| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: adobe flashplayer fragt durchgehend nach Admin rechten?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.05.2013, 15:37
| #1 |
 |  adobe flashplayer fragt durchgehend nach Admin rechten? ch habe mir gestern per skype einen lustigen "kennst du das foto schon" virus eingefangen und mein virenprogramm (advanced systemcare ultimate 6) scheint ihn auch zu finden doch leider findet er ihn immer wieder aufs neue (scheint ihn also nicht löschen zu können). Heute mache ich den rechner an und bekomme dauerhaft von adobe anfragen für die administratorechte die ich natürlich erstmal nich rausgebe aber egal ob ich auf nein oder schließen drücke adobe fragt hartnäckig weiter. gestern abend hatte ich außerdem noch so einen eset online viren scan gemacht bei dem folgendes raus kam: C:\ProgramData\48AD.exe a variant of Win32/Kryptik.BBND trojan C:\ProgramData\51D0.exe a variant of Win32/Kryptik.BBND trojan C:\ProgramData\612.exe a variant of Win32/Kryptik.BBND trojan C:\ProgramData\88E7.exe a variant of Win32/Kryptik.BBND trojan C:\ProgramData\AE9D.exe a variant of Win32/Kryptik.BBND trojan C:\ProgramData\C349.exe a variant of Win32/Kryptik.BBND trojan C:\ProgramData\CBFF.exe a variant of Win32/Kryptik.BBND trojan C:\ProgramData\dadaddddaaffsacfsfdsf.exe a variant of Win32/Kryptik.BBND trojan C:\ProgramData\EC8.exe a variant of Win32/Kryptik.BBND trojan C:\Users\All Users\48AD.exe a variant of Win32/Kryptik.BBND trojan C:\Users\All Users\51D0.exe a variant of Win32/Kryptik.BBND trojan C:\Users\All Users\612.exe a variant of Win32/Kryptik.BBND trojan C:\Users\All Users\8041.exe a variant of Win32/Kryptik.BBND trojan C:\Users\All Users\88E7.exe a variant of Win32/Kryptik.BBND trojan C:\Users\All Users\AE9D.exe a variant of Win32/Kryptik.BBND trojan C:\Users\All Users\C349.exe a variant of Win32/Kryptik.BBND trojan C:\Users\All Users\CBFF.exe a variant of Win32/Kryptik.BBND trojan C:\Users\All Users\dadaddddaaffsacfsfdsf.exe a variant of Win32/Kryptik.BBND trojan C:\Users\All Users\EC8.exe a variant of Win32/Kryptik.BBND trojan C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00d4fd a variant of Win32/Kryptik.BBND trojan C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GY9PBP3T\f97834fh9348[1] a variant of Win32/Kryptik.BBND trojan C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GY9PBP3T\f97834fh9348[2] a variant of Win32/Kryptik.BBND trojan C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GY9PBP3T\f97834fh9348[3] a variant of Win32/Kryptik.BBND trojan C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GY9PBP3T\f97834fh9348[4] a variant of Win32/Kryptik.BBND trojan C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQTUG23P\f97834fh9348[1] a variant of Win32/Kryptik.BBND trojan C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQTUG23P\f97834fh9348[2] a variant of Win32/Kryptik.BBND trojan C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHPK7FEX\f97834fh9348[1] a variant of Win32/Kryptik.BBND trojan C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHPK7FEX\f97834fh9348[2] a variant of Win32/Kryptik.BBND trojan C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHPK7FEX\f97834fh9348[3] a variant of Win32/Kryptik.BBND trojan außerdem läuft in meinem prozess-manager eine c467.exe?! hier nochmal der OTL bericht wobei glaub ich neben bei noch chrome offen war: OTL logfile created on: 22.05.2013 16:22:52 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Felix\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,77 Gb Available Physical Memory | 72,30% Memory free 15,96 Gb Paging File | 13,33 Gb Available in Paging File | 83,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 146,48 Gb Total Space | 36,32 Gb Free Space | 24,79% Space Free | Partition Type: NTFS Drive D: | 552,15 Gb Total Space | 55,14 Gb Free Space | 9,99% Space Free | Partition Type: NTFS Drive F: | 1,93 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: FELIX-PC | User Name: Felix | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.22 16:14:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Felix\Downloads\OTL.exe PRC - [2013.05.03 14:20:53 | 001,105,408 | ---- | M] (Spotify Ltd) -- C:\Users\Felix\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013.04.09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2013.01.10 23:05:20 | 000,533,288 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe PRC - [2013.01.10 21:12:18 | 000,444,712 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2013.01.10 21:11:26 | 000,389,928 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.29 20:15:58 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.11.27 16:15:22 | 005,467,008 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Asc.exe PRC - [2012.11.27 12:56:22 | 001,050,496 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascsvc.exe PRC - [2012.11.13 13:00:00 | 000,625,536 | ---- | M] (IOBit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe PRC - [2012.11.12 17:06:42 | 000,697,728 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe PRC - [2012.11.07 15:50:40 | 000,512,384 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe ========== Modules (No Company Name) ========== MOD - [2013.04.09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll MOD - [2013.04.09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll MOD - [2013.04.09 10:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll MOD - [2013.04.09 10:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll MOD - [2013.04.09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll MOD - [2012.11.01 10:21:10 | 000,350,592 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madExcept_.bpl MOD - [2012.11.01 10:21:08 | 000,050,048 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madDisAsm_.bpl MOD - [2012.11.01 10:21:06 | 000,182,656 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madBasic_.bpl MOD - [2012.10.15 10:53:40 | 001,229,696 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Scan.dll MOD - [2012.09.05 18:55:36 | 000,892,288 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\webres.dll MOD - [2012.09.05 18:55:28 | 000,516,480 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\sqlite3.dll MOD - [2012.04.14 15:42:02 | 000,224,600 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Antivirus\Scan\smartscn.dll ========== Services (SafeList) ========== SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.04.19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.03.06 21:14:47 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService) SRV - [2013.01.10 23:05:20 | 000,533,288 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld) SRV - [2013.01.10 21:45:56 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService) SRV - [2013.01.10 21:12:18 | 000,444,712 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2013.01.10 21:11:26 | 000,389,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.11.29 20:15:58 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.11.27 12:56:22 | 001,050,496 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascsvc.exe -- (AdvancedSystemCareService6) SRV - [2012.11.13 13:00:00 | 000,625,536 | ---- | M] (IOBit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe -- (ASCAntivirusSrv) SRV - [2012.06.26 15:35:20 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService) SRV - [2011.04.26 11:21:06 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.11.18 14:40:26 | 000,012,288 | ---- | M] (Chris Pietschmann (hxxp://pietschsoft.com)) [Auto | Stopped] -- C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe -- (Virtual Router) SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.02 18:32:33 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2013.04.02 18:32:33 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2013.04.02 18:32:33 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2013.03.04 09:35:08 | 000,838,216 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2013.02.18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2013.01.10 21:44:02 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6) DRV:64bit: - [2013.01.10 21:33:50 | 000,042,696 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6) DRV:64bit: - [2012.04.06 20:15:10 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.01 15:11:23 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.11.21 18:59:02 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (Trufos) DRV:64bit: - [2011.11.10 19:32:02 | 000,115,272 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.04.26 11:21:06 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2011.03.24 15:36:24 | 000,431,176 | ---- | M] (BitDefender) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.10.20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.08.19 20:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2007.01.12 10:23:08 | 000,026,112 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StMp3Recx64.sys -- (StMp3Recx64) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Program Files (x86)\www.Freeware-download.com\tbwww..dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2325506 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/go/wze [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2325506 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 F9 97 DE DE D6 CC 01 [binary data] IE - HKCU\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Program Files (x86)\www.Freeware-download.com\tbwww..dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {B3F8540B-5382-488C-BB87-495CD2424C6D} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{B3F8540B-5382-488C-BB87-495CD2424C6D}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:home|hxxp://www.giga.de/go/wze" FF - prefs.js..extensions.enabledAddons: webbooster@iminent.com:5.14.1.0 FF - prefs.js..extensions.enabledAddons: afurladvisor@anchorfree.com:1.0 FF - prefs.js..extensions.enabledAddons: stealthyextension@gmail.com:2.5 FF - prefs.js..extensions.enabledAddons: ascsurfingprotection@iobit.com:1.0 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.8 FF - prefs.js..network.proxy.http: "72.64.146.135" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@coreonline.com/run3d,version=1.0: C:\Users\Felix\AppData\LocalLow\Square Enix\nprun3d.dll (Square Enix) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Felix\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com [2012.10.08 16:09:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.27 21:43:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.04.04 22:15:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.28 00:11:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.02 18:11:10 | 000,000,000 | ---D | M] [2011.12.28 00:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felix\AppData\Roaming\mozilla\Extensions [2013.05.08 22:21:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\oox9dp8g.default\extensions [2013.03.20 15:57:55 | 000,000,000 | ---D | M] (www.Freeware-download.com Community Toolbar) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\oox9dp8g.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7} [2013.03.20 15:57:54 | 000,000,000 | ---D | M] (Hotspot Shield Community Toolbar) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\oox9dp8g.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d} [2013.04.02 18:17:06 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\oox9dp8g.default\extensions\ascsurfingprotection@iobit.com [2012.01.24 22:20:14 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\oox9dp8g.default\extensions\engine@conduit.com [2013.05.08 22:21:29 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Felix\AppData\Roaming\mozilla\Firefox\Profiles\oox9dp8g.default\extensions\ich@maltegoetz.de [2013.02.24 15:50:49 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\Felix\AppData\Roaming\mozilla\firefox\profiles\oox9dp8g.default\extensions\stealthyextension@gmail.com.xpi [2013.05.21 20:14:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.12.31 19:35:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2012.06.12 18:23:19 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com [2012.10.08 16:09:51 | 000,000,000 | ---D | M] ("Iminent Minibar") -- C:\PROGRAM FILES (X86)\IMINENT\WEBBOOSTER@IMINENT.COM [2011.12.21 09:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter}, CHR - homepage: hxxp://search.conduit.com/?SearchSource=10&ctid=CT2325506 CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: VLC Web Plugin (Disabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Square Enix Secure Launcher (Enabled) = C:\Users\Felix\AppData\LocalLow\Square Enix\nprun3d.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.0_0\ CHR - Extension: YouTube = C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: AdBlock = C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\ CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\ CHR - Extension: Cloud Downloader = C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\piifjlhjopdohglieknlpgoeajdbipel\1.9.8_0\ CHR - Extension: Google Mail = C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.) O2 - BHO: (www.Freeware-download.com Toolbar) - {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Program Files (x86)\www.Freeware-download.com\tbwww..dll (Conduit Ltd.) