| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Browser mocaflix ProblemWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.06.2013, 15:37
| #1 |
 |  Browser mocaflix Problem Mein Problem: Zum Einen öffnen sich immer zwei Seiten beim Starten von Google Chrome, die websearch.mocaflix heißen und laut Google einen auf Phishing Seiten führen sollen. Ein weiteres Problem ist, dass ich nachdem ich ein Programm namens BrowserDefender.exe deinstalliert habe, permanent diese Meldung bekomme.  defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:17 on 06/06/2013 (****)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 06.06.2013 19:18:16 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 44,45% Memory free 8,21 Gb Paging File | 5,17 Gb Available in Paging File | 63,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 327,54 Gb Total Space | 163,34 Gb Free Space | 49,87% Space Free | Partition Type: NTFS Drive E: | 592,25 Gb Total Space | 496,37 Gb Free Space | 83,81% Space Free | Partition Type: NTFS Computer Name: ****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.06 19:17:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Downloads\OTL.exe PRC - [2013.05.31 14:28:40 | 000,144,384 | ---- | M] (Adobe Systems Inc.) -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.26\deploy\LolClient.exe PRC - [2013.05.31 14:02:30 | 002,686,976 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.164\deploy\LoLLauncher.exe PRC - [2013.05.31 14:02:17 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe PRC - [2013.05.04 12:37:20 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.03.27 23:38:10 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.27 23:38:02 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\****\AppData\Local\Akamai\netsession_win.exe PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009.04.11 00:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe PRC - [2008.04.25 15:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files (x86)\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe ========== Modules (No Company Name) ========== MOD - [2013.05.31 14:24:08 | 004,774,248 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.26\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll MOD - [2013.05.31 14:02:30 | 002,686,976 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.164\deploy\LoLLauncher.exe MOD - [2013.05.31 14:02:17 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe MOD - [2013.05.29 07:27:38 | 000,393,168 | ---- | M] () -- C:\Users\****\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll MOD - [2013.05.29 07:27:37 | 013,136,336 | ---- | M] () -- C:\Users\****\AppData\Local\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll MOD - [2013.05.29 07:27:35 | 004,051,408 | ---- | M] () -- C:\Users\****\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll MOD - [2013.05.29 07:26:40 | 000,599,504 | ---- | M] () -- C:\Users\****\AppData\Local\Google\Chrome\Application\27.0.1453.110\libglesv2.dll MOD - [2013.05.29 07:26:39 | 000,124,368 | ---- | M] () -- C:\Users\****\AppData\Local\Google\Chrome\Application\27.0.1453.110\libegl.dll MOD - [2013.05.29 07:26:36 | 001,597,392 | ---- | M] () -- C:\Users\****\AppData\Local\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll MOD - [2013.05.27 07:05:04 | 000,156,160 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\Air.dll MOD - [2013.05.27 06:10:48 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\Launcher.dll ========== Services (SafeList) ========== SRV - [2013.05.26 23:19:04 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () [Auto | Start_Pending] -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert) SRV - [2013.05.15 16:57:20 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.03.27 23:38:10 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.27 23:38:02 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012.04.26 12:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Programme\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc) SRV - [2009.03.29 22:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.04.25 15:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files (x86)\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) SRV - [2006.12.14 18:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2005.03.09 21:50:18 | 000,018,944 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Auto | Stopped] -- C:\Windows\SysWOW64\libusbd-nt.exe -- (libusbd) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013.03.27 23:38:13 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.27 23:38:13 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.27 23:38:13 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.07.31 10:45:10 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc) DRV:64bit: - [2012.05.12 13:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.15 21:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tap0901.sys -- (tap0901) DRV:64bit: - [2011.12.07 20:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21) DRV:64bit: - [2010.06.14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.04.27 04:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bmdm.sys -- (ss_bmdm) DRV:64bit: - [2010.04.27 04:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bbus.sys -- (ss_bbus) DRV:64bit: - [2010.04.27 04:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bmdfl.sys -- (ss_bmdfl) DRV:64bit: - [2008.02.22 19:54:00 | 000,019,496 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM) DRV - [2013.02.05 10:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.06.14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2010.01.29 12:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive) DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) DRV - [2005.03.09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\****\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\****\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.03 17:43:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2013.02.28 16:04:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\8zu5s3ea.default\extensions [2013.02.14 07:33:54 | 000,002,376 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\8zu5s3ea.default\searchplugins\icq.xml [2013.06.04 16:10:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\Extensions [2013.05.26 23:19:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.26 23:19:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://websearch.mocaflix.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Google Update (Enabled) = C:\Users\****\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: YouTube = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: AdBlock = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\ CHR - Extension: ProxMate - Improve your Internet! = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\2.3.5_0\ O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\****\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: aeriagames.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED0AD528-8918-45F6-A371-C5AAF664B1A4}: DhcpNameServer = 192.168.178.1 O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{8d8777ce-87f9-11e2-83fb-00242150365f}\Shell - "" = AutoRun O33 - MountPoints2\{8d8777ce-87f9-11e2-83fb-00242150365f}\Shell\AutoRun\command - "" = L:\Install.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1 [2013.06.06 19:18:26 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\logs [2013.06.05 21:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.06.05 16:03:16 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2013.06.05 16:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.06.05 16:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.05 16:03:06 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.06.05 16:03:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.06.05 15:41:48 | 002,051,696 | ---- | C] (Bitdefender SRL) -- C:\Users\****\AppData\Local\qs64.dll [2013.06.05 15:41:48 | 000,733,224 | ---- | C] (Bitdefender SRL) -- C:\Users\****\AppData\Local\qs.dll [2013.06.05 15:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defender Pro Quick Scanner [2013.06.04 16:10:17 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender [2013.06.04 16:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender [2013.06.04 16:05:06 | 000,536,652 | ---- | C] (ArcSoft Inc.) -- C:\Windows\SysWow64\ASAudioHD.ax [2013.06.04 16:05:06 | 000,490,496 | ---- | C] (www.madshi.net) -- C:\Windows\SysWow64\madFlac.ax [2013.06.04 16:05:06 | 000,285,184 | ---- | C] (ArcSoft Inc.) -- C:\Windows\SysWow64\MagUIEngine.dll [2013.06.04 16:05:06 | 000,106,496 | ---- | C] (ArcSoft Inc.) -- C:\Windows\SysWow64\checkactivate.dll [2013.06.04 16:05:06 | 000,092,672 | ---- | C] (ArcSoft Inc.) -- C:\Windows\SysWow64\MagUIInter.dll [2013.06.04 16:05:06 | 000,055,808 | ---- | C] (ArcSoft Inc.) -- C:\Windows\SysWow64\MagPCMac.dll [2013.06.04 16:05:06 | 000,035,328 | ---- | C] (ArcSoft Inc.) -- C:\Windows\SysWow64\MagCore.dll [2013.06.04 16:05:06 | 000,000,000 | ---D | C] -- C:\Temp [2013.06.04 16:05:05 | 000,439,808 | ---- | C] (MPC-HC Team) -- C:\Windows\SysWow64\RealMediaSplitter.ax [2013.06.04 16:05:05 | 000,417,792 | ---- | C] (Gabest) -- C:\Windows\SysWow64\FLVSplitter.ax [2013.06.04 16:05:05 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll [2013.05.31 15:44:29 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Atlantica [2013.05.31 04:01:40 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\League of Legends [2013.05.30 05:18:52 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\donetasy [2013.05.26 23:18:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.23 19:12:04 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Screaming Bee [2013.05.23 19:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee [2013.05.18 19:59:27 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Awesomium [2013.05.18 19:56:40 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Aeria Games [2013.05.18 19:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games [2013.05.18 19:47:52 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames [2013.05.18 19:37:04 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin [2013.05.18 19:36:59 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Aeria Games & Entertainment [2013.05.13 16:24:07 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\BoL [2013.05.11 02:21:05 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\settings ========== Files - Modified Within 30 Days ========== [2013.06.06 19:16:40 | 000,000,000 | ---- | M] () -- C:\Users\****\defogger_reenable [2013.06.06 19:04:01 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029538542-3273361527-2256941593-1000UA.job [2013.06.06 18:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.06 18:02:14 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.06 18:02:14 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.06 17:04:02 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029538542-3273361527-2256941593-1000Core.job [2013.06.06 14:13:55 | 000,002,058 | ---- | M] () -- C:\Users\****\Desktop\Google Chrome.lnk [2013.06.06 14:02:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.06 14:02:06 | 4294,172,672 | -HS- | M] () -- C:\hiberfil.sys [2013.06.05 21:45:26 | 000,279,370 | ---- | M] () -- C:\Users\****\Documents\cc_20130605_214518.reg [2013.06.05 18:27:33 | 000,000,499 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.06.05 15:41:48 | 002,051,696 | ---- | M] (Bitdefender SRL) -- C:\Users\****\AppData\Local\qs64.dll [2013.06.05 15:41:48 | 000,733,224 | ---- | M] (Bitdefender SRL) -- C:\Users\****\AppData\Local\qs.dll [2013.06.05 07:58:54 | 002,625,606 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.05 07:58:54 | 001,247,620 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.05 07:58:54 | 000,773,838 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.05 07:58:54 | 000,691,446 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.05 07:58:54 | 000,006,972 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.04 16:33:34 | 000,027,648 | ---- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.06.02 11:06:56 | 000,000,949 | ---- | M] () -- C:\Users\****\Desktop\vegas120 - Verknüpfung.lnk [2013.06.02 10:59:13 | 000,000,680 | ---- | M] () -- C:\Users\****\AppData\Local\d3d9caps.dat [2013.06.01 03:40:30 | 000,000,818 | ---- | M] () -- C:\Users\****\Desktop\lol.launcher.admin - Verknüpfung.lnk [2013.05.30 00:02:32 | 000,000,757 | ---- | M] () -- C:\Users\****\Desktop\LoLNotes - Verknüpfung.lnk [2013.05.29 06:23:20 | 000,001,838 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2013.05.26 17:35:14 | 000,271,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.24 21:22:42 | 