| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner Vers. 2.12 eingefangen, bisherige Maßnahmen erfolglosWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.07.2013, 19:39
| #16 |
| /// Malware-holic   |  GVU Trojaner Vers. 2.12 eingefangen, bisherige Maßnahmen erfolglos Aber nicht nach anleitung, bitte noch mal lesen und ausführen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.07.2013, 20:07
| #17 |
 | GVU Trojaner Vers. 2.12 eingefangen, bisherige Maßnahmen erfolglos Der Text ist zu lang.
__________________Mir wird gesagt ich soll es als Archiv an den Beitrag anhängen? Machen? oder aufteilen? |
|
10.07.2013, 20:11
| #18 |
| /// Malware-holic | GVU Trojaner Vers. 2.12 eingefangen, bisherige Maßnahmen erfolglos Teilen is auch gut.
__________________Wenn anhängen hier im Thema.
__________________ |
|
10.07.2013, 20:15
| #19 |
| | GVU Trojaner Vers. 2.12 eingefangen, bisherige Maßnahmen erfolglos Teil1 Code:
ATTFilter 20:31:04.0943 1132 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:31:05.0146 1132 ============================================================
20:31:05.0146 1132 Current date / time: 2013/07/10 20:31:05.0146
20:31:05.0146 1132 SystemInfo:
20:31:05.0146 1132
20:31:05.0146 1132 OS Version: 6.1.7601 ServicePack: 1.0
20:31:05.0146 1132 Product type: Workstation
20:31:05.0146 1132 ComputerName: MALIK-PC
20:31:05.0146 1132 UserName: Malik
20:31:05.0146 1132 Windows directory: C:\Windows
20:31:05.0146 1132 System windows directory: C:\Windows
20:31:05.0146 1132 Running under WOW64
20:31:05.0146 1132 Processor architecture: Intel x64
20:31:05.0146 1132 Number of processors: 4
20:31:05.0146 1132 Page size: 0x1000
20:31:05.0146 1132 Boot type: Normal boot
20:31:05.0146 1132 ============================================================
20:31:06.0191 1132 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:31:06.0191 1132 ============================================================
20:31:06.0191 1132 \Device\Harddisk0\DR0:
20:31:06.0191 1132 MBR partitions:
20:31:06.0191 1132 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F00800, BlocksNum 0x32000
20:31:06.0191 1132 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1F32800, BlocksNum 0x38453000
20:31:06.0191 1132 ============================================================
20:31:06.0222 1132 C: <-> \Device\Harddisk0\DR0\Partition2
20:31:06.0222 1132 ============================================================
20:31:06.0222 1132 Initialize success
20:31:06.0222 1132 ============================================================
20:31:09.0155 2552 ============================================================
20:31:09.0155 2552 Scan started
20:31:09.0155 2552 Mode: Manual;
20:31:09.0155 2552 ============================================================
20:31:14.0584 2552 ================ Scan system memory ========================
20:31:14.0584 2552 System memory - ok
20:31:14.0584 2552 ================ Scan services =============================
20:31:14.0958 2552 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:31:14.0958 2552 1394ohci - ok
20:31:15.0005 2552 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:31:15.0005 2552 ACPI - ok
20:31:15.0067 2552 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:31:15.0067 2552 AcpiPmi - ok
20:31:15.0145 2552 [ 34400005DE52842C4D6D4EE978B4D7CE ] AdobeActiveFileMonitor8.0 c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
20:31:15.0145 2552 AdobeActiveFileMonitor8.0 - ok
20:31:15.0223 2552 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:31:15.0223 2552 adp94xx - ok
20:31:15.0286 2552 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:31:15.0286 2552 adpahci - ok
20:31:15.0379 2552 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:31:15.0379 2552 adpu320 - ok
20:31:15.0426 2552 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:31:15.0426 2552 AeLookupSvc - ok
20:31:15.0504 2552 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:31:15.0504 2552 AFD - ok
20:31:15.0551 2552 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:31:15.0567 2552 agp440 - ok
20:31:15.0816 2552 [ BBE9054FDADC8D49D29C5DA4FB84A803 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll
20:31:15.0816 2552 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll. md5: BBE9054FDADC8D49D29C5DA4FB84A803
20:31:15.0832 2552 Akamai ( HiddenFile.Multi.Generic ) - warning
20:31:15.0832 2552 Akamai - detected HiddenFile.Multi.Generic (1)
20:31:15.0879 2552 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:31:15.0879 2552 ALG - ok
20:31:15.0957 2552 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:31:15.0957 2552 aliide - ok
20:31:15.0972 2552 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:31:15.0972 2552 amdide - ok
20:31:16.0019 2552 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:31:16.0019 2552 AmdK8 - ok
20:31:16.0035 2552 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:31:16.0035 2552 AmdPPM - ok
20:31:16.0097 2552 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:31:16.0097 2552 amdsata - ok
20:31:16.0128 2552 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:31:16.0128 2552 amdsbs - ok
20:31:16.0144 2552 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:31:16.0144 2552 amdxata - ok
20:31:16.0206 2552 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:31:16.0206 2552 AppID - ok
20:31:16.0253 2552 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:31:16.0253 2552 AppIDSvc - ok
20:31:16.0362 2552 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
20:31:16.0378 2552 Appinfo - ok
20:31:16.0456 2552 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:31:16.0456 2552 arc - ok
20:31:16.0487 2552 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:31:16.0487 2552 arcsas - ok
20:31:16.0534 2552 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:31:16.0565 2552 AsyncMac - ok
20:31:16.0659 2552 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:31:16.0659 2552 atapi - ok
20:31:17.0080 2552 [ C8679A07267F030704168E45E27C3D43 ] athr C:\Windows\system32\DRIVERS\athrx.sys
20:31:17.0173 2552 athr - ok
20:31:17.0314 2552 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:31:17.0329 2552 AudioEndpointBuilder - ok
20:31:17.0361 2552 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:31:17.0361 2552 AudioSrv - ok
20:31:17.0423 2552 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:31:17.0439 2552 AxInstSV - ok
20:31:17.0501 2552 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:31:17.0501 2552 b06bdrv - ok
20:31:17.0579 2552 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:31:17.0579 2552 b57nd60a - ok
20:31:17.0735 2552 [ 2618E15514736FB469B105CE729B6D9D ] b57xdbd C:\Windows\system32\DRIVERS\b57xdbd.sys
20:31:17.0735 2552 b57xdbd - ok
20:31:17.0766 2552 [ BABA4F0E2978B69B4E0B260EF7150DD6 ] b57xdmp C:\Windows\system32\DRIVERS\b57xdmp.sys
20:31:17.0766 2552 b57xdmp - ok
20:31:18.0031 2552 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:31:18.0031 2552 BDESVC - ok
20:31:18.0141 2552 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:31:18.0141 2552 Beep - ok
20:31:18.0219 2552 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:31:18.0219 2552 BFE - ok
20:31:18.0281 2552 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
20:31:18.0312 2552 BITS - ok
20:31:18.0375 2552 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:31:18.0375 2552 blbdrive - ok
20:31:18.0406 2552 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:31:18.0421 2552 bowser - ok
20:31:18.0484 2552 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:31:18.0484 2552 BrFiltLo - ok
20:31:18.0499 2552 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:31:18.0499 2552 BrFiltUp - ok
20:31:18.0546 2552 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:31:18.0546 2552 Browser - ok
20:31:18.0609 2552 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:31:18.0624 2552 Brserid - ok
20:31:18.0655 2552 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:31:18.0655 2552 BrSerWdm - ok
20:31:18.0687 2552 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:31:18.0687 2552 BrUsbMdm - ok
20:31:18.0702 2552 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:31:18.0702 2552 BrUsbSer - ok
20:31:18.0843 2552 [ 65349B60F2F5325759525199E26DA1A6 ] bScsiMSa C:\Windows\system32\DRIVERS\bScsiMSa.sys
20:31:18.0843 2552 bScsiMSa - ok
20:31:18.0952 2552 [ E6CC56662F6C6B787A1FBEA4CD247AE0 ] bScsiSDa C:\Windows\system32\DRIVERS\bScsiSDa.sys
20:31:18.0952 2552 bScsiSDa - ok
20:31:19.0030 2552 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:31:19.0030 2552 BTHMODEM - ok
20:31:19.0123 2552 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:31:19.0123 2552 bthserv - ok
20:31:19.0155 2552 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:31:19.0155 2552 cdfs - ok
20:31:19.0279 2552 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:31:19.0279 2552 cdrom - ok
20:31:19.0373 2552 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:31:19.0373 2552 CertPropSvc - ok
20:31:19.0420 2552 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:31:19.0420 2552 circlass - ok
20:31:19.0467 2552 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:31:19.0467 2552 CLFS - ok
20:31:19.0545 2552 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:31:19.0545 2552 clr_optimization_v2.0.50727_32 - ok
20:31:19.0607 2552 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:31:19.0607 2552 clr_optimization_v2.0.50727_64 - ok
20:31:19.0716 2552 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:31:20.0169 2552 clr_optimization_v4.0.30319_32 - ok
20:31:20.0590 2552 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:31:20.0590 2552 clr_optimization_v4.0.30319_64 - ok
20:31:20.0652 2552 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:31:20.0652 2552 CmBatt - ok
20:31:20.0699 2552 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:31:20.0699 2552 cmdide - ok
20:31:20.0839 2552 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:31:20.0855 2552 CNG - ok
20:31:20.0980 2552 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:31:20.0980 2552 Compbatt - ok
20:31:21.0089 2552 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:31:21.0089 2552 CompositeBus - ok
20:31:21.0136 2552 COMSysApp - ok
20:31:21.0198 2552 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:31:21.0198 2552 crcdisk - ok
20:31:21.0370 2552 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:31:21.0370 2552 CryptSvc - ok
20:31:21.0541 2552 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:31:21.0666 2552 DcomLaunch - ok
20:31:21.0807 2552 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:31:21.0822 2552 defragsvc - ok
20:31:21.0885 2552 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:31:21.0885 2552 DfsC - ok
20:31:21.0994 2552 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:31:21.0994 2552 Dhcp - ok
20:31:22.0025 2552 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:31:22.0025 2552 discache - ok
20:31:22.0306 2552 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:31:22.0321 2552 Disk - ok
20:31:22.0415 2552 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:31:22.0415 2552 Dnscache - ok
20:31:22.0524 2552 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:31:22.0540 2552 dot3svc - ok
20:31:22.0633 2552 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:31:22.0633 2552 DPS - ok
20:31:22.0727 2552 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:31:22.0727 2552 drmkaud - ok
20:31:23.0070 2552 [ 470F7F19188AB45463F8B612D6DDE7C8 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
20:31:23.0086 2552 DsiWMIService - ok
20:31:23.0367 2552 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:31:23.0382 2552 DXGKrnl - ok
20:31:23.0398 2552 EagleX64 - ok
20:31:23.0569 2552 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:31:23.0585 2552 EapHost - ok
20:31:24.0022 2552 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:31:24.0115 2552 ebdrv - ok
20:31:24.0209 2552 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:31:24.0225 2552 EFS - ok
20:31:24.0318 2552 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:31:24.0349 2552 ehRecvr - ok
20:31:24.0381 2552 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:31:24.0381 2552 ehSched - ok
20:31:24.0552 2552 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:31:24.0552 2552 elxstor - ok
20:31:24.0693 2552 [ F2E893846021CEE30AC7612B5BE66330 ] ePowerSvc C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
20:31:24.0708 2552 ePowerSvc - ok
20:31:24.0786 2552 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:31:24.0786 2552 ErrDev - ok
20:31:24.0849 2552 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:31:24.0849 2552 EventSystem - ok
20:31:24.0880 2552 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:31:24.0880 2552 exfat - ok
20:31:24.0895 2552 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:31:24.0895 2552 fastfat - ok
20:31:24.0958 2552 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:31:24.0973 2552 Fax - ok
20:31:25.0036 2552 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:31:25.0051 2552 fdc - ok
20:31:25.0098 2552 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:31:25.0098 2552 fdPHost - ok
20:31:25.0114 2552 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:31:25.0114 2552 FDResPub - ok
20:31:25.0145 2552 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:31:25.0145 2552 FileInfo - ok
20:31:25.0192 2552 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:31:25.0192 2552 Filetrace - ok
20:31:25.0270 2552 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:31:25.0285 2552 FLEXnet Licensing Service - ok
20:31:25.0317 2552 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:31:25.0317 2552 flpydisk - ok
20:31:25.0379 2552 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:31:25.0379 2552 FltMgr - ok
20:31:25.0473 2552 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
20:31:25.0504 2552 FontCache - ok
20:31:25.0551 2552 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:31:25.0551 2552 FontCache3.0.0.0 - ok
20:31:25.0582 2552 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:31:25.0582 2552 FsDepends - ok
20:31:25.0629 2552 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:31:25.0629 2552 Fs_Rec - ok
20:31:25.0691 2552 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:31:25.0691 2552 fvevol - ok
20:31:25.0738 2552 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:31:25.0738 2552 gagp30kx - ok
20:31:25.0847 2552 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe