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent) O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\ADVANC~1\BROWER~1\ASCPLU~1.DLL (IObit) O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (www.Freeware-download.com Toolbar) - {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Program Files (x86)\www.Freeware-download.com\tbwww..dll㠀㘀⤀ File not found O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (www.Freeware-download.com Toolbar) - {26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - C:\Program Files (x86)\www.Freeware-download.com\tbwww..dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.) O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH) O4 - HKCU..\Run: [Advanced SystemCare Ultimate] C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe (IObit) O4 - HKCU..\Run: [dadaddddaaffsacfsfdsf] C:\ProgramData\dadaddddaaffsacfsfdsf.exe () O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Felix\APPDATA\ROAMING\SPOTIFY\Data\SpotifyWebHelper.exe (Spotify Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.15.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B161AD45-E75E-4B75-BC6D-519A91901F9B}: DhcpNameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D83BFC79-D1B6-4DC4-A832-64A03751BF14}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D83BFC79-D1B6-4DC4-A832-64A03751BF14}: NameServer = 8.8.8.8,8.8.4.4 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found O20 - HKLM Winlogon: UserInit - (userinit.exe) - File not found O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found O29 - HKLM SecurityProviders - (credssp.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.09.17 10:31:38 | 010,810,880 | R--- | M] () - D:\autorun.dat -- [ NTFS ] O32 - AutoRun File - [2009.07.29 10:55:00 | 000,419,088 | ---- | M] (Electronic Arts) - D:\AutoRun.exe -- [ NTFS ] O32 - AutoRun File - [2009.09.17 11:35:05 | 000,000,157 | ---- | M] () - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2005.11.01 12:54:36 | 000,000,000 | R--D | M] - F:\autorun -- [ UDF ] O32 - AutoRun File - [2005.11.01 12:59:48 | 001,187,840 | R--- | M] () - F:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2005.11.01 12:59:47 | 000,000,043 | R--- | M] () - F:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{7b8b9821-30d3-11e1-bc4a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7b8b9821-30d3-11e1-bc4a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2005.11.01 12:59:48 | 001,187,840 | R--- | M] () O33 - MountPoints2\{cc54c5d1-346e-11e1-af4d-f46d04657bf7}\Shell - "" = AutoRun O33 - MountPoints2\{cc54c5d1-346e-11e1-af4d-f46d04657bf7}\Shell\AutoRun\command - "" = H:\autorun.exe O33 - MountPoints2\{dfe59dcd-8508-11e2-867a-f46d04657bf7}\Shell - "" = AutoRun O33 - MountPoints2\{dfe59dcd-8508-11e2-867a-f46d04657bf7}\Shell\AutoRun\command - "" = G:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.21 21:44:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.05.21 20:43:23 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\Skype [2013.05.21 20:35:49 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.05.21 20:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.05.21 20:35:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.05.15 17:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\FlyVPN [2013.05.06 19:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013.04.29 17:05:30 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\Unity [2013.04.27 22:11:40 | 000,000,000 | ---D | C] -- C:\Users\Felix\Desktop\iron man [2013.04.27 22:11:31 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenIV [2013.04.27 22:11:30 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Roaming\New Technology Studio [2013.04.27 22:11:30 | 000,000,000 | ---D | C] -- C:\Users\Felix\AppData\Local\New Technology Studio [2013.04.26 18:44:05 | 000,000,000 | ---D | C] -- C:\Users\Felix\Desktop\felix savegames [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.22 16:24:49 | 000,091,136 | ---- | M] () -- C:\ProgramData\dadaddddaaffsacfsfdsf.exe [2013.05.22 16:00:42 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.22 16:00:42 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.22 15:58:28 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.22 15:58:28 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.22 15:58:28 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.22 15:58:28 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.22 15:58:28 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.22 15:53:53 | 000,167,936 | ---- | M] () -- C:\ProgramData\C467.exe [2013.05.22 15:53:31 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.22 15:53:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.22 15:53:09 | 2132,721,663 | -HS- | M] () -- C:\hiberfil.sys [2013.05.22 15:49:41 | 000,000,000 | ---- | M] () -- C:\asc_rdflag [2013.05.21 23:42:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.21 22:19:00 | 000,071,680 | ---- | M] () -- C:\ProgramData\8041.exe [2013.05.21 22:03:59 | 000,071,680 | ---- | M] () -- C:\ProgramData\C349.exe [2013.05.21 21:48:59 | 000,071,680 | ---- | M] () -- C:\ProgramData\612.exe [2013.05.21 21:33:58 | 000,071,680 | ---- | M] () -- C:\ProgramData\48AD.exe [2013.05.21 21:18:57 | 000,071,680 | ---- | M] () -- C:\ProgramData\88E7.exe [2013.05.21 21:03:57 | 000,071,680 | ---- | M] () -- C:\ProgramData\CBFF.exe [2013.05.21 20:48:57 | 000,071,680 | ---- | M] () -- C:\ProgramData\EC8.exe [2013.05.21 20:35:49 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.05.21 20:33:57 | 000,071,680 | ---- | M] () -- C:\ProgramData\51D0.exe [2013.05.21 18:28:43 | 000,071,680 | ---- | M] () -- C:\ProgramData\AE9D.exe [2013.05.21 17:23:13 | 000,379,183 | ---- | M] () -- C:\Users\Felix\Desktop\world end.jpg [2013.05.18 13:30:57 | 000,075,545 | ---- | M] () -- C:\Users\Felix\Desktop\fBKrKd5h.jpg [2013.05.16 22:57:03 | 000,071,929 | ---- | M] () -- C:\Users\Felix\Desktop\428051_572080186156202_956263062_n.jpg [2013.05.16 16:02:05 | 000,279,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.15 17:19:58 | 000,188,163 | ---- | M] () -- C:\Users\Felix\Desktop\metrochat2.png [2013.05.15 17:19:40 | 000,252,195 | ---- | M] () -- C:\Users\Felix\Desktop\metrochat.png [2013.05.14 16:42:01 | 000,728,304 | ---- | M] () -- C:\Users\Felix\Desktop\guck mal.png [2013.05.13 20:45:33 | 000,189,228 | ---- | M] () -- C:\Users\Felix\Desktop\25.jpg [2013.05.08 22:48:04 | 000,280,792 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.05.08 22:48:04 | 000,280,792 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.05.08 22:45:26 | 000,280,856 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.05.06 19:17:26 | 000,000,202 | ---- | M] () -- C:\Users\Felix\Desktop\Driver Fusion.url [2013.04.27 22:11:31 | 000,001,268 | ---- | M] () -- C:\Users\Felix\Desktop\OpenIV.lnk [2013.04.23 17:24:15 | 000,036,088 | ---- | M] () -- C:\Users\Felix\Desktop\image_1366547031593242.jpg [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.22 15:53:52 | 000,167,936 | ---- | C] () -- C:\ProgramData\C467.exe [2013.05.22 15:49:41 | 000,000,000 | ---- | C] () -- C:\asc_rdflag [2013.05.21 22:18:59 | 000,071,680 | ---- | C] () -- C:\ProgramData\8041.exe [2013.05.21 22:03:59 | 000,071,680 | ---- | C] () -- C:\ProgramData\C349.exe [2013.05.21 21:48:58 | 000,071,680 | ---- | C] () -- C:\ProgramData\612.exe [2013.05.21 21:33:58 | 000,071,680 | ---- | C] () -- C:\ProgramData\48AD.exe [2013.05.21 21:18:57 | 000,071,680 | ---- | C] () -- C:\ProgramData\88E7.exe [2013.05.21 21:03:56 | 000,071,680 | ---- | C] () -- C:\ProgramData\CBFF.exe [2013.05.21 20:48:56 | 000,071,680 | ---- | C] () -- C:\ProgramData\EC8.exe [2013.05.21 20:35:49 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2013.05.21 20:33:56 | 000,071,680 | ---- | C] () -- C:\ProgramData\51D0.exe [2013.05.21 18:28:43 | 000,071,680 | ---- | C] () -- C:\ProgramData\AE9D.exe [2013.05.21 18:28:42 | 000,091,136 | ---- | C] () -- C:\ProgramData\dadaddddaaffsacfsfdsf.exe [2013.05.21 17:23:13 | 000,379,183 | ---- | C] () -- C:\Users\Felix\Desktop\world end.jpg [2013.05.18 13:30:56 | 000,075,545 | ---- | C] () -- C:\Users\Felix\Desktop\fBKrKd5h.jpg [2013.05.16 22:57:03 | 000,071,929 | ---- | C] () -- C:\Users\Felix\Desktop\428051_572080186156202_956263062_n.jpg [2013.05.15 17:19:58 | 000,188,163 | ---- | C] () -- C:\Users\Felix\Desktop\metrochat2.png [2013.05.15 17:19:40 | 000,252,195 | ---- | C] () -- C:\Users\Felix\Desktop\metrochat.png [2013.05.14 16:42:01 | 000,728,304 | ---- | C] () -- C:\Users\Felix\Desktop\guck mal.png [2013.05.13 20:45:33 | 000,189,228 | ---- | C] () -- C:\Users\Felix\Desktop\25.jpg [2013.05.06 19:41:33 | 000,017,738 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2013.05.06 19:17:26 | 000,000,202 | ---- | C] () -- C:\Users\Felix\Desktop\Driver Fusion.url [2013.04.27 22:11:31 | 000,001,268 | ---- | C] () -- C:\Users\Felix\Desktop\OpenIV.lnk [2013.04.23 17:24:15 | 000,036,088 | ---- | C] () -- C:\Users\Felix\Desktop\image_1366547031593242.jpg [2013.03.31 13:09:23 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.11.23 16:54:07 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.02.02 21:43:43 | 000,000,000 | ---- | C] () -- C:\Users\Felix\dr [2012.01.30 20:55:38 | 000,000,000 | ---- | C] () -- C:\Users\Felix\path [2011.12.30 23:01:22 | 000,280,792 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.12.30 23:01:16 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.12.28 22:49:18 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.12.28 00:06:16 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-1142900357-2600456467-752600298-1000\$65aa22156aed522a2e7c8c77def2833f\n. -- File not found [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.30 21:08:22 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\.minecraft [2012.05.05 20:31:03 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Canneverbe Limited [2013.04.02 18:30:57 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\DAEMON Tools Lite [2013.01.27 21:42:56 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\DVDVideoSoft [2012.10.12 11:52:35 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers [2012.11.23 17:05:54 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\GetRightToGo [2012.10.08 16:09:59 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Iminent [2013.04.02 18:17:07 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\IObit [2011.12.31 23:20:23 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\MotioninJoy [2013.04.02 19:25:53 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\NetSpeedMonitor [2013.04.27 22:11:30 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\New Technology Studio [2012.12.09 17:02:04 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Origin [2012.01.01 15:19:30 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\PunkBuster [2012.10.07 17:48:10 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\six-updater [2012.07.27 00:23:47 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\six-zsync [2013.05.22 15:58:06 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Spotify [2013.04.02 17:54:23 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\TeamViewer [2013.02.21 00:01:54 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\Teeworlds [2013.05.21 22:33:21 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\TS3Client [2012.10.27 23:12:56 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\uTorrent [2012.01.24 22:50:59 | 000,000,000 | ---D | M] -- C:\Users\Felix\AppData\Roaming\WindSolutions ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 1062 bytes -> C:\ProgramData\TEMP:966F7784 < End of report > Würde mich sehr über eure beratung freuen mfg Felix |
|
22.05.2013, 16:01
| #2 |
| /// TB-Ausbilder  | adobe flashplayer fragt durchgehend nach Admin rechten?!! Hinweis an Mitlesende !! Dieses Thema und die Anweisungen sind nur für diesen speziellen Fall gedacht. Sie könnten andere Computer schwer beschädigen. Öffnet bitte euer eigenes Thema.  Ich werde dir bei deinem Problem helfen. Die Bereinigung funktioniert nur, wenn du dich an die folgenden Regeln hälst:  Bitte lesen:Regeln für die Bereinigung
Lesestoff: Rootkit-Warnung Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
Teile mir also mit, wie du dich entschieden hast. Scan mit Combofix
__________________ |
|
22.05.2013, 16:38
| #3 |
| | adobe flashplayer fragt durchgehend nach Admin rechten? heir ist der log von combofix:
__________________Combofix Logfile: Code:
ATTFilter ComboFix 13-05-22.01 - Felix 22.05.2013 17:29:08.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8173.6958 [GMT 2:00]
ausgeführt von:: c:\users\Felix\Downloads\ComboFix.exe
AV: Advanced SystemCare Ultimate *Enabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-21-1142900357-2600456467-752600298-1000\$65aa22156aed522a2e7c8c77def2833f\@
c:\$recycle.bin\S-1-5-21-1142900357-2600456467-752600298-1000\$65aa22156aed522a2e7c8c77def2833f\n
c:\programdata\48AD.exe
c:\programdata\51D0.exe
c:\programdata\612.exe
c:\programdata\8041.exe
c:\programdata\88E7.exe
c:\programdata\AE9D.exe
c:\programdata\C349.exe
c:\programdata\C467.exe
c:\programdata\CBFF.exe
c:\programdata\dadaddddaaffsacfsfdsf.exe
c:\programdata\EC8.exe
c:\users\Felix\4.0
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\SysWow64\frapsvid.dll
D:\autorun.inf
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-22 bis 2013-05-22 ))))))))))))))))))))))))))))))
.
.