000,001,921 | ---- | M] () -- C:\Users\****\Desktop\Preset Manager 2.0.lnk [2013.05.09 22:44:40 | 000,006,294 | ---- | M] () -- C:\Users\****\Desktop\avatar4160663_58.jpg ========== Files Created - No Company Name ========== [2013.06.06 19:16:40 | 000,000,000 | ---- | C] () -- C:\Users\****\defogger_reenable [2013.06.05 21:45:19 | 000,279,370 | ---- | C] () -- C:\Users\****\Documents\cc_20130605_214518.reg [2013.06.05 09:12:47 | 000,000,499 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.06.04 16:05:06 | 000,917,504 | ---- | C] () -- C:\Windows\SysWow64\dtsdecoderdll.dll [2013.06.04 16:05:06 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll [2013.06.02 11:06:56 | 000,000,949 | ---- | C] () -- C:\Users\****\Desktop\vegas120 - Verknüpfung.lnk [2013.06.02 10:59:13 | 000,000,680 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps.dat [2013.06.01 03:40:30 | 000,000,818 | ---- | C] () -- C:\Users\****\Desktop\lol.launcher.admin - Verknüpfung.lnk [2013.05.30 00:01:11 | 000,000,757 | ---- | C] () -- C:\Users\****\Desktop\LoLNotes - Verknüpfung.lnk [2013.05.29 06:23:20 | 000,001,838 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2013.05.24 21:22:42 | 000,001,921 | ---- | C] () -- C:\Users\****\Desktop\Preset Manager 2.0.lnk [2013.05.09 22:44:40 | 000,006,294 | ---- | C] () -- C:\Users\****\Desktop\avatar4160663_58.jpg [2013.03.03 19:00:27 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\qzpz.dll [2013.03.03 04:12:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2013.03.03 04:12:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2013.03.03 04:10:37 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2013.02.24 16:54:09 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys [2013.02.23 12:09:32 | 000,007,823 | ---- | C] () -- C:\Users\****\ESt2012_Moncayo_Nuhn_Jose_Manuel.elfo [2013.02.20 09:49:26 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll [2013.02.20 09:49:26 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys [2013.02.20 09:19:30 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2013.02.20 09:07:58 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2013.02.13 14:15:02 | 000,000,854 | ---- | C] () -- C:\Users\****\AppData\Local\recently-used.xbel [2013.02.04 00:24:13 | 001,634,798 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.02.03 18:27:50 | 000,027,648 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll ========== ZeroAccess Check ========== [2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 01:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.05.18 19:36:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Aeria Games & Entertainment [2013.05.18 19:59:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Awesomium [2013.06.05 19:21:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\BoL [2013.02.23 11:38:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\elsterformular [2013.04.08 21:21:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\EPSON [2013.02.24 15:19:13 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\fltk.org [2013.05.06 02:28:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\GarenaPlus [2013.02.14 07:38:13 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ-Profile [2013.02.14 07:33:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQM [2013.02.03 21:18:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LolClient [2013.02.24 16:31:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MotioninJoy [2013.03.03 15:45:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Publish Providers [2013.03.03 15:53:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Red Giant Link [2013.02.24 18:33:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Samsung [2013.05.23 19:12:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Screaming Bee [2013.03.03 23:34:54 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Sony [2013.05.19 20:52:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Spotify [2013.06.06 18:13:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TS3Client [2013.02.23 12:43:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\VBA-M [2013.02.23 13:41:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\WinISO Computing ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 06.06.2013 19:18:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 44,45% Memory free
8,21 Gb Paging File | 5,17 Gb Available in Paging File | 63,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 327,54 Gb Total Space | 163,34 Gb Free Space | 49,87% Space Free | Partition Type: NTFS
Drive E: | 592,25 Gb Total Space | 496,37 Gb Free Space | 83,81% Space Free | Partition Type: NTFS
Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.WH4Z4YUIFPG32HKJS2UOICFTJY] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 01 01 19 11 B9 17 CE 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3029538542-3273361527-2256941593-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 2
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01636551-7CC5-4EE5-8543-62D68242C9B7}" = lport=137 | protocol=17 | dir=in | app=system |
"{06AD667A-BBC1-4220-BEA1-21325B2CF1FB}" = lport=445 | protocol=6 | dir=in | app=system |
"{10A68F17-165D-448E-AB9F-0676DD87608A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{27B6AB97-EA85-443E-B0E5-9742E5C559D1}" = rport=137 | protocol=17 | dir=out | app=system |
"{339278FE-36BF-4C56-B893-85E68ACEAA4B}" = lport=138 | protocol=17 | dir=in | app=system |
"{4A125863-6C26-45EC-BD59-FE75468FDFD5}" = rport=445 | protocol=6 | dir=out | app=system |
"{A492887F-31C2-4AFE-8693-C8A006D81A9D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BD140B85-88E7-4321-AFB7-5D2AD954CAB3}" = rport=139 | protocol=6 | dir=out | app=system |
"{BFCC4477-9A11-43D3-8300-D867CC8F741E}" = rport=138 | protocol=17 | dir=out | app=system |
"{D39BBEF5-905D-4D36-B0E1-67224E4E9E0C}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D0D176-A0BF-49BA-A841-AF7D2F636B5A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{08F13F5F-5B46-47A7-B508-4369EBA38806}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{13F5FB11-577B-48C0-BEBD-F4E76216FF48}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{283D7D60-C0CF-44FC-B002-26C53760464F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2FA48411-C177-48BA-A1AA-499DAD52E5FC}" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\icqm\icq.exe |
"{39E4E0F0-41D1-48A7-A82C-FD6BBA2BD29C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{3CF79118-4239-429D-8EE4-A5262C9CC717}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{4A2F25C0-26F6-4DCE-8E60-5344E0026949}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{759D7E9E-82EA-43BF-B53B-AD468309ABE2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7A52D970-0279-4EA3-8FA3-C386FAA8DC41}" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\icqm\icq.exe |
"{88DB35B8-FE8E-47B2-B051-BA42548843FF}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{9A173262-FB38-45F5-923B-86D628F0650F}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{BD2EB19D-0869-40EB-98CD-DDBD2C374DB5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BE2AE9EF-185A-44B0-8CDA-891CFC307AA2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C88E0359-C0BE-44C5-8CAA-19F724D43FC5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{DA258A29-C300-46D7-9103-E218832FC662}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{F16B2782-0E39-44A6-B90E-46E4B233A298}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{FD26B9B3-0AC0-46B1-B64C-4FFA4182A679}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"TCP Query User{0031EC39-E16A-42EC-B79E-45A0EF0529FE}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"TCP Query User{2CF4E4E2-F0F8-45A7-AE15-25FF12672B93}C:\program files\sony\vegas pro 12.0\vegas120.exe" = protocol=6 | dir=in | app=c:\program files\sony\vegas pro 12.0\vegas120.exe |
"TCP Query User{56B4A59C-9871-430B-BED3-E867FA345865}C:\users\****\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\local\akamai\netsession_win.exe |
"TCP Query User{6FDFC0F6-19AA-480C-94C7-9EF184804384}C:\users\****\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\local\akamai\netsession_win.exe |
"TCP Query User{9D6945AB-E8D5-4B44-967A-1AAB4C50DC8F}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"TCP Query User{F34C0192-2DCA-4FD3-9B6A-88DB939B0A4F}C:\users\****\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\spotify\spotify.exe |
"TCP Query User{FF70EFCD-31F9-4EEA-B6C9-8A6525F0447C}C:\users\****\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\spotify\spotify.exe |
"UDP Query User{1A10EA5A-FA70-4646-A6E1-B9FF1F880AB8}C:\users\****\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\local\akamai\netsession_win.exe |
"UDP Query User{2D23FD89-9D75-4E71-96AC-122900221501}C:\users\****\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\spotify\spotify.exe |
"UDP Query User{32E43DF8-7692-4A7B-9B18-AEED8EFC7111}C:\program files\sony\vegas pro 12.0\vegas120.exe" = protocol=17 | dir=in | app=c:\program files\sony\vegas pro 12.0\vegas120.exe |
"UDP Query User{3324D9C1-8BF3-42BC-862C-A4F73F65A0C6}C:\users\****\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\local\akamai\netsession_win.exe |
"UDP Query User{6EC3397E-2A83-4372-89C6-1B226F93AA46}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"UDP Query User{98F70B9F-91CD-4AF6-BC01-B47A5876399F}C:\users\****\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\spotify\spotify.exe |
"UDP Query User{E382F0CD-92A3-4CCA-A719-F26D30C93A6F}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.5.0002
"{3C09DE13-867C-4289-9F95-4510BB3A5F57}" = Magic Bullet Suite 64-bit
"{7A0D09B0-6575-11E2-89D5-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{7E708ADE-6575-11E2-8713-F04DA23A5C58}" = MSVCRT Redists
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"CCleaner" = CCleaner
"CyberGhost VPN_is1" = CyberGhost VPN
"EPSON SX110 Series" = EPSON SX110 Series Printer Uninstall
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{080FE95E-5A89-4A54-BAAA-D769971B7C2D}" = Corel Home Office 5.0.36
"{2F04C9DA-94DA-4361-8B34-02CD8187861F}" = SystemDiagnostics
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7613592F-B20C-4E1B-B2DD-67F0784D4373}" = Energy Settings
"{88BFE745-3D1F-4B80-8C40-E626E5A8E613}" = Samsung S5230 Wallpaper Creator
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{FCFE3F81-C977-4D31-877B-2778BB2A02DE}" = Preset Manager 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Crossfire Europe" = Crossfire Europe
"ElsterFormular" = ElsterFormular
"EPSON Scanner" = EPSON Scan
"Fraps" = Fraps (remove only)
"InstallShield_{3C09DE13-867C-4289-9F95-4510BB3A5F57}" = Magic Bullet Suite 64-bit
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"LOLReplay" = LOLReplay
"LoLTW" = Garena *^¶¯Áp·ù¡]¥xÆW¡^
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 240" = Counter-Strike: Source
"UltraISO_is1" = UltraISO Premium V9.53
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"ICQ" = ICQ 8.0 (build 5999, für aktuellen Benutzer)
"MyFreeCodec" = MyFreeCodec
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.06.2013 09:47:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
0x519ddcdf, fehlerhaftes Modul BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
0x519ddcdf, Ausnahmecode 0x40000015, Fehleroffset 0x000f1790, Prozess-ID 0x1110,
Anwendungsstartzeit 01ce62bc5173d350.
Error - 06.06.2013 09:48:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
0x519ddcdf, fehlerhaftes Modul BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
0x519ddcdf, Ausnahmecode 0x40000015, Fehleroffset 0x000f1790, Prozess-ID 0x920,
Anwendungsstartzeit 01ce62bc7536f240.
Error - 06.06.2013 09:49:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
0x519ddcdf, fehlerhaftes Modul BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
0x519ddcdf, Ausnahmecode 0x40000015, Fehleroffset 0x000f1790, Prozess-ID 0x130c,
Anwendungsstartzeit 01ce62bc98faad70.
Error - 06.06.2013 09:50:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
0x519ddcdf, fehlerhaftes Modul BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
0x519ddcdf, Ausnahmecode 0x40000015, Fehleroffset 0x000f1790, Prozess-ID 0x46c,
Anwendungsstartzeit 01ce62bcbcbe4190.
Error - 06.06.2013 09:51:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
0x519ddcdf, fehlerhaftes Modul BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
0x519ddcdf, Ausnahmecode 0x40000015, Fehleroffset 0x000f1790, Prozess-ID 0xf10,
Anwendungsstartzeit 01ce62bce0809d30.
Error - 06.06.2013 09:52:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
0x519ddcdf, fehlerhaftes Modul BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
0x519ddcdf, Ausnahmecode 0x40000015, Fehleroffset 0x000f1790, Prozess-ID 0x934,
Anwendungsstartzeit 01ce62bd04445860.
