| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Internet Explorer öffnet sich selbstständig.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.06.2013, 21:53
| #1 |
 |  Internet Explorer öffnet sich selbstständig. Hinweis: Bei Schritt 3 in der Anleitung sollte man GMER starten, welches bei einer bestimmten Pfad dann hängen bleibt. Ein ScreenShot ist nochmal unten bzw. angehängt. Hallo liebes Trojaner-Board Team, zuerst werde ich mal etwas Allgemein über mein Problem schreiben, damit Ihr wisst wo und in welche Richtung mein Problem ungefähr ist und geht: Und zwar habe ich seit ein paar Tagen bemerkt, dass mein PC plötzlich, wenn ich ein paar Minuten nichts an der Tastatur mache, auf "eigener Faust" Internet Explorer öffnet auf dem schon eine Seite offen ist. Es öffnet sich also nicht so, als ob einer da langsam oder auch schnell rum tippt, sondern auf "einen Schlag", als wäre es so als Datei gespeichert. Beispielsweise wurde einmal hxxp://www.sparritter.de/ geöffnet, ohne dass ich etwas gemacht habe außer es zu beobachten. Es wurden auch noch andere Seiten meistens nacheinander geöffnet, von denen ich die Links allerdings nicht kopiert habe. Noch ein paar Informationen: Ich habe, bevor ich die Anleitung gelesen habe, schon die " Malwarebytes Anti-Malware " einmal die ganze Festplatte scannen lassen. LogFile vom Malwarebytes Anti-Malware Scan: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.03.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16576 USER1 :: MT7-PC [Administrator] Schutz: Aktiviert 03.06.2013 12:39:17 mbam-log-2013-06-03 (12-39-17).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 494997 Laufzeit: 2 Stunde(n), 40 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Users\USER1\AppData\Roaming\noc\scvhost.exe (Trojan.BitMiner) -> 3952 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Trojan.Agent) -> Daten: C:\Users\USER1\AppData\Roaming\jabconf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 6 C:\Users\USER1\AppData\Roaming\noc\scvhost.exe (Trojan.BitMiner) -> Löschen bei Neustart. C:\Users\USER1\y0353p10gcpk5.exe (Trojan.BitMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\USER1\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\7a2e915b-6bbfedd0 (Trojan.BitMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\USER1\AppData\Roaming\BAcroIEHelpe005267.dll (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\USER1\AppData\Roaming\noc\chp.exe (Trojan.Bitcoin) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\USER1\Downloads\video_downloader.exe (PUP.BundleInstaller.VG) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Exportierte Ereignisse:
03.06.2013 20:02 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\USER1\9yapgjot7acsk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Barys.17770' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
03.06.2013 20:02 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\USER1\9yapgjot7acsk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Barys.17770' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
03.06.2013 20:02 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\USER1\9yapgjot7acsk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Barys.17770' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
03.06.2013 20:02 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\USER1\9yapgjot7acsk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Barys.17770' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
03.06.2013 20:02 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\USER1\9yapgjot7acsk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Barys.17770' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
03.06.2013 19:56 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\USER1\9yapgjot7acsk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Barys.17770' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
03.06.2013 19:55 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\USER1\9yapgjot7acsk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Barys.17770' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Aber nun zu den Dateien, welche unter der Anleitung erfordert werden: Defogger: Keine Fehlermeldung. OTL.txt: Code:
ATTFilter OTL logfile created on: 03.06.2013 19:45:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\USER1\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 64,89% Memory free 5,50 Gb Paging File | 4,39 Gb Available in Paging File | 79,79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,95 Gb Total Space | 54,40 Gb Free Space | 36,52% Space Free | Partition Type: NTFS Computer Name: MT7-PC | User Name: USER1 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.03 19:43:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\USER1\Desktop\OTL.exe PRC - [2013.05.15 12:08:44 | 001,435,984 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe PRC - [2013.05.14 13:20:51 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.05.05 12:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.05.05 12:47:25 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.05.05 12:47:23 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.01.18 16:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2013.01.18 16:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.12.23 18:57:16 | 000,892,760 | ---- | M] (LULU Software) -- C:\Programme\Soda 3D PDF Reader\ConversionService.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe PRC - [2009.11.16 09:27:48 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Programme\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe PRC - [2009.11.05 16:56:38 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE ========== Modules (No Company Name) ========== MOD - [2012.06.18 17:24:30 | 000,260,096 | ---- | M] () -- C:\Programme\Notepad++\NppShell_05.dll MOD - [2011.12.15 13:38:45 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2011.11.06 22:18:16 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [1997.10.18 00:00:00 | 000,022,016 | ---- | M] () -- C:\Windows\System32\DOCOBJ.DLL ========== Services (SafeList) ========== SRV - [2013.05.15 17:30:50 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.15 12:08:44 | 001,435,984 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2013.05.05 12:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.05.05 12:47:23 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.02.26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.03.10 03:56:10 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2012.01.31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.12.23 18:57:16 | 000,892,760 | ---- | M] (LULU Software) [Auto | Running] -- C:\Programme\Soda 3D PDF Reader\ConversionService.exe -- (Soda 3D PDF Reader Service) SRV - [2011.12.23 18:57:10 | 000,821,592 | ---- | M] (LULU Software) [On_Demand | Stopped] -- C:\Programme\Soda 3D PDF Reader\HelperService.exe -- (Soda 3D PDF Reader Helper Service) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2009.11.05 16:56:38 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva400.sys -- (XDva400) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - [2013.05.05 12:47:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.05.05 12:47:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.05.05 12:47:36 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2013.02.26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.12.29 22:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan) DRV - [2012.08.27 16:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.05.20 16:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000) DRV - [2010.04.12 10:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009.07.14 00:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS) DRV - [2009.06.29 17:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.06.29 17:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009.04.09 13:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2007.04.12 16:27:36 | 001,399,680 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmudax3.sys -- (cmuda3) DRV - [2005.08.18 00:00:00 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver) DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 E2 B2 4B 0C 5C CC 01 [binary data] IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6PQkVkTMcB&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web" FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search the web" FF - prefs.js..browser.search.selectedEngine: "Search the web" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13" FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.8.1.0 FF - prefs.js..extensions.enabledItems: welcome@toolmin.com:1.03 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..extensions.enabledItems: ffxtlbr@incredibar.com:1.5.0 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledItems: {E634117B-33A8-4C70-8210-198010F03834}:1.0 FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js..browser.search.selectedEngine: "Search the web" FF - user.js..browser.search.order.1: "Search the web" FF - user.js..browser.search.defaultenginename: "Search the web" FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.26 22:31:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFSodaReaderPDFConverter@sodapdf.com: C:\Program Files\Soda 3D PDF Reader\FFSodaReaderExt [2012.03.04 00:05:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.05.20 10:27:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\Firefox [2012.05.20 10:28:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012.05.20 10:28:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.22 21:41:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.20 23:38:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.05.20 10:27:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{E634117B-33A8-4C70-8210-198010F03834}: C:\Users\USER1\AppData\Roaming\01003.128 [2013.05.08 17:14:47 | 000,000,000 | ---D | M] [2011.08.16 18:50:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER1\AppData\Roaming\mozilla\Extensions [2012.07.24 20:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER1\AppData\Roaming\mozilla\Firefox\Profiles\cg64vhj4.default\extensions [2011.12.06 13:52:31 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\USER1\AppData\Roaming\mozilla\Firefox\Profiles\cg64vhj4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.01.10 22:03:46 | 000,000,000 | ---D | M] (Incredibar Toolbar) -- C:\Users\USER1\AppData\Roaming\mozilla\Firefox\Profiles\cg64vhj4.default\extensions\ffxtlbr@incredibar.com [2012.01.10 22:04:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER1\AppData\Roaming\mozilla\Firefox\Profiles\cg64vhj4.default\extensions\staged [2011.10.16 23:50:47 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\USER1\AppData\Roaming\mozilla\Firefox\Profiles\cg64vhj4.default\extensions\welcome@toolmin.com [2011.10.05 11:35:46 | 000,000,931 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\mozilla\firefox\profiles\cg64vhj4.default\searchplugins\conduit.xml [2012.01.10 22:03:36 | 000,002,203 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\mozilla\firefox\profiles\cg64vhj4.default\searchplugins\MyStart Search.xml [2011.10.27 21:31:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.10.24 22:33:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2012.01.26 22:31:42 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2011.10.24 22:33:22 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2013.05.08 17:14:47 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\USER1\APPDATA\ROAMING\01003.128 [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.11.11 15:47:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.11 15:47:33 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.11.11 15:47:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.16 23:50:47 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src [2011.11.11 15:47:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.11 15:47:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com CHR - Extension: Bflix extension = C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfihafpijfdgmojeeigcldgchhojpfp\1.0_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (bflix Class) - {0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E} - C:\Programme\BFlix\bflix.dll (bflix) O2 - BHO: (Soda 3D PDF Reader Helper) - {2FE0F895-6D1D-4c80-A20D-18E42DE9B631} - C:\Programme\Soda 3D PDF Reader\PDFIEHelper.dll (LULU Software) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programme\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll (Montera Technologeis LTD) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Soda 3D PDF Reader Toolbar) - {64C9D46E-8F8B-4158-9780-A6581C7439B1} - C:\Programme\Soda 3D PDF Reader\PDFIEPlugin.dll (LULU Software) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\USER1\AppData\Roaming\toolplugin\toolbar.dll File not found O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll (Montera Technologeis LTD) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CmPCIaudio] RunDll32 cmicnfg3.cpl,CMICtrlWnd File not found O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKCU..\Run: [noc] C:\Users\USER1\AppData\Roaming\noc\dan.bat () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DDB803B-F5F3-49CA-B9FE-F15D1BFF8A6B}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7ECE886D-5CAD-4782-8D86-C1244F893B44}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE3D900F-6C92-4032-825A-ED6EA2364909}: DhcpNameServer = 139.7.30.126 139.7.30.125 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{dcf42ee8-ecde-11e0-9357-0016173bcafe}\Shell - "" = AutoRun O33 - MountPoints2\{dcf42ee8-ecde-11e0-9357-0016173bcafe}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{dcf42efa-ecde-11e0-9357-0016173bcafe}\Shell - "" = AutoRun O33 - MountPoints2\{dcf42efa-ecde-11e0-9357-0016173bcafe}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{fdd78564-edad-11e0-867c-0016173bcafe}\Shell - "" = AutoRun O33 - MountPoints2\{fdd78564-edad-11e0-867c-0016173bcafe}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\launcher.