012.05.30 19:11:50 | 000,001,057 | ---- | C] () -- C:\Users\Atelco\AppData\Roaming\vso_ts_preview.xml [2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.04.17 17:46:29 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe [2012.04.17 17:45:44 | 000,143,872 | ---- | C] () -- C:\Windows\Wiainst64.exe [2012.03.11 16:51:07 | 001,197,521 | ---- | C] () -- C:\Windows\unins000.exe [2012.03.11 16:51:07 | 000,015,048 | ---- | C] () -- C:\Windows\unins000.dat [2012.03.01 00:13:03 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe [2011.12.30 01:25:36 | 000,007,597 | ---- | C] () -- C:\Users\Atelco\AppData\Local\Resmon.ResmonCfg [2011.12.19 15:52:19 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2011.09.23 15:21:51 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe [2011.09.23 11:24:44 | 000,040,051 | ---- | C] () -- C:\Windows\Ascd_log.ini [2011.09.23 11:23:53 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.09.23 11:23:49 | 000,027,946 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll [2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll [2011.05.16 21:34:21 | 001,599,034 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.06.04 21:20:23 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\BANDISOFT [2012.12.01 23:24:43 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2012.06.22 18:19:18 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\DAEMON Tools Lite [2013.04.14 09:51:05 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\DVDVideoSoft [2012.04.03 11:23:10 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\DVDVideoSoftIEHelpers [2012.10.05 18:23:24 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Fatshark [2012.03.03 16:39:10 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Firefly Studios [2012.11.03 14:02:25 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\FreeFLVConverter [2012.10.27 12:20:09 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\globalip [2012.05.31 11:04:32 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\gtk-2.0 [2012.10.07 16:27:56 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Guitar Pro 6 [2012.12.09 23:36:50 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Kalypso Media [2012.08.05 21:33:00 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Mumble [2012.11.08 21:59:35 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Natural Selection 2 [2012.04.05 17:01:45 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Need for Speed World [2013.03.06 15:42:31 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Omerta [2013.03.05 14:03:43 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Omerta Demo [2012.12.03 14:49:36 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Origin [2013.03.24 20:11:35 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\PDAppFlex [2012.05.30 14:11:15 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\PDF Writer [2012.05.30 13:51:49 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\pdfforge [2012.06.07 10:59:15 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Publish Providers [2012.03.04 17:04:19 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\RotMG.Production [2012.12.18 19:47:55 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\S.A.D [2012.06.27 13:49:23 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Samsung [2012.02.22 14:15:10 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Screaming Bee [2012.06.07 10:59:14 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Sony [2012.03.11 18:19:10 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Stardock [2012.06.27 14:09:43 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Temp [2011.11.06 14:24:04 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\The Creative Assembly [2013.05.09 10:20:51 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Tropico 4 [2013.03.09 20:59:46 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\TS3Client [2013.03.05 23:54:21 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\ts3overlay [2013.02.09 17:05:00 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\ts3overlay_hook_win64 [2012.06.09 15:05:27 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\TuneUp Software [2012.06.08 15:49:03 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\Vso [2012.08.28 21:02:26 | 000,000,000 | ---D | M] -- C:\Users\Atelco\AppData\Roaming\wargaming.net ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.02.05 10:09:40 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2013.05.11 15:40:52 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2011.09.23 11:21:41 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.09.23 11:25:10 | 000,000,000 | ---D | M] -- C:\Intel [2012.12.04 19:29:19 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.05.11 15:47:18 | 000,000,000 | R--D | M] -- C:\Program Files [2013.05.11 17:30:18 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.05.11 17:30:18 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.09.23 11:21:41 | 000,000,000 | -HSD | M] -- C:\Programme [2011.09.23 13:10:43 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.09.23 18:47:58 | 000,000,000 | ---D | M] -- C:\Samsung [2013.05.11 18:27:29 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.09.13 22:20:57 | 000,000,000 | ---D | M] -- C:\Temp [2013.01.03 19:30:03 | 000,000,000 | R--D | M] -- C:\Users [2013.05.11 17:53:42 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.21 05:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.08.14 19:18:38 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.05.31 11:04:32 | 000,003,491 | ---- | M] () -- C:\Users\Atelco\.recently-used.xbel [2013.05.11 15:20:32 | 000,000,020 | ---- | M] () -- C:\Users\Atelco\defogger_reenable [2013.05.11 18:26:31 | 004,194,304 | -HS- | M] () -- C:\Users\Atelco\ntuser.dat [2013.05.11 18:26:31 | 000,262,144 | -HS- | M] () -- C:\Users\Atelco\ntuser.dat.LOG1 [2011.09.23 11:21:45 | 000,000,000 | -HS- | M] () -- C:\Users\Atelco\ntuser.dat.LOG2 [2011.09.23 11:30:09 | 000,065,536 | -HS- | M] () -- C:\Users\Atelco\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011.09.23 11:30:09 | 000,524,288 | -HS- | M] () -- C:\Users\Atelco\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011.09.23 11:30:09 | 000,524,288 | -HS- | M] () -- C:\Users\Atelco\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.06.08 13:40:26 | 000,065,536 | -HS- | M] () -- C:\Users\Atelco\ntuser.dat{365b0baf-b158-11e1-85cf-f46d04ac6819}.TM.blf [2012.06.08 13:40:26 | 000,524,288 | -HS- | M] () -- C:\Users\Atelco\ntuser.dat{365b0baf-b158-11e1-85cf-f46d04ac6819}.TMContainer00000000000000000001.regtrans-ms [2012.06.08 13:40:26 | 000,524,288 | -HS- | M] () -- C:\Users\Atelco\ntuser.dat{365b0baf-b158-11e1-85cf-f46d04ac6819}.TMContainer00000000000000000002.regtrans-ms [2012.06.08 12:40:34 | 000,065,536 | -HS- | M] () -- C:\Users\Atelco\ntuser.dat{4b369f76-b156-11e1-b6b9-002683195149}.TM.blf [2012.06.08 12:40:34 | 000,524,288 | -HS- | M] () -- C:\Users\Atelco\ntuser.dat{4b369f76-b156-11e1-b6b9-002683195149}.TMContainer00000000000000000001.regtrans-ms [2012.06.08 12:40:34 | 000,524,288 | -HS- | M] () -- C:\Users\Atelco\ntuser.dat{4b369f76-b156-11e1-b6b9-002683195149}.TMContainer00000000000000000002.regtrans-ms [2012.06.08 12:09:37 | 000,065,536 | -HS- | M] () -- C:\Users\Atelco\ntuser.dat{81bdeb81-b151-11e1-84e1-f46d04ac6819}.TM.blf [2012.06.08 12:09:37 | 000,524,288 | -HS- | M] () -- C:\Users\Atelco\ntuser.dat{81bdeb81-b151-11e1-84e1-f46d04ac6819}.TMContainer00000000000000000001.regtrans-ms [2012.06.08 12:09:37 | 000,524,288 | -HS- | M] () -- C:\Users\Atelco\ntuser.dat{81bdeb81-b151-11e1-84e1-f46d04ac6819}.TMContainer00000000000000000002.regtrans-ms [2012.06.09 03:50:21 | 000,065,536 | -HS- | M] () -- C:\Users\Atelco\ntuser.dat{af1b90e4-b173-11e1-9a73-002683195149}.TM.blf [2012.06.09 03:50:21 | 000,524,288 | -HS- | M] () -- C:\Users\Atelco\ntuser.dat{af1b90e4-b173-11e1-9a73-002683195149}.TMContainer00000000000000000001.regtrans-ms [2012.06.09 03:50:21 | 000,524,288 | -HS- | M] () -- C:\Users\Atelco\ntuser.dat{af1b90e4-b173-11e1-9a73-002683195149}.TMContainer00000000000000000002.regtrans-ms [2011.09.23 11:21:45 | 000,000,020 | -HS- | M] () -- C:\Users\Atelco\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > Extra Code:
ATTFilter OTL Extras logfile created on: 11.05.2013 18:26:39 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Atelco\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,98 Gb Total Physical Memory | 13,80 Gb Available Physical Memory | 86,36% Memory free
31,95 Gb Paging File | 29,79 Gb Available in Paging File | 93,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 618,39 Gb Total Space | 497,94 Gb Free Space | 80,52% Space Free | Partition Type: NTFS
Drive D: | 618,59 Gb Total Space | 615,04 Gb Free Space | 99,43% Space Free | Partition Type: NTFS
Drive E: | 625,94 Gb Total Space | 447,98 Gb Free Space | 71,57% Space Free | Partition Type: NTFS
Computer Name: AELTHRED | User Name: Atelco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-678325235-554912938-2678598872-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\Office\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\Office\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1AC8AF6E-64AE-4A10-AAE5-671910E55AD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1DE9E5E2-7564-48CE-8CCF-0AB6DC09045B}" = rport=138 | protocol=17 | dir=out | app=system |
"{1FDD38BD-E24C-4E70-9129-D6C4EC80F865}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2CD3CEB0-F34D-4F7B-B7F2-6E2B065C68CA}" = rport=445 | protocol=6 | dir=out | app=system |
"{467F4E9B-3937-4DE9-83E5-9BBCA987DC71}" = lport=49176 | protocol=6 | dir=in | name=akamai netsession interface |
"{47745BDD-DC4E-4DAB-9FFF-C980623BDF2C}" = lport=139 | protocol=6 | dir=in | app=system |
"{4BC16F4F-EEBA-4E36-A078-5C8BE80DFDE6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework64\v3.0\windows communication foundation\smsvchost.exe |
"{820B6713-C680-482F-B635-2C56AFDC2AB4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{86367BA1-50FD-4821-92C6-5461918C8281}" = lport=137 | protocol=17 | dir=in | app=system |
"{8DC9AB99-BA2C-4756-9BC7-E3D3E183CD24}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9D8135B6-BBDD-4C10-B68B-4E1244E8BEB4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A82CEAE9-AB0E-42DE-A5D6-CA1DFAF8332C}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{AD233EC0-56BE-4C47-B783-3FC66F090B66}" = lport=138 | protocol=17 | dir=in | app=system |
"{B9C3A85B-3AEB-4F32-9268-9BBBBEBC99EB}" = lport=445 | protocol=6 | dir=in | app=system |
"{BE37CD09-60BC-4F00-8868-DE1B5779F5A2}" = rport=139 | protocol=6 | dir=out | app=system |
"{D7D97E6A-E606-49B5-AAD7-72AE6812AFD6}" = rport=137 | protocol=17 | dir=out | app=system |
"{EDF2A350-EBAA-4178-B87E-4182981AB570}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{032457CF-B903-487A-831F-3D3BA49A0DF6}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\company of heroes\reliccoh.exe |
"{0921E332-DB65-4F39-AF82-D34468D7F9D9}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{0B5E1CDB-875A-4072-BBAC-2730C1E22ED8}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\sins of a solar empire rebellion\sins of a solar empire rebellion.exe |
"{107EB519-A2BE-4AA0-A0A2-4D8F8C54F3B3}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{10C15F06-1D89-45EB-AD6A-2B7E0F81FDF2}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\sins of a solar empire rebellion\sins of a solar empire rebellion.exe |
"{13F89833-682B-4AA6-A9B0-1863AC4DBFD1}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{18940C7F-8581-4E54-A332-87E508772109}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{19EAA435-9B25-4C65-B13F-AB5BBD6E1E1D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1D58FF58-B553-443F-8A13-C1E35EA9BCE4}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{229F5078-44E6-4C39-9256-76DDE81A6B3F}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\f1 2012\f1_2012.exe |
"{23AF46E0-AB1D-4AFF-9DD2-857161FF429E}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{24985B4C-9605-47BB-BEE1-EBBE7181742D}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{2BECB248-025C-4987-9BD5-47C293670488}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scx3200\sscan2io.exe |
"{318C9D19-4455-4BF4-B70F-68D51242C26A}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\war of the roses\run_game.exe |