Error - 06.06.2013 09:53:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
0x519ddcdf, fehlerhaftes Modul BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
0x519ddcdf, Ausnahmecode 0x40000015, Fehleroffset 0x000f1790, Prozess-ID 0x914,
Anwendungsstartzeit 01ce62bd280617c0.
Error - 06.06.2013 09:54:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
0x519ddcdf, fehlerhaftes Modul BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
0x519ddcdf, Ausnahmecode 0x40000015, Fehleroffset 0x000f1790, Prozess-ID 0xff0,
Anwendungsstartzeit 01ce62bd4bca4820.
Error - 06.06.2013 09:55:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
0x519ddcdf, fehlerhaftes Modul BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
0x519ddcdf, Ausnahmecode 0x40000015, Fehleroffset 0x000f1790, Prozess-ID 0x840,
Anwendungsstartzeit 01ce62bd6f8e9f90.
Error - 06.06.2013 09:56:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
0x519ddcdf, fehlerhaftes Modul BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
0x519ddcdf, Ausnahmecode 0x40000015, Fehleroffset 0x000f1790, Prozess-ID 0x970,
Anwendungsstartzeit 01ce62bd93514950.
< End of report >
ADW#1 Code:
ATTFilter # AdwCleaner v2.301 - Datei am 05/06/2013 um 09:12:43 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : **** - ****-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\****\Downloads\adwcleaner_2.3.0.1.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\8zu5s3ea.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\8zu5s3ea.default\searchplugins\claro.xml
Gelöscht mit Neustart : C:\ProgramData\Babylon
Gelöscht mit Neustart : C:\Users\****\AppData\Local\Temp\OCS
Gelöscht mit Neustart : C:\Users\****\AppData\Roaming\BabSolution
Gelöscht mit Neustart : C:\Users\****\AppData\Roaming\Babylon
Gelöscht mit Neustart : C:\Users\****\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IM
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\5b48fdeb769ba41
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5b48fdeb769ba41
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IM
Schlüssel Gelöscht : HKU\S-1-5-21-3029538542-3273361527-2256941593-1001\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16483
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=120129&babsrc=HP_ss&mntrId=02a73ef000000000000000242150365f --> hxxp://www.google.com
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\8zu5s3ea.default\prefs.js
C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\8zu5s3ea.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.selectedEngine", "Claro Search");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=120129&babsrc=HP_ss&mntrId[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=120129&babsrc[...]
Gelöscht : user_pref("extensions.claro.admin", false);
Gelöscht : user_pref("extensions.claro.aflt", "babsst");
Gelöscht : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gelöscht : user_pref("extensions.claro.autoRvrt", "false");
Gelöscht : user_pref("extensions.claro.dfltLng", "en");
Gelöscht : user_pref("extensions.claro.excTlbr", false);
Gelöscht : user_pref("extensions.claro.id", "02a73ef000000000000000242150365f");
Gelöscht : user_pref("extensions.claro.instlDay", "15750");
Gelöscht : user_pref("extensions.claro.instlRef", "sst");
Gelöscht : user_pref("extensions.claro.prdct", "claro");
Gelöscht : user_pref("extensions.claro.prtnrId", "claro");
Gelöscht : user_pref("extensions.claro.rvrt", "false");
Gelöscht : user_pref("extensions.claro.tlbrId", "base");
Gelöscht : user_pref("extensions.claro.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.claro.vrsn", "1.8.8.5");
Gelöscht : user_pref("extensions.claro.vrsni", "1.8.8.5");
Gelöscht : user_pref("extensions.claro_i.excTlbr", false);
Gelöscht : user_pref("extensions.claro_i.newTab", false);
Gelöscht : user_pref("extensions.claro_i.smplGrp", "none");
Gelöscht : user_pref("extensions.claro_i.vrsnTs", "1.8.8.57:33:32");
-\\ Google Chrome v27.0.1453.94
Datei : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [5999 octets] - [05/06/2013 09:11:42]
AdwCleaner[S1].txt - [5781 octets] - [05/06/2013 09:12:43]
########## EOF - C:\AdwCleaner[S1].txt - [5841 octets] ##########
Code:
ATTFilter # AdwCleaner v2.301 - Datei am 05/06/2013 um 15:51:40 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : **** - ****-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\****\Downloads\adwcleaner_2.3.0.1.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Gelöscht mit Neustart : C:\ProgramData\Babylon
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16483
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\8zu5s3ea.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v27.0.1453.94
Datei : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.43] : icon_url = "hxxp://www.delta-search.com/favicon.ico",
Gelöscht [l.46] : keyword = "delta-search.com",
Gelöscht [l.50] : search_url = "hxxp://www.delta-search.com/?q={searchTerms}&affID=121562&tt=gc_&babsrc=SP_ss&m[...]
Gelöscht [l.2717] : urls_to_restore_on_startup = [ "hxxp://www.delta-search.com/?affID=121562&tt=gc_&babsrc=HP_ss[...]
*************************
AdwCleaner[R1].txt - [5999 octets] - [05/06/2013 09:11:42]
AdwCleaner[R2].txt - [1882 octets] - [05/06/2013 15:49:00]
AdwCleaner[S1].txt - [5904 octets] - [05/06/2013 09:12:43]
AdwCleaner[S2].txt - [1780 octets] - [05/06/2013 15:51:40]
########## EOF - C:\AdwCleaner[S2].txt - [1840 octets] ##########
Code:
ATTFilter # AdwCleaner v2.301 - Datei am 05/06/2013 um 18:27:13 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : ***** - *****-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*****\Downloads\adwcleaner_2.3.0.1.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Gelöscht mit Neustart : C:\ProgramData\Babylon
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16483
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\8zu5s3ea.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v27.0.1453.94
Datei : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.2203] : homepage = "hxxp://websearch.mocaflix.com/",
Gelöscht [l.2900] : urls_to_restore_on_startup = [ "hxxp://websearch.mocaflix.com/", "" ]
*************************
AdwCleaner[R1].txt - [5999 octets] - [05/06/2013 09:11:42]
AdwCleaner[R2].txt - [1882 octets] - [05/06/2013 15:49:00]
AdwCleaner[R3].txt - [1439 octets] - [05/06/2013 18:26:28]
AdwCleaner[S1].txt - [5904 octets] - [05/06/2013 09:12:43]
AdwCleaner[S2].txt - [1909 octets] - [05/06/2013 15:51:40]
AdwCleaner[S3].txt - [1378 octets] - [05/06/2013 18:27:13]
########## EOF - C:\AdwCleaner[S3].txt - [1438 octets] ##########
mbam Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.05.04 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 **** :: ****-PC [Administrator] Schutz: Aktiviert 05.06.2013 16:04:25 mbam-log-2013-06-05 (16-04-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|H:\|I:\|J:\|K:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 626064 Laufzeit: 2 Stunde(n), 11 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 5 HKCR\CLSID\{EF94624F-EAAE-47CA-BE5B-86FDBF0B2BBA} (Backdoor.Hupigon) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{5FD5723F-D6F6-4F31-A7D0-318E72D28E80} (Backdoor.Hupigon) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{DF4F905C-0961-4464-8460-DD2A1F274D1F} (Backdoor.Hupigon) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\QMDispatch.QMFunction.1 (Backdoor.Hupigon) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\QMDispatch.QMFunction (Backdoor.Hupigon) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\Windows\QMDispatch.dll (Backdoor.Hupigon) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\AppData\Local\Temp\pricepeep_130001_1001.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\Desktop\qmacro\QMacro6.exe (Malware.Packer.as) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\Desktop\qmacro\QMacro6.exe.BAK (Malware.Packer.as) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\****\Downloads\Crossfire simple Injector_mpgh.net.rar (Hacktool.Injector) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
07.06.2013, 15:42
| #2 |
| /// Malwareteam / Visitor  | Browser mocaflix Problem Ich bin Smeenk und ich werde versuchen Dir zu helfen  Systemscan mit ZOEK Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/
Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte alles nach Möglichkeit hier in CODE-Tags posten: [code] Dein Log hier [/code] |
|
07.06.2013, 16:14
| #3 |
| | Browser mocaflix Problem ZOEK will sich einfach nicht öffnen lassen. Hab den PC auch schon neugestartet und es nochmal versucht. Im Task Manager erscheint der Prozess für eine Sekunde und verschwindet direkt wieder.