2013-05-22 15:32 . 2013-05-22 15:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-22 14:36 . 2013-05-22 14:36 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{60A76FCC-8624-44C4-88D2-526AAAB7E71A}\offreg.dll
2013-05-21 19:44 . 2013-05-21 19:44 -------- d-----w- c:\program files (x86)\ESET
2013-05-21 18:43 . 2013-05-22 13:56 -------- d-----w- c:\users\Felix\AppData\Roaming\Skype
2013-05-21 18:35 . 2013-05-21 18:35 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-05-21 18:35 . 2013-05-21 18:35 -------- d-----r- c:\program files (x86)\Skype
2013-05-21 12:24 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{60A76FCC-8624-44C4-88D2-526AAAB7E71A}\mpengine.dll
2013-05-15 15:31 . 2013-05-15 15:31 -------- d-----w- c:\programdata\FlyVPN
2013-05-06 17:43 . 2013-05-06 17:43 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-05-06 17:42 . 2013-03-15 04:16 3477280 ----a-w- c:\windows\system32\nvsvc64.dll
2013-05-06 17:42 . 2013-03-15 04:16 6398240 ----a-w- c:\windows\system32\nvcpl.dll
2013-05-06 17:42 . 2013-03-15 04:16 877856 ----a-w- c:\windows\system32\nvvsvc.exe
2013-05-06 17:42 . 2013-03-15 04:16 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-05-06 17:42 . 2013-03-15 04:16 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
2013-05-06 17:42 . 2013-03-15 04:16 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-04-29 15:05 . 2013-04-29 15:05 -------- d-----w- c:\users\Felix\AppData\Local\Unity
2013-04-27 20:11 . 2013-04-27 20:11 -------- d-----w- c:\users\Felix\AppData\Roaming\New Technology Studio
2013-04-27 20:11 . 2013-04-27 20:11 -------- d-----w- c:\users\Felix\AppData\Local\New Technology Studio
2013-04-24 13:34 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-21 10:21 . 2012-06-16 09:43 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-21 10:21 . 2011-12-28 00:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 21:27 . 2011-12-28 14:00 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-08 20:48 . 2012-01-01 21:34 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-05-08 20:48 . 2011-12-30 21:01 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-05-08 20:45 . 2011-12-30 21:01 280856 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-15 14:12 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 14:12 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 14:12 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 14:12 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 14:12 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 14:12 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-02 16:32 . 2013-04-02 16:32 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2013-04-02 16:32 . 2013-04-02 16:32 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2013-04-02 16:32 . 2013-04-02 16:32 5773824 ----a-w- c:\windows\system32\mstscax.dll
2013-04-02 16:32 . 2013-04-02 16:32 54272 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2013-04-02 16:32 . 2013-04-02 16:32 4916224 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-04-02 16:32 . 2013-04-02 16:32 46592 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2013-04-02 16:32 . 2013-04-02 16:32 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-02 16:32 . 2013-04-02 16:32 43520 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2013-04-02 16:32 . 2013-04-02 16:32 384000 ----a-w- c:\windows\system32\wksprt.exe
2013-04-02 16:32 . 2013-04-02 16:32 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-04-02 16:32 . 2013-04-02 16:32 322560 ----a-w- c:\windows\system32\aaclient.dll
2013-04-02 16:32 . 2013-04-02 16:32 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2013-04-02 16:32 . 2013-04-02 16:32 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2013-04-02 16:32 . 2013-04-02 16:32 269312 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-04-02 16:32 . 2013-04-02 16:32 243200 ----a-w- c:\windows\system32\rdpudd.dll
2013-04-02 16:32 . 2013-04-02 16:32 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2013-04-02 16:32 . 2013-04-02 16:32 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2013-04-02 16:32 . 2013-04-02 16:32 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2013-04-02 16:32 . 2013-04-02 16:32 18432 ----a-w- c:\windows\system32\wksprtPS.dll
2013-04-02 16:32 . 2013-04-02 16:32 16896 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2013-04-02 16:32 . 2013-04-02 16:32 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2013-04-02 16:32 . 2013-04-02 16:32 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-04-02 16:32 . 2013-04-02 16:32 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-04-02 16:32 . 2013-04-02 16:32 1123840 ----a-w- c:\windows\system32\mstsc.exe
2013-04-02 16:32 . 2013-04-02 16:32 1048064 ----a-w- c:\windows\SysWow64\mstsc.exe
2013-04-02 16:32 . 2013-04-02 16:32 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-04-02 16:32 . 2013-04-02 16:32 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-04-02 16:32 . 2013-04-02 16:32 340992 ----a-w- c:\windows\system32\schannel.dll
2013-04-02 16:32 . 2013-04-02 16:32 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-04-02 16:32 . 2013-04-02 16:32 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-04-02 16:32 . 2013-04-02 16:32 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-04-02 16:32 . 2013-04-02 16:32 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-04-02 16:31 . 2013-04-02 16:31 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-04-02 16:31 . 2013-04-02 16:31 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-04-01 23:01 . 2013-04-01 23:01 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-01 23:01 . 2013-04-01 23:01 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-01 23:01 . 2013-04-01 23:01 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-01 23:01 . 2013-04-01 23:01 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-01 23:01 . 2013-04-01 23:01 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-01 23:01 . 2013-04-01 23:01 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-01 23:01 . 2013-04-01 23:01 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-01 23:01 . 2013-04-01 23:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-01 23:01 . 2013-04-01 23:01 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-01 23:01 . 2013-04-01 23:01 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-01 23:01 . 2013-04-01 23:01 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-01 23:01 . 2013-04-01 23:01 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-01 23:01 . 2013-04-01 23:01 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-01 23:01 . 2013-04-01 23:01 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-01 23:01 . 2013-04-01 23:01 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-01 23:01 . 2013-04-01 23:01 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-01 23:01 . 2013-04-01 23:01 441856 ----a-w- c:\windows\system32\html.iec
2013-04-01 23:01 . 2013-04-01 23:01 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-01 23:01 . 2013-04-01 23:01 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-01 23:01 . 2013-04-01 23:01 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-01 23:01 . 2013-04-01 23:01 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-01 23:01 . 2013-04-01 23:01 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-01 23:01 . 2013-04-01 23:01 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-01 23:01 . 2013-04-01 23:01 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-01 23:01 . 2013-04-01 23:01 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-01 23:01 . 2013-04-01 23:01 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-01 23:01 . 2013-04-01 23:01 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-01 23:01 . 2013-04-01 23:01 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-01 23:01 . 2013-04-01 23:01 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-01 23:01 . 2013-04-01 23:01 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-01 23:01 . 2013-04-01 23:01 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-01 23:01 . 2013-04-01 23:01 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-01 23:01 . 2013-04-01 23:01 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-01 23:01 . 2013-04-01 23:01 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-01 23:01 . 2013-04-01 23:01 235008 ----a-w- c:\windows\system32\url.dll
2013-04-01 23:01 . 2013-04-01 23:01 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-01 23:01 . 2013-04-01 23:01 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-01 23:01 . 2013-04-01 23:01 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-01 23:01 . 2013-04-01 23:01 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-01 23:01 . 2013-04-01 23:01 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-01 23:01 . 2013-04-01 23:01 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-01 23:01 . 2013-04-01 23:01 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-01 23:01 . 2013-04-01 23:01 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-01 23:01 . 2013-04-01 23:01 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-01 23:01 . 2013-04-01 23:01 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-01 23:01 . 2013-04-01 23:01 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-01 23:01 . 2013-04-01 23:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-01 23:01 . 2013-04-01 23:01 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-01 23:01 . 2013-04-01 23:01 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-23 01:09 . 2013-03-23 01:09 354656 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2013-03-19 06:04 . 2013-04-10 20:02 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 20:02 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 20:02 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{26647ca4-a2a7-4eac-8a72-761aa9141de7}"= "c:\program files (x86)\www.Freeware-download.com\tbwww..dll" [2010-10-18 3908192]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files (x86)\Hotspot_Shield\prxtbHots.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{26647ca4-a2a7-4eac-8a72-761aa9141de7}]
.
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{26647ca4-a2a7-4eac-8a72-761aa9141de7}]
2010-10-18 11:26 3908192 ----a-w- c:\program files (x86)\www.Freeware-download.com\tbwww..dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 11:26 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Hotspot_Shield\prxtbHots.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2013-01-03 20:49 233288 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{26647ca4-a2a7-4eac-8a72-761aa9141de7}"= "c:\program files (x86)\www.Freeware-download.com\tbwww..dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files (x86)\Hotspot_Shield\prxtbHots.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{26647ca4-a2a7-4eac-8a72-761aa9141de7}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare Ultimate"="c:\program files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe" [2012-11-07 512384]
"Spotify Web Helper"="c:\users\Felix\APPDATA\ROAMING\SPOTIFY\Data\SpotifyWebHelper.exe" [2013-05-03 1105408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-03-28 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare Ultimate\ascsvc.exe [2012-11-27 1050496]
R2 ASCAntivirusSrv;AdvancedSystemCareAntivirus;c:\program files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe [2012-11-13 625536]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-06-26 8704]
R2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2013-01-10 533288]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2013-01-10 389928]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-04-19 161384]
R2 Virtual Router;VirtualRouterService;c:\program files (x86)\Virtual Router\VirtualRouterService.exe [2009-11-18 12288]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe [2013-03-06 49152]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-11-10 115272]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-04-02 19456]
R3 StMp3Recx64;Treiber für Player-Wiederherstellungsgerät;c:\windows\system32\Drivers\StMp3Recx64.sys [2007-01-12 26112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-04-02 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-04-02 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-12 1255736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-01 279616]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2013-01-10 42696]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2013-03-04 838216]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-01-10 42184]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 16:38 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-01 16:22]
.
2013-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-01 16:22]
.
.
--------- X64 Entries -----------
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2325506
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{D83BFC79-D1B6-4DC4-A832-64A03751BF14}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\oox9dp8g.default\
FF - prefs.js: browser.startup.homepage - about:home|hxxp://www.giga.de/go/wze
FF - prefs.js: network.proxy.http - 72.64.146.135
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-04-02 20:19; ascsurfingprotection@iobit.com; c:\users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\oox9dp8g.default\extensions\ascsurfingprotection@iobit.com
FF - ExtSQL: 2013-04-04 22:15; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-dadaddddaaffsacfsfdsf - c:\programdata\dadaddddaaffsacfsfdsf.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - (no file)
WebBrowser-{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1142900357-2600456467-752600298-1000\Software\SecuROM\License information*]
"datasecu"=hex:f7,5b,e6,b3,c3,e9,c5,0e,47,36,ab,de,5b,81,0f,25,47,05,7a,25,92,
d2,d2,a1,8b,01,9b,89,61,e4,45,46,ef,38,da,eb,19,84,c9,e8,d6,96,12,b4,12,5b,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-22 17:34:31
ComboFix-quarantined-files.txt 2013-05-22 15:34
.
Vor Suchlauf: 12 Verzeichnis(se), 38.939.623.424 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 39.103.721.472 Bytes frei
.
- - End Of File - - ADC2943ACA46548691E10B00E89C002E
Ich würde meinen pc ganz gerne so behalten wie er ist da ich ihn erst vor kurzem neu aufgesetzt hatte  onlinebanking betreibe ich nicht über diesen rechner nur ab und zu ein paar paysafecard aktionen (ein relativ wertvoller steam account wir auf dem rechner benutzt) übrigens habe ich während dem otl und dem combofix mein internet abgekapselt falls das was ändern sollte ich stecke es hier immer nur kurz rein um was ins forum zu posten |
|
22.05.2013, 16:42
| #4 |
| /// TB-Ausbilder | adobe flashplayer fragt durchgehend nach Admin rechten? Na der Steamaccout hat ja nix mit deinem Rechner zu tun - das Zeug kannst du meines Wissens immer wieder runterladen. Wir müssen noch etwas nachsteuern. Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) IObit Software deinstallieren
Schritt 2: Deinstallation von Programmen
Schritt 3: AdwCleaner: Werbeprogramme suchen und löschen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 4: Scan mit MBAR Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
22.05.2013, 16:53
| #5 |
| | adobe flashplayer fragt durchgehend nach Admin rechten? jo werd ich mache wenn ich wieder zuhause bin (um 21:30uhr) also wahrscheinlich bis morgen  schade ich dachte ich könnte den beitrag von vorhin jetzt einfach editieren.. also sorry für den doppel post und natürlich werde ich IObit nicht weiter benutzen/unterstützen wenn dies der fall ist das hat mir der Adwcleaner ausgespuckt:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.301 - Datei am 22/05/2013 um 22:20:59 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Felix - FELIX-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\Felix\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\defaults\pref\all-iminent.js
Datei Gelöscht : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\oox9dp8g.default\foxydeal.sqlite
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\ConduitEngine
Ordner Gelöscht : C:\Program Files (x86)\Iminent
Ordner Gelöscht : C:\ProgramData\Iminent
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Ordner Gelöscht : C:\Users\Felix\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Felix\AppData\Local\Temp\Iminent
Ordner Gelöscht : C:\Users\Felix\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Felix\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Felix\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Felix\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Felix\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Felix\AppData\Roaming\Iminent
Ordner Gelöscht : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\oox9dp8g.default\extensions\engine@conduit.com
Ordner Gelöscht : C:\Windows\Installer\{A6E71E28-43CB-423E-B415-B7C00D77902E}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\82E17E6ABC34E3244B517B0CD07709E2
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\82E17E6ABC34E3244B517B0CD07709E2
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2325506
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F6A72CB6-0D36-417A-A6B2-F6342802DF5B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{382783A0-48B7-413C-833C-FECDACAFF98E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A6E71E28-43CB-423E-B415-B7C00D77902E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v9.0.1 (de)
Datei : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\oox9dp8g.default\prefs.js
C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\oox9dp8g.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
-\\ Google Chrome v26.0.1410.64
Datei : C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.2479] : homepage = "hxxp://search.conduit.com/?SearchSource=10&ctid=CT2325506",
*************************
AdwCleaner[R1].txt - [19112 octets] - [22/05/2013 22:19:38]
AdwCleaner[S1].txt - [18637 octets] - [22/05/2013 22:20:59]
########## EOF - C:\AdwCleaner[S1].txt - [18698 octets] ##########
und das hier mailwarebytes musste noch nichmal neustarten hab ich dann aber zur sicherheit doch gemacht und im zweiten durchgang hat er nichts mehr gefunden: --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.05.0.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 System is currently in a safe mode Account is Administrative Internet Explorer version: 10.0.9200.16576 Java version: 1.6.0_30 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 3.310000 GHz Memory total: 8570253312, free: 7475724288 ------------ Kernel report ------------ 05/22/2013 22:31:07 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\1394ohci.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\hamachi.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\dtsoftbus01.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\udfs.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_msahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\framebuf.dll \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\shlwapi.dll \Windows\System32\normaliz.dll \Windows\System32\sechost.dll \Windows\System32\kernel32.dll \Windows\System32\oleaut32.dll \Windows\System32\msvcrt.dll \Windows\System32\iertutil.dll \Windows\System32\usp10.dll \Windows\System32\psapi.dll \Windows\System32\setupapi.dll \Windows\System32\rpcrt4.dll \Windows\System32\lpk.dll \Windows\System32\urlmon.dll \Windows\System32\gdi32.dll \Windows\System32\msctf.dll \Windows\System32\user32.dll \Windows\System32\imagehlp.dll \Windows\System32\Wldap32.dll \Windows\System32\difxapi.dll \Windows\System32\imm32.dll \Windows\System32\ole32.dll \Windows\System32\nsi.dll \Windows\System32\ws2_32.dll \Windows\System32\shell32.dll \Windows\System32\comdlg32.dll \Windows\System32\advapi32.dll \Windows\System32\wininet.dll \Windows\System32\clbcatq.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\KernelBase.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\crypt32.dll \Windows\System32\devobj.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\cfgmgr32.dll \Windows\System32\comctl32.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\wintrust.dll \Windows\System32\msasn1.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa80077bd060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-6\ Lower Device Object: 0xfffffa8007497060 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0) Load Function returned 0x0 Downloaded database version: v2013.05.22.09 Downloaded database version: v2013.05.14.03 Initializing... Done! <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa80077bd060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80077bdb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80077bd060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80074e2520, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8007497060, DeviceName: \Device\Ide\IdeDeviceP4T0L0-6\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a002bdffe0, 0xfffffa80077bd060, 0xfffffa8007738790 Lower DeviceData: 0xfffff8a002d51740, 0xfffffa8007497060, 0xfffffa8008d64220 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 74BC26AE Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 307200000 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 307202048 Numsec = 1157941248 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 750156374016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)... Done! Performing system, memory and registry scan... Infected: c:\$Recycle.Bin\S-1-5-21-1142900357-2600456467-752600298-1000\$65aa22156aed522a2e7c8c77def2833f --> [Trojan.Siredef.C] Done! Scan finished Creating System Restore point... Could not create restore point... Scheduling clean up... <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Executing an action fixdamage.exe... Success! Removal successful. No system shutdown is required. ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.05.0.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 System is currently in a safe mode Account is Administrative Internet Explorer version: 10.0.9200.16576 Java version: 1.6.0_30 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 3.310000 GHz Memory total: 8570253312, free: 7851081728 ------------ Kernel report ------------ 05/22/2013 22:44:57 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\1394ohci.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\hamachi.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\dtsoftbus01.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\udfs.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_msahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\framebuf.dll \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\imagehlp.dll \Windows\System32\ole32.dll \Windows\System32\ws2_32.dll \Windows\System32\Wldap32.dll \Windows\System32\user32.dll \Windows\System32\sechost.dll \Windows\System32\gdi32.dll \Windows\System32\kernel32.dll \Windows\System32\setupapi.dll \Windows\System32\wininet.dll \Windows\System32\urlmon.dll \Windows\System32\imm32.dll \Windows\System32\usp10.dll \Windows\System32\lpk.dll \Windows\System32\msctf.dll \Windows\System32\advapi32.dll \Windows\System32\comdlg32.dll \Windows\System32\oleaut32.dll \Windows\System32\shell32.dll \Windows\System32\nsi.dll \Windows\System32\shlwapi.dll \Windows\System32\psapi.dll \Windows\System32\difxapi.dll \Windows\System32\normaliz.dll \Windows\System32\msvcrt.dll \Windows\System32\rpcrt4.dll \Windows\System32\clbcatq.dll \Windows\System32\iertutil.dll \Windows\System32\crypt32.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\wintrust.dll \Windows\System32\cfgmgr32.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\devobj.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\comctl32.dll \Windows\System32\KernelBase.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8007706060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-6\ Lower Device Object: 0xfffffa8007487680 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0) Load Function returned 0x0 Initializing... Done! <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8007706060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007706b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007706060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80074a4e40, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8007487680, DeviceName: \Device\Ide\IdeDeviceP4T0L0-6\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a002f7e860, 0xfffffa8007706060, 0xfffffa8008654790 Lower DeviceData: 0xfffff8a002a3b140, 0xfffffa8007487680, 0xfffffa8007848e40 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 74BC26AE Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 307200000 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 307202048 Numsec = 1157941248 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 750156374016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)... Done! Performing system, memory and registry scan... Done! Scan finished ======================================= programme habe ich nun keins der von dir/ihnen(?^^) aufgelisteten mehr auf dem rechner (java 7 darf ich drauf lassen oder?) was ich nochmal dazu sgaen wollte: ich benutze meinen rechner seit dem ich hier schreibe nur noch im abgesicherten modus könnte ja sein das das von Interesse ist einen schönen abend noch oder guten morgen |
|
23.05.2013, 12:34
| #6 |
| /// TB-Ausbilder | adobe flashplayer fragt durchgehend nach Admin rechten? Ja du darfst wieder normal booten. Solllst du sogar. Bitte das RICHTIGE MBAR Logfile posten.