20:31:25.0878 2552 GameConsoleService - ok
20:31:25.0925 2552 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:31:25.0941 2552 gpsvc - ok
20:31:26.0019 2552 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
20:31:26.0019 2552 GREGService - ok
20:31:26.0065 2552 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:31:26.0081 2552 hcw85cir - ok
20:31:26.0128 2552 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:31:26.0143 2552 HdAudAddService - ok
20:31:26.0237 2552 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:31:26.0237 2552 HDAudBus - ok
20:31:26.0268 2552 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:31:26.0284 2552 HidBatt - ok
20:31:26.0299 2552 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:31:26.0299 2552 HidBth - ok
20:31:26.0346 2552 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:31:26.0346 2552 HidIr - ok
20:31:26.0409 2552 [ 4965189C05ACAAC13FE47686E28EDCCE ] hidkmdf C:\Windows\system32\DRIVERS\hidkmdf.sys
20:31:26.0409 2552 hidkmdf - ok
20:31:26.0440 2552 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:31:26.0440 2552 hidserv - ok
20:31:26.0502 2552 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:31:26.0502 2552 HidUsb - ok
20:31:26.0533 2552 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:31:26.0533 2552 hkmsvc - ok
20:31:26.0565 2552 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:31:26.0565 2552 HomeGroupListener - ok
20:31:26.0611 2552 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:31:26.0611 2552 HomeGroupProvider - ok
20:31:26.0705 2552 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:31:26.0721 2552 HpSAMD - ok
20:31:27.0033 2552 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:31:27.0079 2552 HTTP - ok
20:31:27.0126 2552 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:31:27.0126 2552 hwpolicy - ok
20:31:27.0220 2552 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:31:27.0220 2552 i8042prt - ok
20:31:27.0391 2552 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:31:27.0407 2552 iaStor - ok
20:31:27.0610 2552 [ B25F192EA1F84A316EB7C19EFCCCF33D ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:31:27.0625 2552 IAStorDataMgrSvc - ok
20:31:27.0844 2552 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:31:27.0859 2552 iaStorV - ok
20:31:28.0171 2552 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:31:28.0281 2552 idsvc - ok
20:31:31.0447 2552 [ 553228E67639F52C9BD86362C0C64F85 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:31:31.0775 2552 igfx - ok
20:31:31.0822 2552 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:31:31.0822 2552 iirsp - ok
20:31:31.0869 2552 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:31:31.0884 2552 IKEEXT - ok
20:31:32.0321 2552 [ DD1FC331286A33F396945115AE4E5E8A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:31:32.0337 2552 IntcAzAudAddService - ok
20:31:32.0415 2552 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
20:31:32.0415 2552 IntcDAud - ok
20:31:32.0461 2552 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:31:32.0461 2552 intelide - ok
20:31:32.0649 2552 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:31:32.0649 2552 intelppm - ok
20:31:32.0711 2552 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:31:32.0867 2552 IPBusEnum - ok
20:31:32.0945 2552 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:31:32.0945 2552 IpFilterDriver - ok
20:31:33.0241 2552 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:31:33.0273 2552 iphlpsvc - ok
20:31:33.0335 2552 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:31:33.0351 2552 IPMIDRV - ok
20:31:33.0397 2552 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:31:33.0397 2552 IPNAT - ok
20:31:33.0460 2552 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:31:33.0460 2552 IRENUM - ok
20:31:33.0538 2552 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:31:33.0553 2552 isapnp - ok
20:31:33.0694 2552 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:31:33.0694 2552 iScsiPrt - ok
20:31:33.0865 2552 [ 81458A917F8CC7A5171759218D64FA3A ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
20:31:33.0865 2552 k57nd60a - ok
20:31:33.0943 2552 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:31:33.0943 2552 kbdclass - ok
20:31:34.0131 2552 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:31:34.0131 2552 kbdhid - ok
20:31:34.0162 2552 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:31:34.0162 2552 KeyIso - ok
20:31:34.0193 2552 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:31:34.0193 2552 KSecDD - ok
20:31:34.0224 2552 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:31:34.0224 2552 KSecPkg - ok
20:31:34.0255 2552 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:31:34.0255 2552 ksthunk - ok
20:31:34.0287 2552 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:31:34.0302 2552 KtmRm - ok
20:31:34.0349 2552 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:31:34.0349 2552 LanmanServer - ok
20:31:34.0411 2552 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:31:34.0411 2552 LanmanWorkstation - ok
20:31:34.0474 2552 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:31:34.0474 2552 lltdio - ok
20:31:34.0505 2552 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:31:34.0505 2552 lltdsvc - ok
20:31:34.0536 2552 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:31:34.0552 2552 lmhosts - ok
20:31:34.0645 2552 [ D7E0BED3EA21D7BDDD410ADE51708D90 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:31:34.0645 2552 LMS - ok
20:31:34.0692 2552 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:31:34.0692 2552 LSI_FC - ok
20:31:34.0708 2552 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:31:34.0708 2552 LSI_SAS - ok
20:31:34.0723 2552 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:31:34.0723 2552 LSI_SAS2 - ok
20:31:34.0739 2552 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:31:34.0770 2552 LSI_SCSI - ok
20:31:34.0833 2552 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:31:34.0833 2552 luafv - ok
20:31:34.0957 2552 [ 3D1516114F5B1548864D043177F992A6 ] lxeaCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe
20:31:34.0957 2552 lxeaCATSCustConnectService - ok
20:31:35.0020 2552 lxea_device - ok
20:31:35.0082 2552 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:31:35.0082 2552 MBAMProtector - ok
20:31:35.0145 2552 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:31:35.0160 2552 MBAMScheduler - ok
20:31:35.0223 2552 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:31:35.0223 2552 MBAMService - ok
20:31:35.0269 2552 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:31:35.0269 2552 Mcx2Svc - ok
20:31:35.0285 2552 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:31:35.0285 2552 megasas - ok
20:31:35.0316 2552 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:31:35.0316 2552 MegaSR - ok
20:31:35.0379 2552 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
20:31:35.0379 2552 MEIx64 - ok
20:31:35.0425 2552 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:31:35.0425 2552 MMCSS - ok
20:31:35.0457 2552 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:31:35.0457 2552 Modem - ok
20:31:35.0488 2552 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:31:35.0488 2552 monitor - ok
20:31:35.0503 2552 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:31:35.0519 2552 mouclass - ok
20:31:35.0535 2552 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:31:35.0550 2552 mouhid - ok
20:31:35.0581 2552 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:31:35.0597 2552 mountmgr - ok
20:31:35.0691 2552 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:31:35.0691 2552 MozillaMaintenance - ok
20:31:35.0722 2552 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:31:35.0722 2552 mpio - ok
20:31:35.0753 2552 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:31:35.0753 2552 mpsdrv - ok
20:31:35.0800 2552 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:31:35.0815 2552 MpsSvc - ok
20:31:35.0862 2552 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:31:35.0878 2552 MRxDAV - ok
20:31:35.0893 2552 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:31:35.0909 2552 mrxsmb - ok
20:31:35.0925 2552 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:31:35.0925 2552 mrxsmb10 - ok
20:31:35.0956 2552 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:31:35.0956 2552 mrxsmb20 - ok
20:31:35.0971 2552 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:31:35.0971 2552 msahci - ok
20:31:36.0018 2552 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:31:36.0018 2552 msdsm - ok
20:31:36.0065 2552 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:31:36.0065 2552 MSDTC - ok
20:31:36.0112 2552 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:31:36.0112 2552 Msfs - ok
20:31:36.0127 2552 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:31:36.0127 2552 mshidkmdf - ok
20:31:36.0143 2552 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:31:36.0143 2552 msisadrv - ok
20:31:36.0174 2552 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:31:36.0174 2552 MSiSCSI - ok
20:31:36.0190 2552 msiserver - ok
20:31:36.0237 2552 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:31:36.0237 2552 MSKSSRV - ok
20:31:36.0268 2552 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:31:36.0268 2552 MSPCLOCK - ok
20:31:36.0299 2552 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:31:36.0299 2552 MSPQM - ok
20:31:36.0346 2552 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:31:36.0346 2552 MsRPC - ok
20:31:36.0393 2552 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:31:36.0393 2552 mssmbios - ok
20:31:36.0439 2552 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:31:36.0439 2552 MSTEE - ok
20:31:36.0471 2552 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:31:36.0486 2552 MTConfig - ok
20:31:36.0564 2552 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:31:36.0580 2552 Mup - ok
20:31:36.0627 2552 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:31:36.0642 2552 napagent - ok
20:31:36.0705 2552 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:31:36.0705 2552 NativeWifiP - ok
20:31:36.0783 2552 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
20:31:36.0985 2552 NDIS - ok
20:31:37.0048 2552 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:31:37.0048 2552 NdisCap - ok
20:31:37.0079 2552 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:31:37.0079 2552 NdisTapi - ok
20:31:37.0141 2552 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:31:37.0141 2552 Ndisuio - ok
20:31:37.0188 2552 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:31:37.0188 2552 NdisWan - ok
20:31:37.0219 2552 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:31:37.0219 2552 NDProxy - ok
20:31:37.0329 2552 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
20:31:37.0563 2552 Nero BackItUp Scheduler 4.0 - ok
20:31:37.0625 2552 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:31:37.0625 2552 NetBIOS - ok
20:31:37.0656 2552 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:31:37.0656 2552 NetBT - ok
20:31:37.0672 2552 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:31:37.0687 2552 Netlogon - ok
20:31:37.0750 2552 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:31:37.0765 2552 Netman - ok
20:31:37.0781 2552 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:31:37.0797 2552 netprofm - ok
20:31:37.0828 2552 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:31:37.0843 2552 NetTcpPortSharing - ok
20:31:37.0890 2552 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:31:37.0890 2552 nfrd960 - ok
20:31:37.0953 2552 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:31:37.0968 2552 NlaSvc - ok
20:31:37.0999 2552 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:31:37.0999 2552 Npfs - ok
20:31:38.0031 2552 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:31:38.0031 2552 nsi - ok
20:31:38.0062 2552 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:31:38.0062 2552 nsiproxy - ok
20:31:38.0140 2552 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:31:38.0218 2552 Ntfs - ok
20:31:38.0280 2552 [ 8F59A2506AF43F96F5397B3C79938AE9 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe
20:31:38.0296 2552 NTI IScheduleSvc - ok
20:31:38.0327 2552 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
20:31:38.0327 2552 NTIDrvr - ok
20:31:38.0343 2552 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:31:38.0343 2552 Null - ok
20:31:38.0405 2552 [ 786DB821BFD57C0551DBBE4F75384A7D ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
20:31:38.0405 2552 nusb3hub - ok
20:31:38.0421 2552 [ DAA8005CAF745042BB427A1ED7433354 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:31:38.0421 2552 nusb3xhc - ok
20:31:38.0483 2552 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:31:38.0483 2552 nvraid - ok
20:31:38.0499 2552 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:31:38.0514 2552 nvstor - ok
20:31:38.0561 2552 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:31:38.0561 2552 nv_agp - ok
20:31:38.0608 2552 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:31:38.0608 2552 ohci1394 - ok
20:31:38.0655 2552 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:31:38.0670 2552 p2pimsvc - ok
20:31:38.0701 2552 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:31:38.0717 2552 p2psvc - ok
20:31:38.0795 2552 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:31:38.0795 2552 Parport - ok
20:31:38.0826 2552 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:31:38.0826 2552 partmgr - ok
20:31:38.0873 2552 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:31:38.0873 2552 PcaSvc - ok
20:31:38.0920 2552 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:31:38.0920 2552 pci - ok
20:31:38.0951 2552 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:31:38.0951 2552 pciide - ok
20:31:39.0013 2552 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:31:39.0013 2552 pcmcia - ok
20:31:39.0029 2552 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:31:39.0029 2552 pcw - ok
20:31:39.0076 2552 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:31:39.0107 2552 PEAUTH - ok
20:31:39.0232 2552 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:31:39.0232 2552 PerfHost - ok
20:31:39.0325 2552 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:31:39.0388 2552 pla - ok
20:31:39.0481 2552 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:31:39.0481 2552 PlugPlay - ok