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.03 19:43:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\USER1\Desktop\OTL.exe [2013.06.03 12:33:20 | 000,000,000 | ---D | C] -- C:\Users\USER1\AppData\Roaming\Malwarebytes [2013.06.03 12:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.06.03 12:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.03 12:33:00 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.06.03 12:33:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.06.03 12:31:08 | 000,000,000 | ---D | C] -- C:\Users\USER1\AppData\Local\Programs [2013.06.03 12:30:13 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\USER1\Desktop\mbam-setup-1.75.0.1300.exe [2013.06.02 19:35:45 | 000,739,856 | ---- | C] (Google Inc.) -- C:\Users\USER1\AppData\Roaming\chromebrowser.exe [2013.06.02 19:35:24 | 000,000,000 | RHSD | C] -- C:\Users\USER1\AppData\Roaming\aaFa3 [2013.06.02 19:35:15 | 000,000,000 | ---D | C] -- C:\Users\USER1\AppData\Roaming\noc [2013.05.22 19:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2013.05.22 19:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi [2013.05.17 15:05:02 | 000,000,000 | ---D | C] -- C:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan [2013.05.17 15:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2013.05.17 15:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan [2013.05.15 18:05:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.05.14 13:21:33 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys [2013.05.08 17:14:43 | 000,000,000 | ---D | C] -- C:\Users\USER1\AppData\Roaming\01003.128 [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\Users\USER1\AppData\Roaming\*.tmp files -> C:\Users\USER1\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.03 19:56:34 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.03 19:44:17 | 000,015,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.03 19:44:17 | 000,015,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.03 19:43:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\USER1\Desktop\OTL.exe [2013.06.03 19:42:55 | 000,000,000 | ---- | M] () -- C:\Users\USER1\defogger_reenable [2013.06.03 19:35:08 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.03 19:34:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.03 19:34:19 | 2214,240,256 | -HS- | M] () -- C:\hiberfil.sys [2013.06.03 19:30:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.03 19:19:18 | 000,050,477 | ---- | M] () -- C:\Users\USER1\Desktop\Defogger.exe [2013.06.03 12:33:06 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.03 12:30:13 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\USER1\Desktop\mbam-setup-1.75.0.1300.exe [2013.06.02 19:35:10 | 000,274,944 | ---- | M] () -- C:\Users\USER1\9yapgjot7acsk.exe [2013.06.02 19:35:08 | 000,030,720 | ---- | M] () -- C:\Users\USER1\2wvb79qzp81y4.exe [2013.05.25 10:54:03 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013.05.25 00:19:30 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.05.17 15:05:02 | 000,000,971 | ---- | M] () -- C:\Users\USER1\Desktop\SpeedFan.lnk [2013.05.17 15:05:01 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo [2013.05.17 15:04:08 | 000,000,000 | ---- | M] () -- C:\Users\USER1\Desktop\initdebug.nfo [2013.05.17 13:53:26 | 000,001,078 | ---- | M] () -- C:\Users\USER1\Desktop\EVEREST Home Edition.lnk [2013.05.17 13:46:37 | 000,321,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.17 12:57:53 | 000,654,108 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.17 12:57:53 | 000,615,990 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.17 12:57:53 | 000,129,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.17 12:57:53 | 000,106,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.14 13:21:02 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys [2013.05.13 11:21:07 | 000,007,544 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\BAcroIEHelpe005271.dll [2013.05.13 11:21:01 | 000,237,664 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\AcroIEHelpe005271.dll [2013.05.08 17:15:04 | 000,007,544 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\BAcroIEHelpe005270.dll [2013.05.05 12:47:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.05.05 12:47:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.05.05 12:47:36 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\Users\USER1\AppData\Roaming\*.tmp files -> C:\Users\USER1\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.03 19:42:55 | 000,000,000 | ---- | C] () -- C:\Users\USER1\defogger_reenable [2013.06.03 19:19:17 | 000,050,477 | ---- | C] () -- C:\Users\USER1\Desktop\Defogger.exe [2013.06.03 12:33:06 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.02 19:35:10 | 000,274,944 | ---- | C] () -- C:\Users\USER1\9yapgjot7acsk.exe [2013.06.02 19:35:08 | 000,030,720 | ---- | C] () -- C:\Users\USER1\2wvb79qzp81y4.exe [2013.05.25 10:54:03 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013.05.17 15:05:02 | 000,000,971 | ---- | C] () -- C:\Users\USER1\Desktop\SpeedFan.lnk [2013.05.17 15:04:08 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo [2013.05.17 15:04:08 | 000,000,000 | ---- | C] () -- C:\Users\USER1\Desktop\initdebug.nfo [2013.05.13 11:21:07 | 000,007,544 | ---- | C] () -- C:\Users\USER1\AppData\Roaming\BAcroIEHelpe005271.dll [2013.05.13 11:21:01 | 000,237,664 | ---- | C] () -- C:\Users\USER1\AppData\Roaming\AcroIEHelpe005271.dll [2013.05.08 17:15:04 | 000,007,544 | ---- | C] () -- C:\Users\USER1\AppData\Roaming\BAcroIEHelpe005270.dll [2013.04.02 22:42:34 | 000,000,599 | ---- | C] () -- C:\Users\USER1\AppData\Roaming\rost.dat [2012.10.23 12:03:27 | 000,076,348 | ---- | C] () -- C:\ProgramData\abivsjtuhhunbod [2012.05.20 10:18:59 | 000,233,507 | ---- | C] () -- C:\Windows\hpoins47.dat [2011.11.06 22:18:16 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2011.08.18 14:58:34 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.08.16 21:18:57 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2011.08.16 21:18:57 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2011.08.16 21:18:57 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2011.08.16 21:18:57 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2011.08.16 21:18:57 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2011.08.16 21:18:57 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2011.08.16 21:18:57 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2011.08.16 21:18:56 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2011.08.16 21:18:56 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2011.08.16 21:18:56 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2011.08.16 21:18:56 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2011.08.16 21:18:56 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2011.08.16 21:18:56 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2011.08.16 21:18:56 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2011.08.16 21:18:56 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2011.08.16 21:18:56 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2011.08.16 21:18:56 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2011.08.16 21:18:56 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2011.08.16 21:18:56 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2011.08.16 21:16:11 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini [2011.08.16 18:43:09 | 000,442,368 | R--- | C] () -- C:\Windows\System32\Cmeaupci.exe [2011.08.16 18:42:18 | 000,241,664 | ---- | C] () -- C:\Windows\System32\cmrmdrv3.exe [2011.08.16 18:42:18 | 000,028,672 | ---- | C] () -- C:\Windows\System32\cmrmdrv3.dll [2011.08.16 18:42:12 | 000,065,536 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll [2011.08.16 18:42:12 | 000,000,501 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.03.01 16:18:22 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\.minecraft [2013.05.08 17:14:47 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\01003.128 [2013.06.02 19:35:24 | 000,000,000 | RHSD | M] -- C:\Users\USER1\AppData\Roaming\aaFa3 [2012.10.07 21:12:50 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\BitTorrent [2011.10.02 12:15:01 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\Bytemobile [2011.10.08 18:50:15 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\DVDVideoSoft [2012.01.14 14:15:21 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\DVDVideoSoftIEHelpers [2012.07.26 17:19:25 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\LolClient [2013.06.03 15:22:29 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\noc [2012.07.20 23:43:03 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\Notepad++ [2011.10.27 21:35:58 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\OpenOffice.org [2013.06.02 21:30:31 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\PDF Software [2013.04.02 16:00:29 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\Teeworlds [2011.08.22 03:34:44 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\temp [2012.01.15 19:23:45 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\toolplugin [2013.03.16 20:45:58 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\TS3Client [2012.02.15 21:41:52 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\ts3overlay [2013.04.14 11:34:17 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\UsAgt [2011.10.02 12:15:25 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\Vodafone [2011.10.02 15:25:59 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\Vodafone Mobile Connect [2013.05.13 11:21:52 | 000,000,000 | ---D | M] -- C:\Users\USER1\AppData\Roaming\xmldm ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > Extras.txt: Code:
ATTFilter OTL Extras logfile created on: 03.06.2013 19:45:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\USER1\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,75 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 64,89% Memory free
5,50 Gb Paging File | 4,39 Gb Available in Paging File | 79,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 54,40 Gb Free Space | 36,52% Space Free | Partition Type: NTFS
Computer Name: MT7-PC | User Name: USER1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0334813A-691E-4FD1-88FB-0915E59F1C1B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2251BF11-B487-4AB6-BD67-1E8D590F02CA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{230314BA-F12C-4C35-8C25-2832B5BC5795}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2869462E-B2D5-4844-A3D9-4E9121BD0209}" = lport=10243 | protocol=6 | dir=in | app=system |
"{303612EB-1DDD-418E-BABE-7061F71B9DD5}" = lport=137 | protocol=17 | dir=in | app=system |
"{3DDDB1D0-66F9-430D-8918-169D6816032A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D3DCF4C-BD2D-4F44-AEEF-CE15BAC9991E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{55142102-EEEC-48BF-B299-F2651585ADD4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{613F29E3-2179-48F7-8A5E-40E7F9FF7461}" = rport=138 | protocol=17 | dir=out | app=system |
"{620B2A21-78FC-4437-B57D-F97A6C72D477}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{670BA082-D60E-43C8-A4C7-1CF3048B63F9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6EC3D7D4-1D25-41EF-A86D-220F8706AB89}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{74F55D33-3DC5-45C4-A840-88164C519976}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{78A390C9-B7ED-4EF9-8509-BBEC7BF5D3DE}" = lport=139 | protocol=6 | dir=in | app=system |
"{80869229-842E-4580-8355-87269DED9CDE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8ABCF3FA-1961-4B28-9870-94C56F9DA407}" = lport=57133 | protocol=6 | dir=in | name=pando media booster |
"{A047E5FE-C65D-44C3-A61C-B66FE1D51286}" = rport=137 | protocol=17 | dir=out | app=system |
"{A31032ED-EF8F-42EF-AB4C-7489F3412785}" = lport=57133 | protocol=6 | dir=in | name=pando media booster |
"{A56EFB03-22BE-4671-BCFA-78DC83B78C09}" = lport=57133 | protocol=17 | dir=in | name=pando media booster |
"{AFF69521-4E66-45D0-9D06-457592460513}" = rport=445 | protocol=6 | dir=out | app=system |
"{B178BAA3-FC17-4714-AEB3-B5EE336406C8}" = lport=138 | protocol=17 | dir=in | app=system |
"{BC1CF1CC-E5E6-456F-9C20-39E96260DCE4}" = rport=139 | protocol=6 | dir=out | app=system |
"{CBAE5F35-0842-47E5-976A-6C13637A9F44}" = lport=445 | protocol=6 | dir=in | app=system |
"{E7BF645F-B920-45B7-AAF6-02339215C67D}" = lport=57133 | protocol=17 | dir=in | name=pando media booster |
"{F41853B4-DBFE-4254-860E-73D930DFF731}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E89CAE-C0CB-4678-AEFE-F87DC2CD6F6B}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars the force unleashed 2\swtfu2.exe |
"{018ACA99-A9D9-4C71-9AE5-CE5F8FF8ADF5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{11B4C47F-F265-4B68-9AE2-62B9D2530E72}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{168EB602-6E7C-49A1-A168-A6A32A8DF61F}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{24D18681-F41C-4E53-8520-9C9EC8CDC6E1}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"{278280D7-B328-4846-9C06-3D15B7D26192}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2783B91A-7030-4132-AA48-E8FCD820D4A5}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars the force unleashed 2\swtfu2.exe |
"{28377901-B9E8-472E-A75E-277507353DCD}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{29F72E16-537B-495C-A73C-2A475C16FE11}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2AE708C4-EFB3-436E-A009-D2B3395C66C1}" = protocol=6 | dir=out | app=system |
"{2E157471-4FD3-4CC9-87F4-43BC2653F57D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{2FEBF80B-DCD8-461D-9864-D9832A71DDE2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{32201CCA-EB59-4666-B732-ED34BAD2F633}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{325B95BD-7F33-41C8-90E3-3F8FB8134B5F}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{327F4792-23CF-4045-956D-5BA2E858B118}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{38EFADAF-64CA-4006-9E86-FBBA01459028}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3EF40341-1112-4F21-A2C3-46B26F808E82}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{404AE62C-F9AF-4F74-BB8E-0CA5E113F021}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{42730ECB-9428-4C32-8F3D-3B7DAF3C02AA}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{47FEDBB5-A38F-418B-80E3-C61EF1E4C395}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{4942FF6B-4266-4EA3-912F-D99AEC5CE3AA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{4A43E85E-97F8-4104-AB92-F17FB6FFEC15}" = protocol=17 | dir=in | app=c:\program files\electronic arts\the lord of the rings - conquest™\conquest.exe |