__________________TDS Code:
ATTFilter 17:09:32.0836 4904 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:09:32.0976 4904 ============================================================
17:09:32.0976 4904 Current date / time: 2013/06/07 17:09:32.0976
17:09:32.0976 4904 SystemInfo:
17:09:32.0976 4904
17:09:32.0976 4904 OS Version: 6.0.6002 ServicePack: 2.0
17:09:32.0976 4904 Product type: Workstation
17:09:32.0976 4904 ComputerName: ***-PC
17:09:32.0976 4904 UserName: ***
17:09:32.0976 4904 Windows directory: C:\Windows
17:09:32.0976 4904 System windows directory: C:\Windows
17:09:32.0976 4904 Running under WOW64
17:09:32.0976 4904 Processor architecture: Intel x64
17:09:32.0976 4904 Number of processors: 4
17:09:32.0976 4904 Page size: 0x1000
17:09:32.0976 4904 Boot type: Normal boot
17:09:32.0976 4904 ============================================================
17:09:33.0351 4904 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:09:33.0366 4904 ============================================================
17:09:33.0366 4904 \Device\Harddisk0\DR0:
17:09:33.0366 4904 MBR partitions:
17:09:33.0366 4904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x28F14000
17:09:33.0366 4904 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2A684800, BlocksNum 0x4A081DB0
17:09:33.0366 4904 ============================================================
17:09:33.0491 4904 C: <-> \Device\Harddisk0\DR0\Partition1
17:09:33.0585 4904 E: <-> \Device\Harddisk0\DR0\Partition2
17:09:33.0585 4904 ============================================================
17:09:33.0585 4904 Initialize success
17:09:33.0585 4904 ============================================================
17:09:55.0622 3704 ============================================================
17:09:55.0622 3704 Scan started
17:09:55.0622 3704 Mode: Manual; TDLFS;
17:09:55.0622 3704 ============================================================
17:09:56.0075 3704 ================ Scan system memory ========================
17:09:56.0075 3704 System memory - ok
17:09:56.0075 3704 ================ Scan services =============================
17:09:56.0309 3704 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
17:09:56.0309 3704 ACPI - ok
17:09:56.0512 3704 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:09:56.0512 3704 AdobeFlashPlayerUpdateSvc - ok
17:09:56.0558 3704 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:09:56.0558 3704 adp94xx - ok
17:09:56.0605 3704 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:09:56.0605 3704 adpahci - ok
17:09:56.0621 3704 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
17:09:56.0621 3704 adpu160m - ok
17:09:56.0636 3704 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:09:56.0636 3704 adpu320 - ok
17:09:56.0668 3704 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:09:56.0668 3704 AeLookupSvc - ok
17:09:56.0730 3704 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
17:09:56.0730 3704 AFD - ok
17:09:56.0761 3704 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:09:56.0761 3704 agp440 - ok
17:09:56.0792 3704 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
17:09:56.0792 3704 aic78xx - ok
17:09:56.0792 3704 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
17:09:56.0792 3704 ALG - ok
17:09:56.0808 3704 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
17:09:56.0808 3704 aliide - ok
17:09:56.0808 3704 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
17:09:56.0808 3704 amdide - ok
17:09:56.0824 3704 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:09:56.0824 3704 AmdK8 - ok
17:09:57.0245 3704 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:09:57.0260 3704 AntiVirSchedulerService - ok
17:09:57.0338 3704 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:09:57.0354 3704 AntiVirService - ok
17:09:57.0416 3704 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
17:09:57.0416 3704 Appinfo - ok
17:09:57.0432 3704 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
17:09:57.0432 3704 arc - ok
17:09:57.0463 3704 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:09:57.0463 3704 arcsas - ok
17:09:57.0884 3704 [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:09:57.0884 3704 aspnet_state - ok
17:09:57.0947 3704 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:09:57.0947 3704 AsyncMac - ok
17:09:57.0962 3704 [ ACA311FAC841A06E4A7EF9A0F1C195F8 ] atapi C:\Windows\system32\drivers\atapi.sys
17:09:57.0962 3704 atapi - ok
17:09:57.0994 3704 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:09:57.0994 3704 AudioEndpointBuilder - ok
17:09:58.0025 3704 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:09:58.0025 3704 AudioSrv - ok
17:09:58.0072 3704 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
17:09:58.0072 3704 avgntflt - ok
17:09:58.0134 3704 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
17:09:58.0134 3704 avipbb - ok
17:09:58.0165 3704 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
17:09:58.0165 3704 avkmgr - ok
17:09:58.0228 3704 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
17:09:58.0243 3704 BFE - ok
17:09:58.0337 3704 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
17:09:58.0368 3704 BITS - ok
17:09:58.0430 3704 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
17:09:58.0430 3704 blbdrive - ok
17:09:58.0462 3704 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:09:58.0462 3704 bowser - ok
17:09:58.0477 3704 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
17:09:58.0477 3704 BrFiltLo - ok
17:09:58.0493 3704 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
17:09:58.0493 3704 BrFiltUp - ok
17:09:58.0524 3704 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
17:09:58.0524 3704 Browser - ok
17:09:58.0727 3704 [ 013A330F16B1CECBDE5CB6F921689523 ] BrowserDefendert C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
17:09:58.0758 3704 BrowserDefendert - ok
17:09:58.0789 3704 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
17:09:58.0789 3704 Brserid - ok
17:09:58.0805 3704 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
17:09:58.0805 3704 BrSerWdm - ok
17:09:58.0805 3704 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
17:09:58.0805 3704 BrUsbMdm - ok
17:09:58.0820 3704 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
17:09:58.0820 3704 BrUsbSer - ok
17:09:58.0836 3704 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:09:58.0836 3704 BTHMODEM - ok
17:09:58.0898 3704 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:09:58.0898 3704 cdfs - ok
17:09:58.0930 3704 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:09:58.0930 3704 cdrom - ok
17:09:58.0976 3704 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
17:09:58.0976 3704 CertPropSvc - ok
17:09:59.0148 3704 [ 213B6EC3DE19E35373A1906397588429 ] CGVPNCliSrvc C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
17:09:59.0210 3704 CGVPNCliSrvc - ok
17:09:59.0210 3704 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
17:09:59.0210 3704 circlass - ok
17:09:59.0273 3704 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
17:09:59.0273 3704 CLFS - ok
17:09:59.0351 3704 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:09:59.0351 3704 clr_optimization_v2.0.50727_32 - ok
17:09:59.0366 3704 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:09:59.0366 3704 clr_optimization_v2.0.50727_64 - ok
17:09:59.0676 3704 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:09:59.0702 3704 clr_optimization_v4.0.30319_32 - ok
17:09:59.0741 3704 [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:09:59.0784 3704 clr_optimization_v4.0.30319_64 - ok
17:09:59.0845 3704 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:09:59.0846 3704 cmdide - ok
17:09:59.0862 3704 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
17:09:59.0863 3704 Compbatt - ok
17:09:59.0870 3704 COMSysApp - ok
17:09:59.0878 3704 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:09:59.0879 3704 crcdisk - ok
17:09:59.0927 3704 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:09:59.0928 3704 CryptSvc - ok
17:09:59.0980 3704 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
17:09:59.0989 3704 DcomLaunch - ok
17:10:00.0097 3704 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:10:00.0099 3704 DfsC - ok
17:10:00.0194 3704 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
17:10:00.0283 3704 DFSR - ok
17:10:00.0363 3704 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
17:10:00.0365 3704 Dhcp - ok
17:10:00.0405 3704 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
17:10:00.0407 3704 disk - ok
17:10:00.0457 3704 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:10:00.0460 3704 Dnscache - ok
17:10:00.0517 3704 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
17:10:00.0520 3704 dot3svc - ok
17:10:00.0552 3704 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
17:10:00.0554 3704 DPS - ok
17:10:00.0591 3704 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:10:00.0592 3704 drmkaud - ok
17:10:00.0827 3704 [ F3932288EEECD776FF1F9F653AD878F3 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:10:00.0834 3704 DXGKrnl - ok
17:10:00.0885 3704 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
17:10:00.0887 3704 E1G60 - ok
17:10:00.0893 3704 EagleX64 - ok
17:10:00.0913 3704 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
17:10:00.0915 3704 EapHost - ok
17:10:00.0951 3704 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
17:10:00.0952 3704 Ecache - ok
17:10:01.0006 3704 [ 33510BE001CCDB5A01FCC88F4DD8DFC7 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:10:01.0011 3704 ehRecvr - ok
17:10:01.0028 3704 [ 1ABC6436B0EDAA3D496D9C827F92820D ] ehSched C:\Windows\ehome\ehsched.exe
17:10:01.0029 3704 ehSched - ok
17:10:01.0041 3704 [ 08F48CB2CD4019AFB0456869B49CD76F ] ehstart C:\Windows\ehome\ehstart.dll
17:10:01.0042 3704 ehstart - ok
17:10:01.0089 3704 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:10:01.0096 3704 elxstor - ok
17:10:01.0156 3704 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
17:10:01.0163 3704 EMDMgmt - ok
17:10:01.0176 3704 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:10:01.0178 3704 ErrDev - ok
17:10:01.0242 3704 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
17:10:01.0246 3704 EventSystem - ok
17:10:01.0338 3704 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
17:10:01.0346 3704 exfat - ok
17:10:01.0375 3704 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:10:01.0378 3704 fastfat - ok
17:10:01.0411 3704 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:10:01.0411 3704 fdc - ok
17:10:01.0427 3704 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
17:10:01.0427 3704 fdPHost - ok
17:10:01.0442 3704 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
17:10:01.0442 3704 FDResPub - ok
17:10:01.0458 3704 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:10:01.0458 3704 FileInfo - ok
17:10:01.0474 3704 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:10:01.0474 3704 Filetrace - ok
17:10:01.0474 3704 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:10:01.0474 3704 flpydisk - ok
17:10:01.0536 3704 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:10:01.0536 3704 FltMgr - ok
17:10:01.0645 3704 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
17:10:01.0676 3704 FontCache - ok
17:10:01.0770 3704 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:10:01.0786 3704 FontCache3.0.0.0 - ok
17:10:01.0879 3704 [ DDEE99DC54EFA20BD5A442CD733C4462 ] FsUsbExDisk C:\Windows\SysWOW64\FsUsbExDisk.SYS
17:10:01.0879 3704 FsUsbExDisk - ok
17:10:01.0905 3704 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:10:01.0906 3704 Fs_Rec - ok
17:10:01.0921 3704 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:10:01.0922 3704 gagp30kx - ok
17:10:01.0959 3704 [ 7508FCFB8D93556213F530DFFAEDEC45 ] GearAspiWDM C:\Windows\system32\drivers\GEARAspiWDM.sys
17:10:01.0959 3704 GearAspiWDM - ok
17:10:02.0107 3704 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
17:10:02.0116 3704 gpsvc - ok
17:10:02.0178 3704 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:10:02.0181 3704 HdAudAddService - ok
17:10:02.0224 3704 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:10:02.0246 3704 HDAudBus - ok
17:10:02.0253 3704 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:10:02.0255 3704 HidBth - ok
17:10:02.0272 3704 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
17:10:02.0273 3704 HidIr - ok
17:10:02.0339 3704 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
17:10:02.0340 3704 hidserv - ok