"{3601523E-DF68-4EA0-8A75-ACA9472CB406}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{3C014410-6B5D-4CC8-9628-929384A7CB5E}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{3DEEF178-4716-42D1-8AF3-6CDBA53CB7A5}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{4A61D5CC-6D28-412F-AD10-54B2ACC7754A}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{4FD1204E-A7AD-49BE-8709-25A40FC4A3FC}" = protocol=6 | dir=in | app=c:\program files (x86)\scan assistant\usdagent.exe |
"{501878BB-763A-4085-AB86-37AEE8D31E35}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\company of heroes\reliccoh.exe |
"{50689C6F-45AE-4B5C-A47A-32CE5793560A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{526A98C2-92E5-47BD-9301-760FF926CBA7}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\metro 2033\metro2033.exe |
"{534A7F9E-CD11-4AE4-8AD0-CBD4AF96669A}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\cities xl platinum\citiesxl_platinum.exe |
"{55D0BA0A-C861-47EE-9B31-40BDCFD553B0}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\tropico 4\tropico4.exe |
"{5F7D77D7-E5B7-4DF3-B712-818F535DC369}" = protocol=17 | dir=in | app=c:\program files (x86)\scan assistant\usdagent.exe |
"{6517DB9F-977D-4770-AB0E-34D2C77BCB37}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\omerta\omertasteam.exe |
"{6642F46D-E677-4F14-999B-AF0E1CB7D6C0}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{69C95620-D326-4410-A376-24A7725A6023}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scx3200\scan2pc.exe |
"{6ADC5D7A-DA94-46E7-9FCE-F2C77632C2D6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6DBE46A7-FD46-4074-BCAB-02981DAA7E1A}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{6EDD837E-0E61-4F9F-97B8-EABEB8330398}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\stronghold crusader extreme\stronghold crusader.exe |
"{70162EB9-1227-4C2A-BEE4-35DAF3E6A877}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{733FC8E2-51D8-4F00-B48A-E4217609E0E5}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{73CAB0B8-D7D2-4D31-BBCC-06B5973A7D65}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\wormsrevolution\wormsrevolution.exe |
"{745A2D0E-A5E3-42CF-85C1-241DDA31FB9B}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\metro 2033\metro2033.exe |
"{748CFFDC-7E6A-4DAF-A236-D026882A4D61}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\patrician iii\patrician3.exe |
"{74E6FB70-C67A-4C90-8D72-5CBE35FAF159}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\empire total war\empire.exe |
"{79376592-40D5-4586-8618-F3DFAD4B2248}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\medieval ii total war\launcher.exe |
"{7A7A7BA9-E032-47C8-8868-31847A4AAC90}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{7DEE995E-EEDA-4489-A18F-B13D8BA5815D}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\wormsrevolution\wormsrevolution.exe |
"{80AACDCC-1ADF-41CE-A5A4-C306C6E43973}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\empire total war\empire.exe |
"{8222092C-B49C-4990-A792-450963612B83}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\medieval ii total war\launcher.exe |
"{8C39A5CF-9734-4408-96BE-18B2C2EEF40F}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\omerta\omertasteam.exe |
"{8CDA743D-ADB7-4372-BCA7-58DD1CB127D6}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{93B6BCA6-04A1-4085-B038-4CEEF4B29A51}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{982EE07C-5FAC-4325-983F-687F543D5342}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
"{9BD325A7-BDE7-4AB7-B767-CB4919DC2AFF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9D8D6581-830F-45D0-ACC3-AEF4ADAA4B36}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\stronghold crusader extreme\stronghold_crusader_extreme.exe |
"{9E984995-8BF2-471D-82C9-B3EC8E1E879A}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\eve online\eve.exe |
"{A0B1E28F-47C1-43A6-9EAC-9C2D32C3CDC4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{ACD19568-C955-4F62-AA35-28FD8244ACED}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{B027CCD1-7801-4C69-A8AD-75B5E5275379}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{BE10FE25-B322-4358-A54C-7F6C159C4283}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{C0D22683-DF78-41BB-95EF-DB9B1AA615A2}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\f1 2012\f1_2012.exe |
"{C4D4031A-78A2-43E0-A056-0C534B9A90CF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C65270EE-8FC1-4466-A8FC-D707A0F003F2}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\tropico 4\tropico4.exe |
"{D06D83CA-CAA9-45DC-8647-32F37A0E632C}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe |
"{D0CFF205-0C68-4BAB-BD4C-E179BF8BE6CB}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\patrician iii\patrician3.exe |
"{D13A4604-A54E-4F17-81F5-3BC84487E230}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scx3200\sscan2io.exe |
"{D1C5A27A-B0FC-4CE6-8F05-E5E3FE36CFC2}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\stronghold crusader extreme\stronghold_crusader_extreme.exe |
"{D39B7666-E5A3-403C-B028-DAECEFF2EC1D}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{D5A5DA80-70C4-4AFF-B8C5-23739EE8078C}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{D74A105C-3C7B-4BED-99DF-584612B88F1E}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\stronghold crusader extreme\stronghold crusader.exe |
"{DA8C0E62-2360-4224-89BF-69378AEF7D3E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DE083255-8551-4283-BDCD-9785A6AB5290}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\war of the roses\run_game.exe |
"{E2BDE047-215C-4091-8E53-46B3594EFDB0}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{E4573C02-7938-4590-B691-EDFA4D397736}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E81D858A-E2A0-4478-BFDE-14B73AE9450A}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{F5C33F14-715F-43B4-87DF-A3622618BBCC}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scx3200\scan2pc.exe |
"{FA3435B9-1DBD-4352-8E7C-18039669F2FE}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\cities xl platinum\citiesxl_platinum.exe |
"{FA599893-5865-4518-89CE-53BE2A5B5BE5}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{FC0DB3B8-CE31-435E-B8D8-2CFC9A623ADA}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\eve online\eve.exe |
"{FCE421D8-FA50-48EC-919B-FBEEB215BCDB}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"TCP Query User{1A04429E-EC48-40C2-A50D-6491303F7C32}C:\users\atelco\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\atelco\appdata\local\akamai\netsession_win.exe |
"TCP Query User{4AC72E85-7314-4A58-9EAB-83387765D1A7}E:\steam\steam.exe" = protocol=6 | dir=in | app=e:\steam\steam.exe |
"TCP Query User{966D1FAF-6842-4FB0-83D7-07ED63687C96}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{A8C59981-EE4B-4413-9E31-5918376DD754}C:\users\atelco\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\atelco\appdata\local\akamai\netsession_win.exe |
"TCP Query User{DA71D2AD-8530-44A9-A09A-0F6FC3FB5FDC}E:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=e:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{DC31A2DB-53AB-46AC-AE24-A2BA9987D828}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{275BD99D-7083-4655-A80F-0EE93DB3C34F}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{3ED80836-1163-45AA-B47D-602FE70619B8}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{9B07A835-69A3-4277-A5DB-345B5148712B}E:\steam\steam.exe" = protocol=17 | dir=in | app=e:\steam\steam.exe |
"UDP Query User{A1743AB8-B998-42B8-8C8D-7A05B42C8D33}E:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=e:\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{B8D26B00-035B-48D8-A4DB-6A17BA090E08}C:\users\atelco\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\atelco\appdata\local\akamai\netsession_win.exe |
"UDP Query User{F411A0B5-1172-4E51-8158-678136669B9D}C:\users\atelco\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\atelco\appdata\local\akamai\netsession_win.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 8.2.0.1406
"Canon LBP5050" = Canon LBP5050
"CyberGhost VPN_is1" = CyberGhost VPN
"Logitech Unifying" = Logitech Unifying-Software 2.00
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216039FF}" = Java(TM) 6 Update 39
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}" = OLYMPUS Digital Camera Updater
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3AA9D712-182E-409C-ABBE-8E47CF05D926}_is1" = Trust Gaming Mouse Driver V1.1
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}" = Command & Conquer Die ersten 10 Jahre
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{797808CA-1563-4EA0-A280-1371AC2F2310}" = OLYMPUS Viewer 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D12314F45EB}" = REALTEK Wireless LAN Driver and Utility
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D8A751-F5E6-11E0-9DE8-005056C00008}" = MSVCRT Redists
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE806AF0-F384-11E0-9EE7-F04DA23A5C58}" = Vegas Movie Studio HD Platinum 11.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E163BB62-2840-4C55-9A8E-5C5B9E9FF86C}" = Armageddon
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = WORLD IN CONFLICT: SOVIET ASSAULT
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"avast" = avast! Pro Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"DAEMON Tools Lite" = DAEMON Tools Lite
"DokanLibrary" = Dokan Library 0.6.0
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FLV Player" = FLV Player 2.0 (build 25)
"Free YouTube Download_is1" = Free YouTube Download version 3.2.0.128
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.6.0
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Postal 2 Apocalypse Weekend Expansion Pack" = Postal 2 Apocalypse Weekend Expansion Pack
"Postal 2 Share The Pain" = Postal 2 Share The Pain
"Samsung Scan Assistant" = Samsung Scan Assistant
"Samsung SCX-3200 Series" = Samsung SCX-3200 Series
"Steam App 104310" = Red Orchestra 2 SDK
"Steam App 104320" = Red Orchestra 2: Heroes of Stalingrad Beta
"Steam App 10500" = Empire: Total War
"Steam App 200170" = Worms Revolution
"Steam App 204880" = Sins of a Solar Empire: Rebellion
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 208500" = F1 2012
"Steam App 208520" = Omerta - City of Gangsters
"Steam App 231140" = Cities XL Platinum
"Steam App 33570" = Patrician III
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 40970" = Stronghold Crusader + Extreme
"Steam App 43110" = Metro 2033
"Steam App 4560" = Company of Heroes
"Steam App 4700" = Medieval II: Total War
"Steam App 4780" = Medieval II: Total War Kingdoms
"Steam App 49520" = Borderlands 2
"Steam App 57690" = Tropico 4
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 91600" = Sanctum
"Steam App 9340" = Company of Heroes: Opposing Fronts
"TripleAVersion1_3_2_2" = TripleA Version 1_3_2_2
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Video Thumbnails Maker" = Video Thumbnails Maker by Scorp (remove only)
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-678325235-554912938-2678598872-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.11.2012 08:06:15 | Computer Name = Aelthred | Source = Application Hang | ID = 1002
Description = Programm Skype.exe, Version 5.10.0.116 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 17cc Startzeit:
01cdcc973e49e855 Endzeit: 43 Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe
Berichts-ID:
c590bb70-388a-11e2-84ac-002683195149
Error - 27.11.2012 09:22:21 | Computer Name = Aelthred | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 2.0.4.0, Zeitstempel:
0x507c71cd Name des fehlerhaften Moduls: vlc.exe, Version: 2.0.4.0, Zeitstempel:
0x507c71cd Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001665 ID des fehlerhaften Prozesses:
0x14b8 Startzeit der fehlerhaften Anwendung: 0x01cdcca23a3173e2 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Pfad des fehlerhaften Moduls:
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Berichtskennung: 78e2ad3b-3895-11e2-84ac-002683195149
Error - 28.11.2012 05:01:12 | Computer Name = Aelthred | Source = WinMgmt | ID = 10
Description =
Error - 28.11.2012 05:05:49 | Computer Name = Aelthred | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System
Error: Falscher Parameter. .
Error - 28.11.2012 05:05:50 | Computer Name = Aelthred | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System
Error: Falscher Parameter. .