20:31:39.0513 2552 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:31:39.0528 2552 PNRPAutoReg - ok
20:31:39.0544 2552 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:31:39.0559 2552 PNRPsvc - ok
20:31:39.0606 2552 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:31:39.0622 2552 PolicyAgent - ok
20:31:39.0669 2552 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:31:39.0669 2552 Power - ok
20:31:39.0747 2552 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:31:39.0747 2552 PptpMiniport - ok
20:31:39.0778 2552 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:31:39.0778 2552 Processor - ok
20:31:39.0825 2552 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:31:39.0840 2552 ProfSvc - ok
20:31:39.0856 2552 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:31:39.0856 2552 ProtectedStorage - ok
20:31:39.0918 2552 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:31:39.0918 2552 Psched - ok
20:31:39.0965 2552 [ FBF4DB6D53585437E41A113300002A2B ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
20:31:39.0965 2552 PxHlpa64 - ok
20:31:40.0027 2552 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:31:40.0074 2552 ql2300 - ok
20:31:40.0105 2552 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:31:40.0105 2552 ql40xx - ok
20:31:40.0230 2552 [ A279D9B07CA837EF8139D3F4857328DB ] QuickTimeUpdater C:\Users\Malik\AppData\LocalLow\QuickTime\IE\QuickTimeUpdater.exe
20:31:40.0230 2552 QuickTimeUpdater - ok
20:31:40.0261 2552 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:31:40.0261 2552 QWAVE - ok
20:31:40.0308 2552 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:31:40.0308 2552 QWAVEdrv - ok
20:31:40.0324 2552 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:31:40.0324 2552 RasAcd - ok
20:31:40.0386 2552 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:31:40.0386 2552 RasAgileVpn - ok
20:31:40.0433 2552 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:31:40.0433 2552 RasAuto - ok
20:31:40.0480 2552 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:31:40.0480 2552 Rasl2tp - ok
20:31:40.0542 2552 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:31:40.0558 2552 RasMan - ok
20:31:40.0620 2552 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:31:40.0620 2552 RasPppoe - ok
20:31:40.0667 2552 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:31:40.0667 2552 RasSstp - ok
20:31:40.0698 2552 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:31:40.0714 2552 rdbss - ok
20:31:40.0745 2552 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:31:40.0776 2552 rdpbus - ok
20:31:40.0823 2552 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:31:40.0823 2552 RDPCDD - ok
20:31:40.0839 2552 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:31:40.0839 2552 RDPENCDD - ok
20:31:40.0885 2552 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:31:40.0885 2552 RDPREFMP - ok
20:31:40.0932 2552 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:31:40.0932 2552 RDPWD - ok
20:31:40.0995 2552 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:31:41.0010 2552 rdyboost - ok
20:31:41.0057 2552 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:31:41.0057 2552 RemoteAccess - ok
20:31:41.0088 2552 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:31:41.0104 2552 RemoteRegistry - ok
20:31:41.0197 2552 [ CC6943E37FF6B0DAFF4B2580B0BB9721 ] RichVideo C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
20:31:41.0213 2552 RichVideo - ok
20:31:41.0260 2552 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:31:41.0275 2552 RpcEptMapper - ok
20:31:41.0307 2552 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:31:41.0307 2552 RpcLocator - ok
20:31:41.0338 2552 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:31:41.0353 2552 RpcSs - ok
20:31:41.0400 2552 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:31:41.0400 2552 rspndr - ok
20:31:41.0416 2552 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:31:41.0431 2552 SamSs - ok
20:31:41.0463 2552 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:31:41.0478 2552 sbp2port - ok
20:31:41.0509 2552 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:31:41.0525 2552 SCardSvr - ok
20:31:41.0541 2552 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:31:41.0556 2552 scfilter - ok
20:31:41.0603 2552 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:31:41.0650 2552 Schedule - ok
20:31:41.0697 2552 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:31:41.0697 2552 SCPolicySvc - ok
20:31:41.0759 2552 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
20:31:41.0759 2552 sdbus - ok
20:31:41.0790 2552 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:31:41.0790 2552 SDRSVC - ok
20:31:41.0821 2552 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:31:41.0821 2552 secdrv - ok
20:31:41.0868 2552 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:31:41.0868 2552 seclogon - ok
20:31:41.0915 2552 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:31:41.0931 2552 SENS - ok
20:31:41.0962 2552 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:31:41.0977 2552 SensrSvc - ok
20:31:42.0024 2552 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:31:42.0024 2552 Serenum - ok
20:31:42.0040 2552 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:31:42.0040 2552 Serial - ok
20:31:42.0087 2552 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:31:42.0087 2552 sermouse - ok
20:31:42.0149 2552 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:31:42.0149 2552 SessionEnv - ok
20:31:42.0196 2552 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:31:42.0196 2552 sffdisk - ok
20:31:42.0227 2552 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:31:42.0243 2552 sffp_mmc - ok
20:31:42.0274 2552 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:31:42.0289 2552 sffp_sd - ok
20:31:42.0336 2552 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:31:42.0336 2552 sfloppy - ok
20:31:42.0414 2552 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:31:42.0414 2552 SharedAccess - ok
20:31:42.0461 2552 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:31:42.0492 2552 ShellHWDetection - ok
20:31:42.0508 2552 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:31:42.0508 2552 SiSRaid2 - ok
20:31:42.0539 2552 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:31:42.0555 2552 SiSRaid4 - ok
20:31:42.0773 2552 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:31:42.0882 2552 Skype C2C Service - ok
20:31:43.0007 2552 [ 4E8A4BB5B11D828FF986F6228B1CD3DF ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:31:43.0023 2552 SkypeUpdate - ok
20:31:43.0054 2552 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:31:43.0054 2552 Smb - ok
20:31:43.0116 2552 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:31:43.0132 2552 SNMPTRAP - ok
20:31:43.0163 2552 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:31:43.0163 2552 spldr - ok
20:31:43.0210 2552 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
20:31:43.0225 2552 Spooler - ok
20:31:43.0366 2552 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:31:43.0491 2552 sppsvc - ok
20:31:43.0537 2552 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:31:43.0537 2552 sppuinotify - ok
20:31:43.0584 2552 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:31:43.0600 2552 srv - ok
20:31:43.0631 2552 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:31:43.0647 2552 srv2 - ok
20:31:43.0709 2552 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:31:43.0709 2552 srvnet - ok
20:31:43.0771 2552 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:31:43.0771 2552 SSDPSRV - ok
20:31:43.0803 2552 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:31:43.0803 2552 SstpSvc - ok
20:31:43.0834 2552 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:31:43.0834 2552 stexstor - ok
20:31:43.0896 2552 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:31:43.0927 2552 stisvc - ok
20:31:44.0005 2552 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:31:44.0005 2552 swenum - ok
20:31:44.0146 2552 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:31:44.0161 2552 SwitchBoard - ok
20:31:44.0224 2552 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:31:44.0239 2552 swprv - ok
20:31:44.0349 2552 [ EF51B22706DB03F0857FADE127C804EC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:31:44.0380 2552 SynTP - ok
20:31:44.0489 2552 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:31:44.0567 2552 SysMain - ok
20:31:44.0614 2552 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:31:44.0614 2552 TabletInputService - ok
20:31:45.0051 2552 [ 1CBBC0EB320BC9195A886FD0D183BEBC ] TabletServiceWacom C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
20:31:45.0331 2552 TabletServiceWacom - ok
20:31:45.0378 2552 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:31:45.0378 2552 TapiSrv - ok
20:31:45.0425 2552 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:31:45.0441 2552 TBS - ok
20:31:45.0550 2552 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:31:45.0628 2552 Tcpip - ok
20:31:45.0706 2552 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:31:45.0721 2552 TCPIP6 - ok
20:31:45.0768 2552 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:31:45.0768 2552 tcpipreg - ok
20:31:45.0831 2552 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:31:45.0831 2552 TDPIPE - ok
20:31:45.0877 2552 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:31:45.0877 2552 TDTCP - ok
20:31:45.0924 2552 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:31:45.0924 2552 tdx - ok
20:31:45.0971 2552 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:31:45.0971 2552 TermDD - ok
20:31:46.0002 2552 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:31:46.0033 2552 TermService - ok
20:31:46.0096 2552 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:31:46.0111 2552 Themes - ok
20:31:46.0127 2552 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:31:46.0143 2552 THREADORDER - ok
20:31:46.0205 2552 [ C0F628F426FA7A6C2AAEFDAE5A00F20B ] TouchServiceWacom C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
20:31:46.0221 2552 TouchServiceWacom - ok
20:31:46.0252 2552 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:31:46.0252 2552 TrkWks - ok
20:31:46.0314 2552 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:31:46.0314 2552 TrustedInstaller - ok
20:31:46.0361 2552 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:31:46.0361 2552 tssecsrv - ok
20:31:46.0423 2552 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:31:46.0423 2552 TsUsbFlt - ok
20:31:46.0486 2552 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:31:46.0486 2552 tunnel - ok
20:31:46.0517 2552 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:31:46.0533 2552 uagp35 - ok
20:31:46.0564 2552 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
20:31:46.0564 2552 UBHelper - ok
20:31:46.0595 2552 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:31:46.0611 2552 udfs - ok
20:31:46.0657 2552 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:31:46.0657 2552 UI0Detect - ok
20:31:46.0673 2552 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:31:46.0689 2552 uliagpkx - ok
20:31:46.0704 2552 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
20:31:46.0720 2552 umbus - ok
20:31:46.0735 2552 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:31:46.0751 2552 UmPass - ok
20:31:46.0954 2552 [ A678E5DDD974903DD71F503BDCACA218 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:31:47.0047 2552 UNS - ok
20:31:47.0094 2552 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
20:31:47.0110 2552 Updater Service - ok
20:31:47.0157 2552 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:31:47.0157 2552 upnphost - ok
20:31:47.0250 2552 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:31:47.0250 2552 usbaudio - ok
20:31:47.0281 2552 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:31:47.0281 2552 usbccgp - ok
20:31:47.0344 2552 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:31:47.0344 2552 usbcir - ok
20:31:47.0375 2552 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
20:31:47.0375 2552 usbehci - ok
20:31:47.0406 2552 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:31:47.0422 2552 usbhub - ok
20:31:47.0484 2552 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:31:47.0484 2552 usbohci - ok
20:31:47.0515 2552 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:31:47.0515 2552 usbprint - ok
20:31:47.0547 2552 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:31:47.0547 2552 usbscan - ok
20:31:47.0578 2552 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
20:31:47.0593 2552 USBSTOR - ok
20:31:47.0609 2552 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:31:47.0625 2552 usbuhci - ok
20:31:47.0671 2552 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:31:47.0671 2552 usbvideo - ok
20:31:47.0703 2552 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:31:47.0718 2552 UxSms - ok
20:31:47.0718 2552 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:31:47.0734 2552 VaultSvc - ok
20:31:47.0765 2552 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:31:47.0765 2552 vdrvroot - ok
20:31:47.0812 2552 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:31:47.0843 2552 vds - ok
20:31:47.0921 2552 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:31:47.0921 2552 vga - ok
20:31:47.0968 2552 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:31:47.0968 2552 VgaSave - ok
20:31:47.0999 2552 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:31:47.0999 2552 vhdmp - ok
20:31:48.0046 2552 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:31:48.0046 2552 viaide - ok
20:31:48.0077 2552 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:31:48.0077 2552 volmgr - ok
20:31:48.0124 2552 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:31:48.0124 2552 volmgrx - ok
20:31:48.0202 2552 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:31:48.0202 2552 volsnap - ok
20:31:48.0233 2552 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:31:48.0233 2552 vsmraid - ok
20:31:48.0311 2552 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:31:48.0373 2552 VSS - ok
20:31:48.0389 2552 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:31:48.0405 2552 vwifibus - ok
20:31:48.0436 2552 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:31:48.0436 2552 vwififlt - ok
20:31:48.0498 2552 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
20:31:48.0498 2552 vwifimp - ok
20:31:48.0545 2552 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:31:48.0561 2552 W32Time - ok