17:10:02.0377 3704 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:10:02.0378 3704 HidUsb - ok
17:10:02.0417 3704 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
17:10:02.0419 3704 hkmsvc - ok
17:10:02.0445 3704 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
17:10:02.0446 3704 HpCISSs - ok
17:10:02.0500 3704 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:10:02.0522 3704 HTTP - ok
17:10:02.0557 3704 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
17:10:02.0558 3704 i2omp - ok
17:10:02.0574 3704 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:10:02.0576 3704 i8042prt - ok
17:10:02.0604 3704 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
17:10:02.0608 3704 iaStorV - ok
17:10:02.0677 3704 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:10:02.0699 3704 idsvc - ok
17:10:02.0705 3704 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:10:02.0707 3704 iirsp - ok
17:10:02.0746 3704 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
17:10:02.0752 3704 IKEEXT - ok
17:10:02.0899 3704 [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:10:02.0921 3704 IntcAzAudAddService - ok
17:10:02.0950 3704 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
17:10:02.0952 3704 intelide - ok
17:10:02.0958 3704 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:10:02.0959 3704 intelppm - ok
17:10:02.0998 3704 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:10:03.0000 3704 IPBusEnum - ok
17:10:03.0017 3704 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:10:03.0018 3704 IpFilterDriver - ok
17:10:03.0060 3704 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:10:03.0063 3704 iphlpsvc - ok
17:10:03.0069 3704 IpInIp - ok
17:10:03.0077 3704 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
17:10:03.0079 3704 IPMIDRV - ok
17:10:03.0085 3704 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
17:10:03.0087 3704 IPNAT - ok
17:10:03.0123 3704 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:10:03.0124 3704 IRENUM - ok
17:10:03.0136 3704 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:10:03.0137 3704 isapnp - ok
17:10:03.0172 3704 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:10:03.0174 3704 iScsiPrt - ok
17:10:03.0361 3704 [ 9C6F3F69163133FB8E56AC4A6E163452 ] ISODrive C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
17:10:03.0362 3704 ISODrive - ok
17:10:03.0368 3704 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
17:10:03.0369 3704 iteatapi - ok
17:10:03.0389 3704 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
17:10:03.0391 3704 iteraid - ok
17:10:03.0397 3704 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:10:03.0398 3704 kbdclass - ok
17:10:03.0436 3704 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:10:03.0437 3704 kbdhid - ok
17:10:03.0476 3704 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
17:10:03.0477 3704 KeyIso - ok
17:10:03.0666 3704 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:10:03.0672 3704 KSecDD - ok
17:10:03.0697 3704 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:10:03.0698 3704 ksthunk - ok
17:10:03.0735 3704 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
17:10:03.0740 3704 KtmRm - ok
17:10:03.0773 3704 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:10:03.0776 3704 LanmanServer - ok
17:10:03.0807 3704 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:10:03.0811 3704 LanmanWorkstation - ok
17:10:03.0843 3704 libusb0 - ok
17:10:03.0851 3704 libusbd - ok
17:10:03.0864 3704 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:10:03.0866 3704 lltdio - ok
17:10:03.0913 3704 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:10:03.0918 3704 lltdsvc - ok
17:10:03.0923 3704 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:10:03.0926 3704 lmhosts - ok
17:10:03.0958 3704 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:10:03.0960 3704 LSI_FC - ok
17:10:03.0967 3704 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:10:03.0969 3704 LSI_SAS - ok
17:10:03.0998 3704 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:10:04.0000 3704 LSI_SCSI - ok
17:10:04.0006 3704 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
17:10:04.0008 3704 luafv - ok
17:10:04.0052 3704 massfilter - ok
17:10:04.0083 3704 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:10:04.0084 3704 MBAMProtector - ok
17:10:04.0141 3704 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:10:04.0143 3704 MBAMScheduler - ok
17:10:04.0183 3704 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:10:04.0188 3704 MBAMService - ok
17:10:04.0241 3704 [ 6DA30C0DE0CC8525E89D612C5063CAC1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:10:04.0243 3704 Mcx2Svc - ok
17:10:04.0258 3704 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
17:10:04.0259 3704 megasas - ok
17:10:04.0284 3704 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
17:10:04.0289 3704 MegaSR - ok
17:10:04.0333 3704 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
17:10:04.0335 3704 MMCSS - ok
17:10:04.0342 3704 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
17:10:04.0344 3704 Modem - ok
17:10:04.0365 3704 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:10:04.0366 3704 monitor - ok
17:10:04.0401 3704 [ C030F9E822A057C1A7A9BB4EA3E8877E ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
17:10:04.0403 3704 MotioninJoyXFilter - ok
17:10:04.0409 3704 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:10:04.0410 3704 mouclass - ok
17:10:04.0416 3704 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:10:04.0417 3704 mouhid - ok
17:10:04.0424 3704 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
17:10:04.0425 3704 MountMgr - ok
17:10:04.0470 3704 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:10:04.0472 3704 MozillaMaintenance - ok
17:10:04.0503 3704 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
17:10:04.0505 3704 mpio - ok
17:10:04.0512 3704 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:10:04.0514 3704 mpsdrv - ok
17:10:04.0582 3704 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
17:10:04.0604 3704 MpsSvc - ok
17:10:04.0612 3704 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
17:10:04.0613 3704 Mraid35x - ok
17:10:04.0625 3704 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:10:04.0628 3704 MRxDAV - ok
17:10:04.0672 3704 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:10:04.0674 3704 mrxsmb - ok
17:10:04.0690 3704 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:10:04.0694 3704 mrxsmb10 - ok
17:10:04.0711 3704 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:10:04.0712 3704 mrxsmb20 - ok
17:10:04.0718 3704 [ 9AC2055E4F5D8EB3C2BA6BD17AAF7719 ] msahci C:\Windows\system32\drivers\msahci.sys
17:10:04.0720 3704 msahci - ok
17:10:04.0727 3704 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:10:04.0729 3704 msdsm - ok
17:10:04.0774 3704 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
17:10:04.0777 3704 MSDTC - ok
17:10:04.0792 3704 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:10:04.0793 3704 Msfs - ok
17:10:04.0799 3704 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:10:04.0800 3704 msisadrv - ok
17:10:04.0862 3704 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:10:04.0865 3704 MSiSCSI - ok
17:10:04.0870 3704 msiserver - ok
17:10:04.0903 3704 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:10:04.0904 3704 MSKSSRV - ok
17:10:04.0910 3704 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:10:04.0911 3704 MSPCLOCK - ok
17:10:04.0917 3704 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:10:04.0919 3704 MSPQM - ok
17:10:04.0973 3704 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:10:04.0977 3704 MsRPC - ok
17:10:05.0000 3704 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:10:05.0001 3704 mssmbios - ok
17:10:05.0007 3704 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:10:05.0008 3704 MSTEE - ok
17:10:05.0087 3704 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
17:10:05.0089 3704 Mup - ok
17:10:05.0195 3704 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
17:10:05.0200 3704 napagent - ok
17:10:05.0252 3704 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:10:05.0255 3704 NativeWifiP - ok
17:10:05.0316 3704 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:10:05.0338 3704 NDIS - ok
17:10:05.0373 3704 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:10:05.0374 3704 NdisTapi - ok
17:10:05.0381 3704 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:10:05.0382 3704 Ndisuio - ok
17:10:05.0416 3704 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:10:05.0418 3704 NdisWan - ok
17:10:05.0425 3704 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:10:05.0426 3704 NDProxy - ok
17:10:05.0483 3704 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:10:05.0483 3704 NetBIOS - ok
17:10:05.0514 3704 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
17:10:05.0514 3704 netbt - ok
17:10:05.0530 3704 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
17:10:05.0530 3704 Netlogon - ok
17:10:05.0623 3704 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
17:10:05.0623 3704 Netman - ok
17:10:05.0670 3704 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:10:05.0701 3704 NetMsmqActivator - ok
17:10:05.0717 3704 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:10:05.0717 3704 NetPipeActivator - ok
17:10:05.0779 3704 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
17:10:05.0779 3704 netprofm - ok
17:10:05.0811 3704 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:10:05.0826 3704 NetTcpActivator - ok
17:10:05.0826 3704 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:10:05.0826 3704 NetTcpPortSharing - ok
17:10:05.0873 3704 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:10:05.0873 3704 nfrd960 - ok
17:10:05.0904 3704 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
17:10:05.0904 3704 NlaSvc - ok
17:10:05.0920 3704 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:10:05.0920 3704 Npfs - ok
17:10:05.0951 3704 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
17:10:05.0951 3704 nsi - ok
17:10:05.0967 3704 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:10:05.0967 3704 nsiproxy - ok
17:10:06.0357 3704 [ 2ACCAA3C3C55370A32F17B3595E1A217 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:10:06.0372 3704 Ntfs - ok
17:10:06.0388 3704 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
17:10:06.0388 3704 Null - ok
17:10:06.0450 3704 [ 98350606682594521D56ECCB5D01ECF7 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx64.sys
17:10:06.0466 3704 NVENETFD - ok
17:10:07.0183 3704 [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:10:07.0261 3704 nvlddmkm - ok
17:10:07.0293 3704 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:10:07.0293 3704 nvraid - ok
17:10:07.0355 3704 [ A3AC469AD99AC3FD63AFCCFC29A90FA9 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
17:10:07.0355 3704 nvsmu - ok
17:10:07.0371 3704 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:10:07.0371 3704 nvstor - ok
17:10:07.0386 3704 [ 581286807B5832503FD700A3217B589F ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
17:10:07.0386 3704 nvstor64 - ok
17:10:07.0527 3704 [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc C:\Windows\system32\nvvsvc.exe
17:10:07.0527 3704 nvsvc - ok
17:10:07.0729 3704 [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:10:07.0745 3704 nvUpdatusService - ok
17:10:07.0745 3704 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:10:07.0761 3704 nv_agp - ok
17:10:07.0761 3704 NwlnkFlt - ok
17:10:07.0761 3704 NwlnkFwd - ok
17:10:07.0839 3704 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
17:10:07.0839 3704 ohci1394 - ok
17:10:07.0885 3704 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
17:10:07.0901 3704 p2pimsvc - ok
17:10:07.0932 3704 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
17:10:07.0948 3704 p2psvc - ok
17:10:08.0010 3704 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
17:10:08.0010 3704 Parport - ok
17:10:08.0041 3704 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:10:08.0041 3704 partmgr - ok
17:10:08.0073 3704 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
17:10:08.0088 3704 PcaSvc - ok
17:10:08.0104 3704 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
17:10:08.0119 3704 pci - ok
17:10:08.0135 3704 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
17:10:08.0135 3704 pciide - ok
17:10:08.0151 3704 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:10:08.0151 3704 pcmcia - ok
17:10:08.0227 3704 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:10:08.0239 3704 PEAUTH - ok