Error - 28.11.2012 07:33:48 | Computer Name = Aelthred | Source = WinMgmt | ID = 10
Description =
Error - 29.11.2012 02:43:32 | Computer Name = Aelthred | Source = WinMgmt | ID = 10
Description =
Error - 29.11.2012 05:51:31 | Computer Name = Aelthred | Source = WinMgmt | ID = 10
Description =
Error - 29.11.2012 06:28:07 | Computer Name = Aelthred | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 2.0.4.0, Zeitstempel:
0x507c71cd Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften Prozesses:
0x1630 Startzeit der fehlerhaften Anwendung: 0x01cdce1c23305263 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Pfad des fehlerhaften Moduls:
C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 7690c7cc-3a0f-11e2-95ba-f46d04ac6819
Error - 29.11.2012 11:49:38 | Computer Name = Aelthred | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 11.05.2013 11:30:29 | Computer Name = Aelthred | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 11.05.2013 11:31:13 | Computer Name = Aelthred | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 11.05.2013 11:33:00 | Computer Name = Aelthred | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 11.05.2013 11:33:00 | Computer Name = Aelthred | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 11.05.2013 11:33:06 | Computer Name = Aelthred | Source = WMPNetworkSvc | ID = 866287
Description =
Error - 11.05.2013 11:54:54 | Computer Name = Aelthred | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 11.05.2013 11:55:35 | Computer Name = Aelthred | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 11.05.2013 11:57:18 | Computer Name = Aelthred | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 11.05.2013 11:57:18 | Computer Name = Aelthred | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 11.05.2013 11:57:20 | Computer Name = Aelthred | Source = WMPNetworkSvc | ID = 866287
Description =
< End of report >
|
|
11.05.2013, 18:05
| #6 |
| /// Malware-holic | Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe danke und sorry für die extra Arbeit. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe |
|
11.05.2013, 18:12
| #7 |
| | Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Hallo, habe ich wie gewünscht erledigt. Hier ist der dazugehörige Log. Und - das muss mal gesagt werden - vielen, vielen Dank, dass Du dir soviel Zeit nimmst! Code:
ATTFilter 19:07:24.0824 2400 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:07:25.0058 2400 ============================================================
19:07:25.0058 2400 Current date / time: 2013/05/11 19:07:25.0058
19:07:25.0058 2400 SystemInfo:
19:07:25.0058 2400
19:07:25.0058 2400 OS Version: 6.1.7601 ServicePack: 1.0
19:07:25.0058 2400 Product type: Workstation
19:07:25.0058 2400 ComputerName: AELTHRED
19:07:25.0058 2400 UserName: Atelco
19:07:25.0058 2400 Windows directory: C:\Windows
19:07:25.0058 2400 System windows directory: C:\Windows
19:07:25.0058 2400 Running under WOW64
19:07:25.0058 2400 Processor architecture: Intel x64
19:07:25.0058 2400 Number of processors: 8
19:07:25.0058 2400 Page size: 0x1000
19:07:25.0058 2400 Boot type: Normal boot
19:07:25.0058 2400 ============================================================
19:07:25.0869 2400 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:07:25.0901 2400 ============================================================
19:07:25.0901 2400 \Device\Harddisk0\DR0:
19:07:25.0901 2400 MBR partitions:
19:07:25.0901 2400 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:07:25.0901 2400 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4D4C8000
19:07:25.0901 2400 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x4D4FA800, BlocksNum 0x4D52C800
19:07:25.0901 2400 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x9AA27000, BlocksNum 0x4E3E1000
19:07:25.0901 2400 ============================================================
19:07:25.0979 2400 C: <-> \Device\Harddisk0\DR0\Partition2
19:07:26.0041 2400 D: <-> \Device\Harddisk0\DR0\Partition3
19:07:26.0072 2400 E: <-> \Device\Harddisk0\DR0\Partition4
19:07:26.0072 2400 ============================================================
19:07:26.0072 2400 Initialize success
19:07:26.0072 2400 ============================================================
19:08:08.0286 3284 ============================================================
19:08:08.0286 3284 Scan started
19:08:08.0286 3284 Mode: Manual; SigCheck; TDLFS;
19:08:08.0286 3284 ============================================================
19:08:08.0551 3284 ================ Scan system memory ========================
19:08:08.0551 3284 System memory - ok
19:08:08.0551 3284 ================ Scan services =============================
19:08:08.0629 3284 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
19:08:08.0723 3284 1394ohci - ok
19:08:08.0738 3284 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:08:08.0754 3284 ACPI - ok
19:08:08.0769 3284 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:08:08.0801 3284 AcpiPmi - ok
19:08:08.0894 3284 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:08:08.0910 3284 AdobeARMservice - ok
19:08:09.0019 3284 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:08:09.0035 3284 AdobeFlashPlayerUpdateSvc - ok
19:08:09.0050 3284 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:08:09.0081 3284 adp94xx - ok
19:08:09.0097 3284 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:08:09.0097 3284 adpahci - ok
19:08:09.0113 3284 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:08:09.0128 3284 adpu320 - ok
19:08:09.0144 3284 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:08:09.0175 3284 AeLookupSvc - ok
19:08:09.0206 3284 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:08:09.0237 3284 AFD - ok
19:08:09.0269 3284 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:08:09.0269 3284 agp440 - ok
19:08:09.0393 3284 [ C7074BD8D4B8F564859ED373433030AE ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll
19:08:09.0393 3284 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE
19:08:09.0409 3284 Akamai ( HiddenFile.Multi.Generic ) - warning
19:08:09.0409 3284 Akamai - detected HiddenFile.Multi.Generic (1)
19:08:09.0409 3284 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:08:09.0456 3284 ALG - ok
19:08:09.0471 3284 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:08:09.0471 3284 aliide - ok
19:08:09.0487 3284 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:08:09.0487 3284 amdide - ok
19:08:09.0503 3284 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:08:09.0518 3284 AmdK8 - ok
19:08:09.0534 3284 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:08:09.0549 3284 AmdPPM - ok
19:08:09.0581 3284 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:08:09.0596 3284 amdsata - ok
19:08:09.0627 3284 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:08:09.0643 3284 amdsbs - ok
19:08:09.0659 3284 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:08:09.0659 3284 amdxata - ok
19:08:09.0674 3284 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:08:09.0737 3284 AppID - ok
19:08:09.0752 3284 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:08:09.0783 3284 AppIDSvc - ok
19:08:09.0799 3284 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:08:09.0846 3284 Appinfo - ok
19:08:09.0877 3284 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
19:08:09.0877 3284 arc - ok
19:08:09.0893 3284 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:08:09.0908 3284 arcsas - ok
19:08:09.0955 3284 [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
19:08:09.0971 3284 aswFsBlk - ok
19:08:10.0033 3284 [ 890918D53B80B474CFAFB48995B85AF3 ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
19:08:10.0049 3284 aswKbd - ok
19:08:10.0095 3284 [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
19:08:10.0111 3284 aswMonFlt - ok
19:08:10.0127 3284 [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
19:08:10.0142 3284 aswRdr - ok
19:08:10.0173 3284 [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
19:08:10.0189 3284 aswRvrt - ok
19:08:10.0236 3284 [ 10ED1CAB84AA65983C41A11F60294C9B ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
19:08:10.0251 3284 aswSnx - ok
19:08:10.0298 3284 [ 00E5253353717D3CA12A0F5A6F9991EC ] aswSP C:\Windows\system32\drivers\aswSP.sys
19:08:10.0314 3284 aswSP - ok
19:08:10.0314 3284 [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
19:08:10.0329 3284 aswTdi - ok
19:08:10.0361 3284 [ 6359B99C955DB9F40B653159A0EED261 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
19:08:10.0376 3284 aswVmm - ok
19:08:10.0407 3284 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:08:10.0439 3284 AsyncMac - ok
19:08:10.0454 3284 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:08:10.0454 3284 atapi - ok
19:08:10.0485 3284 [ AAAE03F8EDA817EC28C5445193EA8BF3 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
19:08:10.0501 3284 AthBTPort - ok
19:08:10.0517 3284 [ 4ECC791539F23982411864037D1AC8FC ] ATHDFU C:\Windows\system32\Drivers\AthDfu.sys
19:08:10.0517 3284 ATHDFU - ok
19:08:10.0563 3284 [ C34B28D6285EAD94B3A2FABA84E90DA5 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
19:08:10.0595 3284 AtherosSvc ( UnsignedFile.Multi.Generic ) - warning
19:08:10.0595 3284 AtherosSvc - detected UnsignedFile.Multi.Generic (1)
19:08:10.0626 3284 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
19:08:10.0641 3284 atksgt - ok
19:08:10.0673 3284 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:08:10.0704 3284 AudioEndpointBuilder - ok
19:08:10.0719 3284 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:08:10.0735 3284 AudioSrv - ok
19:08:10.0829 3284 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:08:10.0844 3284 avast! Antivirus - ok
19:08:10.0875 3284 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:08:10.0922 3284 AxInstSV - ok
19:08:10.0953 3284 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:08:10.0985 3284 b06bdrv - ok
19:08:10.0985 3284 Scan interrupted by user!
19:08:10.0985 3284 ================ Scan global ===============================
19:08:10.0985 3284 Scan interrupted by user!
19:08:10.0985 3284 ================ Scan MBR ==================================
19:08:10.0985 3284 Scan interrupted by user!
19:08:10.0985 3284 ================ Scan VBR ==================================
19:08:10.0985 3284 Scan interrupted by user!
19:08:10.0985 3284 ============================================================
19:08:10.0985 3284 Scan finished
19:08:10.0985 3284 ============================================================
19:08:11.0000 2452 Detected object count: 2
19:08:11.0000 2452 Actual detected object count: 2
19:08:15.0462 2452 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
19:08:15.0462 2452 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
19:08:15.0462 2452 AtherosSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:08:15.0462 2452 AtherosSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:08:25.0867 3672 ============================================================
19:08:25.0867 3672 Scan started
19:08:25.0867 3672 Mode: Manual; SigCheck; TDLFS;
19:08:25.0867 3672 ============================================================
19:08:26.0304 3672 ================ Scan system memory ========================
19:08:26.0304 3672 System memory - ok
19:08:26.0304 3672 ================ Scan services =============================
19:08:26.0460 3672 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
19:08:26.0491 3672 1394ohci - ok
19:08:26.0507 3672 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:08:26.0522 3672 ACPI - ok
19:08:26.0522 3672 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:08:26.0538 3672 AcpiPmi - ok
19:08:26.0600 3672 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:08:26.0616 3672 AdobeARMservice - ok
19:08:26.0694 3672 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:08:26.0709 3672 AdobeFlashPlayerUpdateSvc - ok
19:08:26.0741 3672 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:08:26.0756 3672 adp94xx - ok
19:08:26.0772 3672 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:08:26.0787 3672 adpahci - ok
19:08:26.0803 3672 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:08:26.0803 3672 adpu320 - ok
19:08:26.0819 3672 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:08:26.0850 3672 AeLookupSvc - ok
19:08:26.0865 3672 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:08:26.0881 3672 AFD - ok
19:08:26.0881 3672 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:08:26.0897 3672 agp440 - ok
19:08:26.0975 3672 [ C7074BD8D4B8F564859ED373433030AE ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll
19:08:26.0975 3672 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE
19:08:26.0990 3672 Akamai ( HiddenFile.Multi.Generic ) - warning
19:08:26.0990 3672 Akamai - detected HiddenFile.Multi.Generic (1)
19:08:26.0990 3672 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:08:27.0021 3672 ALG - ok
19:08:27.0021 3672 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:08:27.0037 3672 aliide - ok
19:08:27.0053 3672 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:08:27.0068 3672 amdide - ok
19:08:27.0084 3672 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:08:27.0099 3672 AmdK8 - ok
19:08:27.0115 3672 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:08:27.0115 3672 AmdPPM - ok
19:08:27.0131 3672 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:08:27.0146 3672 amdsata - ok
19:08:27.0177 3672 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:08:27.0177 3672 amdsbs - ok
19:08:27.0193 3672 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:08:27.0193 3672 amdxata - ok
19:08:27.0209 3672 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:08:27.0240 3672 AppID - ok
19:08:27.0240 3672 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:08:27.0271 3672 AppIDSvc - ok
19:08:27.0287 3672 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:08:27.0302 3672 Appinfo - ok
19:08:27.0318 3672 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
19:08:27.0318 3672 arc - ok
19:08:27.0333 3672 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:08:27.0333 3672 arcsas - ok
19:08:27.0365 3672 [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
19:08:27.0365 3672 aswFsBlk - ok
19:08:27.0396 3672 [ 890918D53B80B474CFAFB48995B85AF3 ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
19:08:27.0411 3672 aswKbd - ok
19:08:27.0443 3672 [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
19:08:27.0458 3672 aswMonFlt - ok
19:08:27.0458 3672 [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
19:08:27.0474 3672 aswRdr - ok
19:08:27.0489 3672 [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
19:08:27.0505 3672 aswRvrt - ok
19:08:27.0521 3672 [ 10ED1CAB84AA65983C41A11F60294C9B ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
19:08:27.0552 3672 aswSnx - ok
19:08:27.0567 3672 [ 00E5253353717D3CA12A0F5A6F9991EC ] aswSP C:\Windows\system32\drivers\aswSP.sys
19:08:27.0583 3672 aswSP - ok
19:08:27.0599 3672 [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
19:08:27.0599 3672 aswTdi - ok
19:08:27.0614 3672 [ 6359B99C955DB9F40B653159A0EED261 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
19:08:27.0614 3672 aswVmm - ok
19:08:27.0630 3672 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:08:27.0645 3672 AsyncMac - ok
19:08:27.0661 3672 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:08:27.0661 3672 atapi - ok
19:08:27.0692 3672 [ AAAE03F8EDA817EC28C5445193EA8BF3 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
19:08:27.0692 3672 AthBTPort - ok
19:08:27.0708 3672 [ 4ECC791539F23982411864037D1AC8FC ] ATHDFU C:\Windows\system32\Drivers\AthDfu.sys