20:31:48.0607 2552 [ F713C4EE053219C9A22540A99380F2F2 ] WacHidRouter C:\Windows\system32\DRIVERS\wachidrouter.sys
20:31:48.0607 2552 WacHidRouter - ok
20:31:48.0639 2552 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:31:48.0639 2552 WacomPen - ok
20:31:48.0670 2552 [ B59EC4DD1026F059CD95C1627562F3F3 ] wacomrouterfilter C:\Windows\system32\DRIVERS\wacomrouterfilter.sys
20:31:48.0685 2552 wacomrouterfilter - ok
20:31:48.0732 2552 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:31:48.0732 2552 WANARP - ok
20:31:48.0763 2552 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:31:48.0763 2552 Wanarpv6 - ok
20:31:48.0904 2552 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:31:48.0966 2552 wbengine - ok
20:31:48.0997 2552 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:31:49.0013 2552 WbioSrvc - ok
20:31:49.0044 2552 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:31:49.0060 2552 wcncsvc - ok
20:31:49.0122 2552 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:31:49.0122 2552 WcsPlugInService - ok
20:31:49.0169 2552 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:31:49.0169 2552 Wd - ok
20:31:49.0200 2552 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:31:49.0231 2552 Wdf01000 - ok
20:31:49.0309 2552 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:31:49.0309 2552 WdiServiceHost - ok
20:31:49.0325 2552 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:31:49.0325 2552 WdiSystemHost - ok
20:31:49.0356 2552 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:31:49.0372 2552 WebClient - ok
20:31:49.0403 2552 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:31:49.0403 2552 Wecsvc - ok
20:31:49.0419 2552 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:31:49.0419 2552 wercplsupport - ok
20:31:49.0434 2552 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:31:49.0434 2552 WerSvc - ok
20:31:49.0450 2552 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:31:49.0450 2552 WfpLwf - ok
20:31:49.0465 2552 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:31:49.0465 2552 WIMMount - ok
20:31:49.0497 2552 WinDefend - ok
20:31:49.0497 2552 WinHttpAutoProxySvc - ok
20:31:49.0575 2552 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:31:49.0575 2552 Winmgmt - ok
20:31:49.0653 2552 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:31:49.0731 2552 WinRM - ok
20:31:49.0809 2552 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:31:49.0809 2552 WinUsb - ok
20:31:49.0871 2552 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:31:49.0902 2552 Wlansvc - ok
20:31:49.0949 2552 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:31:49.0949 2552 wlcrasvc - ok
20:31:50.0074 2552 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:31:50.0167 2552 wlidsvc - ok
20:31:50.0245 2552 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:31:50.0245 2552 WmiAcpi - ok
20:31:50.0277 2552 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:31:50.0277 2552 wmiApSrv - ok
20:31:50.0339 2552 WMPNetworkSvc - ok
20:31:50.0386 2552 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:31:50.0386 2552 WPCSvc - ok
20:31:50.0417 2552 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:31:50.0417 2552 WPDBusEnum - ok
20:31:50.0448 2552 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:31:50.0448 2552 ws2ifsl - ok
20:31:50.0464 2552 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
20:31:50.0479 2552 wscsvc - ok
20:31:50.0479 2552 WSearch - ok
20:31:50.0589 2552 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:31:50.0667 2552 wuauserv - ok
20:31:50.0698 2552 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:31:50.0698 2552 WudfPf - ok
20:31:50.0760 2552 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:31:50.0760 2552 WUDFRd - ok
20:31:50.0791 2552 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:31:50.0791 2552 wudfsvc - ok
20:31:50.0823 2552 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:31:50.0838 2552 WwanSvc - ok
20:31:50.0916 2552 X6va005 - ok
20:31:50.0963 2552 ================ Scan global ===============================
20:31:50.0994 2552 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:31:51.0025 2552 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:31:51.0057 2552 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:31:51.0103 2552 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:31:51.0150 2552 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:31:51.0166 2552 [Global] - ok
20:31:51.0166 2552 ================ Scan MBR ==================================
|
|
10.07.2013, 20:15
| #20 |
| | GVU Trojaner Vers. 2.12 eingefangen, bisherige Maßnahmen erfolglos Teil 2 Code:
ATTFilter 20:31:51.0181 2552 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:31:51.0790 2552 \Device\Harddisk0\DR0 - ok
20:31:51.0790 2552 ================ Scan VBR ==================================
20:31:51.0805 2552 [ B8AAFADFF5297C34226A6E4508A69F90 ] \Device\Harddisk0\DR0\Partition1
20:31:51.0805 2552 \Device\Harddisk0\DR0\Partition1 - ok
20:31:51.0821 2552 [ 61A60476E5A52DE5E1364021A4E77928 ] \Device\Harddisk0\DR0\Partition2
20:31:51.0821 2552 \Device\Harddisk0\DR0\Partition2 - ok
20:31:51.0821 2552 ============================================================
20:31:51.0821 2552 Scan finished
20:31:51.0821 2552 ============================================================
20:31:51.0837 4176 Detected object count: 1
20:31:51.0837 4176 Actual detected object count: 1
20:33:46.0101 4176 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
20:33:46.0101 4176 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
21:02:06.0685 6012 ============================================================
21:02:06.0685 6012 Scan started
21:02:06.0685 6012 Mode: Manual; SigCheck; TDLFS;
21:02:06.0685 6012 ============================================================
21:02:06.0945 6012 ================ Scan system memory ========================
21:02:06.0945 6012 System memory - ok
21:02:06.0945 6012 ================ Scan services =============================
21:02:07.0165 6012 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:02:07.0285 6012 1394ohci - ok
21:02:07.0325 6012 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:02:07.0335 6012 ACPI - ok
21:02:07.0375 6012 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:02:07.0395 6012 AcpiPmi - ok
21:02:07.0485 6012 [ 34400005DE52842C4D6D4EE978B4D7CE ] AdobeActiveFileMonitor8.0 c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
21:02:07.0495 6012 AdobeActiveFileMonitor8.0 - ok
21:02:07.0535 6012 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:02:07.0545 6012 adp94xx - ok
21:02:07.0575 6012 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:02:07.0585 6012 adpahci - ok
21:02:07.0605 6012 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:02:07.0615 6012 adpu320 - ok
21:02:07.0655 6012 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:02:07.0685 6012 AeLookupSvc - ok
21:02:07.0745 6012 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:02:07.0765 6012 AFD - ok
21:02:07.0795 6012 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:02:07.0805 6012 agp440 - ok
21:02:07.0985 6012 [ BBE9054FDADC8D49D29C5DA4FB84A803 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll
21:02:07.0985 6012 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll. md5: BBE9054FDADC8D49D29C5DA4FB84A803
21:02:07.0995 6012 Akamai ( HiddenFile.Multi.Generic ) - warning
21:02:07.0995 6012 Akamai - detected HiddenFile.Multi.Generic (1)
21:02:08.0025 6012 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:02:08.0055 6012 ALG - ok
21:02:08.0095 6012 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:02:08.0105 6012 aliide - ok
21:02:08.0125 6012 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:02:08.0135 6012 amdide - ok
21:02:08.0165 6012 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:02:08.0205 6012 AmdK8 - ok
21:02:08.0235 6012 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:02:08.0245 6012 AmdPPM - ok
21:02:08.0275 6012 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:02:08.0285 6012 amdsata - ok
21:02:08.0315 6012 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:02:08.0325 6012 amdsbs - ok
21:02:08.0345 6012 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:02:08.0345 6012 amdxata - ok
21:02:08.0375 6012 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:02:08.0405 6012 AppID - ok
21:02:08.0445 6012 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:02:08.0495 6012 AppIDSvc - ok
21:02:08.0535 6012 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
21:02:08.0545 6012 Appinfo - ok
21:02:08.0585 6012 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:02:08.0595 6012 arc - ok
21:02:08.0605 6012 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:02:08.0615 6012 arcsas - ok
21:02:08.0625 6012 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:02:08.0695 6012 AsyncMac - ok
21:02:08.0725 6012 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:02:08.0735 6012 atapi - ok
21:02:08.0805 6012 [ C8679A07267F030704168E45E27C3D43 ] athr C:\Windows\system32\DRIVERS\athrx.sys
21:02:08.0845 6012 athr - ok
21:02:08.0885 6012 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:02:08.0945 6012 AudioEndpointBuilder - ok
21:02:09.0005 6012 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:02:09.0045 6012 AudioSrv - ok
21:02:09.0085 6012 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:02:09.0105 6012 AxInstSV - ok
21:02:09.0165 6012 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:02:09.0175 6012 b06bdrv - ok
21:02:09.0245 6012 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:02:09.0265 6012 b57nd60a - ok
21:02:09.0295 6012 [ 2618E15514736FB469B105CE729B6D9D ] b57xdbd C:\Windows\system32\DRIVERS\b57xdbd.sys
21:02:09.0335 6012 b57xdbd - ok
21:02:09.0375 6012 [ BABA4F0E2978B69B4E0B260EF7150DD6 ] b57xdmp C:\Windows\system32\DRIVERS\b57xdmp.sys
21:02:09.0375 6012 b57xdmp - ok
21:02:09.0405 6012 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:02:09.0435 6012 BDESVC - ok
21:02:09.0455 6012 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:02:09.0495 6012 Beep - ok
21:02:09.0545 6012 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:02:09.0605 6012 BFE - ok
21:02:09.0655 6012 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:02:09.0715 6012 BITS - ok
21:02:09.0735 6012 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:02:09.0775 6012 blbdrive - ok
21:02:09.0815 6012 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:02:09.0825 6012 bowser - ok
21:02:09.0855 6012 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:02:09.0895 6012 BrFiltLo - ok
21:02:09.0895 6012 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:02:09.0915 6012 BrFiltUp - ok
21:02:09.0955 6012 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:02:09.0985 6012 Browser - ok
21:02:10.0016 6012 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:02:10.0031 6012 Brserid - ok
21:02:10.0031 6012 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:02:10.0078 6012 BrSerWdm - ok
21:02:10.0094 6012 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:02:10.0109 6012 BrUsbMdm - ok
21:02:10.0109 6012 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:02:10.0156 6012 BrUsbSer - ok
21:02:10.0187 6012 [ 65349B60F2F5325759525199E26DA1A6 ] bScsiMSa C:\Windows\system32\DRIVERS\bScsiMSa.sys
21:02:10.0203 6012 bScsiMSa - ok
21:02:10.0203 6012 [ E6CC56662F6C6B787A1FBEA4CD247AE0 ] bScsiSDa C:\Windows\system32\DRIVERS\bScsiSDa.sys
21:02:10.0219 6012 bScsiSDa - ok
21:02:10.0234 6012 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:02:10.0265 6012 BTHMODEM - ok
21:02:10.0312 6012 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:02:10.0343 6012 bthserv - ok
21:02:10.0390 6012 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:02:10.0421 6012 cdfs - ok
21:02:10.0453 6012 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
21:02:10.0468 6012 cdrom - ok
21:02:10.0499 6012 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:02:10.0531 6012 CertPropSvc - ok
21:02:10.0546 6012 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:02:10.0577 6012 circlass - ok
21:02:10.0624 6012 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:02:10.0640 6012 CLFS - ok
21:02:10.0702 6012 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:02:10.0718 6012 clr_optimization_v2.0.50727_32 - ok
21:02:10.0780 6012 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:02:10.0780 6012 clr_optimization_v2.0.50727_64 - ok
21:02:10.0843 6012 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:02:10.0858 6012 clr_optimization_v4.0.30319_32 - ok
21:02:10.0905 6012 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:02:10.0905 6012 clr_optimization_v4.0.30319_64 - ok
21:02:10.0921 6012 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:02:10.0936 6012 CmBatt - ok
21:02:10.0952 6012 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:02:10.0952 6012 cmdide - ok
21:02:11.0014 6012 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:02:11.0061 6012 CNG - ok
21:02:11.0092 6012 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:02:11.0108 6012 Compbatt - ok
21:02:11.0123 6012 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:02:11.0139 6012 CompositeBus - ok
21:02:11.0139 6012 COMSysApp - ok
21:02:11.0155 6012 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:02:11.0170 6012 crcdisk - ok
21:02:11.0217 6012 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:02:11.0248 6012 CryptSvc - ok
21:02:11.0311 6012 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:02:11.0357 6012 DcomLaunch - ok
21:02:11.0404 6012 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:02:11.0451 6012 defragsvc - ok
21:02:11.0482 6012 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:02:11.0545 6012 DfsC - ok
21:02:11.0576 6012 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:02:11.0638 6012 Dhcp - ok
21:02:11.0685 6012 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:02:11.0716 6012 discache - ok
21:02:11.0732 6012 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:02:11.0747 6012 Disk - ok
21:02:11.0779 6012 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:02:11.0779 6012 Dnscache - ok
21:02:11.0810 6012 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:02:11.0841 6012 dot3svc - ok
21:02:11.0888 6012 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:02:11.0919 6012 DPS - ok
21:02:11.0935 6012 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:02:11.0950 6012 drmkaud - ok