__________________ --> adobe flashplayer fragt durchgehend nach Admin rechten? |
|
23.05.2013, 15:47
| #7 |
| | adobe flashplayer fragt durchgehend nach Admin rechten? Moin, also mailwarebytes findet nichts mehr: Malwarebytes Anti-Rootkit BETA 1.05.0.1001 www.malwarebytes.org Database version: v2013.05.23.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 Felix :: FELIX-PC [administrator] 23.05.2013 16:38:46 mbar-log-2013-05-23 (16-38-46).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 29484 Time elapsed: 6 minute(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Als ich heute den pc gestartet habe hatte ich Passworteingabe erstmal ein schwarzen bildschirm und eine cmd box nach einer zeit war diese dann weg und mein desktop ging normal auf leider weiß ich nicht mehr was drin stand ist das normal? außerdem wollte ich mal fragen ob es gefährlich ist mich irgendwo einzuloggen (youtube,steam,e-mail usw) oder ob das egal ist da meine passwörter auch so schon zu kriegen sind? |
|
23.05.2013, 16:19
| #8 |
| /// TB-Ausbilder | adobe flashplayer fragt durchgehend nach Admin rechten? Wir machen bitte noch einen weiteren Lauf mit Combofix im normalen Modus und dann gebe ich dir Entwarnung. Also ... Combofix und nochmal neues Logfile. 
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
23.05.2013, 18:09
| #9 |
| | adobe flashplayer fragt durchgehend nach Admin rechten? Wie es aussieht wurde der pc nicht neu gestartet un hier ist der log Combofix Logfile: Code:
ATTFilter ComboFix 13-05-23.02 - Felix 23.05.2013 18:47:36.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8173.6561 [GMT 2:00]
ausgeführt von:: c:\users\Felix\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-23 bis 2013-05-23 ))))))))))))))))))))))))))))))
.
.
2013-05-23 16:50 . 2013-05-23 16:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-23 16:50 . 2013-05-23 16:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-23 14:16 . 2013-05-23 14:16 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2013-05-22 20:31 . 2013-05-22 20:31 -------- d-----w- c:\programdata\Malwarebytes
2013-05-22 20:28 . 2013-05-22 20:28 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-05-21 19:44 . 2013-05-21 19:44 -------- d-----w- c:\program files (x86)\ESET
2013-05-21 18:43 . 2013-05-23 16:46 -------- d-----w- c:\users\Felix\AppData\Roaming\Skype
2013-05-21 18:35 . 2013-05-21 18:35 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-05-21 18:35 . 2013-05-21 18:35 -------- d-----r- c:\program files (x86)\Skype
2013-05-21 12:24 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{60A76FCC-8624-44C4-88D2-526AAAB7E71A}\mpengine.dll
2013-05-15 15:31 . 2013-05-15 15:31 -------- d-----w- c:\programdata\FlyVPN
2013-05-06 17:43 . 2013-05-06 17:43 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-05-06 17:42 . 2013-03-15 04:16 3477280 ----a-w- c:\windows\system32\nvsvc64.dll
2013-05-06 17:42 . 2013-03-15 04:16 6398240 ----a-w- c:\windows\system32\nvcpl.dll
2013-05-06 17:42 . 2013-03-15 04:16 877856 ----a-w- c:\windows\system32\nvvsvc.exe
2013-05-06 17:42 . 2013-03-15 04:16 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-05-06 17:42 . 2013-03-15 04:16 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
2013-05-06 17:42 . 2013-03-15 04:16 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-04-29 15:05 . 2013-04-29 15:05 -------- d-----w- c:\users\Felix\AppData\Local\Unity
2013-04-27 20:11 . 2013-04-27 20:11 -------- d-----w- c:\users\Felix\AppData\Roaming\New Technology Studio
2013-04-27 20:11 . 2013-04-27 20:11 -------- d-----w- c:\users\Felix\AppData\Local\New Technology Studio
2013-04-24 13:34 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-21 10:21 . 2012-06-16 09:43 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-21 10:21 . 2011-12-28 00:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 21:27 . 2011-12-28 14:00 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-08 20:48 . 2012-01-01 21:34 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-05-08 20:48 . 2011-12-30 21:01 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-05-08 20:45 . 2011-12-30 21:01 280856 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-15 14:12 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 14:12 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 14:12 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 14:12 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 14:12 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 14:12 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-02 16:32 . 2013-04-02 16:32 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2013-04-02 16:32 . 2013-04-02 16:32 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2013-04-02 16:32 . 2013-04-02 16:32 5773824 ----a-w- c:\windows\system32\mstscax.dll
2013-04-02 16:32 . 2013-04-02 16:32 54272 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2013-04-02 16:32 . 2013-04-02 16:32 4916224 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-04-02 16:32 . 2013-04-02 16:32 46592 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2013-04-02 16:32 . 2013-04-02 16:32 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-02 16:32 . 2013-04-02 16:32 43520 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2013-04-02 16:32 . 2013-04-02 16:32 384000 ----a-w- c:\windows\system32\wksprt.exe
2013-04-02 16:32 . 2013-04-02 16:32 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-04-02 16:32 . 2013-04-02 16:32 322560 ----a-w- c:\windows\system32\aaclient.dll
2013-04-02 16:32 . 2013-04-02 16:32 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2013-04-02 16:32 . 2013-04-02 16:32 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2013-04-02 16:32 . 2013-04-02 16:32 269312 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-04-02 16:32 . 2013-04-02 16:32 243200 ----a-w- c:\windows\system32\rdpudd.dll
2013-04-02 16:32 . 2013-04-02 16:32 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2013-04-02 16:32 . 2013-04-02 16:32 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2013-04-02 16:32 . 2013-04-02 16:32 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2013-04-02 16:32 . 2013-04-02 16:32 18432 ----a-w- c:\windows\system32\wksprtPS.dll
2013-04-02 16:32 . 2013-04-02 16:32 16896 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2013-04-02 16:32 . 2013-04-02 16:32 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2013-04-02 16:32 . 2013-04-02 16:32 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-04-02 16:32 . 2013-04-02 16:32 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-04-02 16:32 . 2013-04-02 16:32 1123840 ----a-w- c:\windows\system32\mstsc.exe
2013-04-02 16:32 . 2013-04-02 16:32 1048064 ----a-w- c:\windows\SysWow64\mstsc.exe
2013-04-02 16:32 . 2013-04-02 16:32 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-04-02 16:32 . 2013-04-02 16:32 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-04-02 16:32 . 2013-04-02 16:32 340992 ----a-w- c:\windows\system32\schannel.dll
2013-04-02 16:32 . 2013-04-02 16:32 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-04-02 16:32 . 2013-04-02 16:32 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-04-02 16:32 . 2013-04-02 16:32 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-04-02 16:32 . 2013-04-02 16:32 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-04-02 16:31 . 2013-04-02 16:31 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-04-02 16:31 . 2013-04-02 16:31 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-04-01 23:01 . 2013-04-01 23:01 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-01 23:01 . 2013-04-01 23:01 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-01 23:01 . 2013-04-01 23:01 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-01 23:01 . 2013-04-01 23:01 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-01 23:01 . 2013-04-01 23:01 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-01 23:01 . 2013-04-01 23:01 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-01 23:01 . 2013-04-01 23:01 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-01 23:01 . 2013-04-01 23:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-01 23:01 . 2013-04-01 23:01 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-01 23:01 . 2013-04-01 23:01 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-01 23:01 . 2013-04-01 23:01 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-01 23:01 . 2013-04-01 23:01 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-01 23:01 . 2013-04-01 23:01 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-01 23:01 . 2013-04-01 23:01 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-01 23:01 . 2013-04-01 23:01 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-01 23:01 . 2013-04-01 23:01 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-01 23:01 . 2013-04-01 23:01 441856 ----a-w- c:\windows\system32\html.iec
2013-04-01 23:01 . 2013-04-01 23:01 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-01 23:01 . 2013-04-01 23:01 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-01 23:01 . 2013-04-01 23:01 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-01 23:01 . 2013-04-01 23:01 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-01 23:01 . 2013-04-01 23:01 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-01 23:01 . 2013-04-01 23:01 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-01 23:01 . 2013-04-01 23:01 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-01 23:01 . 2013-04-01 23:01 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-01 23:01 . 2013-04-01 23:01 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-01 23:01 . 2013-04-01 23:01 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-01 23:01 . 2013-04-01 23:01 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-01 23:01 . 2013-04-01 23:01 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-01 23:01 . 2013-04-01 23:01 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-01 23:01 . 2013-04-01 23:01 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-01 23:01 . 2013-04-01 23:01 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-01 23:01 . 2013-04-01 23:01 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-01 23:01 . 2013-04-01 23:01 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-01 23:01 . 2013-04-01 23:01 235008 ----a-w- c:\windows\system32\url.dll
2013-04-01 23:01 . 2013-04-01 23:01 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-01 23:01 . 2013-04-01 23:01 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-01 23:01 . 2013-04-01 23:01 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-01 23:01 . 2013-04-01 23:01 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-01 23:01 . 2013-04-01 23:01 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-01 23:01 . 2013-04-01 23:01 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-01 23:01 . 2013-04-01 23:01 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-01 23:01 . 2013-04-01 23:01 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-01 23:01 . 2013-04-01 23:01 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-01 23:01 . 2013-04-01 23:01 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-01 23:01 . 2013-04-01 23:01 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-01 23:01 . 2013-04-01 23:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-01 23:01 . 2013-04-01 23:01 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-01 23:01 . 2013-04-01 23:01 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-23 01:09 . 2013-03-23 01:09 354656 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2013-03-19 06:04 . 2013-04-10 20:02 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 20:02 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 20:02 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Felix\APPDATA\ROAMING\SPOTIFY\Data\SpotifyWebHelper.exe" [2013-05-03 1105408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-03-28 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-05-15 2255184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-04-19 161384]
R2 Virtual Router;VirtualRouterService;c:\program files (x86)\Virtual Router\VirtualRouterService.exe [2009-11-18 12288]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe [2013-03-06 49152]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-04-02 19456]
R3 StMp3Recx64;Treiber für Player-Wiederherstellungsgerät;c:\windows\system32\Drivers\StMp3Recx64.sys [2007-01-12 26112]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-01-10 42184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-04-02 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-04-02 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-12 1255736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-01 279616]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-05-15 2467664]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-11-10 115272]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2013-03-04 838216]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 16:38 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-01 16:22]
.
2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-01 16:22]
.
.
--------- X64 Entries -----------
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Felix\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{D83BFC79-D1B6-4DC4-A832-64A03751BF14}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\oox9dp8g.default\
FF - prefs.js: browser.startup.homepage - about:home|hxxp://www.giga.de/go/wze
FF - prefs.js: network.proxy.http - 72.64.146.135
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-04-04 22:15; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{26647ca4-a2a7-4eac-8a72-761aa9141de7} - (no file)
WebBrowser-{26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1142900357-2600456467-752600298-1000\Software\SecuROM\License information*]
"datasecu"=hex:f7,5b,e6,b3,c3,e9,c5,0e,47,36,ab,de,5b,81,0f,25,47,05,7a,25,92,
d2,d2,a1,8b,01,9b,89,61,e4,45,46,ef,38,da,eb,19,84,c9,e8,d6,96,12,b4,12,5b,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-23 18:51:47
ComboFix-quarantined-files.txt 2013-05-23 16:51
ComboFix2.txt 2013-05-22 15:34
.