19:08:27.0708 3672 ATHDFU - ok
19:08:27.0739 3672 [ C34B28D6285EAD94B3A2FABA84E90DA5 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
19:08:27.0739 3672 AtherosSvc ( UnsignedFile.Multi.Generic ) - warning
19:08:27.0739 3672 AtherosSvc - detected UnsignedFile.Multi.Generic (1)
19:08:27.0755 3672 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
19:08:27.0755 3672 atksgt - ok
19:08:27.0770 3672 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:08:27.0801 3672 AudioEndpointBuilder - ok
19:08:27.0801 3672 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:08:27.0833 3672 AudioSrv - ok
19:08:27.0989 3672 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:08:28.0004 3672 avast! Antivirus - ok
19:08:28.0004 3672 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:08:28.0020 3672 AxInstSV - ok
19:08:28.0035 3672 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:08:28.0051 3672 b06bdrv - ok
19:08:28.0082 3672 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:08:28.0113 3672 b57nd60a - ok
19:08:28.0145 3672 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:08:28.0176 3672 BDESVC - ok
19:08:28.0191 3672 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:08:28.0223 3672 Beep - ok
19:08:28.0269 3672 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:08:28.0332 3672 BFE - ok
19:08:28.0347 3672 bhuybimy - ok
19:08:28.0363 3672 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:08:28.0410 3672 BITS - ok
19:08:28.0472 3672 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:08:28.0535 3672 blbdrive - ok
19:08:28.0566 3672 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:08:28.0597 3672 bowser - ok
19:08:28.0628 3672 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:08:28.0644 3672 BrFiltLo - ok
19:08:28.0659 3672 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:08:28.0675 3672 BrFiltUp - ok
19:08:28.0706 3672 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:08:28.0722 3672 Browser - ok
19:08:28.0722 3672 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:08:28.0769 3672 Brserid - ok
19:08:28.0784 3672 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:08:28.0815 3672 BrSerWdm - ok
19:08:28.0815 3672 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:08:28.0831 3672 BrUsbMdm - ok
19:08:28.0847 3672 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:08:28.0862 3672 BrUsbSer - ok
19:08:28.0878 3672 [ 3B1B573371B206D1D5F25E0EF5FCD6D6 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
19:08:28.0893 3672 BTATH_A2DP - ok
19:08:28.0925 3672 [ 2D0446336D9DB55A742B999EC16ADF15 ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
19:08:28.0940 3672 BTATH_BUS - ok
19:08:28.0956 3672 [ 9A9694BBEB2849EAF95DFFCAE5DF02AD ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
19:08:28.0956 3672 BTATH_HCRP - ok
19:08:28.0971 3672 [ FC0A8075DDF2E9C66267AEC91E0676F9 ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
19:08:28.0971 3672 BTATH_LWFLT - ok
19:08:28.0987 3672 [ 5EB4815CBDDBA4541F2380DAE6E269AB ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
19:08:28.0987 3672 BTATH_RCP - ok
19:08:29.0003 3672 [ 0ECEDE7B33CFD9A52A61220ABBD09A50 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
19:08:29.0018 3672 BtFilter - ok
19:08:29.0065 3672 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:08:29.0096 3672 BthEnum - ok
19:08:29.0112 3672 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:08:29.0159 3672 BTHMODEM - ok
19:08:29.0174 3672 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:08:29.0190 3672 BthPan - ok
19:08:29.0221 3672 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
19:08:29.0252 3672 BTHPORT - ok
19:08:29.0283 3672 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:08:29.0330 3672 bthserv - ok
19:08:29.0346 3672 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
19:08:29.0361 3672 BTHUSB - ok
19:08:29.0393 3672 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:08:29.0439 3672 cdfs - ok
19:08:29.0455 3672 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:08:29.0471 3672 cdrom - ok
19:08:29.0486 3672 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:08:29.0533 3672 CertPropSvc - ok
19:08:29.0627 3672 [ 213B6EC3DE19E35373A1906397588429 ] CGVPNCliSrvc C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
19:08:29.0689 3672 CGVPNCliSrvc - ok
19:08:29.0705 3672 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
19:08:29.0751 3672 circlass - ok
19:08:29.0767 3672 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:08:29.0783 3672 CLFS - ok
19:08:29.0861 3672 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:08:29.0892 3672 clr_optimization_v2.0.50727_32 - ok
19:08:30.0017 3672 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:08:30.0032 3672 clr_optimization_v2.0.50727_64 - ok
19:08:30.0110 3672 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:08:30.0126 3672 clr_optimization_v4.0.30319_32 - ok
19:08:30.0141 3672 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:08:30.0157 3672 clr_optimization_v4.0.30319_64 - ok
19:08:30.0173 3672 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
19:08:30.0204 3672 CmBatt - ok
19:08:30.0219 3672 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:08:30.0235 3672 cmdide - ok
19:08:30.0282 3672 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
19:08:30.0313 3672 CNG - ok
19:08:30.0313 3672 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:08:30.0313 3672 Compbatt - ok
19:08:30.0344 3672 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:08:30.0360 3672 CompositeBus - ok
19:08:30.0360 3672 COMSysApp - ok
19:08:30.0375 3672 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:08:30.0375 3672 crcdisk - ok
19:08:30.0407 3672 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:08:30.0438 3672 CryptSvc - ok
19:08:30.0469 3672 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:08:30.0531 3672 DcomLaunch - ok
19:08:30.0563 3672 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:08:30.0578 3672 defragsvc - ok
19:08:30.0594 3672 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:08:30.0625 3672 DfsC - ok
19:08:30.0656 3672 dgderdrv - ok
19:08:30.0687 3672 DgiVecp - ok
19:08:30.0703 3672 [ 6060106CE00F32F63F1A73160E46E9D2 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
19:08:30.0719 3672 dg_ssudbus - ok
19:08:30.0734 3672 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:08:30.0781 3672 Dhcp - ok
19:08:30.0797 3672 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:08:30.0828 3672 discache - ok
19:08:30.0843 3672 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
19:08:30.0859 3672 Disk - ok
19:08:30.0875 3672 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:08:30.0890 3672 Dnscache - ok
19:08:30.0937 3672 [ FA122BC1451B1B35B7814FBE1ACF1924 ] Dokan C:\Windows\system32\drivers\dokan.sys
19:08:30.0953 3672 Dokan - ok
19:08:30.0984 3672 [ 8C856E531A1170F53AC6844E89CD0B5F ] DokanMounter C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
19:08:31.0015 3672 DokanMounter ( UnsignedFile.Multi.Generic ) - warning
19:08:31.0015 3672 DokanMounter - detected UnsignedFile.Multi.Generic (1)
19:08:31.0031 3672 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:08:31.0062 3672 dot3svc - ok
19:08:31.0078 3672 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:08:31.0124 3672 DPS - ok
19:08:31.0156 3672 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:08:31.0171 3672 drmkaud - ok
19:08:31.0187 3672 [ 400582B09E0BB557D0EC28A945150EEB ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:08:31.0187 3672 dtsoftbus01 - ok
19:08:31.0202 3672 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:08:31.0218 3672 DXGKrnl - ok
19:08:31.0234 3672 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:08:31.0280 3672 EapHost - ok
19:08:31.0327 3672 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
19:08:31.0405 3672 ebdrv - ok
19:08:31.0436 3672 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:08:31.0436 3672 EFS - ok
19:08:31.0546 3672 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:08:31.0561 3672 ehRecvr - ok
19:08:31.0577 3672 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:08:31.0608 3672 ehSched - ok
19:08:31.0639 3672 ekbmcvpa - ok
19:08:31.0670 3672 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:08:31.0686 3672 elxstor - ok
19:08:31.0702 3672 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:08:31.0717 3672 ErrDev - ok
19:08:31.0733 3672 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:08:31.0780 3672 EventSystem - ok
19:08:31.0811 3672 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:08:31.0842 3672 exfat - ok
19:08:31.0858 3672 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:08:31.0904 3672 fastfat - ok
19:08:31.0920 3672 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:08:31.0951 3672 Fax - ok
19:08:31.0967 3672 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
19:08:31.0998 3672 fdc - ok
19:08:32.0014 3672 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:08:32.0045 3672 fdPHost - ok
19:08:32.0045 3672 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:08:32.0107 3672 FDResPub - ok
19:08:32.0107 3672 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:08:32.0123 3672 FileInfo - ok
19:08:32.0138 3672 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:08:32.0170 3672 Filetrace - ok
19:08:32.0185 3672 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:08:32.0185 3672 flpydisk - ok
19:08:32.0201 3672 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:08:32.0216 3672 FltMgr - ok
19:08:32.0248 3672 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
19:08:32.0294 3672 FontCache - ok
19:08:32.0326 3672 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:08:32.0341 3672 FontCache3.0.0.0 - ok
19:08:32.0341 3672 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:08:32.0357 3672 FsDepends - ok
19:08:32.0372 3672 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
19:08:32.0372 3672 fssfltr - ok
19:08:32.0466 3672 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
19:08:32.0513 3672 fsssvc - ok
19:08:32.0528 3672 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:08:32.0544 3672 Fs_Rec - ok
19:08:32.0560 3672 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:08:32.0575 3672 fvevol - ok
19:08:32.0575 3672 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:08:32.0591 3672 gagp30kx - ok
19:08:32.0606 3672 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:08:32.0638 3672 gpsvc - ok
19:08:32.0669 3672 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
19:08:32.0669 3672 hamachi - ok
19:08:32.0684 3672 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:08:32.0700 3672 hcw85cir - ok
19:08:32.0716 3672 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:08:32.0747 3672 HdAudAddService - ok
19:08:32.0778 3672 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:08:32.0809 3672 HDAudBus - ok
19:08:32.0809 3672 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:08:32.0825 3672 HidBatt - ok
19:08:32.0840 3672 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:08:32.0856 3672 HidBth - ok
19:08:32.0872 3672 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:08:32.0887 3672 HidIr - ok
19:08:32.0903 3672 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:08:32.0918 3672 hidserv - ok
19:08:32.0950 3672 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:08:32.0950 3672 HidUsb - ok
19:08:32.0981 3672 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:08:33.0012 3672 hkmsvc - ok
19:08:33.0028 3672 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:08:33.0043 3672 HomeGroupListener - ok
19:08:33.0074 3672 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:08:33.0090 3672 HomeGroupProvider - ok
19:08:33.0106 3672 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:08:33.0121 3672 HpSAMD - ok
19:08:33.0137 3672 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:08:33.0168 3672 HTTP - ok
19:08:33.0184 3672 hwdatacard - ok
19:08:33.0199 3672 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:08:33.0199 3672 hwpolicy - ok
19:08:33.0215 3672 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:08:33.0230 3672 i8042prt - ok
19:08:33.0246 3672 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:08:33.0262 3672 iaStorV - ok
19:08:33.0293 3672 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:08:33.0324 3672 idsvc - ok
19:08:33.0340 3672 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:08:33.0355 3672 iirsp - ok
19:08:33.0371 3672 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:08:33.0402 3672 IKEEXT - ok
19:08:33.0480 3672 [ DAB7318CCFA8081200D5B7B486793F74 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:08:33.0511 3672 IntcAzAudAddService - ok
19:08:33.0527 3672 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:08:33.0527 3672 intelide - ok
19:08:33.0542 3672 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:08:33.0558 3672 intelppm - ok
19:08:33.0589 3672 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:08:33.0620 3672 IPBusEnum - ok
19:08:33.0636 3672 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:08:33.0667 3672 IpFilterDriver - ok
19:08:33.0683 3672 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:08:33.0714 3672 iphlpsvc - ok
19:08:33.0745 3672 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:08:33.0776 3672 IPMIDRV - ok
19:08:33.0792 3672 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:08:33.0839 3672 IPNAT - ok
19:08:33.0870 3672 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:08:33.0886 3672 IRENUM - ok
19:08:33.0917 3672 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:08:33.0917 3672 isapnp - ok
19:08:33.0932 3672 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:08:33.0948 3672 iScsiPrt - ok
19:08:33.0948 3672 jdshbygw - ok
19:08:33.0964 3672 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:08:33.0964 3672 kbdclass - ok
19:08:33.0979 3672 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:08:33.0995 3672 kbdhid - ok
19:08:33.0995 3672 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:08:34.0010 3672 KeyIso - ok
19:08:34.0010 3672 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:08:34.0026 3672 KSecDD - ok
19:08:34.0042 3672 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:08:34.0057 3672 KSecPkg - ok
19:08:34.0057 3672 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:08:34.0088 3672 ksthunk - ok
19:08:34.0120 3672 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:08:34.0151 3672 KtmRm - ok
19:08:34.0182 3672 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:08:34.0213 3672 LanmanServer - ok
19:08:34.0244 3672 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:08:34.0307 3672 LanmanWorkstation - ok
19:08:34.0354 3672 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
19:08:34.0369 3672 lirsgt - ok
19:08:34.0385 3672 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:08:34.0432 3672 lltdio - ok
19:08:34.0447 3672 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:08:34.0494 3672 lltdsvc - ok
19:08:34.0510 3672 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:08:34.0572 3672 lmhosts - ok
19:08:34.0588 3672 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:08:34.0588 3672 LSI_FC - ok
19:08:34.0619 3672 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:08:34.0634 3672 LSI_SAS - ok
19:08:34.0650 3672 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:08:34.0650 3672 LSI_SAS2 - ok
19:08:34.0666 3672 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:08:34.0666 3672 LSI_SCSI - ok
19:08:34.0681 3672 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:08:34.0712 3672 luafv - ok
19:08:34.0744 3672 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:08:34.0744 3672 MBAMProtector - ok