21:02:12.0028 6012 [ 470F7F19188AB45463F8B612D6DDE7C8 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
21:02:12.0028 6012 DsiWMIService - ok
21:02:12.0091 6012 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:02:12.0106 6012 DXGKrnl - ok
21:02:12.0106 6012 EagleX64 - ok
21:02:12.0169 6012 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:02:12.0215 6012 EapHost - ok
21:02:12.0309 6012 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:02:12.0356 6012 ebdrv - ok
21:02:12.0403 6012 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:02:12.0418 6012 EFS - ok
21:02:12.0496 6012 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:02:12.0512 6012 ehRecvr - ok
21:02:12.0574 6012 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:02:12.0605 6012 ehSched - ok
21:02:12.0637 6012 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:02:12.0652 6012 elxstor - ok
21:02:12.0746 6012 [ F2E893846021CEE30AC7612B5BE66330 ] ePowerSvc C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
21:02:12.0777 6012 ePowerSvc - ok
21:02:12.0808 6012 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:02:12.0824 6012 ErrDev - ok
21:02:12.0871 6012 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:02:12.0902 6012 EventSystem - ok
21:02:12.0949 6012 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:02:13.0011 6012 exfat - ok
21:02:13.0042 6012 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:02:13.0105 6012 fastfat - ok
21:02:13.0167 6012 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:02:13.0183 6012 Fax - ok
21:02:13.0245 6012 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:02:13.0245 6012 fdc - ok
21:02:13.0276 6012 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:02:13.0323 6012 fdPHost - ok
21:02:13.0354 6012 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:02:13.0401 6012 FDResPub - ok
21:02:13.0432 6012 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:02:13.0432 6012 FileInfo - ok
21:02:13.0448 6012 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:02:13.0495 6012 Filetrace - ok
21:02:13.0541 6012 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:02:13.0557 6012 FLEXnet Licensing Service - ok
21:02:13.0573 6012 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:02:13.0604 6012 flpydisk - ok
21:02:13.0651 6012 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:02:13.0666 6012 FltMgr - ok
21:02:13.0713 6012 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
21:02:13.0760 6012 FontCache - ok
21:02:13.0807 6012 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:02:13.0822 6012 FontCache3.0.0.0 - ok
21:02:13.0838 6012 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:02:13.0838 6012 FsDepends - ok
21:02:13.0885 6012 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:02:13.0885 6012 Fs_Rec - ok
21:02:13.0916 6012 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:02:13.0931 6012 fvevol - ok
21:02:13.0947 6012 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:02:13.0947 6012 gagp30kx - ok
21:02:14.0025 6012 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe
21:02:14.0041 6012 GameConsoleService - ok
21:02:14.0072 6012 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:02:14.0119 6012 gpsvc - ok
21:02:14.0150 6012 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
21:02:14.0165 6012 GREGService - ok
21:02:14.0181 6012 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:02:14.0197 6012 hcw85cir - ok
21:02:14.0228 6012 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:02:14.0243 6012 HdAudAddService - ok
21:02:14.0275 6012 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:02:14.0306 6012 HDAudBus - ok
21:02:14.0321 6012 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:02:14.0337 6012 HidBatt - ok
21:02:14.0353 6012 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:02:14.0368 6012 HidBth - ok
21:02:14.0368 6012 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:02:14.0384 6012 HidIr - ok
21:02:14.0431 6012 [ 4965189C05ACAAC13FE47686E28EDCCE ] hidkmdf C:\Windows\system32\DRIVERS\hidkmdf.sys
21:02:14.0431 6012 hidkmdf - ok
21:02:14.0462 6012 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:02:14.0493 6012 hidserv - ok
21:02:14.0509 6012 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:02:14.0524 6012 HidUsb - ok
21:02:14.0587 6012 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:02:14.0618 6012 hkmsvc - ok
21:02:14.0649 6012 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:02:14.0649 6012 HomeGroupListener - ok
21:02:14.0680 6012 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:02:14.0696 6012 HomeGroupProvider - ok
21:02:14.0727 6012 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:02:14.0743 6012 HpSAMD - ok
21:02:14.0789 6012 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:02:14.0836 6012 HTTP - ok
21:02:14.0852 6012 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:02:14.0867 6012 hwpolicy - ok
21:02:14.0899 6012 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:02:14.0914 6012 i8042prt - ok
21:02:14.0945 6012 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:02:14.0961 6012 iaStor - ok
21:02:15.0008 6012 [ B25F192EA1F84A316EB7C19EFCCCF33D ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:02:15.0023 6012 IAStorDataMgrSvc - ok
21:02:15.0070 6012 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:02:15.0086 6012 iaStorV - ok
21:02:15.0117 6012 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:02:15.0148 6012 idsvc - ok
21:02:15.0429 6012 [ 553228E67639F52C9BD86362C0C64F85 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:02:15.0585 6012 igfx - ok
21:02:15.0616 6012 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:02:15.0632 6012 iirsp - ok
21:02:15.0679 6012 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:02:15.0725 6012 IKEEXT - ok
21:02:15.0819 6012 [ DD1FC331286A33F396945115AE4E5E8A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:02:15.0866 6012 IntcAzAudAddService - ok
21:02:15.0897 6012 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
21:02:15.0928 6012 IntcDAud - ok
21:02:15.0975 6012 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:02:15.0975 6012 intelide - ok
21:02:16.0006 6012 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:02:16.0022 6012 intelppm - ok
21:02:16.0053 6012 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:02:16.0084 6012 IPBusEnum - ok
21:02:16.0115 6012 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:02:16.0162 6012 IpFilterDriver - ok
21:02:16.0193 6012 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:02:16.0256 6012 iphlpsvc - ok
21:02:16.0287 6012 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:02:16.0303 6012 IPMIDRV - ok
21:02:16.0334 6012 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:02:16.0365 6012 IPNAT - ok
21:02:16.0381 6012 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:02:16.0396 6012 IRENUM - ok
21:02:16.0427 6012 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:02:16.0443 6012 isapnp - ok
21:02:16.0474 6012 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:02:16.0490 6012 iScsiPrt - ok
21:02:16.0552 6012 [ 81458A917F8CC7A5171759218D64FA3A ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
21:02:16.0568 6012 k57nd60a - ok
21:02:16.0583 6012 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:02:16.0583 6012 kbdclass - ok
21:02:16.0630 6012 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:02:16.0630 6012 kbdhid - ok
21:02:16.0661 6012 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:02:16.0677 6012 KeyIso - ok
21:02:16.0693 6012 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:02:16.0708 6012 KSecDD - ok
21:02:16.0739 6012 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:02:16.0739 6012 KSecPkg - ok
21:02:16.0771 6012 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:02:16.0833 6012 ksthunk - ok
21:02:16.0864 6012 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:02:16.0911 6012 KtmRm - ok
21:02:16.0942 6012 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:02:16.0973 6012 LanmanServer - ok
21:02:16.0989 6012 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:02:17.0036 6012 LanmanWorkstation - ok
21:02:17.0051 6012 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:02:17.0083 6012 lltdio - ok
21:02:17.0114 6012 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:02:17.0145 6012 lltdsvc - ok
21:02:17.0161 6012 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:02:17.0192 6012 lmhosts - ok
21:02:17.0254 6012 [ D7E0BED3EA21D7BDDD410ADE51708D90 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:02:17.0254 6012 LMS - ok
21:02:17.0285 6012 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:02:17.0301 6012 LSI_FC - ok
21:02:17.0317 6012 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:02:17.0332 6012 LSI_SAS - ok
21:02:17.0348 6012 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:02:17.0348 6012 LSI_SAS2 - ok
21:02:17.0363 6012 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:02:17.0379 6012 LSI_SCSI - ok
21:02:17.0395 6012 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:02:17.0426 6012 luafv - ok
21:02:17.0488 6012 [ 3D1516114F5B1548864D043177F992A6 ] lxeaCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe
21:02:17.0504 6012 lxeaCATSCustConnectService - ok
21:02:17.0519 6012 lxea_device - ok
21:02:17.0566 6012 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:02:17.0597 6012 MBAMProtector - ok
21:02:17.0644 6012 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:02:17.0675 6012 MBAMScheduler - ok
21:02:17.0707 6012 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:02:17.0738 6012 MBAMService - ok
21:02:17.0769 6012 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:02:17.0785 6012 Mcx2Svc - ok
21:02:17.0800 6012 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:02:17.0816 6012 megasas - ok
21:02:17.0831 6012 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:02:17.0847 6012 MegaSR - ok
21:02:17.0878 6012 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
21:02:17.0878 6012 MEIx64 - ok
21:02:17.0909 6012 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:02:17.0941 6012 MMCSS - ok
21:02:17.0956 6012 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:02:17.0987 6012 Modem - ok
21:02:18.0019 6012 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:02:18.0050 6012 monitor - ok
21:02:18.0065 6012 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:02:18.0081 6012 mouclass - ok
21:02:18.0081 6012 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:02:18.0112 6012 mouhid - ok
21:02:18.0143 6012 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:02:18.0159 6012 mountmgr - ok
21:02:18.0206 6012 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:02:18.0237 6012 MozillaMaintenance - ok
21:02:18.0268 6012 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:02:18.0299 6012 mpio - ok
21:02:18.0346 6012 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:02:18.0377 6012 mpsdrv - ok
21:02:18.0424 6012 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:02:18.0471 6012 MpsSvc - ok
21:02:18.0487 6012 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:02:18.0549 6012 MRxDAV - ok
21:02:18.0580 6012 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:02:18.0627 6012 mrxsmb - ok
21:02:18.0658 6012 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:02:18.0674 6012 mrxsmb10 - ok
21:02:18.0689 6012 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:02:18.0721 6012 mrxsmb20 - ok
21:02:18.0752 6012 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:02:18.0767 6012 msahci - ok
21:02:18.0799 6012 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:02:18.0799 6012 msdsm - ok
21:02:18.0845 6012 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:02:18.0877 6012 MSDTC - ok
21:02:18.0908 6012 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:02:18.0939 6012 Msfs - ok
21:02:18.0939 6012 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:02:18.0986 6012 mshidkmdf - ok
21:02:19.0001 6012 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:02:19.0001 6012 msisadrv - ok
21:02:19.0048 6012 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:02:19.0079 6012 MSiSCSI - ok
21:02:19.0079 6012 msiserver - ok
21:02:19.0095 6012 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:02:19.0126 6012 MSKSSRV - ok
21:02:19.0142 6012 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:02:19.0189 6012 MSPCLOCK - ok
21:02:19.0220 6012 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:02:19.0267 6012 MSPQM - ok
21:02:19.0313 6012 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:02:19.0329 6012 MsRPC - ok
21:02:19.0360 6012 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:02:19.0360 6012 mssmbios - ok
21:02:19.0360 6012 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:02:19.0423 6012 MSTEE - ok
21:02:19.0423 6012 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:02:19.0438 6012 MTConfig - ok
21:02:19.0454 6012 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:02:19.0469 6012 Mup - ok
21:02:19.0485 6012 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:02:19.0532 6012 napagent - ok
21:02:19.0563 6012 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:02:19.0625 6012 NativeWifiP - ok
21:02:19.0657 6012 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
21:02:19.0688 6012 NDIS - ok
21:02:19.0719 6012 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:02:19.0766 6012 NdisCap - ok
21:02:19.0766 6012 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:02:19.0828 6012 NdisTapi - ok
21:02:19.0844 6012 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:02:19.0891 6012 Ndisuio - ok
21:02:19.0922 6012 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:02:19.0953 6012 NdisWan - ok
21:02:19.0984 6012 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:02:20.0047 6012 NDProxy - ok
21:02:20.0140 6012 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
21:02:20.0171 6012 Nero BackItUp Scheduler 4.0 - ok
21:02:20.0203 6012 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:02:20.0234 6012 NetBIOS - ok
21:02:20.0265 6012 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:02:20.0296 6012 NetBT - ok
21:02:20.0312 6012 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:02:20.0327 6012 Netlogon - ok
21:02:20.0374 6012 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:02:20.0452 6012 Netman - ok
21:02:20.0452 6012 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:02:20.0515 6012 netprofm - ok