"{4C9F823B-304D-45A9-94B7-FC7381C74996}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{4DA1166B-EBDB-471B-8A6D-71AD7A98E21F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{51A1FBC4-8F6D-4A1B-8B46-2E9D96477098}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{5782E9BA-4C41-40C5-AC9C-6B31646F3CA4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{5C364372-FC19-481D-B6D0-26B6C256C408}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5DA906D1-3642-4C9B-8909-6552073885C9}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{5E4C1D35-747E-4F70-A693-0012903738DD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{633ABA89-C018-4EBE-966C-FB45506749AF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6A15AD97-B535-4483-ABB1-B021FB7116C2}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7038A9F3-CA4A-4B8C-ABF9-9A75C4344050}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{7136D1FD-07FB-41BC-B185-ABB250596D56}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{7B6E22F4-09E3-43A9-9CB0-D6EFEC7BF15A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7D26674F-44E8-47AF-B76A-0A646AA25C71}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7F202755-73B9-42E5-B8A4-0074D7B475E7}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"{7FC4EF48-19D1-4A85-ADBC-5FB8B8DCB8EC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{801AA570-C94B-4D46-90E2-52D14B976097}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8712C6E0-26E4-45E8-BBC8-A84A013E8A28}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{87134543-DF80-4096-93D5-E074C6AB621F}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8EEDE076-A70F-4C3A-990D-AF946CCC3B53}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{92942E4A-41BF-4330-B5A9-4C7AE640ED2E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9A3187A0-EFFD-4952-8915-7483BCF4C20E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A83D42EB-5709-4EF7-B2EF-220BBA80E4E6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A9DE0659-21AE-42C6-BD64-60BA2837F066}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{AB9981E1-1A9B-4A82-B130-F2FA2DD92617}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{ADF834AC-BEBD-49BC-B8B2-87E66AFE01E6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B37F6966-DFA0-4960-A0BA-3FEE2A5CE0DA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{B4CAE5D8-D194-4E44-A8A4-1B6B1E572CE0}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{B5FC7F5A-0556-4737-91B3-55A5B99E58CD}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{B93EDE24-5748-4497-B6C6-C64F3E66E2D8}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{BCDBD746-CB43-4725-B98C-632667F22784}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C09AEC6A-06B6-4043-B854-AD59500812B1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C1170972-839D-4D38-8BD6-D8ABBB74856F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{C42A45B6-0854-4B1A-860E-2BBDEB115211}" = protocol=6 | dir=in | app=c:\program files\electronic arts\the lord of the rings - conquest™\conquest.exe |
"{C45B99B8-0333-42C4-A960-6E1BA550ED75}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C882BE0A-E819-4441-8359-83345FB5A270}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{CF65F4B2-17E5-4D46-A8D4-A1233B462009}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D10E5746-632B-4B56-8152-176D6A78330C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{D48F6A72-A3F4-4641-B112-413B39F1AA56}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{D9F20DB8-C30D-40A9-A5D4-0F275D825030}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DEF833F8-0A45-434D-9046-C4D0012BD0C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E0F3B602-77FD-4309-984E-49698CEB7E50}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{F2D7359C-FDD5-4762-AF01-1E62C5262C49}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA94BE6A-1EAB-411B-A7BC-F57171E353EA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{FB1C3229-3782-48DC-B27A-FDBED21F7ACD}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{FDFB311B-2B35-4E92-945E-4AE246A8DE92}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"TCP Query User{03ED5597-4EC7-4163-99AA-22FAC850BCA2}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{0BCBF953-8B22-4FF5-891E-EFA996F6B8AE}C:\call of duty modern warfare 2 - kopie\iw4sp.exe" = protocol=6 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4sp.exe |
"TCP Query User{1EF1117B-A16C-440E-8095-C29D5A798EF5}C:\call of duty modern warfare 2 - kopie\iw4mp.dat" = protocol=6 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4mp.dat |
"TCP Query User{2E15D928-FD38-446C-ABDE-888E8FA22246}C:\call of duty modern warfare 2 - kopie\iw4mp.exe" = protocol=6 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4mp.exe |
"TCP Query User{36055596-1E56-45A0-859A-399832570ACA}C:\program files\electronic arts\the lord of the rings - conquest™\conquest.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\the lord of the rings - conquest™\conquest.exe |
"TCP Query User{69C8768A-653C-410A-880C-BE4FCEAD0329}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{755DD6F2-F503-4171-BC15-D06A8E856787}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"TCP Query User{85078C5E-EB0C-476A-AFC0-C35C3299B368}C:\call of duty modern warfare 2 - kopie\iw4sp.exe" = protocol=6 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4sp.exe |
"TCP Query User{93446E65-59C7-4A04-925D-CF09EDBBA47C}C:\call of duty modern warfare 2 - kopie\iw4mp.dat" = protocol=6 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4mp.dat |
"TCP Query User{A7577759-26A0-434F-B4B3-4ADA08E8AF8D}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{B1BE2A1A-4982-4AFD-B20E-213465A8B230}C:\users\user1\desktop\teeworlds1\teeworlds\teeworlds 0.6\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\user1\desktop\teeworlds1\teeworlds\teeworlds 0.6\teeworlds_srv.exe |
"TCP Query User{CE9C13A7-F71D-49AF-A24E-A11903265B7A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{D1C8C986-E126-4B5D-BDB0-E10084AEC963}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{EC5D1478-C65B-42C2-838F-80D6F81E8667}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{F953989D-F0FA-44D7-9F03-4517DB472649}C:\call of duty modern warfare 2 - kopie\iw4mp.exe" = protocol=6 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4mp.exe |
"UDP Query User{0BFCD941-1AFD-4AD2-BA14-A3DB81A174E7}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{2DF6D60C-7E65-48DE-8245-FCF7237765A2}C:\call of duty modern warfare 2 - kopie\iw4mp.dat" = protocol=17 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4mp.dat |
"UDP Query User{5422A819-8624-45BC-BCF3-D66FD2067ED6}C:\call of duty modern warfare 2 - kopie\iw4mp.dat" = protocol=17 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4mp.dat |
"UDP Query User{575F8106-744F-42AC-979F-ABE4210A5B2F}C:\call of duty modern warfare 2 - kopie\iw4sp.exe" = protocol=17 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4sp.exe |
"UDP Query User{6321C670-2D79-4CF6-AFEE-498EFFA53CD4}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{6BDC34EA-3836-4AA8-8F6A-119815646533}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{8AE22133-F51C-4970-92F3-04236351929A}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{A7F95BE5-3647-4EBB-9627-ED880F176E7C}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{ADAA683C-6D7D-4505-A64B-6398893D0E9E}C:\users\user1\desktop\teeworlds1\teeworlds\teeworlds 0.6\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\user1\desktop\teeworlds1\teeworlds\teeworlds 0.6\teeworlds_srv.exe |
"UDP Query User{D2E35A77-AB37-4CBB-891E-ED112856F621}C:\call of duty modern warfare 2 - kopie\iw4mp.exe" = protocol=17 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4mp.exe |
"UDP Query User{D3520711-9DE9-4CDD-B280-8C32530ECF31}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{DC3FC0EE-7655-4703-90AF-52890B381CFB}C:\call of duty modern warfare 2 - kopie\iw4sp.exe" = protocol=17 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4sp.exe |
"UDP Query User{DFE3E643-F86E-49A9-BE4A-57F4841FB260}C:\program files\electronic arts\the lord of the rings - conquest™\conquest.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\the lord of the rings - conquest™\conquest.exe |
"UDP Query User{E2AA8BB1-9651-4ABD-B63C-9184AFC83A74}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{F0558651-CC19-49D6-AC0C-3E4AB2F742F1}C:\call of duty modern warfare 2 - kopie\iw4mp.exe" = protocol=17 | dir=in | app=c:\call of duty modern warfare 2 - kopie\iw4mp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0B2BEE05-FB82-49AB-A23B-32BB8FAC79FC}" = S4 League_EU
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes
"{1CBB6DE3-43F0-409D-8DD3-0171B498DE01}" = Soda 3D PDF Reader
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{58E65E96-6649-4CBE-9382-35326D694E6F}" = MSN Toolbar Platform
"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
"{A147FD6E-32F2-4009-BDC9-8B4E2B1B21EB}" = Microsoft Search Enhancement Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{F9706A8C-D740-42CA-8703-E08EDD0F0778}" = LogMeIn Hamachi
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"BFlix" = BFlix
"BitTorrent" = BitTorrent
"C-Media PCI Audio Driver" = Aureon 5.1 PCI
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"DivX Setup" = DivX-Setup
"Elsword_DE_is1" = Elsword_DE
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"incredibar" = Incredibar Toolbar on IE and Chrome
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MinecraftAlpha" = MinecraftAlpha
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PowerISO" = PowerISO
"Shop for HP Supplies" = Shop for HP Supplies
"SpeedFan" = SpeedFan (remove only)
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"toolplugin" = toolplugin
"WinRAR archiver" = WinRAR 4.10 beta 5 (32-bit)
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"JNLP" = JNLP
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.05.2013 12:46:14 | Computer Name = MT7-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 26.05.2013 19:29:04 | Computer Name = MT7-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 10.0.9200.16576 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1d60 Startzeit: 01ce5a684da3d633 Endzeit: 466 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 27.05.2013 07:09:50 | Computer Name = MT7-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\alaplaya\S4League\Aegis64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 27.05.2013 07:10:47 | Computer Name = MT7-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 01.06.2013 05:15:29 | Computer Name = MT7-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\alaplaya\S4League\Aegis64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 01.06.2013 05:16:22 | Computer Name = MT7-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 01.06.2013 08:26:38 | Computer Name = MT7-PC | Source = Application Hang | ID = 1002
Description = Programm League of Legends.exe, Version 3.7.0.328 kann nicht mehr
unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 6f4 Startzeit: 01ce5ec2eb5ed309 Endzeit: 81 Anwendungspfad:
C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.232\deploy\League
of Legends.exe Berichts-ID: 3cec4427-cab6-11e2-862c-0016173bcafe
Error - 03.06.2013 05:56:38 | Computer Name = MT7-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 10.0.9200.16576 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 554 Startzeit: 01ce603f67a9f4bf Endzeit: 0 Anwendungspfad: C:\Program
Files\Internet Explorer\iexplore.exe Berichts-ID: d3b54431-cc33-11e2-8360-0016173bcafe
Error - 03.06.2013 06:36:29 | Computer Name = MT7-PC | Source = Application Hang | ID = 1002
Description = Programm mbam-setup-1.75.0.1300.tmp, Version 51.52.0.0 kann nicht
mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 498 Startzeit: 01ce6045698a6225 Endzeit: 91 Anwendungspfad:
C:\Users\USER1\AppData\Local\Temp\is-CFK4M.tmp\mbam-setup-1.75.0.1300.tmp Berichts-ID:
Error - 03.06.2013 13:14:40 | Computer Name = MT7-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\alaplaya\S4League\Aegis64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 03.06.2013 13:37:34 | Computer Name = MT7-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 03.06.2013 13:38:40 | Computer Name = MT7-PC | Source = PNRPSvc | ID = 102
Description =
Error - 03.06.2013 13:38:40 | Computer Name = MT7-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 03.06.2013 13:38:40 | Computer Name = MT7-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 03.06.2013 13:38:43 | Computer Name = MT7-PC | Source = PNRPSvc | ID = 102
Description =
Error - 03.06.2013 13:38:44 | Computer Name = MT7-PC | Source = PNRPSvc | ID = 102
Description =
Error - 03.06.2013 13:38:43 | Computer Name = MT7-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 03.06.2013 13:38:43 | Computer Name = MT7-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 03.06.2013 13:38:44 | Computer Name = MT7-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 03.06.2013 13:38:44 | Computer Name = MT7-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
< End of report >
Zu Schritt drei von der Anleitung: Ich habe die GMER-Datei ausgeführt und alle Häkchen wie beschrieben weggemacht, jedoch blieb es bei der Datei/dem Pfad die man im ScreenShot sieht hängen. (Oder habe ich es doch Missverstanden und falsch angekreuzt?) Oder kann es sein, dass es normal ist, dass der Scan an bestimmten Pfaden/Daten länger braucht als 3-10 Minuten? Wie auch immer, ich würde mich freuen wenn ich hier etwas Hilfe bekommen könnte. P.S.: Kein Fachchinesisch bitte, mein Wissen mit so etwas und auch damit, was ich hier reinkopieren sollte, ist gleich null. /Edit: Nach dem Fix vom OTL.exe und nach dem Neustart sollte ich die Textdatei hier in den Thread kopieren: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\noc deleted successfully.