19:08:34.0806 3672 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:08:34.0837 3672 MBAMScheduler - ok
19:08:34.0868 3672 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:08:34.0900 3672 MBAMService - ok
19:08:34.0931 3672 McComponentHostService - ok
19:08:34.0946 3672 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:08:34.0962 3672 Mcx2Svc - ok
19:08:34.0978 3672 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
19:08:34.0993 3672 megasas - ok
19:08:35.0009 3672 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:08:35.0024 3672 MegaSR - ok
19:08:35.0040 3672 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:08:35.0040 3672 MEIx64 - ok
19:08:35.0087 3672 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service D:\Office\Office12\GrooveAuditService.exe
19:08:35.0102 3672 Microsoft Office Groove Audit Service - ok
19:08:35.0118 3672 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:08:35.0180 3672 MMCSS - ok
19:08:35.0180 3672 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:08:35.0227 3672 Modem - ok
19:08:35.0258 3672 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:08:35.0290 3672 monitor - ok
19:08:35.0290 3672 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:08:35.0305 3672 mouclass - ok
19:08:35.0336 3672 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:08:35.0352 3672 mouhid - ok
19:08:35.0383 3672 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:08:35.0399 3672 mountmgr - ok
19:08:35.0461 3672 [ 37E6E36D776C69F88F139B07AB5A8475 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:08:35.0477 3672 MozillaMaintenance - ok
19:08:35.0477 3672 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:08:35.0492 3672 mpio - ok
19:08:35.0508 3672 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:08:35.0539 3672 mpsdrv - ok
19:08:35.0555 3672 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:08:35.0586 3672 MpsSvc - ok
19:08:35.0602 3672 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:08:35.0617 3672 MRxDAV - ok
19:08:35.0648 3672 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:08:35.0664 3672 mrxsmb - ok
19:08:35.0680 3672 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:08:35.0695 3672 mrxsmb10 - ok
19:08:35.0695 3672 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:08:35.0711 3672 mrxsmb20 - ok
19:08:35.0726 3672 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:08:35.0726 3672 msahci - ok
19:08:35.0742 3672 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:08:35.0758 3672 msdsm - ok
19:08:35.0773 3672 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:08:35.0789 3672 MSDTC - ok
19:08:35.0804 3672 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:08:35.0867 3672 Msfs - ok
19:08:35.0882 3672 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:08:35.0914 3672 mshidkmdf - ok
19:08:35.0945 3672 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:08:35.0960 3672 msisadrv - ok
19:08:35.0976 3672 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:08:36.0007 3672 MSiSCSI - ok
19:08:36.0007 3672 msiserver - ok
19:08:36.0023 3672 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:08:36.0054 3672 MSKSSRV - ok
19:08:36.0070 3672 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:08:36.0101 3672 MSPCLOCK - ok
19:08:36.0116 3672 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:08:36.0148 3672 MSPQM - ok
19:08:36.0148 3672 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:08:36.0163 3672 MsRPC - ok
19:08:36.0179 3672 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:08:36.0179 3672 mssmbios - ok
19:08:36.0179 3672 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:08:36.0210 3672 MSTEE - ok
19:08:36.0210 3672 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:08:36.0226 3672 MTConfig - ok
19:08:36.0241 3672 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:08:36.0241 3672 Mup - ok
19:08:36.0257 3672 [ 38B4C95E821528FB91DF16A78E04450F ] mv91xx C:\Windows\system32\drivers\mv91xx.sys
19:08:36.0272 3672 mv91xx - ok
19:08:36.0288 3672 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:08:36.0335 3672 napagent - ok
19:08:36.0350 3672 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:08:36.0382 3672 NativeWifiP - ok
19:08:36.0428 3672 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:08:36.0460 3672 NDIS - ok
19:08:36.0460 3672 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:08:36.0491 3672 NdisCap - ok
19:08:36.0506 3672 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:08:36.0522 3672 NdisTapi - ok
19:08:36.0538 3672 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:08:36.0553 3672 Ndisuio - ok
19:08:36.0569 3672 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:08:36.0600 3672 NdisWan - ok
19:08:36.0616 3672 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:08:36.0647 3672 NDProxy - ok
19:08:36.0647 3672 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:08:36.0709 3672 NetBIOS - ok
19:08:36.0725 3672 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:08:36.0740 3672 NetBT - ok
19:08:36.0756 3672 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:08:36.0756 3672 Netlogon - ok
19:08:36.0787 3672 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:08:36.0818 3672 Netman - ok
19:08:36.0834 3672 [ 3E5A36127E201DDF663176B66828FAFE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:08:36.0850 3672 NetMsmqActivator - ok
19:08:36.0865 3672 [ 3E5A36127E201DDF663176B66828FAFE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:08:36.0865 3672 NetPipeActivator - ok
19:08:36.0881 3672 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:08:36.0928 3672 netprofm - ok
19:08:36.0928 3672 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:08:36.0943 3672 NetTcpActivator - ok
19:08:36.0943 3672 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:08:36.0943 3672 NetTcpPortSharing - ok
19:08:36.0959 3672 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:08:36.0974 3672 nfrd960 - ok
19:08:36.0990 3672 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:08:37.0006 3672 NlaSvc - ok
19:08:37.0021 3672 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:08:37.0052 3672 Npfs - ok
19:08:37.0052 3672 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:08:37.0068 3672 nsi - ok
19:08:37.0084 3672 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:08:37.0115 3672 nsiproxy - ok
19:08:37.0162 3672 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:08:37.0208 3672 Ntfs - ok
19:08:37.0224 3672 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:08:37.0255 3672 Null - ok
19:08:37.0271 3672 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
19:08:37.0271 3672 nusb3hub - ok
19:08:37.0286 3672 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:08:37.0302 3672 nusb3xhc - ok
19:08:37.0333 3672 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
19:08:37.0364 3672 NVENETFD - ok
19:08:37.0411 3672 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
19:08:37.0427 3672 NVHDA - ok
19:08:37.0583 3672 [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:08:37.0676 3672 nvlddmkm - ok
19:08:37.0708 3672 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:08:37.0723 3672 nvraid - ok
19:08:37.0739 3672 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:08:37.0739 3672 nvstor - ok
19:08:37.0801 3672 [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:08:37.0817 3672 nvsvc - ok
19:08:37.0879 3672 [ FB660F80BDC4F13D594996976AFAECD9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:08:37.0910 3672 nvUpdatusService - ok
19:08:37.0926 3672 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:08:37.0926 3672 nv_agp - ok
19:08:37.0988 3672 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:08:38.0020 3672 odserv - ok
19:08:38.0035 3672 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:08:38.0051 3672 ohci1394 - ok
19:08:38.0066 3672 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:08:38.0066 3672 ose - ok
19:08:38.0082 3672 othrhtsd - ok
19:08:38.0098 3672 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:08:38.0129 3672 p2pimsvc - ok
19:08:38.0144 3672 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:08:38.0176 3672 p2psvc - ok
19:08:38.0191 3672 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
19:08:38.0222 3672 Parport - ok
19:08:38.0238 3672 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:08:38.0254 3672 partmgr - ok
19:08:38.0254 3672 pbpdeuxl - ok
19:08:38.0269 3672 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:08:38.0300 3672 PcaSvc - ok
19:08:38.0300 3672 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:08:38.0316 3672 pci - ok
19:08:38.0347 3672 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:08:38.0347 3672 pciide - ok
19:08:38.0363 3672 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:08:38.0378 3672 pcmcia - ok
19:08:38.0394 3672 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:08:38.0410 3672 pcw - ok
19:08:38.0410 3672 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:08:38.0456 3672 PEAUTH - ok
19:08:38.0503 3672 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:08:38.0534 3672 PerfHost - ok
19:08:38.0581 3672 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:08:38.0659 3672 pla - ok
19:08:38.0690 3672 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:08:38.0737 3672 PlugPlay - ok
19:08:38.0753 3672 PnkBstrA - ok
19:08:38.0768 3672 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:08:38.0784 3672 PNRPAutoReg - ok
19:08:38.0800 3672 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:08:38.0815 3672 PNRPsvc - ok
19:08:38.0831 3672 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:08:38.0878 3672 PolicyAgent - ok
19:08:38.0893 3672 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:08:38.0924 3672 Power - ok
19:08:38.0956 3672 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:08:38.0987 3672 PptpMiniport - ok
19:08:39.0002 3672 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
19:08:39.0018 3672 Processor - ok
19:08:39.0034 3672 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:08:39.0065 3672 ProfSvc - ok
19:08:39.0080 3672 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:08:39.0080 3672 ProtectedStorage - ok
19:08:39.0096 3672 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:08:39.0127 3672 Psched - ok
19:08:39.0158 3672 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:08:39.0205 3672 ql2300 - ok
19:08:39.0205 3672 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:08:39.0221 3672 ql40xx - ok
19:08:39.0252 3672 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:08:39.0268 3672 QWAVE - ok
19:08:39.0268 3672 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:08:39.0299 3672 QWAVEdrv - ok
19:08:39.0346 3672 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
19:08:39.0361 3672 RapiMgr - ok
19:08:39.0377 3672 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:08:39.0408 3672 RasAcd - ok
19:08:39.0424 3672 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:08:39.0439 3672 RasAgileVpn - ok
19:08:39.0455 3672 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:08:39.0486 3672 RasAuto - ok
19:08:39.0502 3672 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:08:39.0533 3672 Rasl2tp - ok
19:08:39.0564 3672 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:08:39.0611 3672 RasMan - ok
19:08:39.0626 3672 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:08:39.0658 3672 RasPppoe - ok
19:08:39.0673 3672 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:08:39.0689 3672 RasSstp - ok
19:08:39.0704 3672 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:08:39.0736 3672 rdbss - ok
19:08:39.0736 3672 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
19:08:39.0751 3672 rdpbus - ok
19:08:39.0767 3672 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:08:39.0782 3672 RDPCDD - ok
19:08:39.0814 3672 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:08:39.0860 3672 RDPENCDD - ok
19:08:39.0876 3672 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:08:39.0892 3672 RDPREFMP - ok
19:08:39.0923 3672 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:08:39.0954 3672 RdpVideoMiniport - ok
19:08:39.0985 3672 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:08:40.0001 3672 RDPWD - ok
19:08:40.0032 3672 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:08:40.0032 3672 rdyboost - ok
19:08:40.0079 3672 [ EA569D48B2E755AF6D96F03F3335D98A ] Realtek11nCU C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
19:08:40.0094 3672 Realtek11nCU ( UnsignedFile.Multi.Generic ) - warning
19:08:40.0094 3672 Realtek11nCU - detected UnsignedFile.Multi.Generic (1)
19:08:40.0126 3672 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:08:40.0157 3672 RemoteAccess - ok
19:08:40.0172 3672 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:08:40.0219 3672 RemoteRegistry - ok
19:08:40.0235 3672 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:08:40.0266 3672 RFCOMM - ok
19:08:40.0266 3672 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:08:40.0297 3672 RpcEptMapper - ok
19:08:40.0313 3672 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:08:40.0344 3672 RpcLocator - ok
19:08:40.0360 3672 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:08:40.0391 3672 RpcSs - ok
19:08:40.0406 3672 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:08:40.0422 3672 rspndr - ok
19:08:40.0453 3672 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:08:40.0469 3672 RTL8167 - ok
19:08:40.0500 3672 [ A4F7F9BB5576BF1D3A57F785C5DBEDB7 ] RTL8192cu C:\Windows\system32\DRIVERS\RTL8192cu.sys
19:08:40.0516 3672 RTL8192cu - ok
19:08:40.0531 3672 [ BA935BB90DE389D62A9C1212ECCA64BC ] RTLE8023x64 C:\Windows\system32\DRIVERS\Rtenic64.sys
19:08:40.0547 3672 RTLE8023x64 - ok
19:08:40.0547 3672 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:08:40.0562 3672 SamSs - ok
19:08:40.0562 3672 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:08:40.0578 3672 sbp2port - ok
19:08:40.0594 3672 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:08:40.0609 3672 SCardSvr - ok
19:08:40.0625 3672 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:08:40.0656 3672 scfilter - ok
19:08:40.0672 3672 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:08:40.0703 3672 Schedule - ok
19:08:40.0718 3672 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:08:40.0750 3672 SCPolicySvc - ok
19:08:40.0781 3672 [ 490B0B68BB938D5C628EC4A67277BE75 ] ScreamBAudioSvc C:\Windows\system32\drivers\ScreamingBAudio64.sys
19:08:40.0796 3672 ScreamBAudioSvc - ok
19:08:40.0812 3672 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:08:40.0828 3672 SDRSVC - ok
19:08:40.0843 3672 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:08:40.0890 3672 secdrv - ok
19:08:40.0890 3672 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:08:40.0921 3672 seclogon - ok
19:08:40.0937 3672 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:08:40.0968 3672 SENS - ok
19:08:40.0968 3672 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:08:40.0999 3672 SensrSvc - ok
19:08:41.0015 3672 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:08:41.0015 3672 Serenum - ok
19:08:41.0046 3672 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:08:41.0077 3672 Serial - ok
19:08:41.0093 3672 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:08:41.0124 3672 sermouse - ok
19:08:41.0155 3672 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:08:41.0202 3672 SessionEnv - ok
19:08:41.0218 3672 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:08:41.0233 3672 sffdisk - ok
19:08:41.0249 3672 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:08:41.0264 3672 sffp_mmc - ok