21:02:20.0546 6012 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:02:20.0561 6012 NetTcpPortSharing - ok
21:02:20.0577 6012 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:02:20.0577 6012 nfrd960 - ok
21:02:20.0608 6012 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:02:20.0639 6012 NlaSvc - ok
21:02:20.0655 6012 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:02:20.0702 6012 Npfs - ok
21:02:20.0717 6012 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:02:20.0764 6012 nsi - ok
21:02:20.0795 6012 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:02:20.0842 6012 nsiproxy - ok
21:02:20.0920 6012 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:02:20.0967 6012 Ntfs - ok
21:02:21.0014 6012 [ 8F59A2506AF43F96F5397B3C79938AE9 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe
21:02:21.0045 6012 NTI IScheduleSvc - ok
21:02:21.0061 6012 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
21:02:21.0061 6012 NTIDrvr - ok
21:02:21.0076 6012 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:02:21.0139 6012 Null - ok
21:02:21.0170 6012 [ 786DB821BFD57C0551DBBE4F75384A7D ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
21:02:21.0185 6012 nusb3hub - ok
21:02:21.0201 6012 [ DAA8005CAF745042BB427A1ED7433354 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:02:21.0217 6012 nusb3xhc - ok
21:02:21.0248 6012 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:02:21.0248 6012 nvraid - ok
21:02:21.0263 6012 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:02:21.0279 6012 nvstor - ok
21:02:21.0326 6012 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:02:21.0326 6012 nv_agp - ok
21:02:21.0373 6012 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:02:21.0419 6012 ohci1394 - ok
21:02:21.0451 6012 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:02:21.0497 6012 p2pimsvc - ok
21:02:21.0544 6012 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:02:21.0575 6012 p2psvc - ok
21:02:21.0591 6012 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:02:21.0607 6012 Parport - ok
21:02:21.0638 6012 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:02:21.0653 6012 partmgr - ok
21:02:21.0653 6012 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:02:21.0669 6012 PcaSvc - ok
21:02:21.0700 6012 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:02:21.0716 6012 pci - ok
21:02:21.0747 6012 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:02:21.0747 6012 pciide - ok
21:02:21.0778 6012 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:02:21.0778 6012 pcmcia - ok
21:02:21.0794 6012 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:02:21.0809 6012 pcw - ok
21:02:21.0825 6012 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:02:21.0887 6012 PEAUTH - ok
21:02:22.0012 6012 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:02:22.0028 6012 PerfHost - ok
21:02:22.0106 6012 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:02:22.0153 6012 pla - ok
21:02:22.0199 6012 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:02:22.0231 6012 PlugPlay - ok
21:02:22.0262 6012 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:02:22.0277 6012 PNRPAutoReg - ok
21:02:22.0293 6012 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:02:22.0309 6012 PNRPsvc - ok
21:02:22.0324 6012 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:02:22.0355 6012 PolicyAgent - ok
21:02:22.0387 6012 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:02:22.0433 6012 Power - ok
21:02:22.0465 6012 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:02:22.0527 6012 PptpMiniport - ok
21:02:22.0574 6012 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:02:22.0589 6012 Processor - ok
21:02:22.0636 6012 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:02:22.0667 6012 ProfSvc - ok
21:02:22.0683 6012 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:02:22.0699 6012 ProtectedStorage - ok
21:02:22.0761 6012 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:02:22.0839 6012 Psched - ok
21:02:22.0901 6012 [ FBF4DB6D53585437E41A113300002A2B ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
21:02:22.0917 6012 PxHlpa64 - ok
21:02:22.0979 6012 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:02:23.0026 6012 ql2300 - ok
21:02:23.0042 6012 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:02:23.0042 6012 ql40xx - ok
21:02:23.0182 6012 [ A279D9B07CA837EF8139D3F4857328DB ] QuickTimeUpdater C:\Users\Malik\AppData\LocalLow\QuickTime\IE\QuickTimeUpdater.exe
21:02:23.0213 6012 QuickTimeUpdater ( UnsignedFile.Multi.Generic ) - warning
21:02:23.0213 6012 QuickTimeUpdater - detected UnsignedFile.Multi.Generic (1)
21:02:23.0260 6012 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:02:23.0323 6012 QWAVE - ok
21:02:23.0338 6012 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:02:23.0385 6012 QWAVEdrv - ok
21:02:23.0401 6012 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:02:23.0447 6012 RasAcd - ok
21:02:23.0479 6012 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:02:23.0510 6012 RasAgileVpn - ok
21:02:23.0525 6012 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:02:23.0603 6012 RasAuto - ok
21:02:23.0635 6012 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:02:23.0681 6012 Rasl2tp - ok
21:02:23.0713 6012 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:02:23.0759 6012 RasMan - ok
21:02:23.0759 6012 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:02:23.0791 6012 RasPppoe - ok
21:02:23.0806 6012 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:02:23.0837 6012 RasSstp - ok
21:02:23.0869 6012 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:02:23.0900 6012 rdbss - ok
21:02:23.0915 6012 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:02:23.0962 6012 rdpbus - ok
21:02:23.0993 6012 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:02:24.0040 6012 RDPCDD - ok
21:02:24.0040 6012 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:02:24.0071 6012 RDPENCDD - ok
21:02:24.0087 6012 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:02:24.0118 6012 RDPREFMP - ok
21:02:24.0149 6012 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:02:24.0181 6012 RDPWD - ok
21:02:24.0227 6012 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:02:24.0259 6012 rdyboost - ok
21:02:24.0274 6012 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:02:24.0337 6012 RemoteAccess - ok
21:02:24.0368 6012 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:02:24.0430 6012 RemoteRegistry - ok
21:02:24.0493 6012 [ CC6943E37FF6B0DAFF4B2580B0BB9721 ] RichVideo C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
21:02:24.0524 6012 RichVideo ( UnsignedFile.Multi.Generic ) - warning
21:02:24.0524 6012 RichVideo - detected UnsignedFile.Multi.Generic (1)
21:02:24.0555 6012 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:02:24.0602 6012 RpcEptMapper - ok
21:02:24.0617 6012 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:02:24.0664 6012 RpcLocator - ok
21:02:24.0711 6012 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:02:24.0758 6012 RpcSs - ok
21:02:24.0789 6012 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:02:24.0820 6012 rspndr - ok
21:02:24.0836 6012 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:02:24.0836 6012 SamSs - ok
21:02:24.0867 6012 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:02:24.0883 6012 sbp2port - ok
21:02:24.0898 6012 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:02:24.0961 6012 SCardSvr - ok
21:02:24.0992 6012 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:02:25.0023 6012 scfilter - ok
21:02:25.0070 6012 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:02:25.0117 6012 Schedule - ok
21:02:25.0148 6012 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:02:25.0179 6012 SCPolicySvc - ok
21:02:25.0210 6012 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
21:02:25.0241 6012 sdbus - ok
21:02:25.0257 6012 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:02:25.0288 6012 SDRSVC - ok
21:02:25.0319 6012 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:02:25.0351 6012 secdrv - ok
21:02:25.0382 6012 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:02:25.0413 6012 seclogon - ok
21:02:25.0444 6012 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:02:25.0475 6012 SENS - ok
21:02:25.0491 6012 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:02:25.0522 6012 SensrSvc - ok
21:02:25.0538 6012 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:02:25.0569 6012 Serenum - ok
21:02:25.0585 6012 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:02:25.0616 6012 Serial - ok
21:02:25.0663 6012 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:02:25.0709 6012 sermouse - ok
21:02:25.0756 6012 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:02:25.0819 6012 SessionEnv - ok
21:02:25.0850 6012 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:02:25.0881 6012 sffdisk - ok
21:02:25.0928 6012 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:02:25.0943 6012 sffp_mmc - ok
21:02:25.0990 6012 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:02:26.0021 6012 sffp_sd - ok
21:02:26.0053 6012 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:02:26.0068 6012 sfloppy - ok
21:02:26.0131 6012 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:02:26.0193 6012 SharedAccess - ok
21:02:26.0224 6012 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:02:26.0302 6012 ShellHWDetection - ok
21:02:26.0318 6012 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:02:26.0333 6012 SiSRaid2 - ok
21:02:26.0349 6012 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:02:26.0349 6012 SiSRaid4 - ok
21:02:26.0521 6012 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
21:02:26.0583 6012 Skype C2C Service - ok
21:02:26.0645 6012 [ 4E8A4BB5B11D828FF986F6228B1CD3DF ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:02:26.0661 6012 SkypeUpdate - ok
21:02:26.0677 6012 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:02:26.0723 6012 Smb - ok
21:02:26.0755 6012 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:02:26.0770 6012 SNMPTRAP - ok
21:02:26.0801 6012 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:02:26.0801 6012 spldr - ok
21:02:26.0848 6012 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
21:02:26.0895 6012 Spooler - ok
21:02:27.0004 6012 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:02:27.0098 6012 sppsvc - ok
21:02:27.0129 6012 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:02:27.0176 6012 sppuinotify - ok
21:02:27.0207 6012 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:02:27.0269 6012 srv - ok
21:02:27.0332 6012 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:02:27.0363 6012 srv2 - ok
21:02:27.0410 6012 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:02:27.0425 6012 srvnet - ok
21:02:27.0425 6012 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:02:27.0488 6012 SSDPSRV - ok
21:02:27.0519 6012 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:02:27.0550 6012 SstpSvc - ok
21:02:27.0581 6012 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:02:27.0581 6012 stexstor - ok
21:02:27.0613 6012 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:02:27.0644 6012 stisvc - ok
21:02:27.0691 6012 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:02:27.0706 6012 swenum - ok
21:02:27.0800 6012 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:02:27.0862 6012 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
21:02:27.0862 6012 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
21:02:27.0909 6012 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:02:27.0971 6012 swprv - ok
21:02:28.0049 6012 [ EF51B22706DB03F0857FADE127C804EC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:02:28.0096 6012 SynTP - ok
21:02:28.0174 6012 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:02:28.0221 6012 SysMain - ok
21:02:28.0268 6012 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:02:28.0315 6012 TabletInputService - ok
21:02:28.0595 6012 [ 1CBBC0EB320BC9195A886FD0D183BEBC ] TabletServiceWacom C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
21:02:28.0736 6012 TabletServiceWacom - ok
21:02:28.0767 6012 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:02:28.0829 6012 TapiSrv - ok
21:02:28.0876 6012 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:02:28.0954 6012 TBS - ok
21:02:29.0017 6012 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:02:29.0079 6012 Tcpip - ok
21:02:29.0110 6012 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:02:29.0157 6012 TCPIP6 - ok
21:02:29.0188 6012 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:02:29.0219 6012 tcpipreg - ok
21:02:29.0251 6012 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:02:29.0282 6012 TDPIPE - ok
21:02:29.0313 6012 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:02:29.0360 6012 TDTCP - ok
21:02:29.0391 6012 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:02:29.0438 6012 tdx - ok
21:02:29.0469 6012 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:02:29.0485 6012 TermDD - ok
21:02:29.0500 6012 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:02:29.0547 6012 TermService - ok
21:02:29.0578 6012 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:02:29.0594 6012 Themes - ok
21:02:29.0625 6012 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:02:29.0656 6012 THREADORDER - ok
21:02:29.0687 6012 [ C0F628F426FA7A6C2AAEFDAE5A00F20B ] TouchServiceWacom C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
21:02:29.0703 6012 TouchServiceWacom - ok
21:02:29.0719 6012 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:02:29.0750 6012 TrkWks - ok
21:02:29.0812 6012 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:02:29.0859 6012 TrustedInstaller - ok
21:02:29.0890 6012 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:02:29.0968 6012 tssecsrv - ok
21:02:29.0999 6012 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:02:29.0999 6012 TsUsbFlt - ok
21:02:30.0046 6012 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:02:30.0109 6012 tunnel - ok
21:02:30.0140 6012 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:02:30.0155 6012 uagp35 - ok
21:02:30.0171 6012 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
21:02:30.0187 6012 UBHelper - ok
21:02:30.0218 6012 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:02:30.0249 6012 udfs - ok
21:02:30.0280 6012 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:02:30.0296 6012 UI0Detect - ok
21:02:30.0311 6012 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:02:30.0327 6012 uliagpkx - ok