Vor Suchlauf: 16 Verzeichnis(se), 41.100.156.928 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 40.934.854.656 Bytes frei
.
- - End Of File - - E6CD85AD759AC188E96AEB12271F8695
|
|
23.05.2013, 18:12
| #10 |
| /// TB-Ausbilder | adobe flashplayer fragt durchgehend nach Admin rechten? Gut!  Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen und werden dann deinen Computer noch auf einen sicheren Stand bringen. Da diese Scans jetzt sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten. Schritt 1: Quick-Scan mit Malwarebytes Downloade Dir bitteSchritt 2: Hinweis: Der Scan kann sehr lange (einige Stunden) dauern!  Schritt 3: Scan mit SecurityCheck Downloade Dir bitte  SecurityCheck und:
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
23.05.2013, 21:09
| #11 |
| | adobe flashplayer fragt durchgehend nach Admin rechten? So hier ist ein mal malewarebytes: Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.23.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 Felix :: FELIX-PC [Administrator] Schutz: Aktiviert 23.05.2013 19:19:28 mbam-log-2013-05-23 (19-19-28).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 238127 Laufzeit: 1 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) dann hier ESET(15 gefahren): ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=2142cc604d7dbd49a59e8533eb320031 # engine=13883 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-05-21 09:49:04 # local_time=2013-05-21 11:49:04 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776573 100 94 19224 120802794 0 0 # scanned=237175 # found=29 # cleaned=0 # scan_time=6583 sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="a variant of Win32/Kryptik.BBND trojan" ac=I fn="C:\ProgramData\48AD.exe" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="a variant of Win32/Kryptik.BBND trojan" ac=I fn="C:\ProgramData\51D0.exe" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="a variant of Win32/Kryptik.BBND trojan" ac=I fn="C:\ProgramData\612.exe" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="a variant of Win32/Kryptik.BBND trojan" ac=I fn="C:\ProgramData\88E7.exe" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="a variant of Win32/Kryptik.BBND trojan" ac=I fn="C:\ProgramData\AE9D.exe" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="a variant of Win32/Kryptik.BBND trojan" ac=I fn="C:\ProgramData\C349.exe" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="a variant of Win32/Kryptik.BBND trojan" ac=I fn="C:\ProgramData\CBFF.exe" sh=03EFD815DC17A1D4CEE5EA94065F1633AF92FE1B ft=1 fh=d72f384974c80c4e vn="a variant of Win32/Kryptik.BBND trojan" ac=I fn="C:\ProgramData\dadaddddaaffsacfsfdsf.exe" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="a variant of Win32/Kryptik.BBND trojan" ac=I fn="C:\ProgramData\EC8.exe" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="a variant of Win32/Kryptik.BBND trojan" ac=I fn="C:\Users\All Users\48AD.exe" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="a variant of Win32/Kryptik.BBND trojan" ac=I fn="C:\Users\All Users\51D0.exe" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="a variant of Win32/Kryptik.BBND trojan" ac=I fn="C:\Users\All Users\612.exe" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="a variant of Win32/Kryptik.BBND trojan" ac=I fn="C:\Users\All Users\8041.exe" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="a variant of Win32/Kryptik.BBND trojan" ac=I fn="C:\Users\All Users\88E7.exe" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="a variant of Win32/Kryptik.BBND trojan" ac=I fn="C:\Users\All Users\AE9D.exe" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="a variant of Win32/Kryptik.BBND trojan" ac=I fn="C:\Users\All Users\C349.exe" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="a variant of Win32/Kryptik.BBND trojan" ac=I fn="C:\Users\All Users\CBFF.exe" sh=03EFD815DC17A1D4CEE5EA94065F1633AF92FE1B ft=1 fh=d72f384974c80c4e vn="a variant of Win32/Kryptik.BBND trojan" ac=I fn="C:\Users\All Users\dadaddddaaffsacfsfdsf.exe" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="a variant of Win32/Kryptik.BBND trojan" ac=I fn="C:\Users\All Users\EC8.exe" sh=B47AA815D795324EDC4695B75248CCB529AE6F07 ft=0 fh=0000000000000000 vn="a variant of Win32/Kryptik.BBND trojan" ac=I fn="C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00d4fd" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="a variant of Win32/Kryptik.BBND trojan" ac=I fn="C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GY9PBP3T\f97834fh9348[1]" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="a variant of Win32/Kryptik.BBND trojan" ac=I fn="C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GY9PBP3T\f97834fh9348[2]" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="a variant of Win32/Kryptik.BBND trojan" ac=I fn="C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GY9PBP3T\f97834fh9348[3]" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="a variant of Win32/Kryptik.BBND trojan" ac=I fn="C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GY9PBP3T\f97834fh9348[4]" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="a variant of Win32/Kryptik.BBND trojan" ac=I fn="C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQTUG23P\f97834fh9348[1]" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="a variant of Win32/Kryptik.BBND trojan" ac=I fn="C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQTUG23P\f97834fh9348[2]" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="a variant of Win32/Kryptik.BBND trojan" ac=I fn="C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHPK7FEX\f97834fh9348[1]" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="a variant of Win32/Kryptik.BBND trojan" ac=I fn="C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHPK7FEX\f97834fh9348[2]" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="a variant of Win32/Kryptik.BBND trojan" ac=I fn="C:\Users\Felix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHPK7FEX\f97834fh9348[3]" ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=2142cc604d7dbd49a59e8533eb320031 # engine=13897 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-05-23 07:49:41 # local_time=2013-05-23 09:49:41 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776573 100 94 105164 120968431 0 0 # scanned=417866 # found=15 # cleaned=0 # scan_time=8752 sh=B25A70C07DD2EB1C9FDF89F7A2FFC286F226EDF4 ft=1 fh=d35188a364f429f4 vn="Win64/Sirefef.AR trojan" ac=I fn="C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-1142900357-2600456467-752600298-1000\$65aa22156aed522a2e7c8c77def2833f\n.vir" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="Win32/Rodpicom.C worm" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\48AD.exe.vir" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="Win32/Rodpicom.C worm" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\51D0.exe.vir" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="Win32/Rodpicom.C worm" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\612.exe.vir" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="Win32/Rodpicom.C worm" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\8041.exe.vir" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="Win32/Rodpicom.C worm" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\88E7.exe.vir" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="Win32/Rodpicom.C worm" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\AE9D.exe.vir" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="Win32/Rodpicom.C worm" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\C349.exe.vir" sh=31C15BED6DF1E5376A73FD9F597CAD85D6B1474B ft=1 fh=6298989d5e8713a7 vn="Win32/Sirefef.FU trojan" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\C467.exe.vir" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="Win32/Rodpicom.C worm" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\CBFF.exe.vir" sh=03EFD815DC17A1D4CEE5EA94065F1633AF92FE1B ft=1 fh=d72f384974c80c4e vn="Win32/Gapz.E trojan" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\dadaddddaaffsacfsfdsf.exe.vir" sh=E2D3634B1EA861E1B6D271FD3FFDCFAA1E79F1D5 ft=1 fh=cf6f59e22e2db27b vn="Win32/Rodpicom.C worm" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\EC8.exe.vir" sh=1E4A93D28741023F5A092F5EC6F6A101848246D0 ft=1 fh=de30f053724b29a8 vn="Win32/Sirefef.EZ trojan" ac=I fn="C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir" sh=4FB0FFAEF08BE9E1AC66812186E7B47C0BEED01D ft=1 fh=337c895cf6cd3ae2 vn="Win64/Sirefef.W trojan" ac=I fn="C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir" sh=B47AA815D795324EDC4695B75248CCB529AE6F07 ft=0 fh=0000000000000000 vn="Win32/Gapz.E trojan" ac=I fn="C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00d4fd und hier ist der security check: Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 JavaFX 2.1.1 Java 7 Update 15 Java version out of Date! Adobe Flash Player 11.7.700.202 Adobe Reader XI Mozilla Firefox (9.0.1) Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
23.05.2013, 21:16
| #12 |
| /// TB-Ausbilder | adobe flashplayer fragt durchgehend nach Admin rechten? So jetzt ganz am Schluß kam noch was sehr unschönes. Da müssen wir nochmals untersuchen, ob da was dran ist oder nicht. Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte Schritt 2: Scan mit aswMBR Downloade dir bitte Schritt 3: Scan mit GMER Bitte lade dir GMER herunter: (Dateiname zufällig)
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
23.05.2013, 22:20
| #13 |
| | adobe flashplayer fragt durchgehend nach Admin rechten? Mann mann mann ich muss mich hier nochmal zwischendurch für deine mühen bedanken also tdsskiller: 22:31:42.0499 2520 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 22:31:42.0668 2520 ============================================================ 22:31:42.0668 2520 Current date / time: 2013/05/23 22:31:42.0668 22:31:42.0668 2520 SystemInfo: 22:31:42.0668 2520 22:31:42.0668 2520 OS Version: 6.1.7601 ServicePack: 1.0 22:31:42.0668 2520 Product type: Workstation 22:31:42.0668 2520 ComputerName: FELIX-PC 22:31:42.0669 2520 UserName: Felix 22:31:42.0669 2520 Windows directory: C:\Windows 22:31:42.0669 2520 System windows directory: C:\Windows 22:31:42.0669 2520 Running under WOW64 22:31:42.0669 2520 Processor architecture: Intel x64 22:31:42.0669 2520 Number of processors: 4 22:31:42.0669 2520 Page size: 0x1000 22:31:42.0669 2520 Boot type: Normal boot 22:31:42.0669 2520 ============================================================ 22:31:43.0538 2520 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 22:31:43.0543 2520 ============================================================ 22:31:43.0543 2520 \Device\Harddisk0\DR0: 22:31:43.0543 2520 MBR partitions: 22:31:43.0543 2520 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x124F8000 22:31:43.0543 2520 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x124F8800, BlocksNum 0x4504C800 22:31:43.0543 2520 ============================================================ 22:31:43.0576 2520 C: <-> \Device\Harddisk0\DR0\Partition1 22:31:43.0594 2520 D: <-> \Device\Harddisk0\DR0\Partition2 22:31:43.0595 2520 ============================================================ 22:31:43.0595 2520 Initialize success 22:31:43.0595 2520 ============================================================ 22:33:27.0941 2796 ============================================================ 22:33:27.0941 2796 Scan started 22:33:27.0941 2796 Mode: Manual; SigCheck; TDLFS; 22:33:27.0941 2796 ============================================================ 22:33:28.0675 2796 ================ Scan system memory ======================== 22:33:28.0675 2796 System memory - ok 22:33:28.0675 2796 ================ Scan services ============================= 22:33:28.0799 2796 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 22:33:28.0862 2796 1394ohci - ok 22:33:28.0893 2796 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 22:33:28.0893 2796 ACPI - ok 22:33:28.0909 2796 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 22:33:28.0940 2796 AcpiPmi - ok 22:33:29.0018 2796 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 22:33:29.0033 2796 AdobeARMservice - ok 22:33:29.0065 2796 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 22:33:29.0080 2796 adp94xx - ok 22:33:29.0096 2796 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 22:33:29.0111 2796 adpahci - ok 22:33:29.0111 2796 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 22:33:29.0127 2796 adpu320 - ok 22:33:29.0143 2796 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 22:33:29.0252 2796 AeLookupSvc - ok 22:33:29.0283 2796 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 22:33:29.0314 2796 AFD - ok 22:33:29.0330 2796 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 22:33:29.0330 2796 agp440 - ok 22:33:29.0361 2796 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 22:33:29.0392 2796 ALG - ok 22:33:29.0408 2796 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 22:33:29.0408 2796 aliide - ok 22:33:29.0423 2796 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 22:33:29.0439 2796 amdide - ok 22:33:29.0439 2796 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 22:33:29.0455 2796 AmdK8 - ok 22:33:29.0470 2796 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 22:33:29.0486 2796 AmdPPM - ok 22:33:29.0501 2796 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 22:33:29.0517 2796 amdsata - ok 22:33:29.0533 2796 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 22:33:29.0533 2796 amdsbs - ok 22:33:29.0548 2796 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 22:33:29.0548 2796 amdxata - ok 22:33:29.0580 2796 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 22:33:29.0689 2796 AppID - ok 22:33:29.0704 2796 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 22:33:29.0736 2796 AppIDSvc - ok 22:33:29.0751 2796 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll 22:33:29.0782 2796 Appinfo - ok 22:33:29.0814 2796 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 22:33:29.0829 2796 Apple Mobile Device - ok 22:33:29.0845 2796 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 22:33:29.0860 2796 arc - ok 22:33:29.0860 2796 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 22:33:29.0876 2796 arcsas - ok 22:33:29.0954 2796 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 22:33:29.0970 2796 aspnet_state - ok 22:33:29.0985 2796 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 22:33:30.0032 2796 AsyncMac - ok 22:33:30.0048 2796 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 22:33:30.0048 2796 atapi - ok 22:33:30.0079 2796 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 22:33:30.0126 2796 AudioEndpointBuilder - ok 22:33:30.0126 2796 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 22:33:30.0157 2796 AudioSrv - ok 22:33:30.0157 2796 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 22:33:30.0219 2796 AxInstSV - ok 22:33:30.0266 2796 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 22:33:30.0344 2796 b06bdrv - ok 22:33:30.0375 2796 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 22:33:30.0406 2796 b57nd60a - ok 22:33:30.0422 2796 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 22:33:30.0453 2796 BDESVC - ok 22:33:30.0484 2796 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 22:33:30.0531 2796 Beep - ok 22:33:30.0562 2796 [ 06C1E887BF34C0E31EB8E2C999E4842F ] BEService C:\Program Files (x86)\Common Files\BattlEye\BEService.exe 22:33:30.0578 2796 BEService ( UnsignedFile.Multi.Generic ) - warning 22:33:30.0578 2796 BEService - detected UnsignedFile.Multi.Generic (1) 22:33:30.0609 2796 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 22:33:30.0640 2796 BFE - ok 22:33:30.0672 2796 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll 22:33:30.0718 2796 BITS - ok 22:33:30.0734 2796 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 