C:\Users\USER1\AppData\Roaming\noc\dan.bat moved successfully.
C:\Users\USER1\AppData\Roaming\chromebrowser.exe moved successfully.
C:\Users\USER1\AppData\Roaming\aaFa3 folder moved successfully.
C:\Users\USER1\AppData\Roaming\01003.128\components folder moved successfully.
C:\Users\USER1\AppData\Roaming\01003.128 folder moved successfully.
C:\Users\USER1\9yapgjot7acsk.exe moved successfully.
C:\Users\USER1\2wvb79qzp81y4.exe moved successfully.
C:\Users\USER1\AppData\Roaming\BAcroIEHelpe005271.dll moved successfully.
C:\Users\USER1\AppData\Roaming\AcroIEHelpe005271.dll moved successfully.
========== FILES ==========
C:\Users\USER1\AppData\Roaming\noc folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: USER1
->Temp folder emptied: 2934734262 bytes
->Temporary Internet Files folder emptied: 49844819 bytes
->Java cache emptied: 146442 bytes
->FireFox cache emptied: 130327740 bytes
->Google Chrome cache emptied: 448919671 bytes
->Flash cache emptied: 810 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 683769940 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 4.051,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 06032013_231458
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Geändert von Joker2010 (03.06.2013 um 22:36 Uhr) |
|
03.06.2013, 21:59
| #2 |
| /// Malware-holic   | Internet Explorer öffnet sich selbstständig. Hi,
__________________otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O4 - HKCU..\Run: [noc] C:\Users\USER1\AppData\Roaming\noc\dan.bat ()
[2013.06.02 19:35:45 | 000,739,856 | ---- | C] (Google Inc.) -- C:\Users\USER1\AppData\Roaming\chromebrowser.exe
[2013.06.02 19:35:24 | 000,000,000 | RHSD | C] -- C:\Users\USER1\AppData\Roaming\aaFa3
[2013.05.08 17:14:43 | 000,000,000 | ---D | C] -- C:\Users\USER1\AppData\Roaming\01003.128
[2013.06.02 19:35:10 | 000,274,944 | ---- | M] () -- C:\Users\USER1\9yapgjot7acsk.exe
[2013.06.02 19:35:08 | 000,030,720 | ---- | M] () -- C:\Users\USER1\2wvb79qzp81y4.exe
[2013.05.13 11:21:07 | 000,007,544 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\BAcroIEHelpe005271.dll
[2013.05.13 11:21:01 | 000,237,664 | ---- | M] () -- C:\Users\USER1\AppData\Roaming\AcroIEHelpe005271.dll
:files
C:\Users\USER1\AppData\Roaming\noc
:Commands
[emptytemp]
falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
03.06.2013, 22:47
| #3 |
| | Internet Explorer öffnet sich selbstständig. Nein, klappt gerade nicht ohne Probleme, denn:
__________________MovedFiles Ordner -> Rechtsklick -> Senden an -> ZIP-komprimierter Ordner Und dann kommt folgende Fehlermeldung mit dem Überschrift "ZIP-komprimierte Ordner - Fehler" in der folgendes steht: "Datei nicht gefunden oder keine Leseberechtigung." Zudem schlägt immer mein Antivirus Programm zu, wenn ich dies wiederhole, jedoch ignoriere ich es einfach. |
|
04.06.2013, 11:16
| #4 |
| /// Malware-holic | Internet Explorer öffnet sich selbstständig. Hi packe noch mal, lass avira das gefundene löschen, lad den Rest hoch
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.06.2013, 12:16
| #5 |
| | Internet Explorer öffnet sich selbstständig. Okay, danke für den Tipp, diesmal hat's super geklappt mit dem Komprimieren und Hochladen. |
|
04.06.2013, 12:19
| #6 |
| /// Malware-holic | Internet Explorer öffnet sich selbstständig. Ich danke. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Internet Explorer öffnet sich selbstständig. |
|
04.06.2013, 12:44
| #7 |
| | Internet Explorer öffnet sich selbstständig. Okay, hab es einmal durchlaufen lassen und die Textdatei unter C:\ gefunden. Code:
ATTFilter 13:31:05.0464 4744 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:31:05.0726 4744 ============================================================
13:31:05.0726 4744 Current date / time: 2013/06/04 13:31:05.0726
13:31:05.0726 4744 SystemInfo:
13:31:05.0726 4744
13:31:05.0726 4744 OS Version: 6.1.7601 ServicePack: 1.0
13:31:05.0726 4744 Product type: Workstation
13:31:05.0726 4744 ComputerName: MT7-PC
13:31:05.0726 4744 UserName: USER1
13:31:05.0726 4744 Windows directory: C:\Windows
13:31:05.0726 4744 System windows directory: C:\Windows
13:31:05.0726 4744 Processor architecture: Intel x86
13:31:05.0726 4744 Number of processors: 1
13:31:05.0726 4744 Page size: 0x1000
13:31:05.0726 4744 Boot type: Normal boot
13:31:05.0726 4744 ============================================================
13:31:07.0532 4744 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:31:07.0536 4744 ============================================================
13:31:07.0536 4744 \Device\Harddisk0\DR0:
13:31:07.0540 4744 MBR partitions:
13:31:07.0540 4744 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:31:07.0540 4744 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
13:31:07.0540 4744 ============================================================
13:31:07.0565 4744 C: <-> \Device\Harddisk0\DR0\Partition2
13:31:07.0565 4744 ============================================================
13:31:07.0565 4744 Initialize success
13:31:07.0565 4744 ============================================================
13:34:16.0188 5640 ============================================================
13:34:16.0188 5640 Scan started
13:34:16.0188 5640 Mode: Manual; SigCheck; TDLFS;
13:34:16.0188 5640 ============================================================
13:34:17.0084 5640 ================ Scan system memory ========================
13:34:17.0084 5640 System memory - ok
13:34:17.0088 5640 ================ Scan services =============================
13:34:17.0268 5640 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:34:17.0454 5640 1394ohci - ok
13:34:17.0516 5640 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:34:17.0543 5640 ACPI - ok
13:34:17.0596 5640 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:34:17.0688 5640 AcpiPmi - ok
13:34:17.0788 5640 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:34:17.0817 5640 AdobeFlashPlayerUpdateSvc - ok
13:34:17.0889 5640 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:34:17.0948 5640 adp94xx - ok
13:34:17.0995 5640 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:34:18.0036 5640 adpahci - ok
13:34:18.0061 5640 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:34:18.0098 5640 adpu320 - ok
13:34:18.0147 5640 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:34:18.0213 5640 AeLookupSvc - ok
13:34:18.0280 5640 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
13:34:18.0362 5640 AFD - ok
13:34:18.0403 5640 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
13:34:18.0440 5640 agp440 - ok
13:34:18.0493 5640 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
13:34:18.0532 5640 aic78xx - ok
13:34:18.0583 5640 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
13:34:18.0653 5640 ALG - ok
13:34:18.0713 5640 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
13:34:18.0745 5640 aliide - ok
13:34:18.0793 5640 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
13:34:18.0823 5640 amdagp - ok
13:34:18.0844 5640 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
13:34:18.0875 5640 amdide - ok
13:34:18.0916 5640 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:34:18.0977 5640 AmdK8 - ok
13:34:19.0012 5640 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:34:19.0067 5640 AmdPPM - ok
13:34:19.0137 5640 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:34:19.0168 5640 amdsata - ok
13:34:19.0223 5640 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:34:19.0272 5640 amdsbs - ok
13:34:19.0313 5640 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:34:19.0342 5640 amdxata - ok
13:34:19.0637 5640 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:34:19.0657 5640 AntiVirSchedulerService - ok
13:34:19.0773 5640 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:34:19.0791 5640 AntiVirService - ok
13:34:19.0830 5640 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
13:34:19.0984 5640 AppID - ok
13:34:20.0017 5640 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:34:20.0101 5640 AppIDSvc - ok
13:34:20.0175 5640 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
13:34:20.0232 5640 Appinfo - ok
13:34:20.0345 5640 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:34:20.0382 5640 Apple Mobile Device - ok
13:34:20.0417 5640 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
13:34:20.0492 5640 AppMgmt - ok
13:34:20.0531 5640 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
13:34:20.0568 5640 arc - ok
13:34:20.0597 5640 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:34:20.0642 5640 arcsas - ok
13:34:20.0685 5640 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:34:20.0799 5640 AsyncMac - ok
13:34:20.0844 5640 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
13:34:20.0868 5640 atapi - ok
13:34:20.0936 5640 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:34:21.0002 5640 AudioEndpointBuilder - ok
13:34:21.0036 5640 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:34:21.0090 5640 Audiosrv - ok
13:34:21.0166 5640 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
13:34:21.0227 5640 avgntflt - ok
13:34:21.0291 5640 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
13:34:21.0327 5640 avipbb - ok
13:34:21.0358 5640 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
13:34:21.0389 5640 avkmgr - ok
13:34:21.0450 5640 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:34:21.0540 5640 AxInstSV - ok
13:34:21.0600 5640 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
13:34:21.0684 5640 b06bdrv - ok
13:34:21.0733 5640 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
13:34:21.0783 5640 b57nd60x - ok
13:34:21.0851 5640 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
13:34:21.0923 5640 BDESVC - ok
13:34:21.0953 5640 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
13:34:22.0013 5640 Beep - ok
13:34:22.0060 5640 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
13:34:22.0126 5640 BFE - ok
13:34:22.0173 5640 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
13:34:22.0242 5640 BITS - ok
13:34:22.0273 5640 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:34:22.0322 5640 blbdrive - ok
13:34:22.0441 5640 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:34:22.0476 5640 Bonjour Service - ok
13:34:22.0521 5640 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:34:22.0587 5640 bowser - ok
13:34:22.0619 5640 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:34:22.0708 5640 BrFiltLo - ok
13:34:22.0730 5640 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:34:22.0789 5640 BrFiltUp - ok
13:34:22.0835 5640 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
13:34:22.0898 5640 Browser - ok
13:34:22.0955 5640 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:34:23.0041 5640 Brserid - ok
13:34:23.0068 5640 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:34:23.0119 5640 BrSerWdm - ok
13:34:23.0146 5640 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:34:23.0197 5640 BrUsbMdm - ok
13:34:23.0224 5640 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:34:23.0271 5640 BrUsbSer - ok
13:34:23.0302 5640 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:34:23.0353 5640 BTHMODEM - ok
13:34:23.0408 5640 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
13:34:23.0484 5640 bthserv - ok
13:34:23.0521 5640 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:34:23.0582 5640 cdfs - ok
13:34:23.0675 5640 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
13:34:23.0738 5640 cdrom - ok
13:34:23.0802 5640 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
13:34:23.0855 5640 CertPropSvc - ok
13:34:23.0904 5640 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:34:23.0943 5640 circlass - ok
13:34:23.0974 5640 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
13:34:24.0001 5640 CLFS - ok
13:34:24.0072 5640 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:34:24.0105 5640 clr_optimization_v2.0.50727_32 - ok
13:34:24.0218 5640 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:34:24.0255 5640 clr_optimization_v4.0.30319_32 - ok
13:34:24.0285 5640 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:34:24.0316 5640 CmBatt - ok
13:34:24.0349 5640 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:34:24.0378 5640 cmdide - ok
13:34:24.0466 5640 [ DBF0577D5F34A1523EFB844BE262F8F9 ] cmuda3 C:\Windows\system32\drivers\cmudax3.sys
13:34:24.0595 5640 cmuda3 ( UnsignedFile.Multi.Generic ) - warning
13:34:24.0595 5640 cmuda3 - detected UnsignedFile.Multi.Generic (1)
13:34:24.0652 5640 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
13:34:24.0718 5640 CNG - ok
13:34:24.0748 5640 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:34:24.0781 5640 Compbatt - ok
13:34:24.0859 5640 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:34:24.0906 5640 CompositeBus - ok
13:34:24.0931 5640 COMSysApp - ok