17:10:08.0316 3704 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:10:08.0318 3704 PerfHost - ok
17:10:08.0404 3704 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
17:10:08.0438 3704 pla - ok
17:10:08.0552 3704 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:10:08.0557 3704 PlugPlay - ok
17:10:08.0619 3704 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
17:10:08.0625 3704 PNRPAutoReg - ok
17:10:08.0665 3704 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
17:10:08.0671 3704 PNRPsvc - ok
17:10:08.0754 3704 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:10:08.0761 3704 PolicyAgent - ok
17:10:08.0809 3704 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:10:08.0812 3704 PptpMiniport - ok
17:10:08.0844 3704 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
17:10:08.0845 3704 Processor - ok
17:10:08.0890 3704 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
17:10:08.0894 3704 ProfSvc - ok
17:10:08.0910 3704 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
17:10:08.0911 3704 ProtectedStorage - ok
17:10:08.0950 3704 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
17:10:08.0952 3704 PSched - ok
17:10:08.0998 3704 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:10:09.0021 3704 ql2300 - ok
17:10:09.0028 3704 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:10:09.0030 3704 ql40xx - ok
17:10:09.0055 3704 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
17:10:09.0059 3704 QWAVE - ok
17:10:09.0067 3704 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:10:09.0068 3704 QWAVEdrv - ok
17:10:09.0074 3704 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:10:09.0075 3704 RasAcd - ok
17:10:09.0098 3704 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
17:10:09.0100 3704 RasAuto - ok
17:10:09.0137 3704 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:10:09.0140 3704 Rasl2tp - ok
17:10:09.0180 3704 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
17:10:09.0186 3704 RasMan - ok
17:10:09.0241 3704 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:10:09.0242 3704 RasPppoe - ok
17:10:09.0293 3704 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:10:09.0295 3704 RasSstp - ok
17:10:09.0341 3704 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:10:09.0346 3704 rdbss - ok
17:10:09.0376 3704 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:10:09.0377 3704 RDPCDD - ok
17:10:09.0409 3704 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
17:10:09.0414 3704 rdpdr - ok
17:10:09.0420 3704 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:10:09.0421 3704 RDPENCDD - ok
17:10:09.0476 3704 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:10:09.0480 3704 RDPWD - ok
17:10:09.0542 3704 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:10:09.0544 3704 RemoteAccess - ok
17:10:09.0590 3704 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:10:09.0594 3704 RemoteRegistry - ok
17:10:09.0631 3704 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
17:10:09.0632 3704 RpcLocator - ok
17:10:09.0714 3704 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
17:10:09.0721 3704 RpcSs - ok
17:10:09.0808 3704 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:10:09.0809 3704 rspndr - ok
17:10:09.0832 3704 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
17:10:09.0833 3704 SamSs - ok
17:10:09.0862 3704 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:10:09.0864 3704 sbp2port - ok
17:10:09.0938 3704 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:10:09.0942 3704 SCardSvr - ok
17:10:09.0985 3704 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
17:10:10.0005 3704 Schedule - ok
17:10:10.0047 3704 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:10:10.0048 3704 SCPolicySvc - ok
17:10:10.0111 3704 [ 8B56BDCE6A303DDE63D63440D1CF9AD1 ] ScreamBAudioSvc C:\Windows\system32\drivers\ScreamingBAudio64.sys
17:10:10.0113 3704 ScreamBAudioSvc - ok
17:10:10.0153 3704 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:10:10.0157 3704 SDRSVC - ok
17:10:10.0162 3704 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:10:10.0164 3704 secdrv - ok
17:10:10.0198 3704 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
17:10:10.0200 3704 seclogon - ok
17:10:10.0217 3704 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
17:10:10.0219 3704 SENS - ok
17:10:10.0225 3704 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
17:10:10.0227 3704 Serenum - ok
17:10:10.0246 3704 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
17:10:10.0248 3704 Serial - ok
17:10:10.0255 3704 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:10:10.0256 3704 sermouse - ok
17:10:10.0307 3704 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
17:10:10.0309 3704 SessionEnv - ok
17:10:10.0315 3704 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:10:10.0317 3704 sffdisk - ok
17:10:10.0325 3704 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:10:10.0327 3704 sffp_mmc - ok
17:10:10.0336 3704 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:10:10.0337 3704 sffp_sd - ok
17:10:10.0343 3704 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:10:10.0344 3704 sfloppy - ok
17:10:10.0410 3704 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:10:10.0416 3704 SharedAccess - ok
17:10:10.0472 3704 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:10:10.0478 3704 ShellHWDetection - ok
17:10:10.0484 3704 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
17:10:10.0486 3704 SiSRaid2 - ok
17:10:10.0531 3704 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:10:10.0533 3704 SiSRaid4 - ok
17:10:10.0627 3704 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
17:10:10.0693 3704 slsvc - ok
17:10:10.0725 3704 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
17:10:10.0727 3704 SLUINotify - ok
17:10:10.0743 3704 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:10:10.0745 3704 Smb - ok
17:10:10.0808 3704 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:10:10.0810 3704 SNMPTRAP - ok
17:10:10.0880 3704 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
17:10:10.0881 3704 spldr - ok
17:10:10.0920 3704 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
17:10:10.0923 3704 Spooler - ok
17:10:10.0990 3704 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
17:10:10.0995 3704 srv - ok
17:10:11.0028 3704 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:10:11.0030 3704 srv2 - ok
17:10:11.0049 3704 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:10:11.0052 3704 srvnet - ok
17:10:11.0071 3704 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:10:11.0074 3704 SSDPSRV - ok
17:10:11.0100 3704 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:10:11.0103 3704 SstpSvc - ok
17:10:11.0130 3704 [ EF806D212D34B0E173BAEB3564D53E37 ] ss_bbus C:\Windows\system32\DRIVERS\ss_bbus.sys
17:10:11.0132 3704 ss_bbus - ok
17:10:11.0187 3704 [ 08B1B34ABEBEB6AC2DEA06900C56411E ] ss_bmdfl C:\Windows\system32\DRIVERS\ss_bmdfl.sys
17:10:11.0188 3704 ss_bmdfl - ok
17:10:11.0253 3704 [ 71A9DA6BEAA4CB54DFB827FB78600A5D ] ss_bmdm C:\Windows\system32\DRIVERS\ss_bmdm.sys
17:10:11.0256 3704 ss_bmdm - ok
17:10:11.0273 3704 StarOpen - ok
17:10:11.0310 3704 Steam Client Service - ok
17:10:11.0368 3704 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:10:11.0370 3704 Stereo Service - ok
17:10:11.0499 3704 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
17:10:11.0521 3704 stisvc - ok
17:10:11.0556 3704 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:10:11.0557 3704 swenum - ok
17:10:11.0590 3704 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
17:10:11.0599 3704 swprv - ok
17:10:11.0606 3704 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
17:10:11.0607 3704 Symc8xx - ok
17:10:11.0614 3704 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
17:10:11.0616 3704 Sym_hi - ok
17:10:11.0622 3704 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
17:10:11.0623 3704 Sym_u3 - ok
17:10:11.0686 3704 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
17:10:11.0705 3704 SysMain - ok
17:10:11.0775 3704 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:10:11.0778 3704 TabletInputService - ok
17:10:11.0833 3704 [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
17:10:11.0834 3704 tap0901 - ok
17:10:11.0880 3704 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:10:11.0885 3704 TapiSrv - ok
17:10:11.0907 3704 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
17:10:11.0909 3704 TBS - ok
17:10:12.0176 3704 [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:10:12.0212 3704 Tcpip - ok
17:10:12.0243 3704 [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
17:10:12.0256 3704 Tcpip6 - ok
17:10:12.0302 3704 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:10:12.0304 3704 tcpipreg - ok
17:10:12.0358 3704 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:10:12.0359 3704 TDPIPE - ok
17:10:12.0376 3704 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:10:12.0378 3704 TDTCP - ok
17:10:12.0431 3704 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:10:12.0434 3704 tdx - ok
17:10:12.0492 3704 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:10:12.0493 3704 TermDD - ok
17:10:12.0597 3704 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
17:10:12.0619 3704 TermService - ok
17:10:12.0797 3704 [ 250B9120C7C103AFDC0C6643F9691055 ] TestHandler C:\Program Files (x86)\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
17:10:12.0801 3704 TestHandler - ok
17:10:12.0861 3704 [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys
17:10:12.0863 3704 TFsExDisk - ok
17:10:12.0991 3704 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
17:10:12.0995 3704 Themes - ok
17:10:13.0023 3704 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
17:10:13.0025 3704 THREADORDER - ok
17:10:13.0095 3704 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
17:10:13.0099 3704 TrkWks - ok
17:10:13.0183 3704 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:10:13.0185 3704 TrustedInstaller - ok
17:10:13.0229 3704 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:10:13.0230 3704 tssecsrv - ok
17:10:13.0251 3704 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
17:10:13.0253 3704 tunmp - ok
17:10:13.0315 3704 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:10:13.0317 3704 tunnel - ok
17:10:13.0337 3704 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:10:13.0340 3704 uagp35 - ok
17:10:13.0381 3704 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:10:13.0395 3704 udfs - ok
17:10:13.0528 3704 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:10:13.0531 3704 UI0Detect - ok
17:10:13.0585 3704 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:10:13.0587 3704 uliagpkx - ok
17:10:13.0668 3704 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
17:10:13.0673 3704 uliahci - ok
17:10:13.0731 3704 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
17:10:13.0735 3704 UlSata - ok
17:10:13.0760 3704 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
17:10:13.0764 3704 ulsata2 - ok
17:10:13.0774 3704 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:10:13.0776 3704 umbus - ok
17:10:13.0818 3704 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
17:10:13.0823 3704 upnphost - ok
17:10:13.0982 3704 [ 7CE0FE34FD8FB7F52D1E503B0C1E4FA9 ] UPnPService C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
17:10:13.0992 3704 UPnPService - ok
17:10:14.0019 3704 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:10:14.0022 3704 usbccgp - ok
17:10:14.0029 3704 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:10:14.0031 3704 usbcir - ok
17:10:14.0065 3704 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:10:14.0067 3704 usbehci - ok
17:10:14.0084 3704 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:10:14.0088 3704 usbhub - ok
17:10:14.0124 3704 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:10:14.0126 3704 usbohci - ok
17:10:14.0199 3704 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:10:14.0201 3704 usbprint - ok
17:10:14.0277 3704 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:10:14.0279 3704 usbscan - ok
17:10:14.0319 3704 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:10:14.0321 3704 USBSTOR - ok
17:10:14.0373 3704 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:10:14.0374 3704 usbuhci - ok
17:10:14.0403 3704 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
17:10:14.0405 3704 UxSms - ok
17:10:14.0454 3704 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