22:33:30.0750 2796 blbdrive - ok 22:33:30.0828 2796 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 22:33:30.0843 2796 Bonjour Service - ok 22:33:30.0874 2796 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 22:33:30.0906 2796 bowser - ok 22:33:30.0921 2796 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 22:33:30.0952 2796 BrFiltLo - ok 22:33:30.0968 2796 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 22:33:30.0984 2796 BrFiltUp - ok 22:33:31.0015 2796 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 22:33:31.0062 2796 BridgeMP - ok 22:33:31.0093 2796 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 22:33:31.0124 2796 Browser - ok 22:33:31.0140 2796 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 22:33:31.0186 2796 Brserid - ok 22:33:31.0186 2796 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 22:33:31.0218 2796 BrSerWdm - ok 22:33:31.0218 2796 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 22:33:31.0249 2796 BrUsbMdm - ok 22:33:31.0264 2796 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 22:33:31.0280 2796 BrUsbSer - ok 22:33:31.0327 2796 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 22:33:31.0374 2796 BthEnum - ok 22:33:31.0389 2796 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 22:33:31.0405 2796 BTHMODEM - ok 22:33:31.0420 2796 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 22:33:31.0452 2796 BthPan - ok 22:33:31.0483 2796 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 22:33:31.0514 2796 BTHPORT - ok 22:33:31.0545 2796 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 22:33:31.0592 2796 bthserv - ok 22:33:31.0608 2796 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 22:33:31.0623 2796 BTHUSB - ok 22:33:31.0623 2796 catchme - ok 22:33:31.0623 2796 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 22:33:31.0654 2796 cdfs - ok 22:33:31.0701 2796 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 22:33:31.0701 2796 cdrom - ok 22:33:31.0732 2796 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 22:33:31.0779 2796 CertPropSvc - ok 22:33:31.0795 2796 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 22:33:31.0810 2796 circlass - ok 22:33:31.0826 2796 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 22:33:31.0857 2796 CLFS - ok 22:33:31.0888 2796 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:33:31.0904 2796 clr_optimization_v2.0.50727_32 - ok 22:33:31.0935 2796 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 22:33:31.0951 2796 clr_optimization_v2.0.50727_64 - ok 22:33:32.0013 2796 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 22:33:32.0013 2796 clr_optimization_v4.0.30319_32 - ok 22:33:32.0029 2796 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 22:33:32.0044 2796 clr_optimization_v4.0.30319_64 - ok 22:33:32.0076 2796 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 22:33:32.0107 2796 CmBatt - ok 22:33:32.0107 2796 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 22:33:32.0122 2796 cmdide - ok 22:33:32.0154 2796 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys 22:33:32.0185 2796 CNG - ok 22:33:32.0185 2796 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 22:33:32.0200 2796 Compbatt - ok 22:33:32.0216 2796 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 22:33:32.0232 2796 CompositeBus - ok 22:33:32.0232 2796 COMSysApp - ok 22:33:32.0247 2796 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 22:33:32.0247 2796 crcdisk - ok 22:33:32.0278 2796 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 22:33:32.0310 2796 CryptSvc - ok 22:33:32.0341 2796 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 22:33:32.0403 2796 DcomLaunch - ok 22:33:32.0419 2796 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 22:33:32.0466 2796 defragsvc - ok 22:33:32.0481 2796 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 22:33:32.0512 2796 DfsC - ok 22:33:32.0528 2796 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 22:33:32.0575 2796 Dhcp - ok 22:33:32.0575 2796 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 22:33:32.0622 2796 discache - ok 22:33:32.0637 2796 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 22:33:32.0637 2796 Disk - ok 22:33:32.0668 2796 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 22:33:32.0700 2796 Dnscache - ok 22:33:32.0715 2796 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 22:33:32.0778 2796 dot3svc - ok 22:33:32.0793 2796 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 22:33:32.0824 2796 DPS - ok 22:33:32.0856 2796 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 22:33:32.0871 2796 drmkaud - ok 22:33:32.0902 2796 [ 400582B09E0BB557D0EC28A945150EEB ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 22:33:32.0934 2796 dtsoftbus01 - ok 22:33:32.0965 2796 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 22:33:32.0980 2796 DXGKrnl - ok 22:33:33.0012 2796 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 22:33:33.0043 2796 EapHost - ok 22:33:33.0105 2796 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 22:33:33.0168 2796 ebdrv - ok 22:33:33.0199 2796 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 22:33:33.0214 2796 EFS - ok 22:33:33.0261 2796 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 22:33:33.0308 2796 ehRecvr - ok 22:33:33.0324 2796 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 22:33:33.0339 2796 ehSched - ok 22:33:33.0370 2796 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 22:33:33.0402 2796 elxstor - ok 22:33:33.0402 2796 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 22:33:33.0417 2796 ErrDev - ok 22:33:33.0433 2796 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 22:33:33.0464 2796 EventSystem - ok 22:33:33.0495 2796 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 22:33:33.0526 2796 exfat - ok 22:33:33.0526 2796 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 22:33:33.0558 2796 fastfat - ok 22:33:33.0589 2796 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 22:33:33.0620 2796 Fax - ok 22:33:33.0636 2796 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 22:33:33.0636 2796 fdc - ok 22:33:33.0667 2796 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 22:33:33.0698 2796 fdPHost - ok 22:33:33.0698 2796 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 22:33:33.0745 2796 FDResPub - ok 22:33:33.0745 2796 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 22:33:33.0760 2796 FileInfo - ok 22:33:33.0760 2796 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 22:33:33.0807 2796 Filetrace - ok 22:33:33.0823 2796 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 22:33:33.0823 2796 flpydisk - ok 22:33:33.0838 2796 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 22:33:33.0854 2796 FltMgr - ok 22:33:33.0901 2796 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 22:33:33.0948 2796 FontCache - ok 22:33:33.0994 2796 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 22:33:34.0010 2796 FontCache3.0.0.0 - ok 22:33:34.0026 2796 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 22:33:34.0041 2796 FsDepends - ok 22:33:34.0057 2796 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 22:33:34.0072 2796 Fs_Rec - ok 22:33:34.0088 2796 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 22:33:34.0119 2796 fvevol - ok 22:33:34.0135 2796 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 22:33:34.0150 2796 gagp30kx - ok 22:33:34.0182 2796 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 22:33:34.0197 2796 GEARAspiWDM - ok 22:33:34.0213 2796 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 22:33:34.0275 2796 gpsvc - ok 22:33:34.0338 2796 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 22:33:34.0353 2796 gupdate - ok 22:33:34.0353 2796 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 22:33:34.0369 2796 gupdatem - ok 22:33:34.0400 2796 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys 22:33:34.0416 2796 hamachi - ok 22:33:34.0525 2796 [ DBCF8F2EA9111510B5B86E1EE9CD8816 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe 22:33:34.0556 2796 Hamachi2Svc - ok 22:33:34.0572 2796 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 22:33:34.0603 2796 hcw85cir - ok 22:33:34.0634 2796 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 22:33:34.0665 2796 HdAudAddService - ok 22:33:34.0681 2796 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 22:33:34.0712 2796 HDAudBus - ok 22:33:34.0728 2796 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 22:33:34.0743 2796 HidBatt - ok 22:33:34.0759 2796 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 22:33:34.0774 2796 HidBth - ok 22:33:34.0790 2796 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 22:33:34.0806 2796 HidIr - ok 22:33:34.0821 2796 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 22:33:34.0868 2796 hidserv - ok 22:33:34.0884 2796 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 22:33:34.0899 2796 HidUsb - ok 22:33:34.0946 2796 [ 00C71C3FB915BA353740999ADF447927 ] HiPatchService D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe 22:33:34.0962 2796 HiPatchService ( UnsignedFile.Multi.Generic ) - warning 22:33:34.0962 2796 HiPatchService - detected UnsignedFile.Multi.Generic (1) 22:33:34.0977 2796 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 22:33:35.0024 2796 hkmsvc - ok 22:33:35.0040 2796 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 22:33:35.0055 2796 HomeGroupListener - ok 22:33:35.0071 2796 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 22:33:35.0086 2796 HomeGroupProvider - ok 22:33:35.0102 2796 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 22:33:35.0102 2796 HpSAMD - ok 22:33:35.0133 2796 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 22:33:35.0149 2796 HTTP - ok 22:33:35.0164 2796 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 22:33:35.0164 2796 hwpolicy - ok 22:33:35.0164 2796 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 22:33:35.0180 2796 i8042prt - ok 22:33:35.0196 2796 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 22:33:35.0211 2796 iaStorV - ok 22:33:35.0258 2796 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 22:33:35.0289 2796 idsvc - ok 22:33:35.0289 2796 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 22:33:35.0305 2796 iirsp - ok 22:33:35.0320 2796 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 22:33:35.0367 2796 IKEEXT - ok 22:33:35.0398 2796 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 22:33:35.0398 2796 intelide - ok 22:33:35.0414 2796 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 22:33:35.0430 2796 intelppm - ok 22:33:35.0445 2796 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 22:33:35.0492 2796 IPBusEnum - ok 22:33:35.0508 2796 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:33:35.0523 2796 IpFilterDriver - ok 22:33:35.0554 2796 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 22:33:35.0586 2796 iphlpsvc - ok 22:33:35.0601 2796 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 22:33:35.0617 2796 IPMIDRV - ok 22:33:35.0632 2796 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 22:33:35.0664 2796 IPNAT - ok 22:33:35.0710 2796 [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 22:33:35.0742 2796 iPod Service - ok 22:33:35.0742 2796 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 22:33:35.0757 2796 IRENUM - ok 22:33:35.0773 2796 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 22:33:35.0788 2796 isapnp - ok 22:33:35.0804 2796 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 22:33:35.0820 2796 iScsiPrt - ok 22:33:35.0820 2796 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 22:33:35.0835 2796 kbdclass - ok 22:33:35.0851 2796 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 22:33:35.0851 2796 kbdhid - ok 22:33:35.0866 2796 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 22:33:35.0882 2796 KeyIso - ok 22:33:35.0898 2796 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 22:33:35.0913 2796 KSecDD - ok 22:33:35.0944 2796 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 22:33:35.0944 2796 KSecPkg - ok 22:33:35.0960 2796 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 22:33:35.0991 2796 ksthunk - ok 22:33:36.0007 2796 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 22:33:36.0038 2796 KtmRm - ok 22:33:36.0069 2796 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 22:33:36.0100 2796 LanmanServer - ok 22:33:36.0116 2796 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 22:33:36.0147 2796 LanmanWorkstation - ok 22:33:36.0163 2796 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 22:33:36.0194 2796 lltdio - ok 22:33:36.0225 2796 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 22:33:36.0256 2796 lltdsvc - ok 22:33:36.0272 2796 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 22:33:36.0303 2796 lmhosts - ok 22:33:36.0319 2796 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 22:33:36.0319 2796 LSI_FC - ok 22:33:36.0350 2796 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 22:33:36.0350 2796 LSI_SAS - ok 22:33:36.0350 2796 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 22:33:36.0366 2796 LSI_SAS2 - ok 22:33:36.0381 2796 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 22:33:36.0381 2796 LSI_SCSI - ok 22:33:36.0412 2796 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 22:33:36.0459 2796 luafv - ok 22:33:36.0490 2796 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 22:33:36.0506 2796 MBAMProtector - ok 22:33:36.0553 2796 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 22:33:36.0568 2796 MBAMScheduler - ok 22:33:36.0615 2796 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 22:33:36.0646 2796 MBAMService - ok 22:33:36.0662 2796 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 22:33:36.0709 2796 Mcx2Svc - ok 22:33:36.0709 2796 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 22:33:36.0724 2796 megasas - ok 22:33:36.0740 2796 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 22:33:36.0756 2796 MegaSR - ok 22:33:36.0802 2796 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 22:33:36.0802 2796 MEIx64 - ok 22:33:36.0834 2796 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 22:33:36.0865 2796 MMCSS - ok 22:33:36.0880 2796 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 22:33:36.0912 2796 Modem - ok 22:33:36.0927 2796 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 22:33:36.0943 2796 monitor - ok 22:33:36.0990 2796 [ 5FEC1FF5BB9A1FA5C9CF4544D19D6D5D ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys 22:33:36.0990 2796 MotioninJoyXFilter - ok 22:33:37.0005 2796 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 22:33:37.0005 2796 mouclass - ok 22:33:37.0021 2796 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 22:33:37.0052 2796 mouhid - ok 22:33:37.0083 2796 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 22:33:37.0083 2796 mountmgr - ok 22:33:37.0114 2796 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 22:33:37.0130 2796 mpio - ok 22:33:37.0146 2796 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 22:33:37.0177 2796 mpsdrv - ok 22:33:37.0208 2796 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 22:33:37.0239 2796 MpsSvc - ok 22:33:37.0239 2796 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 22:33:37.0270 2796 MRxDAV - ok 22:33:37.0286 2796 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 22:33:37.0317 2796 mrxsmb - ok 22:33:37.0333 2796 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:33:37.0348 2796 mrxsmb10 - ok 22:33:37.0364 2796 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:33:37.0380 2796 mrxsmb20 - ok 22:33:37.0380 2796 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 22:33:37.0395 2796 msahci - ok 22:33:37.0395 2796 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 22:33:37.0411 2796 msdsm - ok 22:33:37.0411 2796 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 