13:34:24.0958 5640 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:34:24.0992 5640 crcdisk - ok
13:34:25.0068 5640 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:34:25.0132 5640 CryptSvc - ok
13:34:25.0191 5640 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
13:34:25.0277 5640 CSC - ok
13:34:25.0324 5640 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
13:34:25.0369 5640 CscService - ok
13:34:25.0412 5640 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
13:34:25.0478 5640 DcomLaunch - ok
13:34:25.0541 5640 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
13:34:25.0621 5640 defragsvc - ok
13:34:25.0683 5640 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:34:25.0750 5640 DfsC - ok
13:34:25.0828 5640 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
13:34:25.0886 5640 Dhcp - ok
13:34:25.0921 5640 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
13:34:25.0988 5640 discache - ok
13:34:26.0037 5640 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:34:26.0070 5640 Disk - ok
13:34:26.0125 5640 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:34:26.0179 5640 Dnscache - ok
13:34:26.0232 5640 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
13:34:26.0306 5640 dot3svc - ok
13:34:26.0373 5640 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
13:34:26.0429 5640 Dot4 - ok
13:34:26.0472 5640 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:34:26.0521 5640 Dot4Print - ok
13:34:26.0554 5640 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
13:34:26.0615 5640 dot4usb - ok
13:34:26.0667 5640 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
13:34:26.0730 5640 DPS - ok
13:34:26.0789 5640 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:34:26.0835 5640 drmkaud - ok
13:34:26.0892 5640 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:34:26.0947 5640 DXGKrnl - ok
13:34:27.0001 5640 EagleXNt - ok
13:34:27.0035 5640 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
13:34:27.0099 5640 EapHost - ok
13:34:27.0216 5640 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
13:34:27.0382 5640 ebdrv - ok
13:34:27.0423 5640 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
13:34:27.0482 5640 EFS - ok
13:34:27.0552 5640 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:34:27.0638 5640 ehRecvr - ok
13:34:27.0669 5640 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
13:34:27.0738 5640 ehSched - ok
13:34:27.0796 5640 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:34:27.0847 5640 elxstor - ok
13:34:27.0875 5640 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:34:27.0923 5640 ErrDev - ok
13:34:27.0980 5640 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
13:34:28.0041 5640 EventSystem - ok
13:34:28.0160 5640 [ 76984D46B2ABAA46F8B3FCEF82C9217D ] EverestDriver C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt
13:34:28.0169 5640 EverestDriver ( UnsignedFile.Multi.Generic ) - warning
13:34:28.0169 5640 EverestDriver - detected UnsignedFile.Multi.Generic (1)
13:34:28.0244 5640 [ 0F40E249E4DD0CE47C7CA19C5C8FB48A ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
13:34:28.0302 5640 ewusbnet - ok
13:34:28.0330 5640 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
13:34:28.0396 5640 exfat - ok
13:34:28.0431 5640 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:34:28.0503 5640 fastfat - ok
13:34:28.0578 5640 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
13:34:28.0636 5640 Fax - ok
13:34:28.0679 5640 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:34:28.0755 5640 fdc - ok
13:34:28.0796 5640 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
13:34:28.0839 5640 fdPHost - ok
13:34:28.0857 5640 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
13:34:28.0917 5640 FDResPub - ok
13:34:28.0968 5640 [ F5CB6CB6D12F495516BE27CFFCCDE4BF ] FETNDIS C:\Windows\system32\DRIVERS\fetnd6.sys
13:34:29.0015 5640 FETNDIS - ok
13:34:29.0046 5640 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:34:29.0080 5640 FileInfo - ok
13:34:29.0113 5640 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:34:29.0177 5640 Filetrace - ok
13:34:29.0210 5640 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:34:29.0261 5640 flpydisk - ok
13:34:29.0308 5640 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:34:29.0357 5640 FltMgr - ok
13:34:29.0437 5640 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
13:34:29.0521 5640 FontCache - ok
13:34:29.0589 5640 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:34:29.0615 5640 FontCache3.0.0.0 - ok
13:34:29.0666 5640 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:34:29.0701 5640 FsDepends - ok
13:34:29.0742 5640 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:34:29.0769 5640 Fs_Rec - ok
13:34:29.0824 5640 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:34:29.0853 5640 fvevol - ok
13:34:29.0896 5640 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:34:29.0927 5640 gagp30kx - ok
13:34:29.0988 5640 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:34:30.0015 5640 GEARAspiWDM - ok
13:34:30.0076 5640 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\Windows\system32\giveio.sys
13:34:30.0109 5640 giveio ( UnsignedFile.Multi.Generic ) - warning
13:34:30.0109 5640 giveio - detected UnsignedFile.Multi.Generic (1)
13:34:30.0162 5640 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
13:34:30.0253 5640 gpsvc - ok
13:34:30.0384 5640 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
13:34:30.0402 5640 gupdate - ok
13:34:30.0429 5640 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:34:30.0447 5640 gupdatem - ok
13:34:30.0517 5640 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:34:30.0566 5640 gusvc - ok
13:34:30.0625 5640 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
13:34:30.0654 5640 hamachi - ok
13:34:30.0767 5640 [ FAC31204987B0BC037938DCEBFAAAE6F ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
13:34:30.0847 5640 Hamachi2Svc - ok
13:34:30.0894 5640 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:34:30.0957 5640 hcw85cir - ok
13:34:31.0037 5640 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:34:31.0113 5640 HdAudAddService - ok
13:34:31.0158 5640 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:34:31.0218 5640 HDAudBus - ok
13:34:31.0253 5640 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:34:31.0298 5640 HidBatt - ok
13:34:31.0333 5640 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:34:31.0398 5640 HidBth - ok
13:34:31.0431 5640 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:34:31.0466 5640 HidIr - ok
13:34:31.0498 5640 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
13:34:31.0566 5640 hidserv - ok
13:34:31.0636 5640 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:34:31.0666 5640 HidUsb - ok
13:34:31.0720 5640 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:34:31.0773 5640 hkmsvc - ok
13:34:31.0816 5640 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:34:31.0879 5640 HomeGroupListener - ok
13:34:31.0930 5640 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:34:31.0981 5640 HomeGroupProvider - ok
13:34:32.0135 5640 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
13:34:32.0438 5640 hpqcxs08 - ok
13:34:32.0463 5640 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
13:34:32.0487 5640 hpqddsvc - ok
13:34:32.0540 5640 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:34:32.0575 5640 HpSAMD - ok
13:34:32.0670 5640 [ A04F4AC48895774A2CF9D1C9EAAACEF0 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
13:34:32.0696 5640 HPSLPSVC - ok
13:34:32.0754 5640 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:34:32.0803 5640 HTTP - ok
13:34:32.0868 5640 [ 92CA47DA32009CCC00A5ADED04ABBD78 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
13:34:32.0942 5640 hwdatacard - ok
13:34:32.0983 5640 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:34:33.0004 5640 hwpolicy - ok
13:34:33.0053 5640 [ 089085538885367E281686762A973EB5 ] hwusbfake C:\Windows\system32\DRIVERS\ewusbfake.sys
13:34:33.0118 5640 hwusbfake - ok
13:34:33.0178 5640 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:34:33.0233 5640 i8042prt - ok
13:34:33.0268 5640 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:34:33.0317 5640 iaStorV - ok
13:34:33.0405 5640 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:34:33.0514 5640 idsvc - ok
13:34:33.0557 5640 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:34:33.0586 5640 iirsp - ok
13:34:33.0649 5640 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
13:34:33.0715 5640 IKEEXT - ok
13:34:33.0758 5640 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
13:34:33.0788 5640 intelide - ok
13:34:33.0831 5640 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:34:33.0874 5640 intelppm - ok
13:34:33.0918 5640 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:34:33.0975 5640 IPBusEnum - ok
13:34:33.0999 5640 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:34:34.0063 5640 IpFilterDriver - ok
13:34:34.0137 5640 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:34:34.0227 5640 iphlpsvc - ok
13:34:34.0270 5640 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:34:34.0321 5640 IPMIDRV - ok
13:34:34.0352 5640 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:34:34.0405 5640 IPNAT - ok
13:34:34.0461 5640 [ EF1C51222117B37AFBFF8F4642EA8C62 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:34:34.0491 5640 iPod Service - ok
13:34:34.0538 5640 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:34:34.0614 5640 IRENUM - ok
13:34:34.0641 5640 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:34:34.0674 5640 isapnp - ok
13:34:34.0721 5640 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:34:34.0764 5640 iScsiPrt - ok
13:34:34.0811 5640 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:34:34.0840 5640 kbdclass - ok
13:34:34.0877 5640 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:34:34.0926 5640 kbdhid - ok
13:34:34.0956 5640 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
13:34:34.0983 5640 KeyIso - ok
13:34:35.0030 5640 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:34:35.0061 5640 KSecDD - ok
13:34:35.0112 5640 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:34:35.0145 5640 KSecPkg - ok
13:34:35.0186 5640 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
13:34:35.0270 5640 KtmRm - ok
13:34:35.0313 5640 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
13:34:35.0375 5640 LanmanServer - ok
13:34:35.0444 5640 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:34:35.0512 5640 LanmanWorkstation - ok
13:34:35.0569 5640 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:34:35.0637 5640 lltdio - ok
13:34:35.0698 5640 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:34:35.0791 5640 lltdsvc - ok
13:34:35.0823 5640 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
13:34:35.0885 5640 lmhosts - ok
13:34:35.0946 5640 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:34:35.0991 5640 LSI_FC - ok
13:34:36.0016 5640 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:34:36.0051 5640 LSI_SAS - ok
13:34:36.0083 5640 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:34:36.0114 5640 LSI_SAS2 - ok
13:34:36.0139 5640 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:34:36.0174 5640 LSI_SCSI - ok
13:34:36.0208 5640 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
13:34:36.0249 5640 luafv - ok
13:34:36.0309 5640 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:34:36.0340 5640 MBAMProtector - ok
13:34:36.0436 5640 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:34:36.0479 5640 MBAMScheduler - ok
13:34:36.0536 5640 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:34:36.0584 5640 MBAMService - ok
13:34:36.0631 5640 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:34:36.0670 5640 Mcx2Svc - ok
13:34:36.0709 5640 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:34:36.0747 5640 megasas - ok
13:34:36.0821 5640 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:34:36.0866 5640 MegaSR - ok
13:34:36.0905 5640 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
13:34:36.0969 5640 MMCSS - ok
13:34:36.0999 5640 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
13:34:37.0059 5640 Modem - ok
13:34:37.0112 5640 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:34:37.0155 5640 monitor - ok
13:34:37.0192 5640 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:34:37.0223 5640 mouclass - ok
13:34:37.0250 5640 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:34:37.0295 5640 mouhid - ok
13:34:37.0333 5640 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:34:37.0358 5640 mountmgr - ok
13:34:37.0413 5640 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
13:34:37.0450 5640 mpio - ok
13:34:37.0479 5640 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:34:37.0551 5640 mpsdrv - ok