21:02:30.0343 6012 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
21:02:30.0358 6012 umbus - ok
21:02:30.0374 6012 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:02:30.0374 6012 UmPass - ok
21:02:30.0514 6012 [ A678E5DDD974903DD71F503BDCACA218 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:02:30.0561 6012 UNS - ok
21:02:30.0592 6012 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
21:02:30.0623 6012 Updater Service - ok
21:02:30.0655 6012 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:02:30.0701 6012 upnphost - ok
21:02:30.0733 6012 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:02:30.0764 6012 usbaudio - ok
21:02:30.0795 6012 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:02:30.0811 6012 usbccgp - ok
21:02:30.0842 6012 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:02:30.0857 6012 usbcir - ok
21:02:30.0873 6012 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
21:02:30.0904 6012 usbehci - ok
21:02:30.0935 6012 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:02:30.0951 6012 usbhub - ok
21:02:30.0982 6012 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:02:31.0013 6012 usbohci - ok
21:02:31.0060 6012 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:02:31.0091 6012 usbprint - ok
21:02:31.0123 6012 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:02:31.0138 6012 usbscan - ok
21:02:31.0169 6012 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
21:02:31.0216 6012 USBSTOR - ok
21:02:31.0232 6012 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:02:31.0247 6012 usbuhci - ok
21:02:31.0279 6012 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
21:02:31.0294 6012 usbvideo - ok
21:02:31.0310 6012 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:02:31.0372 6012 UxSms - ok
21:02:31.0388 6012 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:02:31.0403 6012 VaultSvc - ok
21:02:31.0403 6012 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:02:31.0419 6012 vdrvroot - ok
21:02:31.0450 6012 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:02:31.0513 6012 vds - ok
21:02:31.0544 6012 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:02:31.0559 6012 vga - ok
21:02:31.0575 6012 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:02:31.0637 6012 VgaSave - ok
21:02:31.0653 6012 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:02:31.0669 6012 vhdmp - ok
21:02:31.0715 6012 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:02:31.0731 6012 viaide - ok
21:02:31.0762 6012 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:02:31.0778 6012 volmgr - ok
21:02:31.0809 6012 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:02:31.0825 6012 volmgrx - ok
21:02:31.0856 6012 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:02:31.0871 6012 volsnap - ok
21:02:31.0887 6012 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:02:31.0903 6012 vsmraid - ok
21:02:31.0949 6012 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:02:32.0027 6012 VSS - ok
21:02:32.0043 6012 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:02:32.0059 6012 vwifibus - ok
21:02:32.0074 6012 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:02:32.0121 6012 vwififlt - ok
21:02:32.0152 6012 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:02:32.0215 6012 vwifimp - ok
21:02:32.0246 6012 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:02:32.0308 6012 W32Time - ok
21:02:32.0355 6012 [ F713C4EE053219C9A22540A99380F2F2 ] WacHidRouter C:\Windows\system32\DRIVERS\wachidrouter.sys
21:02:32.0371 6012 WacHidRouter - ok
21:02:32.0386 6012 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:02:32.0402 6012 WacomPen - ok
21:02:32.0417 6012 [ B59EC4DD1026F059CD95C1627562F3F3 ] wacomrouterfilter C:\Windows\system32\DRIVERS\wacomrouterfilter.sys
21:02:32.0433 6012 wacomrouterfilter - ok
21:02:32.0449 6012 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:02:32.0511 6012 WANARP - ok
21:02:32.0511 6012 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:02:32.0542 6012 Wanarpv6 - ok
21:02:32.0620 6012 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:02:32.0667 6012 wbengine - ok
21:02:32.0698 6012 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:02:32.0714 6012 WbioSrvc - ok
21:02:32.0776 6012 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:02:32.0854 6012 wcncsvc - ok
21:02:32.0885 6012 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:02:32.0901 6012 WcsPlugInService - ok
21:02:32.0932 6012 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:02:32.0932 6012 Wd - ok
21:02:32.0963 6012 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:02:32.0979 6012 Wdf01000 - ok
21:02:32.0995 6012 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:02:33.0026 6012 WdiServiceHost - ok
21:02:33.0026 6012 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:02:33.0041 6012 WdiSystemHost - ok
21:02:33.0073 6012 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:02:33.0104 6012 WebClient - ok
21:02:33.0135 6012 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:02:33.0166 6012 Wecsvc - ok
21:02:33.0182 6012 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:02:33.0213 6012 wercplsupport - ok
21:02:33.0229 6012 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:02:33.0291 6012 WerSvc - ok
21:02:33.0307 6012 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:02:33.0338 6012 WfpLwf - ok
21:02:33.0353 6012 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:02:33.0369 6012 WIMMount - ok
21:02:33.0385 6012 WinDefend - ok
21:02:33.0400 6012 WinHttpAutoProxySvc - ok
21:02:33.0463 6012 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:02:33.0525 6012 Winmgmt - ok
21:02:33.0603 6012 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:02:33.0681 6012 WinRM - ok
21:02:33.0712 6012 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:02:33.0728 6012 WinUsb - ok
21:02:33.0775 6012 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:02:33.0790 6012 Wlansvc - ok
21:02:33.0837 6012 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:02:33.0837 6012 wlcrasvc - ok
21:02:33.0962 6012 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:02:34.0009 6012 wlidsvc - ok
21:02:34.0040 6012 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:02:34.0055 6012 WmiAcpi - ok
21:02:34.0071 6012 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:02:34.0102 6012 wmiApSrv - ok
21:02:34.0133 6012 WMPNetworkSvc - ok
21:02:34.0149 6012 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:02:34.0180 6012 WPCSvc - ok
21:02:34.0196 6012 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:02:34.0227 6012 WPDBusEnum - ok
21:02:34.0258 6012 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:02:34.0289 6012 ws2ifsl - ok
21:02:34.0305 6012 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:02:34.0321 6012 wscsvc - ok
21:02:34.0321 6012 WSearch - ok
21:02:34.0414 6012 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:02:34.0477 6012 wuauserv - ok
21:02:34.0492 6012 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:02:34.0523 6012 WudfPf - ok
21:02:34.0539 6012 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:02:34.0586 6012 WUDFRd - ok
21:02:34.0617 6012 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:02:34.0664 6012 wudfsvc - ok
21:02:34.0679 6012 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:02:34.0695 6012 WwanSvc - ok
21:02:34.0742 6012 X6va005 - ok
21:02:34.0773 6012 ================ Scan global ===============================
21:02:34.0789 6012 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:02:34.0820 6012 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:02:34.0835 6012 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:02:34.0851 6012 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:02:34.0882 6012 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:02:34.0882 6012 [Global] - ok
21:02:34.0882 6012 ================ Scan MBR ==================================
21:02:34.0898 6012 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:02:35.0491 6012 \Device\Harddisk0\DR0 - ok
21:02:35.0491 6012 ================ Scan VBR ==================================
21:02:35.0491 6012 [ B8AAFADFF5297C34226A6E4508A69F90 ] \Device\Harddisk0\DR0\Partition1
21:02:35.0491 6012 \Device\Harddisk0\DR0\Partition1 - ok
21:02:35.0537 6012 [ 61A60476E5A52DE5E1364021A4E77928 ] \Device\Harddisk0\DR0\Partition2
21:02:35.0537 6012 \Device\Harddisk0\DR0\Partition2 - ok
21:02:35.0537 6012 ============================================================
21:02:35.0537 6012 Scan finished
21:02:35.0537 6012 ============================================================
21:02:35.0553 5244 Detected object count: 4
21:02:35.0553 5244 Actual detected object count: 4
21:02:43.0135 5244 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
21:02:43.0135 5244 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
21:02:43.0135 5244 QuickTimeUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:43.0135 5244 QuickTimeUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:43.0135 5244 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:43.0135 5244 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:02:43.0135 5244 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:43.0135 5244 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
10.07.2013, 20:18
| #21 |
| /// Malware-holic | GVU Trojaner Vers. 2.12 eingefangen, bisherige Maßnahmen erfolglos Hi, Scan mit Combofix
__________________ --> GVU Trojaner Vers. 2.12 eingefangen, bisherige Maßnahmen erfolglos |
|
11.07.2013, 01:39
| #22 |
| | GVU Trojaner Vers. 2.12 eingefangen, bisherige Maßnahmen erfolglos Hab die Schritte für die Nutzung von Combofux gemacht und es durchlaufen lassen. Es gab einen Neustart und dann ein Fenster mit der Meldung, dass die Logdatei vorbeitet wird. Ja, und das noch immer. Was soll ich jetzt machen? Kann ich etwas tun? Ich lass den PC erstmal unangefasst. P: Und schonmal danke für die bisherige Hilfe. Hat es zumindest shcon mal soweit gebracht, dass der PC wieder läuft. : ) Okay, hat sich erledigt. Er hat wirklich nur so lange gebraucht. Hier der Log: Code:
ATTFilter ComboFix 13-07-09.01 - Malik 10.07.2013 21:30:34.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3948.2430 [GMT 2:00]
ausgeführt von:: c:\users\Malik\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\IMinent Toolbar\tbHElper.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-10 bis 2013-07-10 ))))))))))))))))))))))))))))))
.
.
2013-07-11 03:23 . 2013-07-10 18:06 -------- d-----w- C:\FRST
2013-07-10 19:38 . 2013-07-10 19:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-10 16:19 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8FB8DA78-D51F-46BB-83A0-684099EC8623}\mpengine.dll
2013-07-09 13:39 . 2013-07-09 13:39 2656 ----a-w- c:\programdata\lfejq.js
2013-06-18 15:01 . 2013-06-18 15:01 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-16 10:42 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-16 10:41 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-16 10:41 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-16 10:41 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-16 10:41 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-16 10:41 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-16 10:41 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-16 10:41 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-16 10:41 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-16 10:41 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-16 10:41 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-16 10:41 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-16 10:41 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-30 14:53 . 2012-08-27 00:05 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-30 14:53 . 2011-08-11 19:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-18 14:56 . 2013-02-01 13:30 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-05-17 20:37 . 2010-06-24 09:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2011-10-11 07:26 278800 ----a-w- c:\windows\system32\MpSigStub.exe
2013-04-12 14:45 . 2013-04-24 12:15 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
2010-07-02 07:54 2607872 ----a-w- c:\program files (x86)\IMinent Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4704207-C86B-4811-951E-6F322F9CEDE7}]
2011-07-12 16:16 270336 ----a-w- c:\users\Malik\AppData\LocalLow\QuickTime\IE\QuickTime.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files (x86)\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
.
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-15 3077528]
"Akamai NetSession Interface"="c:\users\Malik\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-06-04 3456080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"BackupManagerTray"="c:\program files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe" [2010-11-12 295232]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-12-09 1025616]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
.
c:\users\Malik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxeaserv.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 X6va005;X6va005;c:\users\Malik\AppData\Local\Temp\005FE8B.tmp;c:\users\Malik\AppData\Local\Temp\005FE8B.tmp [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe;c:\windows\SYSNATIVE\lxeacoms.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe;c:\program files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [x]
S2 QuickTimeUpdater;QuickTime Updater;c:\users\Malik\AppData\LocalLow\QuickTime\IE\QuickTimeUpdater.exe;c:\users\Malik\AppData\LocalLow\QuickTime\IE\QuickTimeUpdater.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [x]
S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-12-10 860040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-30 418328]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"lxeamon.exe"="c:\program files (x86)\Lexmark S300-S400 Series\lxeamon.exe" [2011-01-23 770728]
"EzPrint"="c:\program files (x86)\Lexmark S300-S400 Series\ezprint.exe" [2011-01-23 148280]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Malik\AppData\Roaming\Mozilla\Firefox\Profiles\px8d1dwq.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Malik\AppData\Local\Temp\005FE8B.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-11 05:12:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-07-11 03:12
.
Vor Suchlauf: 12 Verzeichnis(se), 311.126.241.280 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 310.919.286.784 Bytes frei
.