19:08:41.0280 3672 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:08:41.0311 3672 sffp_sd - ok
19:08:41.0311 3672 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:08:41.0327 3672 sfloppy - ok
19:08:41.0342 3672 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:08:41.0374 3672 SharedAccess - ok
19:08:41.0389 3672 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:08:41.0420 3672 ShellHWDetection - ok
19:08:41.0436 3672 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:08:41.0452 3672 SiSRaid2 - ok
19:08:41.0467 3672 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:08:41.0483 3672 SiSRaid4 - ok
19:08:41.0545 3672 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:08:41.0561 3672 SkypeUpdate - ok
19:08:41.0576 3672 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:08:41.0608 3672 Smb - ok
19:08:41.0654 3672 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:08:41.0686 3672 SNMPTRAP - ok
19:08:41.0686 3672 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:08:41.0701 3672 spldr - ok
19:08:41.0732 3672 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:08:41.0748 3672 Spooler - ok
19:08:41.0795 3672 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:08:41.0904 3672 sppsvc - ok
19:08:41.0920 3672 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:08:41.0935 3672 sppuinotify - ok
19:08:41.0951 3672 sptd - ok
19:08:41.0982 3672 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:08:42.0013 3672 srv - ok
19:08:42.0013 3672 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:08:42.0044 3672 srv2 - ok
19:08:42.0044 3672 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:08:42.0044 3672 srvnet - ok
19:08:42.0076 3672 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:08:42.0107 3672 SSDPSRV - ok
19:08:42.0138 3672 [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
19:08:42.0154 3672 SSPORT - ok
19:08:42.0154 3672 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:08:42.0185 3672 SstpSvc - ok
19:08:42.0216 3672 [ 855335BF5792E56164F98C012E3D92DD ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
19:08:42.0232 3672 ssudmdm - ok
19:08:42.0263 3672 Steam Client Service - ok
19:08:42.0325 3672 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:08:42.0341 3672 Stereo Service - ok
19:08:42.0356 3672 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:08:42.0372 3672 stexstor - ok
19:08:42.0388 3672 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
19:08:42.0419 3672 StillCam - ok
19:08:42.0450 3672 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:08:42.0481 3672 stisvc - ok
19:08:42.0512 3672 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:08:42.0512 3672 swenum - ok
19:08:42.0528 3672 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:08:42.0559 3672 swprv - ok
19:08:42.0590 3672 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:08:42.0653 3672 SysMain - ok
19:08:42.0668 3672 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:08:42.0684 3672 TabletInputService - ok
19:08:42.0700 3672 [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
19:08:42.0715 3672 tap0901 - ok
19:08:42.0746 3672 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:08:42.0778 3672 TapiSrv - ok
19:08:42.0793 3672 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:08:42.0824 3672 TBS - ok
19:08:42.0856 3672 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:08:42.0902 3672 Tcpip - ok
19:08:42.0965 3672 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:08:42.0996 3672 TCPIP6 - ok
19:08:43.0012 3672 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:08:43.0012 3672 tcpipreg - ok
19:08:43.0043 3672 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:08:43.0058 3672 TDPIPE - ok
19:08:43.0074 3672 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:08:43.0090 3672 TDTCP - ok
19:08:43.0121 3672 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:08:43.0136 3672 tdx - ok
19:08:43.0152 3672 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:08:43.0168 3672 TermDD - ok
19:08:43.0183 3672 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:08:43.0214 3672 TermService - ok
19:08:43.0246 3672 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:08:43.0261 3672 Themes - ok
19:08:43.0292 3672 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:08:43.0308 3672 THREADORDER - ok
19:08:43.0324 3672 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:08:43.0355 3672 TrkWks - ok
19:08:43.0386 3672 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:08:43.0417 3672 TrustedInstaller - ok
19:08:43.0448 3672 [ 2670B4F69E530C9DE602488CA8C55AD3 ] trustms C:\Windows\system32\drivers\trustms.sys
19:08:43.0448 3672 trustms - ok
19:08:43.0464 3672 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:08:43.0495 3672 tssecsrv - ok
19:08:43.0526 3672 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:08:43.0558 3672 TsUsbFlt - ok
19:08:43.0573 3672 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:08:43.0604 3672 TsUsbGD - ok
19:08:43.0698 3672 [ 811A229718C85356BC81EB20F35EB7F6 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
19:08:43.0729 3672 TuneUp.UtilitiesSvc - ok
19:08:43.0745 3672 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
19:08:43.0745 3672 TuneUpUtilitiesDrv - ok
19:08:43.0760 3672 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:08:43.0792 3672 tunnel - ok
19:08:43.0807 3672 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:08:43.0807 3672 uagp35 - ok
19:08:43.0823 3672 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:08:43.0854 3672 udfs - ok
19:08:43.0885 3672 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:08:43.0916 3672 UI0Detect - ok
19:08:43.0948 3672 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:08:43.0963 3672 uliagpkx - ok
19:08:43.0979 3672 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:08:43.0994 3672 umbus - ok
19:08:44.0026 3672 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
19:08:44.0041 3672 UmPass - ok
19:08:44.0072 3672 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:08:44.0104 3672 upnphost - ok
19:08:44.0135 3672 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:08:44.0135 3672 usbccgp - ok
19:08:44.0166 3672 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:08:44.0197 3672 usbcir - ok
19:08:44.0213 3672 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:08:44.0244 3672 usbehci - ok
19:08:44.0260 3672 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:08:44.0306 3672 usbhub - ok
19:08:44.0322 3672 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:08:44.0353 3672 usbohci - ok
19:08:44.0369 3672 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:08:44.0400 3672 usbprint - ok
19:08:44.0431 3672 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:08:44.0447 3672 usbscan - ok
19:08:44.0462 3672 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:08:44.0509 3672 USBSTOR - ok
19:08:44.0509 3672 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:08:44.0556 3672 usbuhci - ok
19:08:44.0572 3672 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:08:44.0618 3672 UxSms - ok
19:08:44.0634 3672 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:08:44.0650 3672 VaultSvc - ok
19:08:44.0665 3672 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:08:44.0665 3672 vdrvroot - ok
19:08:44.0696 3672 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:08:44.0728 3672 vds - ok
19:08:44.0759 3672 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:08:44.0790 3672 vga - ok
19:08:44.0806 3672 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:08:44.0852 3672 VgaSave - ok
19:08:44.0884 3672 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:08:44.0884 3672 vhdmp - ok
19:08:44.0899 3672 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:08:44.0915 3672 viaide - ok
19:08:44.0915 3672 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:08:44.0930 3672 volmgr - ok
19:08:44.0946 3672 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:08:44.0962 3672 volmgrx - ok
19:08:44.0977 3672 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:08:44.0977 3672 volsnap - ok
19:08:44.0993 3672 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:08:45.0008 3672 vsmraid - ok
19:08:45.0040 3672 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:08:45.0118 3672 VSS - ok
19:08:45.0133 3672 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:08:45.0164 3672 vwifibus - ok
19:08:45.0180 3672 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:08:45.0196 3672 vwififlt - ok
19:08:45.0211 3672 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:08:45.0227 3672 vwifimp - ok
19:08:45.0242 3672 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:08:45.0274 3672 W32Time - ok
19:08:45.0289 3672 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:08:45.0305 3672 WacomPen - ok
19:08:45.0320 3672 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:08:45.0367 3672 WANARP - ok
19:08:45.0367 3672 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:08:45.0383 3672 Wanarpv6 - ok
19:08:45.0430 3672 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:08:45.0461 3672 wbengine - ok
19:08:45.0492 3672 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:08:45.0508 3672 WbioSrvc - ok
19:08:45.0523 3672 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
19:08:45.0539 3672 WcesComm - ok
19:08:45.0554 3672 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:08:45.0570 3672 wcncsvc - ok
19:08:45.0586 3672 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:08:45.0617 3672 WcsPlugInService - ok
19:08:45.0632 3672 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
19:08:45.0648 3672 Wd - ok
19:08:45.0679 3672 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:08:45.0710 3672 Wdf01000 - ok
19:08:45.0710 3672 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:08:45.0742 3672 WdiServiceHost - ok
19:08:45.0742 3672 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:08:45.0757 3672 WdiSystemHost - ok
19:08:45.0757 3672 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:08:45.0788 3672 WebClient - ok
19:08:45.0804 3672 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:08:45.0851 3672 Wecsvc - ok
19:08:45.0851 3672 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:08:45.0882 3672 wercplsupport - ok
19:08:45.0898 3672 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:08:45.0913 3672 WerSvc - ok
19:08:45.0929 3672 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:08:45.0944 3672 WfpLwf - ok
19:08:45.0960 3672 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:08:45.0976 3672 WIMMount - ok
19:08:45.0976 3672 WinDefend - ok
19:08:45.0976 3672 WinHttpAutoProxySvc - ok
19:08:46.0022 3672 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:08:46.0038 3672 Winmgmt - ok
19:08:46.0069 3672 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:08:46.0132 3672 WinRM - ok
19:08:46.0163 3672 [ FE88B288356E7B47B74B13372ADD906D ] WINUSB C:\Windows\system32\DRIVERS\WinUSB.SYS
19:08:46.0194 3672 WINUSB - ok
19:08:46.0225 3672 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:08:46.0288 3672 Wlansvc - ok
19:08:46.0350 3672 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:08:46.0366 3672 wlcrasvc - ok
19:08:46.0475 3672 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:08:46.0537 3672 wlidsvc - ok
19:08:46.0553 3672 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:08:46.0568 3672 WmiAcpi - ok
19:08:46.0568 3672 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:08:46.0600 3672 wmiApSrv - ok
19:08:46.0646 3672 WMPNetworkSvc - ok
19:08:46.0662 3672 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:08:46.0693 3672 WPCSvc - ok
19:08:46.0709 3672 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:08:46.0724 3672 WPDBusEnum - ok
19:08:46.0740 3672 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:08:46.0756 3672 ws2ifsl - ok
19:08:46.0771 3672 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:08:46.0787 3672 wscsvc - ok
19:08:46.0787 3672 WSearch - ok
19:08:46.0818 3672 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:08:46.0865 3672 wuauserv - ok
19:08:46.0896 3672 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:08:46.0912 3672 WudfPf - ok
19:08:46.0927 3672 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:08:46.0943 3672 WUDFRd - ok
19:08:46.0958 3672 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:08:46.0990 3672 wudfsvc - ok
19:08:46.0990 3672 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:08:47.0021 3672 WwanSvc - ok
19:08:47.0052 3672 [ 2C6BC21B2D5B58D8B1D638C1704CB494 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
19:08:47.0068 3672 xusb21 - ok
19:08:47.0099 3672 ================ Scan global ===============================
19:08:47.0114 3672 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:08:47.0130 3672 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:08:47.0146 3672 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:08:47.0161 3672 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:08:47.0177 3672 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:08:47.0177 3672 [Global] - ok
19:08:47.0177 3672 ================ Scan MBR ==================================
19:08:47.0192 3672 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:08:47.0426 3672 \Device\Harddisk0\DR0 - ok
19:08:47.0426 3672 ================ Scan VBR ==================================
19:08:47.0426 3672 [ 7E0BE7C2D23F9D2275500A74C6F54C78 ] \Device\Harddisk0\DR0\Partition1
19:08:47.0426 3672 \Device\Harddisk0\DR0\Partition1 - ok
19:08:47.0458 3672 [ 411F6F9279349F5CF57E447725AF484A ] \Device\Harddisk0\DR0\Partition2
19:08:47.0458 3672 \Device\Harddisk0\DR0\Partition2 - ok
19:08:47.0489 3672 [ 491B12A1E95302BBE306359C700FF4D6 ] \Device\Harddisk0\DR0\Partition3
19:08:47.0489 3672 \Device\Harddisk0\DR0\Partition3 - ok
19:08:47.0504 3672 [ 41491C8E7360AAD9F91A947352553F4F ] \Device\Harddisk0\DR0\Partition4
19:08:47.0504 3672 \Device\Harddisk0\DR0\Partition4 - ok
19:08:47.0504 3672 ============================================================
19:08:47.0504 3672 Scan finished
19:08:47.0504 3672 ============================================================
19:08:47.0520 2460 Detected object count: 4
19:08:47.0520 2460 Actual detected object count: 4
19:09:18.0549 2460 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
19:09:18.0549 2460 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
19:09:18.0549 2460 AtherosSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0549 2460 AtherosSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:09:18.0549 2460 DokanMounter ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0549 2460 DokanMounter ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:09:18.0549 2460 Realtek11nCU ( UnsignedFile.Multi.Generic ) - skipped by user
19:09:18.0549 2460 Realtek11nCU ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:09:22.0106 0200 Deinitialize success
|
|
11.05.2013, 18:21
| #8 |
| /// Malware-holic | Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.05.2013, 18:40
| #9 |
| | Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe So, da wäre das Log. Combofix Logfile: Code:
ATTFilter ComboFix 13-05-11.01 - Atelco 11.05.2013 19:26:27.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.16361.14041 [GMT 2:00]
ausgeführt von:: c:\users\Atelco\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Atelco\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\users\Atelco\AppData\Roaming\inst.exe
c:\users\Atelco\AppData\Roaming\vso_ts_preview.xml
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\muzapp.exe
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-11 bis 2013-05-11 ))))))))))))))))))))))))))))))
.
.