13:34:37.0618 5640 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:34:37.0723 5640 MpsSvc - ok
13:34:37.0766 5640 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:34:37.0883 5640 MRxDAV - ok
13:34:37.0930 5640 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:34:38.0004 5640 mrxsmb - ok
13:34:38.0038 5640 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:34:38.0094 5640 mrxsmb10 - ok
13:34:38.0135 5640 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:34:38.0182 5640 mrxsmb20 - ok
13:34:38.0223 5640 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
13:34:38.0254 5640 msahci - ok
13:34:38.0354 5640 [ D98350792A7CE82E7459A7C36481BEDA ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
13:34:38.0395 5640 MSCamSvc - ok
13:34:38.0422 5640 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:34:38.0459 5640 msdsm - ok
13:34:38.0491 5640 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
13:34:38.0551 5640 MSDTC - ok
13:34:38.0608 5640 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:34:38.0661 5640 Msfs - ok
13:34:38.0686 5640 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:34:38.0756 5640 mshidkmdf - ok
13:34:38.0793 5640 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:34:38.0821 5640 msisadrv - ok
13:34:38.0868 5640 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:34:38.0928 5640 MSiSCSI - ok
13:34:38.0944 5640 msiserver - ok
13:34:38.0985 5640 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:34:39.0030 5640 MSKSSRV - ok
13:34:39.0053 5640 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:34:39.0114 5640 MSPCLOCK - ok
13:34:39.0129 5640 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:34:39.0196 5640 MSPQM - ok
13:34:39.0227 5640 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:34:39.0264 5640 MsRPC - ok
13:34:39.0315 5640 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:34:39.0336 5640 mssmbios - ok
13:34:39.0358 5640 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:34:39.0416 5640 MSTEE - ok
13:34:39.0440 5640 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:34:39.0487 5640 MTConfig - ok
13:34:39.0520 5640 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
13:34:39.0549 5640 Mup - ok
13:34:39.0606 5640 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
13:34:39.0653 5640 napagent - ok
13:34:39.0709 5640 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:34:39.0770 5640 NativeWifiP - ok
13:34:39.0856 5640 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:34:39.0891 5640 NDIS - ok
13:34:39.0928 5640 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:34:39.0983 5640 NdisCap - ok
13:34:40.0010 5640 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:34:40.0075 5640 NdisTapi - ok
13:34:40.0141 5640 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:34:40.0186 5640 Ndisuio - ok
13:34:40.0239 5640 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:34:40.0290 5640 NdisWan - ok
13:34:40.0329 5640 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:34:40.0393 5640 NDProxy - ok
13:34:40.0467 5640 [ 80B7A96F908DA13617E7E6832C5C6A64 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
13:34:40.0487 5640 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:34:40.0487 5640 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:34:40.0528 5640 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:34:40.0590 5640 NetBIOS - ok
13:34:40.0635 5640 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:34:40.0696 5640 NetBT - ok
13:34:40.0727 5640 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
13:34:40.0756 5640 Netlogon - ok
13:34:40.0805 5640 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
13:34:40.0874 5640 Netman - ok
13:34:40.0915 5640 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
13:34:40.0967 5640 netprofm - ok
13:34:41.0014 5640 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:34:41.0049 5640 NetTcpPortSharing - ok
13:34:41.0086 5640 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:34:41.0118 5640 nfrd960 - ok
13:34:41.0174 5640 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
13:34:41.0225 5640 NlaSvc - ok
13:34:41.0260 5640 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:34:41.0309 5640 Npfs - ok
13:34:41.0346 5640 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
13:34:41.0395 5640 nsi - ok
13:34:41.0418 5640 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:34:41.0477 5640 nsiproxy - ok
13:34:41.0555 5640 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:34:41.0647 5640 Ntfs - ok
13:34:41.0688 5640 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
13:34:41.0760 5640 Null - ok
13:34:42.0008 5640 [ B69E6F70CE1151C8D62ABC9DEF64DFBE ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:34:42.0229 5640 nvlddmkm - ok
13:34:42.0258 5640 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:34:42.0303 5640 nvraid - ok
13:34:42.0354 5640 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:34:42.0387 5640 nvstor - ok
13:34:42.0461 5640 [ E4284FCF99FEA13A7E1836F87AE356F6 ] nvsvc C:\Windows\system32\nvvsvc.exe
13:34:42.0514 5640 nvsvc - ok
13:34:42.0631 5640 [ 03E60E0BFA53ED15DC984FA34B44BB0F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:34:42.0774 5640 nvUpdatusService - ok
13:34:42.0823 5640 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:34:42.0856 5640 nv_agp - ok
13:34:42.0877 5640 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:34:42.0942 5640 ohci1394 - ok
13:34:42.0989 5640 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:34:43.0074 5640 p2pimsvc - ok
13:34:43.0111 5640 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
13:34:43.0162 5640 p2psvc - ok
13:34:43.0212 5640 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:34:43.0248 5640 Parport - ok
13:34:43.0292 5640 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:34:43.0332 5640 partmgr - ok
13:34:43.0353 5640 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
13:34:43.0398 5640 Parvdm - ok
13:34:43.0445 5640 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:34:43.0476 5640 PcaSvc - ok
13:34:43.0505 5640 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
13:34:43.0544 5640 pci - ok
13:34:43.0595 5640 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
13:34:43.0623 5640 pciide - ok
13:34:43.0652 5640 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:34:43.0691 5640 pcmcia - ok
13:34:43.0718 5640 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
13:34:43.0751 5640 pcw - ok
13:34:43.0789 5640 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:34:43.0896 5640 PEAUTH - ok
13:34:43.0957 5640 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:34:44.0032 5640 PeerDistSvc - ok
13:34:44.0155 5640 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
13:34:44.0295 5640 pla - ok
13:34:44.0360 5640 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:34:44.0426 5640 PlugPlay - ok
13:34:44.0458 5640 [ 0C155C5D8942B3CBCF9506A9D376B9AD ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
13:34:44.0477 5640 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:34:44.0477 5640 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:34:44.0504 5640 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:34:44.0553 5640 PNRPAutoReg - ok
13:34:44.0592 5640 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:34:44.0624 5640 PNRPsvc - ok
13:34:44.0676 5640 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:34:44.0723 5640 PolicyAgent - ok
13:34:44.0784 5640 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
13:34:44.0831 5640 Power - ok
13:34:44.0895 5640 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:34:45.0004 5640 PptpMiniport - ok
13:34:45.0030 5640 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:34:45.0065 5640 Processor - ok
13:34:45.0120 5640 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
13:34:45.0182 5640 ProfSvc - ok
13:34:45.0204 5640 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:34:45.0231 5640 ProtectedStorage - ok
13:34:45.0272 5640 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:34:45.0315 5640 Psched - ok
13:34:45.0379 5640 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:34:45.0465 5640 ql2300 - ok
13:34:45.0497 5640 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:34:45.0538 5640 ql40xx - ok
13:34:45.0583 5640 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
13:34:45.0670 5640 QWAVE - ok
13:34:45.0702 5640 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:34:45.0737 5640 QWAVEdrv - ok
13:34:45.0758 5640 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:34:45.0811 5640 RasAcd - ok
13:34:45.0860 5640 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:34:45.0926 5640 RasAgileVpn - ok
13:34:45.0971 5640 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
13:34:46.0028 5640 RasAuto - ok
13:34:46.0061 5640 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:34:46.0125 5640 Rasl2tp - ok
13:34:46.0194 5640 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
13:34:46.0258 5640 RasMan - ok
13:34:46.0293 5640 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:34:46.0344 5640 RasPppoe - ok
13:34:46.0364 5640 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:34:46.0432 5640 RasSstp - ok
13:34:46.0475 5640 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:34:46.0547 5640 rdbss - ok
13:34:46.0590 5640 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:34:46.0624 5640 rdpbus - ok
13:34:46.0674 5640 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:34:46.0713 5640 RDPCDD - ok
13:34:46.0745 5640 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:34:46.0795 5640 RDPDR - ok
13:34:46.0852 5640 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:34:46.0913 5640 RDPENCDD - ok
13:34:46.0942 5640 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:34:46.0997 5640 RDPREFMP - ok
13:34:47.0047 5640 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:34:47.0112 5640 RDPWD - ok
13:34:47.0172 5640 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:34:47.0219 5640 rdyboost - ok
13:34:47.0256 5640 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
13:34:47.0329 5640 RemoteAccess - ok
13:34:47.0366 5640 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:34:47.0444 5640 RemoteRegistry - ok
13:34:47.0489 5640 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:34:47.0547 5640 RpcEptMapper - ok
13:34:47.0590 5640 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
13:34:47.0637 5640 RpcLocator - ok
13:34:47.0672 5640 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
13:34:47.0717 5640 RpcSs - ok
13:34:47.0768 5640 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:34:47.0833 5640 rspndr - ok
13:34:47.0866 5640 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
13:34:47.0934 5640 s3cap - ok
13:34:47.0959 5640 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
13:34:47.0989 5640 SamSs - ok
13:34:48.0030 5640 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:34:48.0067 5640 sbp2port - ok
13:34:48.0100 5640 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:34:48.0155 5640 SCardSvr - ok
13:34:48.0188 5640 [ 20B2751CD4C8F3FD989739CA661B9F30 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
13:34:48.0225 5640 SCDEmu ( UnsignedFile.Multi.Generic ) - warning
13:34:48.0225 5640 SCDEmu - detected UnsignedFile.Multi.Generic (1)
13:34:48.0258 5640 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:34:48.0307 5640 scfilter - ok
13:34:48.0374 5640 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
13:34:48.0481 5640 Schedule - ok
13:34:48.0528 5640 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:34:48.0567 5640 SCPolicySvc - ok
13:34:48.0590 5640 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:34:48.0670 5640 SDRSVC - ok
13:34:48.0752 5640 [ 0F656D23F7956E9385E0A03F945EE338 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
13:34:48.0774 5640 SeaPort - ok
13:34:48.0811 5640 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
13:34:48.0883 5640 seclogon - ok
13:34:48.0922 5640 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
13:34:48.0987 5640 SENS - ok
13:34:49.0040 5640 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:34:49.0120 5640 SensrSvc - ok
13:34:49.0170 5640 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:34:49.0200 5640 Serenum - ok
13:34:49.0225 5640 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:34:49.0282 5640 Serial - ok
13:34:49.0319 5640 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:34:49.0366 5640 sermouse - ok
13:34:49.0430 5640 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
13:34:49.0499 5640 SessionEnv - ok
13:34:49.0526 5640 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:34:49.0579 5640 sffdisk - ok
13:34:49.0612 5640 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:34:49.0645 5640 sffp_mmc - ok
13:34:49.0666 5640 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:34:49.0700 5640 sffp_sd - ok