22:33:37.0426 2796 MSDTC - ok 22:33:37.0458 2796 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 22:33:37.0504 2796 Msfs - ok 22:33:37.0520 2796 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 22:33:37.0536 2796 mshidkmdf - ok 22:33:37.0551 2796 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 22:33:37.0567 2796 msisadrv - ok 22:33:37.0582 2796 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 22:33:37.0614 2796 MSiSCSI - ok 22:33:37.0614 2796 msiserver - ok 22:33:37.0629 2796 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 22:33:37.0660 2796 MSKSSRV - ok 22:33:37.0676 2796 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 22:33:37.0692 2796 MSPCLOCK - ok 22:33:37.0723 2796 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 22:33:37.0754 2796 MSPQM - ok 22:33:37.0770 2796 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 22:33:37.0770 2796 MsRPC - ok 22:33:37.0785 2796 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 22:33:37.0785 2796 mssmbios - ok 22:33:37.0801 2796 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 22:33:37.0816 2796 MSTEE - ok 22:33:37.0832 2796 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 22:33:37.0832 2796 MTConfig - ok 22:33:37.0848 2796 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 22:33:37.0848 2796 Mup - ok 22:33:37.0879 2796 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 22:33:37.0910 2796 napagent - ok 22:33:37.0957 2796 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 22:33:38.0004 2796 NativeWifiP - ok 22:33:38.0050 2796 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 22:33:38.0082 2796 NDIS - ok 22:33:38.0097 2796 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 22:33:38.0113 2796 NdisCap - ok 22:33:38.0128 2796 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 22:33:38.0144 2796 NdisTapi - ok 22:33:38.0160 2796 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 22:33:38.0191 2796 Ndisuio - ok 22:33:38.0191 2796 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 22:33:38.0222 2796 NdisWan - ok 22:33:38.0222 2796 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 22:33:38.0253 2796 NDProxy - ok 22:33:38.0253 2796 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 22:33:38.0284 2796 NetBIOS - ok 22:33:38.0300 2796 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 22:33:38.0316 2796 NetBT - ok 22:33:38.0331 2796 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 22:33:38.0347 2796 Netlogon - ok 22:33:38.0347 2796 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 22:33:38.0378 2796 Netman - ok 22:33:38.0425 2796 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 22:33:38.0425 2796 NetMsmqActivator - ok 22:33:38.0425 2796 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 22:33:38.0425 2796 NetPipeActivator - ok 22:33:38.0456 2796 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 22:33:38.0487 2796 netprofm - ok 22:33:38.0487 2796 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 22:33:38.0487 2796 NetTcpActivator - ok 22:33:38.0503 2796 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 22:33:38.0503 2796 NetTcpPortSharing - ok 22:33:38.0518 2796 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 22:33:38.0518 2796 nfrd960 - ok 22:33:38.0534 2796 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 22:33:38.0565 2796 NlaSvc - ok 22:33:38.0596 2796 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys 22:33:38.0612 2796 NPF - ok 22:33:38.0628 2796 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 22:33:38.0674 2796 Npfs - ok 22:33:38.0674 2796 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 22:33:38.0706 2796 nsi - ok 22:33:38.0706 2796 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 22:33:38.0737 2796 nsiproxy - ok 22:33:38.0768 2796 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 22:33:38.0799 2796 Ntfs - ok 22:33:38.0815 2796 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 22:33:38.0846 2796 Null - ok 22:33:38.0877 2796 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 22:33:38.0893 2796 NVHDA - ok 22:33:39.0096 2796 [ 4EE399576F76D38C04745DB739BBC8C7 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 22:33:39.0267 2796 nvlddmkm - ok 22:33:39.0298 2796 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 22:33:39.0298 2796 nvraid - ok 22:33:39.0314 2796 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 22:33:39.0330 2796 nvstor - ok 22:33:39.0376 2796 [ 7335C3D78A7746D76D37F6722CC4A466 ] nvsvc C:\Windows\system32\nvvsvc.exe 22:33:39.0408 2796 nvsvc - ok 22:33:39.0423 2796 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 22:33:39.0439 2796 nv_agp - ok 22:33:39.0454 2796 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 22:33:39.0470 2796 ohci1394 - ok 22:33:39.0548 2796 [ 3825F59AE3277880D04A620CCA8CF3EA ] OpenVPNService C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe 22:33:39.0548 2796 OpenVPNService ( UnsignedFile.Multi.Generic ) - warning 22:33:39.0548 2796 OpenVPNService - detected UnsignedFile.Multi.Generic (1) 22:33:39.0579 2796 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 22:33:39.0610 2796 p2pimsvc - ok 22:33:39.0626 2796 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 22:33:39.0657 2796 p2psvc - ok 22:33:39.0673 2796 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 22:33:39.0704 2796 Parport - ok 22:33:39.0735 2796 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 22:33:39.0751 2796 partmgr - ok 22:33:39.0751 2796 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 22:33:39.0782 2796 PcaSvc - ok 22:33:39.0798 2796 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 22:33:39.0798 2796 pci - ok 22:33:39.0813 2796 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 22:33:39.0813 2796 pciide - ok 22:33:39.0829 2796 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 22:33:39.0829 2796 pcmcia - ok 22:33:39.0844 2796 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 22:33:39.0844 2796 pcw - ok 22:33:39.0876 2796 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 22:33:39.0907 2796 PEAUTH - ok 22:33:39.0969 2796 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 22:33:40.0000 2796 PerfHost - ok 22:33:40.0016 2796 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 22:33:40.0078 2796 pla - ok 22:33:40.0110 2796 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 22:33:40.0141 2796 PlugPlay - ok 22:33:40.0172 2796 PnkBstrA - ok 22:33:40.0188 2796 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 22:33:40.0203 2796 PNRPAutoReg - ok 22:33:40.0219 2796 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 22:33:40.0234 2796 PNRPsvc - ok 22:33:40.0266 2796 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 22:33:40.0328 2796 PolicyAgent - ok 22:33:40.0344 2796 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 22:33:40.0375 2796 Power - ok 22:33:40.0390 2796 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 22:33:40.0422 2796 PptpMiniport - ok 22:33:40.0422 2796 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 22:33:40.0437 2796 Processor - ok 22:33:40.0468 2796 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 22:33:40.0484 2796 ProfSvc - ok 22:33:40.0484 2796 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 22:33:40.0500 2796 ProtectedStorage - ok 22:33:40.0531 2796 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 22:33:40.0562 2796 Psched - ok 22:33:40.0593 2796 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 22:33:40.0624 2796 ql2300 - ok 22:33:40.0640 2796 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 22:33:40.0640 2796 ql40xx - ok 22:33:40.0656 2796 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 22:33:40.0671 2796 QWAVE - ok 22:33:40.0687 2796 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 22:33:40.0702 2796 QWAVEdrv - ok 22:33:40.0702 2796 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 22:33:40.0734 2796 RasAcd - ok 22:33:40.0749 2796 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 22:33:40.0765 2796 RasAgileVpn - ok 22:33:40.0765 2796 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 22:33:40.0796 2796 RasAuto - ok 22:33:40.0812 2796 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 22:33:40.0827 2796 Rasl2tp - ok 22:33:40.0858 2796 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 22:33:40.0890 2796 RasMan - ok 22:33:40.0890 2796 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 22:33:40.0921 2796 RasPppoe - ok 22:33:40.0936 2796 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 22:33:40.0952 2796 RasSstp - ok 22:33:40.0952 2796 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 22:33:40.0983 2796 rdbss - ok 22:33:40.0999 2796 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 22:33:41.0014 2796 rdpbus - ok 22:33:41.0030 2796 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 22:33:41.0046 2796 RDPCDD - ok 22:33:41.0061 2796 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 22:33:41.0092 2796 RDPENCDD - ok 22:33:41.0092 2796 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 22:33:41.0124 2796 RDPREFMP - ok 22:33:41.0155 2796 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 22:33:41.0186 2796 RdpVideoMiniport - ok 22:33:41.0217 2796 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 22:33:41.0264 2796 RDPWD - ok 22:33:41.0280 2796 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 22:33:41.0295 2796 rdyboost - ok 22:33:41.0311 2796 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 22:33:41.0342 2796 RemoteAccess - ok 22:33:41.0358 2796 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 22:33:41.0404 2796 RemoteRegistry - ok 22:33:41.0420 2796 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 22:33:41.0451 2796 RFCOMM - ok 22:33:41.0482 2796 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe 22:33:41.0498 2796 rpcapd - ok 22:33:41.0514 2796 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 22:33:41.0560 2796 RpcEptMapper - ok 22:33:41.0560 2796 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 22:33:41.0576 2796 RpcLocator - ok 22:33:41.0576 2796 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 22:33:41.0607 2796 RpcSs - ok 22:33:41.0607 2796 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 22:33:41.0638 2796 rspndr - ok 22:33:41.0670 2796 [ F15623B73768C35A666BB5CDCEEF497F ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 22:33:41.0685 2796 RTL8167 - ok 22:33:41.0701 2796 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 22:33:41.0701 2796 SamSs - ok 22:33:41.0716 2796 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 22:33:41.0716 2796 sbp2port - ok 22:33:41.0748 2796 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 22:33:41.0763 2796 SCardSvr - ok 22:33:41.0779 2796 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 22:33:41.0794 2796 scfilter - ok 22:33:41.0826 2796 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 22:33:41.0857 2796 Schedule - ok 22:33:41.0872 2796 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 22:33:41.0888 2796 SCPolicySvc - ok 22:33:41.0904 2796 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 22:33:41.0919 2796 SDRSVC - ok 22:33:41.0935 2796 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 22:33:41.0966 2796 secdrv - ok 22:33:41.0982 2796 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 22:33:41.0997 2796 seclogon - ok 22:33:42.0028 2796 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 22:33:42.0044 2796 SENS - ok 22:33:42.0091 2796 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 22:33:42.0106 2796 SensrSvc - ok 22:33:42.0122 2796 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 22:33:42.0153 2796 Serenum - ok 22:33:42.0169 2796 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 22:33:42.0184 2796 Serial - ok 22:33:42.0216 2796 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 22:33:42.0231 2796 sermouse - ok 22:33:42.0247 2796 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 22:33:42.0309 2796 SessionEnv - ok 22:33:42.0309 2796 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 22:33:42.0325 2796 sffdisk - ok 22:33:42.0325 2796 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 22:33:42.0340 2796 sffp_mmc - ok 22:33:42.0356 2796 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 22:33:42.0372 2796 sffp_sd - ok 22:33:42.0387 2796 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 22:33:42.0387 2796 sfloppy - ok 22:33:42.0418 2796 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 22:33:42.0434 2796 SharedAccess - ok 22:33:42.0450 2796 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 22:33:42.0481 2796 ShellHWDetection - ok 22:33:42.0496 2796 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 22:33:42.0512 2796 SiSRaid2 - ok 22:33:42.0528 2796 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 22:33:42.0528 2796 SiSRaid4 - ok 22:33:42.0590 2796 [ CA355B308AA537C6B9D67CD3A5485AF9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 22:33:42.0606 2796 SkypeUpdate - ok 22:33:42.0621 2796 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 22:33:42.0668 2796 Smb - ok 22:33:42.0699 2796 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 22:33:42.0715 2796 SNMPTRAP - ok 22:33:42.0730 2796 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 22:33:42.0730 2796 spldr - ok 22:33:42.0762 2796 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 22:33:42.0777 2796 Spooler - ok 22:33:42.0840 2796 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 22:33:42.0902 2796 sppsvc - ok 22:33:42.0918 2796 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 22:33:42.0933 2796 sppuinotify - ok 22:33:42.0964 2796 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 22:33:42.0996 2796 srv - ok 22:33:43.0027 2796 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 22:33:43.0058 2796 srv2 - ok 22:33:43.0074 2796 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 22:33:43.0089 2796 srvnet - ok 22:33:43.0120 2796 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 22:33:43.0167 2796 SSDPSRV - ok 22:33:43.0167 2796 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 22:33:43.0183 2796 SstpSvc - ok 22:33:43.0214 2796 Steam Client Service - ok 22:33:43.0214 2796 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 22:33:43.0230 2796 stexstor - ok 22:33:43.0261 2796 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 22:33:43.0308 2796 stisvc - ok 22:33:43.0339 2796 [ 63B2818651F111B08288B8AB7D2DEBF6 ] StMp3Recx64 C:\Windows\system32\Drivers\StMp3Recx64.sys 22:33:43.0370 2796 StMp3Recx64 - ok 22:33:43.0370 2796 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 22:33:43.0386 2796 swenum - ok 22:33:43.0401 2796 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 22:33:43.0432 2796 swprv - ok 22:33:43.0464 2796 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 22:33:43.0495 2796 SysMain - ok 22:33:43.0510 2796 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 22:33:43.0526 2796 TabletInputService - ok 22:33:43.0557 2796 [ F0B9D3ED88E56D3CD713DFF21E42AAF0 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys 22:33:43.0588 2796 tap0901 - ok 22:33:43.0604 2796 [ B70DF208E97536CA9F29289E609F5B16 ] taphss C:\Windows\system32\DRIVERS\taphss.sys 22:33:43.0620 2796 taphss - ok 22:33:43.0651 2796 [ A3F7EAB3947ADA804D60168119306D43 ] taphss6 C:\Windows\system32\DRIVERS\taphss6.sys 22:33:43.0666 2796 taphss6 - ok 22:33:43.0682 2796 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 22:33:43.0729 2796 TapiSrv - ok 22:33:43.0744 2796 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 22:33:43.0776 2796 TBS - ok 22:33:43.0822 2796 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 22:33:43.0869 2796 Tcpip - ok 22:33:43.0900 2796 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 22:33:43.0916 2796 TCPIP6 - ok 22:33:43.0947 2796 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 