17:10:14.0461 3704 vds - ok
17:10:14.0475 3704 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:10:14.0477 3704 vga - ok
17:10:14.0483 3704 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:10:14.0485 3704 VgaSave - ok
17:10:14.0491 3704 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
17:10:14.0492 3704 viaide - ok
17:10:14.0536 3704 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:10:14.0537 3704 volmgr - ok
17:10:14.0583 3704 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:10:14.0588 3704 volmgrx - ok
17:10:14.0702 3704 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:10:14.0706 3704 volsnap - ok
17:10:14.0746 3704 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:10:14.0749 3704 vsmraid - ok
17:10:14.0818 3704 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
17:10:14.0841 3704 VSS - ok
17:10:14.0893 3704 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
17:10:14.0899 3704 W32Time - ok
17:10:14.0931 3704 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:10:14.0931 3704 WacomPen - ok
17:10:14.0962 3704 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
17:10:14.0962 3704 Wanarp - ok
17:10:14.0978 3704 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:10:14.0978 3704 Wanarpv6 - ok
17:10:15.0040 3704 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:10:15.0087 3704 wcncsvc - ok
17:10:15.0118 3704 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:10:15.0118 3704 WcsPlugInService - ok
17:10:15.0134 3704 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
17:10:15.0134 3704 Wd - ok
17:10:15.0274 3704 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:10:15.0290 3704 Wdf01000 - ok
17:10:15.0352 3704 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:10:15.0352 3704 WdiServiceHost - ok
17:10:15.0383 3704 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:10:15.0383 3704 WdiSystemHost - ok
17:10:15.0430 3704 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
17:10:15.0430 3704 WebClient - ok
17:10:15.0477 3704 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:10:15.0477 3704 Wecsvc - ok
17:10:15.0508 3704 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:10:15.0508 3704 wercplsupport - ok
17:10:15.0555 3704 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
17:10:15.0555 3704 WerSvc - ok
17:10:15.0570 3704 WinDefend - ok
17:10:15.0586 3704 WinHttpAutoProxySvc - ok
17:10:15.0742 3704 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:10:15.0758 3704 Winmgmt - ok
17:10:15.0820 3704 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
17:10:15.0867 3704 WinRM - ok
17:10:15.0945 3704 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:10:15.0976 3704 Wlansvc - ok
17:10:16.0023 3704 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:10:16.0023 3704 WmiAcpi - ok
17:10:16.0116 3704 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:10:16.0116 3704 wmiApSrv - ok
17:10:16.0148 3704 WMPNetworkSvc - ok
17:10:16.0226 3704 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:10:16.0241 3704 WPCSvc - ok
17:10:16.0272 3704 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:10:16.0272 3704 WPDBusEnum - ok
17:10:16.0881 3704 [ 5DD439900C9B865EBE525D19678B8C55 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:10:16.0912 3704 WPFFontCache_v0400 - ok
17:10:16.0959 3704 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:10:16.0959 3704 ws2ifsl - ok
17:10:16.0990 3704 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
17:10:16.0990 3704 wscsvc - ok
17:10:17.0006 3704 WSearch - ok
17:10:17.0177 3704 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:10:17.0255 3704 wuauserv - ok
17:10:17.0302 3704 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:10:17.0302 3704 WudfPf - ok
17:10:17.0364 3704 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:10:17.0364 3704 WUDFRd - ok
17:10:17.0396 3704 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:10:17.0396 3704 wudfsvc - ok
17:10:17.0474 3704 X6va012 - ok
17:10:17.0521 3704 xhunter1 - ok
17:10:17.0609 3704 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
17:10:17.0611 3704 xusb21 - ok
17:10:17.0616 3704 ZTEusbmdm6k - ok
17:10:17.0623 3704 ZTEusbnmea - ok
17:10:17.0631 3704 ZTEusbser6k - ok
17:10:17.0640 3704 ================ Scan global ===============================
17:10:17.0674 3704 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
17:10:17.0718 3704 [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
17:10:17.0741 3704 [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
17:10:17.0823 3704 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
17:10:17.0827 3704 [Global] - ok
17:10:17.0828 3704 ================ Scan MBR ==================================
17:10:17.0870 3704 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:10:18.0553 3704 \Device\Harddisk0\DR0 - ok
17:10:18.0554 3704 ================ Scan VBR ==================================
17:10:18.0596 3704 [ 68D46A6CF927BC2964A3E8402427E0DC ] \Device\Harddisk0\DR0\Partition1
17:10:18.0610 3704 \Device\Harddisk0\DR0\Partition1 - ok
17:10:18.0635 3704 [ D3740C89E4145598F209571FB80DC1B1 ] \Device\Harddisk0\DR0\Partition2
17:10:18.0636 3704 \Device\Harddisk0\DR0\Partition2 - ok
17:10:18.0637 3704 ============================================================
17:10:18.0637 3704 Scan finished
17:10:18.0637 3704 ============================================================
17:10:18.0656 4544 Detected object count: 0
17:10:18.0656 4544 Actual detected object count: 0
17:10:32.0658 5096 Deinitialize success
|
|
07.06.2013, 17:06
| #4 |
| /// Malwareteam / Visitor | Browser mocaflix Problem Versuch mal ob Zoek.exe im abgesicherten Modus starten will: Windows richtig im abgesicherten Modus starten |
|
08.06.2013, 15:30
| #5 | |
| | Browser mocaflix ProblemZitat:
Hat sogar funktioniert über den abgesicherten Modus. Hier der Log Code:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 31-May-2013
Tool run by **** on 08.06.2013 at 16:11:27,85.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x64
Running in: Safe Mode MINIMAL No Internet Access Detected
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3029538542-3273361527-2256941593-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-3029538542-3273361527-2256941593-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BrowserDefendert deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BrowserDefendert deleted successfully
==== Deleting Files \ Folders ======================
"C:\Users\****\Downloads\SoftonicDownloader_fuer_league-of-legends.exe" deleted
"C:\Users\Public\sdelevURL.tmp" deleted
"C:\Users\****\AppData\Local\qs.dll" deleted
"C:\Users\****\AppData\Local\qs64.dll" deleted
"C:\ProgramData\BrowserDefender" deleted
"C:\ProgramData\Babylon" deleted
"C:\Windows\SysWow64\AI_RecycleBin" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2013-06-06 18:22:54 D4F27E63A5F4B088F95646D0B3383A5D 489695611 ----a-w- C:\Windows\MEMORY.DMP
2013-06-05 07:12:47 5B56983A4125AC01D6C8AF401AD1FA61 499 ----a-w- C:\Windows\DeleteOnReboot.bat
====== C:\Users\****\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2013-06-04 14:05:06 E7329CCB11C05D4600E4641BD0328E41 285184 ----a-w- C:\Windows\SysWOW64\MagUIEngine.dll
2013-06-04 14:05:06 DCE2A54207DC9F6228E26948513ECD12 92672 ----a-w- C:\Windows\SysWOW64\MagUIInter.dll
2013-06-04 14:05:06 A6549E3D8196829311BCA50DA7C2699B 490496 ----a-w- C:\Windows\SysWOW64\madFlac.ax
2013-06-04 14:05:06 98148D461E446D7CD1E70B916CA61B31 55808 ----a-w- C:\Windows\SysWOW64\MagPCMac.dll
2013-06-04 14:05:06 95110AC93E5EBDC5D9DC7694A4BCA953 536652 ----a-w- C:\Windows\SysWOW64\ASAudioHD.ax
2013-06-04 14:05:06 75D4D135424071A7EFFC767CCDA518C8 35328 ----a-w- C:\Windows\SysWOW64\MagCore.dll
2013-06-04 14:05:06 644AA3ADE7742079533DCDE2ABF153E2 917504 ----a-w- C:\Windows\SysWOW64\dtsdecoderdll.dll
2013-06-04 14:05:06 5C3739F97D09CAF8ABCC0A1F14C82A49 258048 ----a-w- C:\Windows\SysWOW64\libFLAC.dll
2013-06-04 14:05:06 16E030AA1AFA8E1BE20D269703674AAD 106496 ----a-w- C:\Windows\SysWOW64\checkactivate.dll
2013-06-04 14:05:05 F47300353C2AE5A34986008E03E0E2E4 439808 ----a-w- C:\Windows\SysWOW64\RealMediaSplitter.ax
2013-06-04 14:05:05 C82070D55D0B25E87185C874518D71DB 417792 ----a-w- C:\Windows\SysWOW64\FLVSplitter.ax
2013-06-04 14:05:05 7029A7634C8DFA8EE619E79B1B9A378F 70656 ----a-w- C:\Windows\SysWOW64\yv12vfw.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2013-06-05 14:03:06 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2013-05-15 13:40:57 F3932288EEECD776FF1F9F653AD878F3 901496 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys
====== C:\Windows\Tasks ======
2013-06-05 07:13:33 A6542F65D2B0EB834B01914CCF83769E 3350 ----a-w- C:\Windows\Sysnative\Tasks\BrowserDefendert
2013-06-04 14:09:55 BF4EB96C4E11F6B8DF0F2E7FAD5B7B52 3314 ----a-w- C:\Windows\Sysnative\Tasks\EPUpdater
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
======= C: =====
2013-06-05 16:27:13 F2448347298CDDA4B93AD7CE1E3C6E7D 1507 ----a-w- C:\AdwCleaner[S3].txt
2013-06-05 16:26:28 750658EA7AF3DAD3F8B073247FB3FF7E 1439 ----a-w- C:\AdwCleaner[R3].txt
2013-06-05 13:51:40 2BD8C522942E1FBE0A5C14B58FACCE50 1909 ----a-w- C:\AdwCleaner[S2].txt
2013-06-05 13:49:00 16806DE46A2BFF4E32CCEB52E5128084 1882 ----a-w- C:\AdwCleaner[R2].txt
2013-06-05 07:12:43 DC90B864B72441ED690F73F5E6A8174E 5904 ----a-w- C:\AdwCleaner[S1].txt
2013-06-05 07:11:42 B4E0D5CE220FD5D98DC7D27B922854FF 5999 ----a-w- C:\AdwCleaner[R1].txt
====== C:\Users\****\AppData\Roaming ======
2013-06-04 14:10:17 -------- d-----w- C:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-06-02 08:59:13 2F3A74C8194D25CA18D1107F8234817D 680 ----a-w- C:\users\****\AppData\Local\d3d9caps.dat
2013-05-24 19:21:18 5EBE7814853BB1260B298C30B5C95C6B 11390 ----a-w- C:\users\****\AppData\Local\dd_vcredistUI32B3.txt
2013-05-24 19:21:18 4109CD26325B0682DB362ABF60FE18A1 420828 ----a-w- C:\users\****\AppData\Local\dd_vcredistMSI32B3.txt
2013-05-23 17:12:04 -------- d-----w- C:\users\****\AppData\Roaming\Screaming Bee
2013-05-18 17:59:27 -------- d-----w- C:\users\****\AppData\Roaming\Awesomium
2013-05-18 17:56:40 -------- d-----w- C:\users\****\AppData\Local\Aeria Games
2013-05-18 17:47:52 -------- d-----w- C:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2013-05-18 17:36:59 -------- d-----w- C:\users\****\AppData\Roaming\Aeria Games & Entertainment
2013-05-13 14:24:07 -------- d-----w- C:\users\****\AppData\Roaming\BoL
====== C:\Users\**** ======
2013-06-07 15:08:53 178A34E5554DCE485E1262DDF027960C 2237968 ----a-w- C:\Users\****\Desktop\tdsskiller.exe
2013-06-06 17:17:33 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\****\Downloads\OTL.exe
2013-06-06 17:16:40 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\****\defogger_reenable
2013-06-06 17:16:03 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\****\Downloads\Defogger.exe
2013-06-05 19:40:16 B36B2E3CA24D80973C59BFBDA1C4800B 4378864 ----a-w- C:\Users\****\Downloads\ccsetup402.exe
2013-06-05 16:26:14 0A90C8A3F94564E7EAF541981EAFA52A 632031 ----a-w- C:\Users\****\Downloads\adwcleaner.exe
2013-06-05 14:02:16 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\****\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-05 13:40:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defender Pro Quick Scanner
2013-06-05 13:39:40 12855F36C976B5EBD06FAA6D4BC994B0 7633040 ----a-w- C:\Users\****\Downloads\dp_ultimate.exe
2013-06-05 07:11:35 0A90C8A3F94564E7EAF541981EAFA52A 632031 ----a-w- C:\Users\****\Downloads\adwcleaner_2.3.0.1.exe
2013-06-04 14:07:05 30193EACB70C18974A80AB600FAE9519 23995416 ----a-w- C:\Users\****\Downloads\FreeAVIVideoConverter.exe
2013-05-31 02:11:08 EB5D7B007B6022EE555C0DD9FD71263E 22201982 ----a-w- C:\Users\****\Downloads\LeagueOfLegendsBaseEUW.exe
2013-05-31 02:10:43 9EB4B4ACC7751748D0259A07EF0FFD1A 3496296 ----a-w- C:\Users\****\Downloads\LeagueofLegends (1).exe
2013-05-31 01:56:23 A86B844E50C726D034FFC782486D87AB 3461416 ----a-w- C:\Users\****\Downloads\LeagueofLegends.exe
2013-05-29 04:23:04 2CD120F390018F334F3729FCC986E908 1582608 ----a-w- C:\Users\****\Downloads\LOLReplay-0.8.2.1.exe
2013-05-23 17:10:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
2013-05-18 17:56:12 -------- d-----w- C:\ProgramData\Aeria Games
====== C: exe-files ==
2013-06-07 15:08:53 178A34E5554DCE485E1262DDF027960C 2237968 ----a-w- C:\Users\****\Desktop\tdsskiller.exe
2013-06-06 17:17:33 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\****\Downloads\OTL.exe
2013-06-06 17:16:03 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\****\Downloads\Defogger.exe