13:34:49.0733 5640 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:34:49.0762 5640 sfloppy - ok
13:34:49.0799 5640 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:34:49.0891 5640 SharedAccess - ok
13:34:49.0969 5640 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:34:50.0057 5640 ShellHWDetection - ok
13:34:50.0096 5640 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
13:34:50.0129 5640 sisagp - ok
13:34:50.0172 5640 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:34:50.0202 5640 SiSRaid2 - ok
13:34:50.0219 5640 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:34:50.0256 5640 SiSRaid4 - ok
13:34:50.0317 5640 [ 17EAB7852FF9F15FBAAB4E95EFC0B812 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
13:34:50.0416 5640 SkypeUpdate - ok
13:34:50.0450 5640 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:34:50.0502 5640 Smb - ok
13:34:50.0567 5640 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:34:50.0637 5640 SNMPTRAP - ok
13:34:50.0743 5640 [ F9FDE7DFDEA905859F54B23EA62352EC ] Soda 3D PDF Reader Helper Service C:\Program Files\Soda 3D PDF Reader\HelperService.exe
13:34:50.0833 5640 Soda 3D PDF Reader Helper Service - ok
13:34:50.0893 5640 [ 050323983CF4A056E649179058236796 ] Soda 3D PDF Reader Service C:\Program Files\Soda 3D PDF Reader\ConversionService.exe
13:34:50.0942 5640 Soda 3D PDF Reader Service - ok
13:34:51.0010 5640 [ DC8D2952FB6FFBAEC67BD1B93A34DF11 ] speedfan C:\Windows\system32\speedfan.sys
13:34:51.0049 5640 speedfan - ok
13:34:51.0083 5640 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
13:34:51.0113 5640 spldr - ok
13:34:51.0164 5640 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
13:34:51.0230 5640 Spooler - ok
13:34:51.0318 5640 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
13:34:51.0408 5640 sppsvc - ok
13:34:51.0455 5640 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:34:51.0527 5640 sppuinotify - ok
13:34:51.0576 5640 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:34:51.0634 5640 srv - ok
13:34:51.0693 5640 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:34:51.0761 5640 srv2 - ok
13:34:51.0791 5640 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:34:51.0828 5640 srvnet - ok
13:34:51.0867 5640 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:34:51.0933 5640 SSDPSRV - ok
13:34:52.0001 5640 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
13:34:52.0023 5640 ssmdrv - ok
13:34:52.0046 5640 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:34:52.0109 5640 SstpSvc - ok
13:34:52.0207 5640 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:34:52.0263 5640 Stereo Service - ok
13:34:52.0298 5640 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:34:52.0328 5640 stexstor - ok
13:34:52.0384 5640 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
13:34:52.0445 5640 StiSvc - ok
13:34:52.0474 5640 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
13:34:52.0505 5640 storflt - ok
13:34:52.0539 5640 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
13:34:52.0587 5640 StorSvc - ok
13:34:52.0642 5640 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:34:52.0671 5640 storvsc - ok
13:34:52.0710 5640 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
13:34:52.0742 5640 swenum - ok
13:34:52.0783 5640 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
13:34:52.0832 5640 swprv - ok
13:34:52.0908 5640 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
13:34:52.0972 5640 SysMain - ok
13:34:53.0031 5640 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:34:53.0076 5640 TabletInputService - ok
13:34:53.0101 5640 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
13:34:53.0152 5640 TapiSrv - ok
13:34:53.0193 5640 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
13:34:53.0261 5640 TBS - ok
13:34:53.0332 5640 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:34:53.0457 5640 Tcpip - ok
13:34:53.0523 5640 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:34:53.0566 5640 TCPIP6 - ok
13:34:53.0615 5640 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:34:53.0658 5640 tcpipreg - ok
13:34:53.0703 5640 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:34:53.0771 5640 TDPIPE - ok
13:34:53.0820 5640 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:34:53.0851 5640 TDTCP - ok
13:34:53.0896 5640 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:34:53.0943 5640 tdx - ok
13:34:54.0109 5640 [ A4D2CE94B028EF1E437CF4AC3D8FF26C ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
13:34:54.0175 5640 TeamViewer7 - ok
13:34:54.0230 5640 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:34:54.0269 5640 TermDD - ok
13:34:54.0328 5640 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
13:34:54.0398 5640 TermService - ok
13:34:54.0447 5640 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
13:34:54.0492 5640 Themes - ok
13:34:54.0525 5640 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
13:34:54.0570 5640 THREADORDER - ok
13:34:54.0607 5640 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
13:34:54.0669 5640 TrkWks - ok
13:34:54.0748 5640 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:34:54.0804 5640 TrustedInstaller - ok
13:34:54.0855 5640 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:34:54.0912 5640 tssecsrv - ok
13:34:54.0974 5640 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:34:55.0017 5640 TsUsbFlt - ok
13:34:55.0083 5640 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:34:55.0191 5640 tunnel - ok
13:34:55.0226 5640 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:34:55.0257 5640 uagp35 - ok
13:34:55.0308 5640 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:34:55.0382 5640 udfs - ok
13:34:55.0433 5640 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:34:55.0488 5640 UI0Detect - ok
13:34:55.0523 5640 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:34:55.0554 5640 uliagpkx - ok
13:34:55.0625 5640 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
13:34:55.0673 5640 umbus - ok
13:34:55.0718 5640 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:34:55.0767 5640 UmPass - ok
13:34:55.0808 5640 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
13:34:55.0861 5640 UmRdpService - ok
13:34:55.0912 5640 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
13:34:55.0972 5640 upnphost - ok
13:34:56.0031 5640 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
13:34:56.0080 5640 USBAAPL - ok
13:34:56.0160 5640 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:34:56.0214 5640 usbaudio - ok
13:34:56.0257 5640 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:34:56.0304 5640 usbccgp - ok
13:34:56.0367 5640 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:34:56.0425 5640 usbcir - ok
13:34:56.0458 5640 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:34:56.0488 5640 usbehci - ok
13:34:56.0523 5640 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:34:56.0582 5640 usbhub - ok
13:34:56.0621 5640 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:34:56.0669 5640 usbohci - ok
13:34:56.0716 5640 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:34:56.0750 5640 usbprint - ok
13:34:56.0792 5640 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:34:56.0845 5640 usbscan - ok
13:34:56.0875 5640 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:34:56.0947 5640 USBSTOR - ok
13:34:57.0005 5640 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:34:57.0039 5640 usbuhci - ok
13:34:57.0089 5640 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
13:34:57.0156 5640 UxSms - ok
13:34:57.0191 5640 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
13:34:57.0218 5640 VaultSvc - ok
13:34:57.0251 5640 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:34:57.0283 5640 vdrvroot - ok
13:34:57.0335 5640 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
13:34:57.0445 5640 vds - ok
13:34:57.0496 5640 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:34:57.0548 5640 vga - ok
13:34:57.0593 5640 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
13:34:57.0640 5640 VgaSave - ok
13:34:57.0685 5640 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:34:57.0726 5640 vhdmp - ok
13:34:57.0765 5640 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
13:34:57.0798 5640 viaagp - ok
13:34:57.0826 5640 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
13:34:57.0884 5640 ViaC7 - ok
13:34:57.0925 5640 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
13:34:57.0957 5640 viaide - ok
13:34:58.0009 5640 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:34:58.0046 5640 vmbus - ok
13:34:58.0072 5640 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
13:34:58.0103 5640 VMBusHID - ok
13:34:58.0132 5640 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:34:58.0164 5640 volmgr - ok
13:34:58.0201 5640 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:34:58.0234 5640 volmgrx - ok
13:34:58.0267 5640 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:34:58.0324 5640 volsnap - ok
13:34:58.0353 5640 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:34:58.0388 5640 vsmraid - ok
13:34:58.0460 5640 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
13:34:58.0539 5640 VSS - ok
13:34:58.0572 5640 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:34:58.0625 5640 vwifibus - ok
13:34:58.0744 5640 [ D22C6B9C2F840D403FD387AD207A4B16 ] VX1000 C:\Windows\system32\DRIVERS\VX1000.sys
13:34:58.0849 5640 VX1000 - ok
13:34:58.0888 5640 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
13:34:58.0960 5640 W32Time - ok
13:34:59.0005 5640 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:34:59.0052 5640 WacomPen - ok
13:34:59.0097 5640 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:34:59.0166 5640 WANARP - ok
13:34:59.0189 5640 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:34:59.0232 5640 Wanarpv6 - ok
13:34:59.0320 5640 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:34:59.0484 5640 WatAdminSvc - ok
13:34:59.0560 5640 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
13:34:59.0675 5640 wbengine - ok
13:34:59.0710 5640 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:34:59.0773 5640 WbioSrvc - ok
13:34:59.0832 5640 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:34:59.0906 5640 wcncsvc - ok
13:34:59.0939 5640 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:35:00.0021 5640 WcsPlugInService - ok
13:35:00.0056 5640 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:35:00.0089 5640 Wd - ok
13:35:00.0146 5640 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:35:00.0201 5640 Wdf01000 - ok
13:35:00.0232 5640 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:35:00.0300 5640 WdiServiceHost - ok
13:35:00.0314 5640 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:35:00.0345 5640 WdiSystemHost - ok
13:35:00.0392 5640 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
13:35:00.0466 5640 WebClient - ok
13:35:00.0501 5640 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:35:00.0568 5640 Wecsvc - ok
13:35:00.0595 5640 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:35:00.0638 5640 wercplsupport - ok
13:35:00.0673 5640 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
13:35:00.0740 5640 WerSvc - ok
13:35:00.0796 5640 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:35:00.0841 5640 WfpLwf - ok
13:35:00.0869 5640 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:35:00.0900 5640 WIMMount - ok
13:35:00.0958 5640 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:35:01.0052 5640 WinDefend - ok
13:35:01.0076 5640 WinHttpAutoProxySvc - ok
13:35:01.0134 5640 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:35:01.0222 5640 Winmgmt - ok
13:35:01.0291 5640 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
13:35:01.0369 5640 WinRM - ok
13:35:01.0451 5640 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:35:01.0498 5640 WinUsb - ok
13:35:01.0570 5640 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:35:01.0660 5640 Wlansvc - ok
13:35:01.0794 5640 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:35:01.0886 5640 wlidsvc - ok
13:35:01.0931 5640 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:35:01.0962 5640 WmiAcpi - ok
13:35:02.0003 5640 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:35:02.0056 5640 wmiApSrv - ok
13:35:02.0162 5640 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:35:02.0226 5640 WMPNetworkSvc - ok
13:35:02.0265 5640 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:35:02.0314 5640 WPCSvc - ok
13:35:02.0365 5640 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:35:02.0412 5640 WPDBusEnum - ok
13:35:02.0457 5640 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:35:02.0519 5640 ws2ifsl - ok
13:35:02.0552 5640 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
13:35:02.0599 5640 wscsvc - ok