2013-05-11 15:53 . 2013-05-09 08:59 22600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-05-10 12:09 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9D7839F-6DBF-4114-9DC0-0DDA01BA5C8E}\mpengine.dll
2013-04-24 15:17 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-14 07:51 . 2013-04-14 07:51 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-10 12:04 . 2010-06-24 09:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-09 08:59 . 2013-03-06 16:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-03-06 16:33 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2012-12-16 12:12 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2012-12-16 12:12 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2012-12-16 12:12 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2012-06-08 13:52 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2012-12-16 12:12 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2012-12-16 12:12 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2012-12-16 12:12 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2012-12-16 12:12 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-21 08:06 . 2012-08-14 17:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-21 08:06 . 2012-08-14 17:18 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-10 19:01 . 2011-10-25 14:51 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-04 12:50 . 2012-07-17 15:27 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-19 06:04 . 2013-04-10 15:34 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 15:34 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 15:34 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 15:34 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 15:34 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 15:34 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-09 18:11 . 2012-12-19 23:17 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-03-09 18:11 . 2012-02-29 22:19 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-03-09 18:10 . 2012-12-19 23:17 280856 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-03-09 09:09 . 2013-03-09 09:09 310688 ----a-w- c:\windows\system32\javaws.exe
2013-03-09 09:09 . 2013-03-09 09:09 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-09 09:09 . 2013-03-09 09:09 188832 ----a-w- c:\windows\system32\javaw.exe
2013-03-09 09:09 . 2013-03-09 09:09 188320 ----a-w- c:\windows\system32\java.exe
2013-03-09 09:09 . 2013-03-09 09:09 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-09 09:09 . 2011-09-28 10:21 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-06 16:48 . 2013-03-06 16:48 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-06 16:47 . 2012-07-02 08:06 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-03-06 16:47 . 2011-10-25 15:01 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-01 03:36 . 2013-04-10 15:34 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-25 22:32 . 2013-02-25 22:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-02-25 22:32 . 2013-02-25 22:32 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-02-25 22:32 . 2013-02-25 22:32 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32 2826040 ----a-w- c:\windows\system32\nvapi64.dll
2013-02-25 22:32 . 2013-02-25 22:32 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-02-25 22:32 . 2013-02-25 22:32 1107440 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-02-25 22:32 . 2012-03-20 17:21 1814304 ----a-w- c:\windows\system32\nvdispco64.dll
2013-02-25 22:32 . 2013-02-25 22:32 958120 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-02-25 22:32 . 2013-02-25 22:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll
2013-02-25 22:32 . 2013-02-25 22:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32 245872 ----a-w- c:\windows\system32\nvinitx.dll
2013-02-25 22:32 . 2013-02-25 22:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 22:32 . 2012-12-04 17:36 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
2013-02-25 22:32 . 2013-02-25 22:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-02-25 22:32 . 2013-02-25 22:32 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-02-25 22:32 . 2013-02-25 22:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-02-25 22:32 . 2013-02-25 22:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32 201576 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-02-22 06:57 . 2013-04-10 19:00 17817088 ----a-w- c:\windows\system32\mshtml.dll
2013-02-22 06:29 . 2013-04-10 19:00 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-02-22 06:27 . 2013-04-10 19:00 2312704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-22 06:21 . 2013-04-10 19:00 1346560 ----a-w- c:\windows\system32\urlmon.dll
2013-02-22 06:20 . 2013-04-10 19:00 1392128 ----a-w- c:\windows\system32\wininet.dll
2013-02-22 06:19 . 2013-04-10 19:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-22 06:18 . 2013-04-10 19:00 237056 ----a-w- c:\windows\system32\url.dll
2013-02-22 06:17 . 2013-04-10 19:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
2013-02-22 06:15 . 2013-04-10 19:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-22 06:15 . 2013-04-10 19:00 599040 ----a-w- c:\windows\system32\vbscript.dll
2013-02-22 06:15 . 2013-04-10 19:00 816640 ----a-w- c:\windows\system32\jscript.dll
2013-02-22 06:14 . 2013-04-10 19:00 729088 ----a-w- c:\windows\system32\msfeeds.dll
2013-02-22 06:13 . 2013-04-10 19:00 2147840 ----a-w- c:\windows\system32\iertutil.dll
2013-02-22 06:13 . 2013-04-10 19:00 96768 ----a-w- c:\windows\system32\mshtmled.dll
2013-02-22 06:12 . 2013-04-10 19:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-22 06:09 . 2013-04-10 19:00 248320 ----a-w- c:\windows\system32\ieui.dll
2013-02-22 03:46 . 2013-04-10 19:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-02-22 03:38 . 2013-04-10 19:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2013-02-22 03:37 . 2013-04-10 19:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-02-22 03:34 . 2013-04-10 19:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-02-22 03:34 . 2013-04-10 19:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-02-22 03:31 . 2013-04-10 19:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-02-12 05:45 . 2013-03-13 17:02 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 17:02 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 17:02 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 17:02 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 17:02 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 17:02 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-26 04:15 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 14:03 1310040 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\steam\steam.exe" [2013-05-03 1635752]
"Akamai NetSession Interface"="c:\users\Atelco\AppData\Local\Akamai\netsession_win.exe" [2012-05-07 3331872]
"EADM"="e:\origin\Origin.exe" [2013-03-03 3494992]
"KiesHelper"="d:\kies\KiesHelper.exe" [2012-06-08 958392]
"KiesPDLR"="d:\kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"GrooveMonitor"="d:\office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Trust Gaming Mouse"="e:\trust gaming mouse\Mouse.exe" [2011-01-17 2245632]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SCX3200_Scan2Pc"="c:\windows\Twain_32\Samsung\SCX3200\Scan2pc.exe" [2011-06-21 1990144]
"3200 Scan2PC"="c:\windows\twain_32\Samsung\SCX3200\Scan2Pc.exe" [2011-06-21 1990144]
"KiesTrayAgent"="d:\kies\KiesTrayAgent.exe" [2012-06-08 3521464]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="d:\quiktime\QTTask.exe" -atboottime
.
R1 bhuybimy;bhuybimy;c:\windows\system32\drivers\bhuybimy.sys [x]
R1 ekbmcvpa;ekbmcvpa;c:\windows\system32\drivers\ekbmcvpa.sys [x]
R1 jdshbygw;jdshbygw;c:\windows\system32\drivers\jdshbygw.sys [x]
R1 othrhtsd;othrhtsd;c:\windows\system32\drivers\othrhtsd.sys [x]
R1 pbpdeuxl;pbpdeuxl;c:\windows\system32\drivers\pbpdeuxl.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2012-04-26 2438696]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-21 99384]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [2010-08-12 748648]
R3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys [2011-01-14 335464]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-05-21 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R4 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
R4 Realtek11nCU;Realtek11nCU;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [2010-11-22 303408]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 80816]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2011-01-10 120408]
S2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [2011-01-10 14848]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-10-28 11576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-19 279616]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2009-12-01 38992]
S3 trustms;Trust Mouse;c:\windows\system32\drivers\trustms.sys [2010-11-15 12416]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-05-08 11856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 08:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2007-09-05 406944]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"KiesTrayAgent"="d:\kies\KiesTrayAgent.exe" [2012-06-08 3521464]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube Download - c:\users\Atelco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Atelco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - d:\office\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Atelco\AppData\Roaming\Mozilla\Firefox\Profiles\92poh4uw.default-1355154101686\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-TQ566808 - F:\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-678325235-554912938-2678598872-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:05,a6,ba,5d,8a,bb,d5,4a,7d,4b,29,9b,0e,65,08,a6,ac,50,c1,d6,68,7b,bc,
27,91,bc,68,7e,27,9c,7d,a3,25,de,07,32,48,be,00,aa,32,9c,88,d8,96,69,47,95,\
"??"=hex:85,b9,e3,c5,ec,41,53,a1,1b,b1,52,f1,7d,d1,5c,d8
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-11 19:35:04 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-05-11 17:35
.
Vor Suchlauf: 10 Verzeichnis(se), 534.298.710.016 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 533.896.282.112 Bytes frei
.
- - End Of File - - 3B75B938BE783FA2DF38B443F57B66D3
|
|
11.05.2013, 19:00
| #10 |
| /// Malware-holic | Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe bStart Programme zubehör, editor, reinkopieren: Killall:: Driver:: bhuybimy ekbmcvpa jdshbygw othrhtsd pbpdeuxl dgderdrv McComponentHostService Datei speichern unter, Typ: Alle Dateien. Ort: dort wo sich Combofix.exe befindet. Name: Cfscript.txt ziehe CFscript.txt auf das Combofix Symbol, Programm startet, Log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.05.2013, 19:16
| #11 |
| | Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Wie angewiesen ausgeführt. Combofix Logfile: Code:
ATTFilter ComboFix 13-05-11.01 - Atelco 11.05.2013 20:05:51.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.16361.14190 [GMT 2:00]
ausgeführt von:: c:\users\Atelco\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Atelco\Downloads\Cfscript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Atelco\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_bhuybimy
-------\Service_dgderdrv
-------\Service_ekbmcvpa
-------\Service_jdshbygw
-------\Service_McComponentHostService
-------\Service_othrhtsd
-------\Service_pbpdeuxl
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-11 bis 2013-05-11 ))))))))))))))))))))))))))))))
.
.
2013-05-11 18:09 . 2013-05-11 18:09 -------- d-----w- c:\users\UpdatusUser.Aelthred\AppData\Local\temp
2013-05-11 18:09 . 2013-05-11 18:09 -------- d-----w- c:\users\hedev\AppData\Local\temp
2013-05-11 18:09 . 2013-05-11 18:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-11 15:53 . 2013-05-09 08:59 22600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-05-10 12:09 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9D7839F-6DBF-4114-9DC0-0DDA01BA5C8E}\mpengine.dll
2013-04-24 15:17 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-14 07:51 . 2013-04-14 07:51 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-10 12:04 . 2010-06-24 09:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-09 08:59 . 2013-03-06 16:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-03-06 16:33 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2012-12-16 12:12 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2012-12-16 12:12 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2012-12-16 12:12 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2012-06-08 13:52 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2012-12-16 12:12 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2012-12-16 12:12 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2012-12-16 12:12 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2012-12-16 12:12 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-21 08:06 . 2012-08-14 17:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-21 08:06 . 2012-08-14 17:18 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-10 19:01 . 2011-10-25 14:51 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-04 12:50 . 2012-07-17 15:27 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-19 06:04 . 2013-04-10 15:34 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 15:34 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 15:34 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 15:34 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 15:34 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 15:34 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-09 18:11 . 2012-12-19 23:17 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-03-09 18:11 . 2012-02-29 22:19 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-03-09 18:10 . 2012-12-19 23:17 280856 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-03-09 09:09 . 2013-03-09 09:09 310688 ----a-w- c:\windows\system32\javaws.exe
2013-03-09 09:09 . 2013-03-09 09:09 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-09 09:09 . 2013-03-09 09:09 188832 ----a-w- c:\windows\system32\javaw.exe
2013-03-09 09:09 . 2013-03-09 09:09 188320 ----a-w- c:\windows\system32\java.exe
2013-03-09 09:09 . 2013-03-09 09:09 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-09 09:09 . 2011-09-28 10:21 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-06 16:48 . 2013-03-06 16:48 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-06 16:47 . 2012-07-02 08:06 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-03-06 16:47 . 2011-10-25 15:01 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-01 03:36 . 2013-04-10 15:34 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-25 22:32 . 2013-02-25 22:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-02-25 22:32 . 2013-02-25 22:32 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-02-25 22:32 . 2013-02-25 22:32 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32 2826040 ----a-w- c:\windows\system32\nvapi64.dll
2013-02-25 22:32 . 2013-02-25 22:32 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-02-25 22:32 . 2013-02-25 22:32 1107440 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-02-25 22:32 . 2012-03-20 17:21 1814304 ----a-w- c:\windows\system32\nvdispco64.dll
2013-02-25 22:32 . 2013-02-25 22:32 958120 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-02-25 22:32 . 2013-02-25 22:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll
2013-02-25 22:32 . 2013-02-25 22:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32 245872 ----a-w- c:\windows\system32\nvinitx.dll
2013-02-25 22:32 . 2013-02-25 22:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 22:32 . 2012-12-04 17:36 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
2013-02-25 22:32 . 2013-02-25 22:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-02-25 22:32 . 2013-02-25 22:32 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-02-25 22:32 . 2013-02-25 22:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-02-25 22:32 . 2013-02-25 22:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32 201576 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-02-22 06:57 . 2013-04-10 19:00 17817088 ----a-w- c:\windows\system32\mshtml.dll
2013-02-22 06:29 . 2013-04-10 19:00 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-02-22 06:27 . 2013-04-10 19:00 2312704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-22 06:21 . 2013-04-10 19:00 1346560 ----a-w- c:\windows\system32\urlmon.dll
2013-02-22 06:20 . 2013-04-10 19:00 1392128 ----a-w- c:\windows\system32\wininet.dll
2013-02-22 06:19 . 2013-04-10 19:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-22 06:18 . 2013-04-10 19:00 237056 ----a-w- c:\windows\system32\url.dll
2013-02-22 06:17 . 2013-04-10 19:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
2013-02-22 06:15 . 2013-04-10 19:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-22 06:15 . 2013-04-10 19:00 599040 ----a-w- c:\windows\system32\vbscript.dll
2013-02-22 06:15 . 2013-04-10 19:00 816640 ----a-w- c:\windows\system32\jscript.dll
2013-02-22 06:14 . 2013-04-10 19:00 729088 ----a-w- c:\windows\system32\msfeeds.dll
2013-02-22 06:13 . 2013-04-10 19:00 2147840 ----a-w- c:\windows\system32\iertutil.dll
2013-02-22 06:13 . 2013-04-10 19:00 96768 ----a-w- c:\windows\system32\mshtmled.dll
2013-02-22 06:12 . 2013-04-10 19:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-22 06:09 . 2013-04-10 19:00 248320 ----a-w- c:\windows\system32\ieui.dll
2013-02-22 03:46 . 2013-04-10 19:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-02-22 03:38 . 2013-04-10 19:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2013-02-22 03:37 . 2013-04-10 19:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-02-22 03:34 . 2013-04-10 19:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-02-22 03:34 . 2013-04-10 19:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-02-22 03:31 . 2013-04-10 19:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-02-12 05:45 . 2013-03-13 17:02 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 17:02 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 17:02 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 17:02 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 17:02 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 17:02 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-26 04:15 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 14:03 1310040 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\steam\steam.exe" [2013-05-03 1635752]
"Akamai NetSession Interface"="c:\users\Atelco\AppData\Local\Akamai\netsession_win.exe" [2012-05-07 3331872]
"EADM"="e:\origin\Origin.exe" [2013-03-03 3494992]
"KiesHelper"="d:\kies\KiesHelper.exe" [2012-06-08 958392]
"KiesPDLR"="d:\kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"GrooveMonitor"="d:\office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Trust Gaming Mouse"="e:\trust gaming mouse\Mouse.exe" [2011-01-17 2245632]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SCX3200_Scan2Pc"="c:\windows\Twain_32\Samsung\SCX3200\Scan2pc.exe" [2011-06-21 1990144]
"3200 Scan2PC"="c:\windows\twain_32\Samsung\SCX3200\Scan2Pc.exe" [2011-06-21 1990144]
"KiesTrayAgent"="d:\kies\KiesTrayAgent.exe" [2012-06-08 3521464]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="d:\quiktime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2012-04-26 2438696]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-21 99384]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [2010-08-12 748648]
R3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys [2011-01-14 335464]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-05-21 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R4 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
R4 Realtek11nCU;Realtek11nCU;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [2010-11-22 303408]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 80816]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2011-01-10 120408]
S2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [2011-01-10 14848]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-10-28 11576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-19 279616]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2009-12-01 38992]
S3 trustms;Trust Mouse;c:\windows\system32\drivers\trustms.sys [2010-11-15 12416]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-05-08 11856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 08:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2007-09-05 406944]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"KiesTrayAgent"="d:\kies\KiesTrayAgent.exe" [2012-06-08 3521464]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube Download - c:\users\Atelco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Atelco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - d:\office\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Atelco\AppData\Roaming\Mozilla\Firefox\Profiles\92poh4uw.default-1355154101686\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-678325235-554912938-2678598872-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:05,a6,ba,5d,8a,bb,d5,4a,7d,4b,29,9b,0e,65,08,a6,ac,50,c1,d6,68,7b,bc,
27,91,bc,68,7e,27,9c,7d,a3,25,de,07,32,48,be,00,aa,32,9c,88,d8,96,69,47,95,\
"??"=hex:85,b9,e3,c5,ec,41,53,a1,1b,b1,52,f1,7d,d1,5c,d8
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-11 20:14:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-05-11 18:14
ComboFix2.txt 2013-05-11 17:35
.