2013-06-06 12:05:09 1EA998DE136184740B292FB9DCDD49AC 746848 ----a-w- C:\Users\****\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\27.0.1453.110\27.0.1453.110_27.0.1453.94_chrome_updater.exe
2013-06-05 19:40:16 B36B2E3CA24D80973C59BFBDA1C4800B 4378864 ----a-w- C:\Users\****\Downloads\ccsetup402.exe
2013-06-05 16:26:14 0A90C8A3F94564E7EAF541981EAFA52A 632031 ----a-w- C:\Users\****\Downloads\adwcleaner.exe
2013-06-05 14:02:16 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\****\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-05 13:39:40 12855F36C976B5EBD06FAA6D4BC994B0 7633040 ----a-w- C:\Users\****\Downloads\dp_ultimate.exe
2013-06-05 07:11:35 0A90C8A3F94564E7EAF541981EAFA52A 632031 ----a-w- C:\Users\****\Downloads\adwcleaner_2.3.0.1.exe
2013-06-04 14:07:05 30193EACB70C18974A80AB600FAE9519 23995416 ----a-w- C:\Users\****\Downloads\FreeAVIVideoConverter.exe
2013-06-02 08:59:09 9CFDA928481B9D7D40A38F8E52FC2D69 24126312 ----a-w- C:\Users\****\Documents\LOLReplay\data\3.7.0.328\League Of Legends.exe
=== C: other files ==
2013-06-07 11:32:21 0CE162B71D2398B46F4E8CC4DDD64CBB 870680 ----a-w- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\8zu5s3ea.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
2013-06-05 19:44:02 959FB591C9702648D3AB9265201DE83F 118 ----a-w- C:\Users\****\AppData\Local\Temp\kll.bat
2013-06-05 19:42:42 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\****\AppData\Local\Temp\{2CB20AC3-CEA1-401F-86E8-844AEC5347B8}.bat
2013-06-05 14:03:06 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-06-05 07:12:47 5B56983A4125AC01D6C8AF401AD1FA61 499 ----a-w- C:\Windows\DeleteOnReboot.bat
==== Startup Registry Enabled ======================
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe"
"fsc-reg"="c:\fsc-reg\fscreg.exe"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"
[HKEY_USERS\S-1-5-21-3029538542-3273361527-2256941593-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Akamai NetSession Interface"="C:\Users\****\AppData\Local\Akamai\netsession_win.exe"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe"
"fsc-reg"="c:\fsc-reg\fscreg.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Akamai NetSession Interface"="C:\Users\****\AppData\Local\Akamai\netsession_win.exe"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide"
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Aeria Ignite]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Aeria Ignite"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Aeria Games\\Ignite\\aeriaignite.exe\" silent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AutoStartNPSAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AutoStartNPSAgent"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Samsung\\Samsung New PC Studio\\NPSAgent.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DS3 Tool]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DS3 Tool"
"hkey"="HKCU"
"command"="C:\\Users\\****\\Downloads\\DS3_Tool.exe -mini"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EnergySettings]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EnergySettings"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Fujitsu Siemens Computers\\Energy Settings\\EnergySettings.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON SX110 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EPSON SX110 Series"
"hkey"="HKCU"
"command"="C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\E_IATIFBE.EXE /FU \"C:\\Windows\\TEMP\\E_S2664.tmp\" /EF \"HKCU\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON SX110 Series (Kopie 1)]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EPSON SX110 Series (Kopie 1)"
"hkey"="HKCU"
"command"="C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\E_IATIFBE.EXE /FU \"C:\\Windows\\TEMP\\E_S46B0.tmp\" /EF \"HKCU\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google EULA Launcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google EULA Launcher"
"hkey"="HKLM"
"command"="c:\\Program Files\\Google\\Google EULA\\GoogleEULALauncher.exe IE PA"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\****\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\icq]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="icq"
"hkey"="HKCU"
"command"="C:\\Users\\****\\AppData\\Roaming\\ICQM\\icq.exe -CU"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Pando Media Booster]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Pando Media Booster"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Pando Networks\\Media Booster\\PMB.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickScanner]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickScanner"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Defender Pro Quick Scanner\\quickscan.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spotify"
"hkey"="HKCU"
"command"="\"C:\\Users\\****\\AppData\\Roaming\\Spotify\\Spotify.exe\" /uri spotify:autostart"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spotify Web Helper"
"hkey"="HKCU"
"command"="\"C:\\Users\\****\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UIExec]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UIExec"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\1&1 Surf-Stick\\UIExec.exe\""
==== Startup Folders ======================
2013-05-29 04:23:20 1838 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15.05.2013 16:57]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029538542-3273361527-2256941593-1000Core.job --a------ C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe [03.02.2013 17:44]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029538542-3273361527-2256941593-1000UA.job --a------ C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe [03.02.2013 17:44]
==== Firefox Extensions ======================
ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\8zu5s3ea.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\8zu5s3ea.default
3D928B3FE97C403A33F803B3D1A260C9 - C:\Users\****\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll - Google Update
7ABE33792F2787D599B6963E71B9E8CD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll - Shockwave Flash
ADC539F67D3198679F480974EE203678 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.210.11
CF25FDD7CA6BC88442A58F74DBB6CFA6 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll - Shockwave for Director / Shockwave for Director
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
DFCAB29E8FD38F95650CC1E203E8D318 - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Chrome Look ======================
YouTube - **** - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
AdBlock - **** - Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
ProxMate - Improve your Internet - **** - Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3029538542-3273361527-2256941593-1000\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\users\****\AppData\Local\Mozilla\Firefox\Profiles\8zu5s3ea.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\users\****\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\****\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
==== EOF on 08.06.2013 at 16:21:35,02 ======================
Die Mocaflix Seiten werden beim Start des Browser nicht mehr geöffnet/gestartet und die BrowserDefender.exe Meldung kommt auch nicht mehr : ) |
|
08.06.2013, 16:57
| #6 |
| /// Malwareteam / Visitor | Browser mocaflix Problem Schon das es geklappt hat 
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
|
|
09.06.2013, 11:47
| #7 | |
| | Browser mocaflix Problem zoek Code:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 03-June-2013
Tool run by **** on 09.06.2013 at 1:00:43,72.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x64
Running in: Normal Mode Internet Access Detected
==== Older Logs ======================
C:\zoek-results08.06.2013-1621.log 21178 bytes
==== Deleting Files \ Folders ======================
"%userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender" not found
"C:\Windows\Sysnative\Tasks\BrowserDefendert" deleted
"C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender\Uninstall BrowserDefender.lnk" deleted
"C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender" deleted
==== Reset Google Chrome ======================
C:\users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\users\***\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== EOF on 09.06.2013 at 1:01:28,46 ======================
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org
Database version: v2013.06.08.06
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [administrator]
09.06.2013 01:46:19
-log-2013-06-09 (01-46-19).txt
Scan type: Quick scan
Scan options enabled: PUM | P2P
Scan options disabled: Anti-Rootkit | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | Deep Anti-Rootkit Scan | PUP
Objects scanned: 0
Time elapsed:
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows (TM) Vista Home Premium x64
Ran by **** on 09.06.2013 at 2:20:05,28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\8zu5s3ea.default\minidumps [4 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.06.2013 at 2:23:51,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Zitat:
Zu meinem Bedauern muss ich leider mitteilen, dass sich die websearch.mocaflix - Seiten immer noch öffnen |
|
09.06.2013, 21:16
| #8 |
| /// Malwareteam / Visitor | Browser mocaflix Problem Bei welchem Browser hast du diese Probleme, bestehen diese Probleme in alle Browsers? |
|
09.06.2013, 21:28
| #9 | |
| | Browser mocaflix ProblemZitat:
Wenn ich Google Chrome startet, erscheint er so:  Nach der Säuberung wurden die Seiten für's Erste nicht mehr angezeigt, aber erschienen dann von selbst wieder, ohne dass ich jegliche Daten oder anderes in dieser Richtung heruntergeladen bzw. installiert habe. |
|
09.06.2013, 21:40
| #10 |
| /// Malwareteam / Visitor | Browser mocaflix Problem Anscheinend ist irgendwas noch aktiv 
|
|
09.06.2013, 21:55
| #11 |
| | Browser mocaflix ProblemCode:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 03-June-2013
Tool run by **** on 09.06.2013 at 22:51:10,66.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x64
Running in: Normal Mode Internet Access Detected
==== Older Logs ======================
C:\zoek-results08.06.2013-1621.log 21178 bytes
C:\zoek-results09.06.2013-0101.log 1060 bytes
==== Folders Found In %localappdata%\Google\Chrome\User Data\Default\extensions ======================
2013-06-08 23:02:02 d-----w- C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake
2013-06-08 23:02:03 d-----w- C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf
2013-06-08 23:02:03 d-----w- C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\extensions\coobgpohoikkiipiblmjeljniedjpjpf
2013-06-08 23:02:03 d-----w- C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia
2013-06-08 23:02:04 d-----w- C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
2013-06-09 10:50:57 d-----w- C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\extensions\gighmmpiobklfepjocnamgkkbiglidom
2013-06-09 10:51:11 d-----w- C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\extensions\hgjpnmnpjmabddgmjdiaggacbololbjm
==== Reset Google Chrome ======================
C:\users\****\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\users\****\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== EOF on 09.06.2013 at 22:52:23,33 ======================
|
|
09.06.2013, 22:01
| #12 |
| /// Malwareteam / Visitor | Browser mocaflix Problem Mach mal eine System-Neustart und teste ob es fix bleibt  |
|
09.06.2013, 22:19
| #13 | |
| | Browser mocaflix ProblemZitat:
Scheint jetzt erst mal keine Probleme mehr zu geben. Ich werde auf jeden Fall morgen nochmal ne' Rückmeldung hier abgeben wie der Stand der Dinge ist, sollte das Ok sein. Ich will jetzt schon mal ein großes Danke für die Hilfe an smeenk und dem Trojaner-Board da lassen  |
|
09.06.2013, 22:21
| #14 |
| /// Malwareteam / Visitor | Browser mocaflix Problem OK bis morgen |
|
10.06.2013, 17:14
| #15 |
| | Browser mocaflix Problem Nichts bösartiges mehr gesichtet bis jetzt : ) |
|
| Themen zu Browser mocaflix Problem |
| adblock, adware.agent, akamai, backdoor.hupigon, browserdefendert, cyberghost, entfernen, flash player, hacktool.injector, homepage, internet browser, league of legends, malware.packer.as, msvcrt, nicht möglich, phishing, pricepeep, programm, realtek, registrierungsdatenbank, software, teamspeak |
Linear-Darstellung