22:33:43.0947 2796 tcpipreg - ok 22:33:43.0963 2796 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 22:33:43.0978 2796 TDPIPE - ok 22:33:44.0010 2796 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 22:33:44.0010 2796 TDTCP - ok 22:33:44.0025 2796 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 22:33:44.0056 2796 tdx - ok 22:33:44.0072 2796 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 22:33:44.0088 2796 TermDD - ok 22:33:44.0103 2796 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 22:33:44.0119 2796 TermService - ok 22:33:44.0134 2796 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 22:33:44.0150 2796 Themes - ok 22:33:44.0166 2796 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 22:33:44.0181 2796 THREADORDER - ok 22:33:44.0197 2796 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 22:33:44.0228 2796 TrkWks - ok 22:33:44.0275 2796 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 22:33:44.0290 2796 TrustedInstaller - ok 22:33:44.0306 2796 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 22:33:44.0322 2796 tssecsrv - ok 22:33:44.0353 2796 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 22:33:44.0368 2796 TsUsbFlt - ok 22:33:44.0384 2796 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 22:33:44.0400 2796 TsUsbGD - ok 22:33:44.0431 2796 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 22:33:44.0493 2796 tunnel - ok 22:33:44.0493 2796 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 22:33:44.0493 2796 uagp35 - ok 22:33:44.0509 2796 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 22:33:44.0540 2796 udfs - ok 22:33:44.0556 2796 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 22:33:44.0571 2796 UI0Detect - ok 22:33:44.0602 2796 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 22:33:44.0602 2796 uliagpkx - ok 22:33:44.0602 2796 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 22:33:44.0634 2796 umbus - ok 22:33:44.0634 2796 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 22:33:44.0649 2796 UmPass - ok 22:33:44.0665 2796 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 22:33:44.0696 2796 upnphost - ok 22:33:44.0743 2796 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 22:33:44.0758 2796 USBAAPL64 - ok 22:33:44.0790 2796 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 22:33:44.0805 2796 usbccgp - ok 22:33:44.0836 2796 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 22:33:44.0852 2796 usbcir - ok 22:33:44.0868 2796 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 22:33:44.0899 2796 usbehci - ok 22:33:44.0914 2796 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 22:33:44.0946 2796 usbhub - ok 22:33:44.0961 2796 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 22:33:44.0992 2796 usbohci - ok 22:33:44.0992 2796 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys 22:33:45.0024 2796 usbprint - ok 22:33:45.0039 2796 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:33:45.0070 2796 USBSTOR - ok 22:33:45.0086 2796 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 22:33:45.0117 2796 usbuhci - ok 22:33:45.0117 2796 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 22:33:45.0180 2796 UxSms - ok 22:33:45.0195 2796 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 22:33:45.0195 2796 VaultSvc - ok 22:33:45.0226 2796 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 22:33:45.0226 2796 vdrvroot - ok 22:33:45.0242 2796 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 22:33:45.0273 2796 vds - ok 22:33:45.0289 2796 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 22:33:45.0304 2796 vga - ok 22:33:45.0304 2796 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 22:33:45.0336 2796 VgaSave - ok 22:33:45.0351 2796 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 22:33:45.0351 2796 vhdmp - ok 22:33:45.0367 2796 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 22:33:45.0367 2796 viaide - ok 22:33:45.0445 2796 [ F307DA7E96BC760B4628E204E234DCD0 ] Virtual Router C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe 22:33:45.0460 2796 Virtual Router ( UnsignedFile.Multi.Generic ) - warning 22:33:45.0460 2796 Virtual Router - detected UnsignedFile.Multi.Generic (1) 22:33:45.0476 2796 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 22:33:45.0492 2796 volmgr - ok 22:33:45.0507 2796 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 22:33:45.0523 2796 volmgrx - ok 22:33:45.0523 2796 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 22:33:45.0538 2796 volsnap - ok 22:33:45.0570 2796 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 22:33:45.0570 2796 vsmraid - ok 22:33:45.0616 2796 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 22:33:45.0679 2796 VSS - ok 22:33:45.0694 2796 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 22:33:45.0726 2796 vwifibus - ok 22:33:45.0741 2796 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 22:33:45.0757 2796 W32Time - ok 22:33:45.0772 2796 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 22:33:45.0788 2796 WacomPen - ok 22:33:45.0804 2796 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 22:33:45.0835 2796 WANARP - ok 22:33:45.0835 2796 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 22:33:45.0850 2796 Wanarpv6 - ok 22:33:45.0897 2796 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 22:33:45.0928 2796 WatAdminSvc - ok 22:33:45.0960 2796 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 22:33:45.0991 2796 wbengine - ok 22:33:46.0006 2796 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 22:33:46.0022 2796 WbioSrvc - ok 22:33:46.0038 2796 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 22:33:46.0053 2796 wcncsvc - ok 22:33:46.0069 2796 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 22:33:46.0100 2796 WcsPlugInService - ok 22:33:46.0116 2796 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 22:33:46.0116 2796 Wd - ok 22:33:46.0147 2796 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 22:33:46.0178 2796 Wdf01000 - ok 22:33:46.0194 2796 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 22:33:46.0240 2796 WdiServiceHost - ok 22:33:46.0240 2796 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 22:33:46.0272 2796 WdiSystemHost - ok 22:33:46.0287 2796 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 22:33:46.0303 2796 WebClient - ok 22:33:46.0318 2796 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 22:33:46.0350 2796 Wecsvc - ok 22:33:46.0365 2796 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 22:33:46.0396 2796 wercplsupport - ok 22:33:46.0396 2796 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 22:33:46.0428 2796 WerSvc - ok 22:33:46.0428 2796 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 22:33:46.0443 2796 WfpLwf - ok 22:33:46.0459 2796 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 22:33:46.0459 2796 WIMMount - ok 22:33:46.0474 2796 WinDefend - ok 22:33:46.0490 2796 WinHttpAutoProxySvc - ok 22:33:46.0537 2796 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 22:33:46.0568 2796 Winmgmt - ok 22:33:46.0615 2796 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 22:33:46.0646 2796 WinRM - ok 22:33:46.0677 2796 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 22:33:46.0708 2796 WinUsb - ok 22:33:46.0724 2796 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 22:33:46.0771 2796 Wlansvc - ok 22:33:46.0880 2796 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 22:33:46.0911 2796 wlidsvc - ok 22:33:46.0927 2796 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 22:33:46.0942 2796 WmiAcpi - ok 22:33:46.0942 2796 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 22:33:46.0974 2796 wmiApSrv - ok 22:33:46.0974 2796 WMPNetworkSvc - ok 22:33:46.0989 2796 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 22:33:47.0005 2796 WPCSvc - ok 22:33:47.0005 2796 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 22:33:47.0036 2796 WPDBusEnum - ok 22:33:47.0052 2796 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 22:33:47.0067 2796 ws2ifsl - ok 22:33:47.0067 2796 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 22:33:47.0083 2796 wscsvc - ok 22:33:47.0098 2796 WSearch - ok 22:33:47.0176 2796 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 22:33:47.0223 2796 wuauserv - ok 22:33:47.0239 2796 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 22:33:47.0254 2796 WudfPf - ok 22:33:47.0301 2796 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 22:33:47.0317 2796 WUDFRd - ok 22:33:47.0332 2796 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 22:33:47.0364 2796 wudfsvc - ok 22:33:47.0395 2796 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll 22:33:47.0426 2796 WwanSvc - ok 22:33:47.0457 2796 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys 22:33:47.0473 2796 xusb21 - ok 22:33:47.0473 2796 ================ Scan global =============================== 22:33:47.0488 2796 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 22:33:47.0520 2796 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 22:33:47.0535 2796 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 22:33:47.0551 2796 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 22:33:47.0566 2796 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 22:33:47.0582 2796 [Global] - ok 22:33:47.0582 2796 ================ Scan MBR ================================== 22:33:47.0582 2796 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 22:33:47.0832 2796 \Device\Harddisk0\DR0 - ok 22:33:47.0832 2796 ================ Scan VBR ================================== 22:33:47.0832 2796 [ D4B8C13B9525495749C78BEF44C552A6 ] \Device\Harddisk0\DR0\Partition1 22:33:47.0832 2796 \Device\Harddisk0\DR0\Partition1 - ok 22:33:47.0847 2796 [ 8CF2C8C49657A54126754241887C747C ] \Device\Harddisk0\DR0\Partition2 22:33:47.0863 2796 \Device\Harddisk0\DR0\Partition2 - ok 22:33:47.0863 2796 ============================================================ 22:33:47.0863 2796 Scan finished 22:33:47.0863 2796 ============================================================ 22:33:47.0863 1648 Detected object count: 4 22:33:47.0863 1648 Actual detected object count: 4 22:35:13.0305 1648 BEService ( UnsignedFile.Multi.Generic ) - skipped by user 22:35:13.0305 1648 BEService ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:35:13.0306 1648 HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user 22:35:13.0306 1648 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:35:13.0307 1648 OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user 22:35:13.0307 1648 OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:35:13.0308 1648 Virtual Router ( UnsignedFile.Multi.Generic ) - skipped by user 22:35:13.0308 1648 Virtual Router ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:35:21.0882 3936 Deinitialize success aswmbr: aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2013-05-23 22:37:58 ----------------------------- 22:37:58.551 OS Version: Windows x64 6.1.7601 Service Pack 1 22:37:58.551 Number of processors: 4 586 0x2A07 22:37:58.552 ComputerName: FELIX-PC UserName: Felix 22:37:59.034 Initialize success 22:42:02.799 AVAST engine defs: 13052301 22:43:13.041 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-6 22:43:13.041 Disk 0 Vendor: SAMSUNG_HD753LJ 1AA01113 Size: 715404MB BusType: 11 22:43:13.150 Disk 0 MBR read successfully 22:43:13.150 Disk 0 MBR scan 22:43:13.150 Disk 0 Windows 7 default MBR code 22:43:13.166 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 150000 MB offset 2048 22:43:13.181 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 565401 MB offset 307202048 22:43:13.228 Disk 0 scanning C:\Windows\system32\drivers 22:43:19.078 Service scanning 22:43:31.745 Modules scanning 22:43:31.745 Disk 0 trace - called modules: 22:43:31.761 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 22:43:31.761 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007810060] 22:43:31.777 3 CLASSPNP.SYS[fffff8800193543f] -> nt!IofCallDriver -> [0xfffffa8007552520] 22:43:31.777 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-6[0xfffffa80074ed680] 22:43:32.338 AVAST engine scan C:\Windows 22:43:33.664 AVAST engine scan C:\Windows\system32 22:45:24.019 AVAST engine scan C:\Windows\system32\drivers 22:45:32.583 AVAST engine scan C:\Users\Felix 22:54:01.004 AVAST engine scan C:\ProgramData 22:54:22.454 Scan finished successfully 22:55:25.634 Disk 0 MBR has been saved successfully to "C:\Users\Felix\Desktop\MBR.dat" 22:55:25.639 The log file has been saved successfully to "C:\Users\Felix\Desktop\aswMBR.txt" und GMER: GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-23 23:16:05
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-6 SAMSUNG_HD753LJ rev.1AA01113 698,64GB
Running: 37kxsdc0.exe; Driver: C:\Users\Felix\AppData\Local\Temp\ugloypod.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 698 fffff800031f408a 7 bytes [00, 00, 00, 00, 00, 00, 03]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 706 fffff800031f4092 4 bytes [00, 00, 00, 00]
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[1840] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072af1a22 2 bytes [AF, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1840] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072af1ad0 2 bytes [AF, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1840] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072af1b08 2 bytes [AF, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1840] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072af1bba 2 bytes [AF, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1840] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072af1bda 2 bytes [AF, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d61465 2 bytes [D6, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d614bb 2 bytes [D6, 76]
.text ... * 2
---- Devices - GMER 2.1 ----
Device \Driver\atapi \Device\Dev_fffffa80074ed680 fffffa80068e6880
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015834c2fd4
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015834c2fd4 (not active ControlSet)
---- EOF - GMER 2.1 ----
und hiermit auch bis morgen |
|
24.05.2013, 08:36
| #14 |
| /// TB-Ausbilder | adobe flashplayer fragt durchgehend nach Admin rechten? Nein sieht sauber aus, damit wäre das auch okay Prima! Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich. Schritt 1: Tools deinstallieren Die Reihenfolge ist hier entscheidend.
Schritt 2: Lass Eset nochmals laufen und entferne die Funde. Schritt 3: ESET deinstallieren (Optional)
Abschließend noch Tipps zu folgenden Themen:
Lesestoff:Systemupdates Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
Lesestoff:Softwareupdates Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:
Lesestoff:Sicherheitssoftware Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
Lesestoff:Sicheres Surfen Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.
Damit wünsche ich dir noch viel Spaß beim Surfen im Internet ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
26.05.2013, 15:05
| #15 |
| /// TB-Ausbilder | adobe flashplayer fragt durchgehend nach Admin rechten? Schön, dass wir helfen konnten  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen Falls du noch Lob oder Kritik loswerden möchtest, dann gibt es diesen Bereich hier: http://www.trojaner-board.de/lob-kritik-wuensche/
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu adobe flashplayer fragt durchgehend nach Admin rechten? |
| .com, adblock, adobe flashplayer, antivirus, autorun, bho, bonjour, cloud, converter, defender, desktop, downloader, error, firefox, frage, google, hotspot, installation, internet, launch, plug-in, programm, realtek, recycle.bin, registry, scan, software, spotify web helper, systemcare, win32/kryptik.bbnd, windows |
+ R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
Linear-Darstellung