Vor Suchlauf: 13 Verzeichnis(se), 533.976.072.192 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 533.425.090.560 Bytes frei
.
- - End Of File - - CF4A4041F6ABF1632E8A654B7DD02FA9
|
|
11.05.2013, 19:17
| #12 |
| /// Malware-holic | Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe hi, 1. poste alle bisher erstellten Malwarebytes Logs mit funden: http://www.trojaner-board.de/125889-...en-posten.html 2. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.05.2013, 20:09
| #13 | |
| | Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe So Suchlauf beendet - nichts wurde gefunden. Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.11.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Atelco :: AELTHRED [Administrator] 11.05.2013 20:21:25 mbam-log-2013-05-11 (20-21-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 509463 Laufzeit: 46 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Edit: Nach Neustart meldet Avast erneut eine Bedrohung: Zitat:
Geändert von Mischer (11.05.2013 um 20:16 Uhr) |
|
11.05.2013, 20:21
| #14 |
| /// Malware-holic | Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.05.2013, 20:37
| #15 |
| | Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode:
ATTFilter 7-Zip 9.20 11.12.2011 notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 21.04.2013 6,00MB 11.7.700.169 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 14.04.2013 6,00MB 11.7.700.169 notwendig Adobe Reader X (10.1.6) - Deutsch Adobe Systems Incorporated 23.02.2013 122MB 10.1.6 notwendig Adobe Shockwave Player 11.6 Adobe Systems, Inc. 12.07.2012 11.6.5.635 notwendig Akamai NetSession Interface 24.02.2013 unbekannt Akamai NetSession Interface Service 05.04.2012 unbekannt Apple Application Support Apple Inc. 30.05.2012 61,0MB 2.1.7 unbekannt Apple Software Update Apple Inc. 30.05.2012 2,38MB 2.1.3.127 unbekannt Armageddon 11.04.2012 unnötig avast! Pro Antivirus AVAST Software 11.05.2013 8.0.1489.0 notwendig Battlefield 3™ Electronic Arts 06.09.2012 1.4.0.0 notwendig Battlelog Web Plugins EA Digital Illusions CE AB 20.12.2012 2.1.2 notwendig Bluetooth Win7 Suite (64) Atheros Communications 23.09.2011 59,1MB 7.2.0.40 notwendig Borderlands 2 Gearbox Software 19.03.2013 notwendig Bullzip PDF Printer 8.2.0.1406 Bullzip 30.05.2012 9,25MB 8.2.0.1406 unnötig Canon LBP5050 14.10.2011 notwendig CCleaner Piriform 23.04.2013 4.01 notwendig Cisco EAP-FAST Module Cisco Systems, Inc. 19.12.2011 1,55MB 2.2.14 unbekannt Cisco LEAP Module Cisco Systems, Inc. 19.12.2011 644KB 1.0.19 unbekannt Cisco PEAP Module Cisco Systems, Inc. 19.12.2011 1,23MB 1.1.6 unbekannt Cities XL Platinum 09.05.2013 notwendig Command & Conquer Die ersten 10 Jahre Electronic Arts 13.03.2012 1.00.0000 unnötig Company of Heroes Relic 30.03.2012 notwendig Company of Heroes: Opposing Fronts Relic 30.03.2012 notwendig Company of Heroes: Tales of Valor Relic 30.03.2012 notwendig CyberGhost VPN CyberGhost S.R.L. 18.12.2012 64,2MB notwendig DAEMON Tools Lite DT Soft Ltd 17.01.2012 4.45.1.0236 unnötig DH Driver Cleaner Professional Edition Ruud Ketelaars 19.03.2012 Version 1.5 notwendig Dokan Library 0.6.0 04.09.2012 unbekannt Empire: Total War The Creative Assembly 06.11.2011 notwendig F1 2012 Codemasters 27.10.2012 notwendig FLV Player 2.0 (build 25) Martijn de Visser 23.09.2011 2.0 (build 25) notwendig Free YouTube Download version 3.2.0.128 DVDVideoSoft Ltd. 08.03.2013 76,7MB 3.2.0.128 unnötig Free YouTube to MP3 Converter version 3.12.1.320 DVDVideoSoft Ltd. 14.04.2013 76,0MB 3.12.1.320 unnötig Intel(R) Management Engine Components Intel Corporation 23.09.2011 7.0.0.1144 unbekannt Internet Explorer Toolbar 4.6 by SweetPacks SweetIM Technologies Ltd. 02.11.2012 4,27MB 4.6.0004 unnötig Java 7 Update 17 Oracle 06.03.2013 130MB 7.0.170 notwendig Java 7 Update 17 (64-bit) Oracle 09.03.2013 128MB 7.0.170 notwendig Java(TM) 6 Update 39 Oracle 08.03.2013 97,8MB 6.0.390 notwendig JDownloader 0.9 AppWork GmbH 02.11.2012 0.9 notwendig K-Lite Mega Codec Pack 9.6.0 20.12.2012 90,7MB 9.6.0 notwendig Logitech Unifying-Software 2.00 Logitech 17.04.2012 4,59MB 2.00.43 notwendig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 11.05.2013 19,2MB 1.75.0.1300 notwendig marvell 91xx driver Marvell 23.09.2011 1.0.0.1051 unbekannt Medieval II: Total War The Creative Assembly 12.07.2012 unnötig Medieval II: Total War Kingdoms The Creative Assembly 12.07.2012 unnötig Metro 2033 THQ 26.05.2012 unnötig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.12.2012 38,8MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 27.06.2012 2,93MB 4.0.30320 unbekannt Microsoft Chart Controls for Microsoft .NET Framework 3.5 Microsoft Corporation 24.04.2012 13,8MB 3.5.30730.0 unbekannt Microsoft Games for Windows - LIVE Microsoft Corporation 01.12.2012 8,19MB 3.0.89.0 unbekannt Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 01.12.2012 33,5MB 3.0.19.0 unbekannt Microsoft Office 2010 Microsoft Corporation 16.05.2011 6,31MB 14.0.4763.1000 notwendig Microsoft Office Enterprise 2007 Microsoft Corporation 21.02.2012 12.0.6612.1000 notwendig Microsoft Office File Validation Add-In Microsoft Corporation 14.03.2012 7,95MB 14.0.5130.5003 unbekannt Microsoft Office Live Add-in 1.5 Microsoft Corporation 18.04.2012 508KB 2.0.4024.1 unbekannt Microsoft Silverlight Microsoft Corporation 13.03.2013 50,6MB 5.1.20125.0 unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 16.05.2011 1,69MB 3.1.0000 unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 24.01.2012 252KB 8.0.50727.4053 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 20.03.2013 2,38MB 8.0.59193 unbekannt Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 17.04.2012 838KB 8.0.61000 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 09.10.2011 788KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 23.04.2012 236KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 10.10.2011 788KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 06.11.2011 1,41MB 9.0.21022 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 05.11.2011 230KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 23.09.2011 230KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 23.09.2011 592KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 24.09.2011 600KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 06.05.2012 13,8MB 10.0.40219 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 09.05.2013 15,0MB 10.0.40219 unbekannt Microsoft Xbox 360 Accessories 1.2 Microsoft 30.10.2012 7,82MB 1.20.146.0 notwendig Mozilla Firefox 21.0 (x86 de) Mozilla 09.05.2013 49,8MB 21.0 notwendig Mozilla Maintenance Service Mozilla 19.04.2013 333KB 21.0 notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 18.04.2012 1,27MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 18.04.2012 1,33MB 4.20.9876.0 unbekannt MSXML 4.0 SP2 Parser and SDK Microsoft Corporation 17.04.2012 1,22MB 4.20.9818.0 unbekannt Nexus Mod Manager Black Tree Gaming 10.11.2012 13,4MB 0.33.1 unnötig NVIDIA 3D Vision Controller-Treiber 310.90 NVIDIA Corporation 07.01.2013 310.90 notwendig NVIDIA 3D Vision Treiber 311.06 NVIDIA Corporation 14.04.2013 311.06 notwendig NVIDIA Grafiktreiber 311.06 NVIDIA Corporation 14.04.2013 311.06 notwendig NVIDIA HD-Audiotreiber 1.3.18.0 NVIDIA Corporation 07.01.2013 1.3.18.0 notwendig NVIDIA PhysX-Systemsoftware 9.12.1031 NVIDIA Corporation 04.12.2012 9.12.1031 notwendig NVIDIA Update 1.11.3 NVIDIA Corporation 07.01.2013 1.11.3 notwendig OLYMPUS Digital Camera Updater OLYMPUS IMAGING CORP. 17.04.2012 160KB 1.0.3 unnötig OLYMPUS Viewer 2 OLYMPUS IMAGING CORP. 17.04.2012 204KB 1.3.0 unnötig Omerta - City of Gangsters 05.03.2013 unnötig Origin Electronic Arts, Inc. 05.05.2012 8.5.2.23 notwendig Patrician III Ascaron 18.12.2012 unnötig PDFCreator Frank Heindörfer, Philip Chinery 30.05.2012 1.3.2 unnötig Postal 2 Apocalypse Weekend Expansion Pack 07.12.2011 unnötig Postal 2 Share The Pain 07.12.2011 unnötig QuickTime Apple Inc. 30.05.2012 73,2MB 7.72.80.56 Realtek Ethernet Controller Driver Realtek 23.09.2011 7.37.1229.2010 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 01.03.2012 6.0.1.6235 notwendig REALTEK Wireless LAN Driver and Utility 19.12.2011 1.00.0159 notwendig Red Orchestra 2 SDK 23.04.2012 notwendig Red Orchestra 2: Heroes of Stalingrad Tripwire 23.04.2012 notwendig Red Orchestra 2: Heroes of Stalingrad Beta 23.04.2012 notwendig Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 23.09.2011 1,00MB 2.0.32.0 notwendig Samsung Kies Samsung Electronics Co., Ltd. 27.06.2012 208MB 2.3.2.12054_20 notwendig Samsung Scan Assistant Samsung Electronics Co., Ltd. 26.06.2012 24,7MB 1.04.22.00 notwendig Samsung SCX-3200 Series Samsung Electronics Co., Ltd. 26.06.2012 notwendig SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 27.06.2012 42,9MB 1.5.5.0 notwendig Sanctum 12.10.2012 notwendig Sins of a Solar Empire: Rebellion 30.07.2012 notwendig Skype Click to Call Skype Technologies S.A. 03.05.2012 13,3MB 5.9.9216 notwendig Skype™ 6.0 Skype Technologies S.A. 08.12.2012 20,3MB 6.0.126 notwendig Steam Valve 05.11.2011 42,1MB 1.0.0.0 notwendig Stronghold Crusader + Extreme Firefly Studios 19.12.2012 unnötig TeamSpeak 3 Client TeamSpeak Systems GmbH 05.03.2013 3.0.10 unnötig The Elder Scrolls V: Skyrim Bethesda Game Studios 03.01.2012 notwendig Total War: SHOGUN 2 The Creative Assembly 06.11.2011 notwendig TripleA Version 1_3_2_2 30.01.2012 notwendig Tropico 4 26.12.2012 notwendig Trust Gaming Mouse Driver V1.1 11.03.2012 14,0MB notwendig TuneUp Utilities 2012 TuneUp Software 09.06.2012 12.0.3600.73 notwendig Update Manager for SweetPacks 1.1 SweetIM Technologies Ltd. 02.11.2012 2,76MB 1.1.0008 unnötig Vegas Movie Studio HD Platinum 11.0 Sony 07.06.2012 297MB 11.0.256 unnötig Video Thumbnails Maker by Scorp (remove only) 20.12.2012 notwendig VLC media player 2.0.6 VideoLAN 01.05.2013 2.0.6 notwendig Windows Live Essentials Microsoft Corporation 16.05.2011 15.4.3508.1109 notwendig Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 16.05.2011 5,57MB 15.4.5722.2 unbekannt Windows Mobile-Gerätecenter Microsoft Corporation 14.12.2011 27,4MB 6.1.6965.0 unbekannt Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) OLYMPUS IMAGING CORP. 17.04.2012 09/09/2009 1.0.0.0 unbekannt WORLD IN CONFLICT: SOVIET ASSAULT Ubisoft Entertainment 19.04.2012 1.0.1.1 unnötig Worms Revolution 03.12.2012 unnötig |
|
| Themen zu Avast meldet Malware bei jedem Systemstart c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe |
| anhang, anleitung, antimalwarebytes, antivirus, appdata, avast, avira, c:\windows, dateien, ebenfalls, eingefangen, forum, malware, meldet, meldung, problem, software, suche, surfen, systemstart, unregelmäßige, vollversion, win, win32, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