13:35:02.0615 5640 WSearch - ok
13:35:02.0714 5640 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
13:35:02.0773 5640 wuauserv - ok
13:35:02.0824 5640 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:35:02.0873 5640 WudfPf - ok
13:35:02.0906 5640 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:35:02.0951 5640 WUDFRd - ok
13:35:02.0984 5640 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:35:03.0042 5640 wudfsvc - ok
13:35:03.0087 5640 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
13:35:03.0169 5640 WwanSvc - ok
13:35:03.0212 5640 XDva400 - ok
13:35:03.0273 5640 ================ Scan global ===============================
13:35:03.0324 5640 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
13:35:03.0376 5640 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
13:35:03.0398 5640 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
13:35:03.0439 5640 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
13:35:03.0460 5640 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
13:35:03.0468 5640 [Global] - ok
13:35:03.0472 5640 ================ Scan MBR ==================================
13:35:03.0488 5640 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:35:03.0683 5640 \Device\Harddisk0\DR0 - ok
13:35:03.0689 5640 ================ Scan VBR ==================================
13:35:03.0695 5640 [ 766EA0B72B8A53DCF0BD24C338B9486E ] \Device\Harddisk0\DR0\Partition1
13:35:03.0697 5640 \Device\Harddisk0\DR0\Partition1 - ok
13:35:03.0728 5640 [ A16A8B8C3F2F81E7E49FF9B9FFA691F2 ] \Device\Harddisk0\DR0\Partition2
13:35:03.0730 5640 \Device\Harddisk0\DR0\Partition2 - ok
13:35:03.0736 5640 ============================================================
13:35:03.0736 5640 Scan finished
13:35:03.0736 5640 ============================================================
13:35:03.0759 3088 Detected object count: 6
13:35:03.0761 3088 Actual detected object count: 6
13:35:39.0065 3088 cmuda3 ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:39.0065 3088 cmuda3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:35:39.0065 3088 EverestDriver ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:39.0065 3088 EverestDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:35:39.0067 3088 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:39.0067 3088 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:35:39.0069 3088 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:39.0069 3088 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:35:39.0071 3088 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:39.0071 3088 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:35:39.0073 3088 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:39.0075 3088 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:36:02.0277 4276 Deinitialize success
|
|
04.06.2013, 13:13
| #8 |
| /// Malware-holic | Internet Explorer öffnet sich selbstständig. Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.06.2013, 14:06
| #9 |
| | Internet Explorer öffnet sich selbstständig. Okay, tut mir leid, aber ich habe nun ein Problem mit dem Combofix. Und zwar habe ich es gestartet und währenddessen, wie befohlen, nichts angerührt. Und nun sollte ich zwar eine Textdatei auf dem Desktop oder wenigstens unter C:\ haben, habe aber keines. Danach habe ich meinen PC neugestartet, weil ich dachte, dass es evtl. danach erst erstellt wird, jedoch ist immer noch nichts angekommen. |
|
04.06.2013, 14:13
| #10 |
| /// Malware-holic | Internet Explorer öffnet sich selbstständig. ist es überhaupt bis zu erstelle Logdatei gelaufen? eig müsste das Log auch autom geöffnet werden. starte es mal erneut und schaue wie weits läfut
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.06.2013, 15:45
| #11 |
| | Internet Explorer öffnet sich selbstständig. Okay, tut mir leid, mein PC hat sich wohl an der stelle selbst "gehängt" oder ich war wohl zu vorschnell. Hier ist die ComboFix.txt Datei: Code:
ATTFilter ComboFix 13-06-03.06 - USER1 04.06.2013 15:46:23.1.1 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2816.1927 [GMT 2:00]
ausgeführt von:: c:\users\USER1\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\BFlix\BFLIx.dll
c:\program files\Incredibar.com
c:\program files\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll
c:\program files\Incredibar.com\incredibar\1.5.3.27\incredibar.crx
c:\program files\Incredibar.com\incredibar\1.5.3.27\incredibarApp.dll
c:\program files\Incredibar.com\incredibar\1.5.3.27\incredibarEng.dll
c:\program files\Incredibar.com\incredibar\1.5.3.27\incredibarsrv.exe
c:\program files\Incredibar.com\incredibar\1.5.3.27\inCRedibartlbr.dll
c:\program files\Incredibar.com\incredibar\1.5.3.27\uninstall.exe
c:\users\USER1\AppData\Roaming\AcroIEHelpe.txt
c:\users\USER1\AppData\Roaming\BAcroIEHelpe005270.dll
c:\users\USER1\AppData\Roaming\cg64vhj4.default.tmp
c:\users\USER1\AppData\Roaming\srvblck5.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-04 bis 2013-06-04 ))))))))))))))))))))))))))))))
.
.
2013-06-04 13:57 . 2013-06-04 13:58 -------- d-----w- c:\users\USER1\AppData\Local\temp
2013-06-04 13:57 . 2013-06-04 13:57 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-06-04 13:57 . 2013-06-04 13:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-03 21:40 . 2013-06-03 21:41 -------- d-----w- c:\program files\7-Zip
2013-06-03 21:14 . 2013-06-04 11:10 -------- d-----w- C:\_OTL
2013-06-03 10:33 . 2013-06-03 10:33 -------- d-----w- c:\users\USER1\AppData\Roaming\Malwarebytes
2013-06-03 10:33 . 2013-06-03 10:33 -------- d-----w- c:\programdata\Malwarebytes
2013-06-03 10:33 . 2013-06-03 10:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-03 10:33 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-03 10:31 . 2013-06-03 10:31 -------- d-----w- c:\users\USER1\AppData\Local\Programs
2013-05-22 17:06 . 2013-05-22 17:06 -------- d-----w- c:\program files\LogMeIn Hamachi
2013-05-17 13:05 . 2013-05-17 13:08 -------- d-----w- c:\program files\SpeedFan
2013-05-16 08:56 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-16 08:56 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-16 08:56 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-16 08:56 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 08:56 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-16 08:56 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-16 08:56 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-16 08:56 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-05-14 11:21 . 2013-05-14 11:21 66656 ----a-w- c:\windows\system32\drivers\avnetflt.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 15:30 . 2012-04-04 09:19 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 15:30 . 2011-08-16 12:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-05 10:47 . 2012-11-03 09:26 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-05-05 10:47 . 2012-11-03 09:26 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-05-05 10:47 . 2012-11-03 09:26 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-04-13 04:45 . 2013-05-16 08:56 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 08:56 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-19 05:04 . 2013-04-10 08:19 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 08:19 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 08:19 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 08:19 69632 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{2FE0F895-6D1D-4c80-A20D-18E42DE9B631}]
2011-12-23 16:57 91992 ----a-w- c:\program files\Soda 3D PDF Reader\PDFIEHelper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{64C9D46E-8F8B-4158-9780-A6581C7439B1}"= "c:\program files\Soda 3D PDF Reader\PDFIEPlugin.dll" [2011-12-23 750936]
.
[HKEY_CLASSES_ROOT\clsid\{64c9d46e-8f8b-4158-9780-a6581c7439b1}]
[HKEY_CLASSES_ROOT\SodaReaderPDFIEPlugin.PDFIEConverter.1]
[HKEY_CLASSES_ROOT\TypeLib\{496FD2B4-369B-4c6b-B4F3-3D93A64D05E4}]
[HKEY_CLASSES_ROOT\SodaReaderPDFIEPlugin.PDFIEConverter]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe" [2009-11-16 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-14 345312]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-28 151952]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-05-15 2255184]
.
c:\users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Task-Manager.lnk - c:\windows\System32\taskmgr.exe [2011-8-18 227328]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 13:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-11-28 23:49 151952 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 14:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2013-05-15 10:08 2255184 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2010-05-20 14:27 762736 ----a-w- c:\windows\vVX1000.exe
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-17 7168]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
R3 Soda 3D PDF Reader Helper Service;Soda 3D PDF Reader Helper Service;c:\program files\Soda 3D PDF Reader\HelperService.exe [2011-12-23 821592]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-10 1343400]
R3 XDva400;XDva400;c:\windows\system32\XDva400.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-05-05 37352]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-05-05 86752]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2013-05-15 1435984]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 Soda 3D PDF Reader Service;Soda 3D PDF Reader Service;c:\program files\Soda 3D PDF Reader\ConversionService.exe [2011-12-23 892760]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-24 22:17 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 15:30]
.
2013-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-16 16:52]
.
2013-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-16 16:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\USER1\AppData\Roaming\Mozilla\Firefox\Profiles\cg64vhj4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search the web
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: DVDVideoSoftTB Community Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: toolplugin: welcome@toolmin.com - %profile%\extensions\welcome@toolmin.com
FF - Ext: Incredibar Toolbar: ffxtlbr@incredibar.com - %profile%\extensions\ffxtlbr@incredibar.com
FF - user.js: browser.search.selectedEngine - Search the web
FF - user.js: browser.search.order.1 - Search the web
FF - user.js: browser.search.defaultenginename - Search the web
FF - user.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQkVkTMcB&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 980493b30000000000000016173bcafe
FF - user.js: extensions.incredibar_i.hardId - 980493b30000000000000016173bcafe
FF - user.js: extensions.incredibar_i.instlDay - 15349
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2721:03
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQkVkTMcB
FF - user.js: extensions.incredibar_i.upn2n - 92542177155036981
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10606
FF - user.js: extensions.incredibar_i.ppd -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
HKLM-Run-CmPCIaudio - cmicnfg3.cpl
AddRemove-incredibar - c:\program files\Incredibar.com\incredibar\1.5.3.27\uninstall.exe
AddRemove-Star Wars: The Force Unleashed 2_is1 - c:\program files\LucasArts\Star Wars The Force Unleashed 2\unins000.exe
AddRemove-toolplugin - c:\users\USER1\AppData\Local\Temp\WZSE0.TMP\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-04 16:38:53
ComboFix-quarantined-files.txt 2013-06-04 14:38
.
Vor Suchlauf: 12 Verzeichnis(se), 63.071.670.272 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 62.718.648.320 Bytes frei
.
- - End Of File - - A1F629CB999E640C5633C4F05E55B19D
|
|
04.06.2013, 15:55
| #12 |
| /// Malware-holic | Internet Explorer öffnet sich selbstständig. öffne noch mal computer, c: qoobox rechtsklick quarantain, mit winrar oder zip packen, im uploadchannel hochladen und kurz melden, wenn fertig
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.06.2013, 16:05
| #13 |
| | Internet Explorer öffnet sich selbstständig. Ist hochgeladen. Und nebenbei: Danke für die Hilfe! =) |
|
04.06.2013, 16:13
| #14 |
| /// Malware-holic | Internet Explorer öffnet sich selbstständig. Passt, danke. lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.06.2013, 11:32
| #15 | |
| | Internet Explorer öffnet sich selbstständig.Zitat:
|
|
| Themen zu Internet Explorer öffnet sich selbstständig. |
| 32 bit, antivir, bho, bonjour, festplatte, firefox, home, iexplore.exe, install.exe, internet explorer, object, plug-in, poweriso, problem, pup.bundleinstaller.vg, registry, richtlinie, scan, search the web, software, starten, svchost.exe, tastatur, teamspeak, tr/barys.17770, trojan.agent, trojan.banker, trojan.bitcoin, trojan.bitminer |
Textbox. 
WARNUNG an die MITLESER: 
Linear-Darstellung