- - End Of File - - CD4BBBA3C9FB3FB513E8D8416ED7BED2
D41D8CD98F00B204E9800998ECF8427E
|
|
11.07.2013, 12:09
| #23 |
| /// Malware-holic | GVU Trojaner Vers. 2.12 eingefangen, bisherige Maßnahmen erfolglos Hi, 1. es sind 2 Logs zu erstellen, poste diese möglichst gleichzeitig. malwarebytes: Downloade Dir bitte Malwarebytes
neustarten. 2. lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.07.2013, 15:06
| #24 |
| | GVU Trojaner Vers. 2.12 eingefangen, bisherige Maßnahmen erfolglos Hey Markus, Also ich habe jetzt den PC wieder hochgefahren um die Softwares herunterladen zu können, doch ich habe ein Problem: Weder Firefox noch Internet Explorer lassen sich öffnen. Ich erhalte folgende Fehlermeldung: C:\ProgramFiles (x86)\Mozilla Firefox\firefox.exe Es wurde versuchte, einen Registrierungsschlüssel einnem unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde. _____ Was kann ich da jetzt am besten machen? Die Programme über meinen sauberen PC runterziehen und dann auf den anderen mit dem USB-Stick übertragen? (Und das am besten auch mit Firefox. Weil ohne Browser ist ja Mist. XD) |
|
11.07.2013, 16:00
| #25 |
| /// Malware-holic | GVU Trojaner Vers. 2.12 eingefangen, bisherige Maßnahmen erfolglos Hi, starte mal neu, dann gehts wieder.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.07.2013, 17:58
| #26 |
| | GVU Trojaner Vers. 2.12 eingefangen, bisherige Maßnahmen erfolglos So, der suchlauf ist gelaufen und die Logs stehen auch: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.11.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Malik :: MALIK-PC [Administrator] 11.07.2013 17:19:23 mbam-log-2013-07-11 (17-19-23).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 492138 Laufzeit: 1 Stunde(n), 17 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\FRST\Quarantine.rar (Trojan.Reveton.LS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\FRST\Quarantine\qjefl.dat (Trojan.Reveton.LS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\FRST\Quarantine\skype.dat (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Malik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\1af7af10-321ebac3 (Trojan.Reveton.LS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Malik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\4d6906ec-5141074f (Trojan.Reveton.LS) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Acrobat.com Adobe Systems Incorporated 02.12.2010 1,61MB 1.6.65 Adobe AIR Adobe Systems Inc. 11.06.2012 2.5.1.17730 Adobe Community Help Adobe Systems Incorporated. 11.06.2012 3.4.980 Adobe Content Viewer Adobe Systems Incorporated 11.06.2012 1.4.0 Adobe Creative Suite 5.5 Design Premium Adobe Systems Incorporated 11.06.2012 7.049MB 5.5 benötigt Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 11.06.2012 2,72MB 10.2.153.1 benötigt Adobe Flash Player 11 Plugin Adobe Systems Incorporated 29.06.2013 6,00MB 11.7.700.224 benötigt Adobe Photoshop Elements 8.0 Adobe Systems Incorporated 12.04.2011 1.577MB 8.0 Adobe Reader 9.1 MUI Adobe Systems Incorporated 02.12.2010 650MB 9.1.0 Adobe Widget Browser Adobe Systems Incorporated. 11.06.2012 2.0 Build 230 Akamai NetSession Interface 19.02.2012 Akamai NetSession Interface Akamai Technologies, Inc 28.06.2013 Broadcom Card Reader Driver Installer Broadcom Corporation 12.04.2011 2,74MB 14.4.9.3 Broadcom Gigabit NetLink Controller Broadcom Corporation 12.04.2011 0,48MB 14.4.8.3 CCleaner Piriform 07.02.2012 3.15 benötigt CyberLink MediaEspresso CyberLink Corp. 02.12.2010 217MB 6.0.1027_32100 Die Sims™ 3 Electronic Arts 26.06.2013 1.55.4 benötigt Die Sims™ 3 Einfach tierisch Electronic Arts 25.03.2012 10.0.96 benötigt Die Sims™ 3 Late Night Electronic Arts 02.03.2012 6.5.1 benötigt Die Sims™ 3 Luxus-Accessoires Electronic Arts 02.03.2012 3.0.38 benötigt Die Sims™ 3 Reiseabenteuer Electronic Arts 02.03.2012 2.0.86 benötigt Die Sims™ 3 Showtime Electronic Arts 24.04.2012 12.0.273 benötigt Die Sims™ 3 Stadt-Accessoires Electronic Arts 25.03.2012 9.0.73 benötigt Die Sims™ 3 Traumkarrieren Electronic Arts 02.03.2012 4.0.87 benötigt HomeMedia CyberLink Corporation 12.04.2011 2.0.8423 unbekannt Identity Card Packard Bell 12.04.2011 1.00.3003 benötigt IMinent Toolbar IMinent 06.04.2012 3,38MB 3.26.0 benötigt Intel(R) Control Center Intel Corporation 13.04.2011 1.2.1.1007 benötigt Intel(R) Management Engine Components Intel Corporation 13.04.2011 7.0.0.1144 benötigt Intel(R) Processor Graphics Intel Corporation 13.04.2011 8.15.10.2272 benötigt Intel(R) Rapid Storage Technology Intel Corporation 03.12.2010 10.0.0.1046 unbekannt Java(TM) 6 Update 22 Oracle 03.12.2011 97,1MB 6.0.220 benötigt Java(TM) 6 Update 26 Oracle 14.08.2011 94,9MB 6.0.260 benötigt Launch Manager Packard Bell 12.04.2011 5.0.3 benötigt Lexmark S300-S400 Series Lexmark International, Inc. 15.07.2012 unnötig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 10.07.2013 19,3MB 1.75.0.1300 benötigt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 18.09.2011 38,8MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 18.09.2011 2,94MB 4.0.30319 unbekannt Microsoft Office 2010 Microsoft Corporation 12.04.2011 6,31MB 14.0.4763.1000 unnötig Microsoft Silverlight Microsoft Corporation 15.05.2012 50,7MB 5.1.10411.0 unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 12.04.2011 1,70MB 3.1.0000 unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 24.01.2012 0,25MB 8.0.50727.4053 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 11.08.2011 0,29MB 8.0.56336 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 02.12.2010 0,77MB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 11.08.2011 0,77MB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 02.12.2010 0,58MB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 02.12.2010 0,58MB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 11.08.2011 0,59MB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 27.04.2012 13,8MB 10.0.40219 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 17.11.2011 16,5MB 10.0.40219 unbekannt Microsoft WSE 3.0 Runtime Microsoft Corp. 01.03.2012 0,92MB 3.0.5305.0 unbekannt Microsoft XNA Framework Redistributable 3.0 Microsoft Corporation 23.09.2012 7,62MB 3.0.11010.0 benötigt Mozilla Firefox 22.0 (x86 de) Mozilla 02.07.2013 50,8MB 22.0 benötigt Mozilla Maintenance Service Mozilla 02.07.2013 0,33MB 22.0 benötigt MSXML 4.0 SP2 (KB954430) Microsoft Corporation 11.08.2011 1,28MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 11.08.2011 1,33MB 4.20.9876.0 unbekannt NC Launcher (GameForge) NCsoft 25.09.2012 unbekannt Nero 9 Essentials Nero AG 02.12.2010 unnötig OpenOffice.org 3.3 OpenOffice.org 03.12.2011 415MB 3.3.9567 benötigt Origin Electronic Arts, Inc. 02.06.2013 9.1.15.109 benötigt Packard Bell Games WildTangent 12.04.2011 1.0.1.3 unnötig Packard Bell MyBackup NTI Corporation 02.12.2010 348MB 3.0.0.69 benötigt Packard Bell Power Management Packard Bell 12.04.2011 6.00.3001 benötigt Packard Bell Recovery Management Packard Bell 12.04.2011 5.00.3002 benötigt Packard Bell Registration Packard Bell 12.04.2011 1.03.3003 unbekannt Packard Bell ScreenSaver Packard Bell 12.04.2011 1.1.0811.2010 unnötig Packard Bell Updater Packard Bell 02.12.2010 1.02.3001 benötigt Pando Media Booster Pando Networks Inc. 14.08.2011 5,47MB 2.3.6.0 unbekannt Realtek High Definition Audio Driver Realtek Semiconductor Corp. 12.04.2011 6.0.1.6276 benötigt Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 12.04.2011 1,00MB 2.0.26.0 benötigt Skype Click to Call Skype Technologies S.A. 03.11.2012 38,9MB 6.3.11079 benötigt Skype™ 6.5 Skype Technologies S.A. 16.06.2013 22,0MB 6.5.158 benötigt Synaptics Pointing Device Driver Synaptics Incorporated 12.04.2011 46,4MB 15.1.6.0 benötigt TERA Gameforge Productions GmbH 02.03.2013 42,5MB 19.04.02.03.hf3 benötigt Unity Web Player Unity Technologies ApS 17.08.2012 12,0MB benötigt Video Web Camera CyberLink Corp. 12.04.2011 33,2MB 1.0.1306 benötigt VLC media player 2.0.7 VideoLAN 29.06.2013 2.0.7 benötigt Wacom Tablett Wacom Technology Corp. 28.08.2012 6.3.3-4 benötigt WebTablet FB Plugin 32 bit Wacom Technology Corp. 28.08.2012 2.1.0.2 unnötig WebTablet FB Plugin 64 bit Wacom Technology Corp. 28.08.2012 2.1.0.2 benötigt WebTablet IE Plugin Wacom Technology Corp. 11.06.2012 1.1.0.12 benötigt WebTablet Netscape Plugin Wacom Technology Corp. 11.06.2012 1.1.0.10 benötigt Windows Live Essentials Microsoft Corporation 13.04.2011 15.4.3502.0922 unbekannt Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 12.04.2011 5,58MB 15.4.5722.2 benötigt WinRAR 4.01 (32-Bit) win.rar GmbH 25.10.2011 4.01.0 benötigt World of Warcraft Blizzard Entertainment 12.12.2012 5.1.0.16357 benötigt |
|
11.07.2013, 18:15
| #27 |
| /// Malware-holic | GVU Trojaner Vers. 2.12 eingefangen, bisherige Maßnahmen erfolglos Hi, es sind mehrere Logs zu erstellen, poste diese bitte Gleichzeitig. 1. deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: IMinent : definitiv weg damit, ist Adware. Java: alle downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Lexmark Nero Öffne bitte CCleaner, analysieren, starten, PC neustarten. 2. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Neustarten. 3. Hitmanpro laden: HitmanPro - Download - Filepony Doppelklicken, Scan klicken. Nichts löschen, weiter klicken. Log speichern und posten, bzw als XML exportieren, packen und anhängen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.07.2013, 20:01
| #28 |
| | GVU Trojaner Vers. 2.12 eingefangen, bisherige Maßnahmen erfolglos Logs: Code:
ATTFilter # AdwCleaner v2.304 - Datei am 11/07/2013 um 20:39:33 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Malik - MALIK-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Malik\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Malik\AppData\Roaming\Mozilla\Firefox\Profiles\px8d1dwq.default\foxydeal.sqlite
Ordner Gelöscht : C:\ProgramData\boost_interprocess
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16618
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Malik\AppData\Roaming\Mozilla\Firefox\Profiles\px8d1dwq.default\prefs.js
C:\Users\Malik\AppData\Roaming\Mozilla\Firefox\Profiles\px8d1dwq.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [12156 octets] - [11/07/2013 20:39:33]
########## EOF - C:\AdwCleaner[S1].txt - [12217 octets] ##########
Code:
ATTFilter
|
|
11.07.2013, 20:06
| #29 |
| /// Malware-holic | GVU Trojaner Vers. 2.12 eingefangen, bisherige Maßnahmen erfolglos Hi, gesperrt wurde nichts mehr neme ich an? Dann mal ein abschließenes OTL Log: Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.07.2013, 23:15
| #30 |
| | GVU Trojaner Vers. 2.12 eingefangen, bisherige Maßnahmen erfolglos So, hat wieder ien wenig gedauert und konnte jetzt auch die letzten Schritte alle von befallenen PC aus machen. Hier die OTL Logs. Code:
ATTFilter OTL logfile created on: 11.07.2013 22:24:54 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Malik\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16618) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 63,81% Memory free 7,71 Gb Paging File | 6,22 Gb Available in Paging File | 80,72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450,16 Gb Total Space | 288,26 Gb Free Space | 64,04% Space Free | Partition Type: NTFS Drive D: | 5,22 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MALIK-PC | User Name: Malik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.11 22:21:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Malik\Desktop\OTL.exe PRC - [2013.06.05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Malik\AppData\Local\Akamai\netsession_win.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2011.07.12 18:15:50 | 000,018,432 | ---- | M] () -- C:\Users\Malik\AppData\LocalLow\QuickTime\IE\QuickTimeUpdater.exe PRC - [2011.01.17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.12.22 22:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.22 22:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.12.09 07:27:50 | 001,025,616 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010.12.09 07:27:50 | 000,311,376 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.12.09 07:27:50 | 000,287,824 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010.11.12 03:21:52 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe PRC - [2010.11.12 03:21:46 | 000,295,232 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe PRC - [2010.10.28 19:55:02 | 000,969,824 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe PRC - [2010.09.14 04:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.09.14 04:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.04.27 04:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.01.29 02:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe PRC - [2009.10.09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe ========== Modules (No Company Name) ========== MOD - [2013.05.17 22:24:48 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.17 22:24:26 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll MOD - [2013.05.17 22:24:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.02.03 06:07:01 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ceda881f46083cfb6356ed39e6bf9dcb\IAStorUtil.ni.dll MOD - [2013.02.03 06:07:01 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\85a17526c326bfb377b5c2124dce39f2\IAStorCommon.ni.dll MOD - [2013.02.03 05:53:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.02.03 05:51:58 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.02.03 05:51:38 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.02.03 05:51:33 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.02.03 05:51:21 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011.12.04 20:17:45 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2011.04.14 08:08:00 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.12 03:22:22 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\sqlite3.dll ========== Services (SafeList) ========== SRV - [2013.07.11 20:47:34 | 000,109,352 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Programme\HitmanPro\hmpsched.exe -- (HitmanProScheduler) SRV - [2013.07.03 21:09:54 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.07.01 21:34:01 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll -- (Akamai) SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.08.02 13:42:04 | 008,786,848 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom) SRV - [2012.08.02 13:42:04 | 000,565,152 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_TouchService.exe -- (TouchServiceWacom) SRV - [2011.07.12 18:15:50 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\Malik\AppData\LocalLow\QuickTime\IE\QuickTimeUpdater.exe -- (QuickTimeUpdater) SRV - [2011.04.13 22:46:49 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.12.22 22:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.12.22 22:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.12.10 13:55:28 | 000,868,224 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.12.09 07:27:50 | 000,311,376 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.11.12 03:21:52 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.09.14 04:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.04.04 01:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.29 02:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.10.09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.06.21 15:12:00 | 000,068,512 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter) DRV:64bit: - [2012.06.21 15:12:00 | 000,013,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf) DRV:64bit: - [2012.03.29 14:04:32 | 000,015,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.23 19:44:22 | 012,260,000 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.12.15 19:42:08 | 000,035,368 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa) DRV:64bit: - [2010.12.11 20:43:54 | 000,085,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa) DRV:64bit: - [2010.12.11 08:12:54 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp) DRV:64bit: - [2010.12.11 08:12:50 | 000,067,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd) DRV:64bit: - [2010.12.01 22:36:04 | 000,411,688 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.09 12:26:46 | 002,377,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.15 10:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.09.30 07:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.09.30 07:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.09.14 04:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.07.29 15:30:48 | 001,383,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2008.06.16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.6.0.20130418072822 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.5.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.2.0.10687 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120 FF - prefs.js..extensions.enabledItems: leethax@leethax.net:2012.10.24 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.6: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Malik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.25 16:30:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Malik\AppData\Roaming\mozilla\Extensions [2013.06.30 14:03:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Malik\AppData\Roaming\mozilla\Firefox\Profiles\px8d1dwq.default\extensions [2013.05.11 16:20:11 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Malik\AppData\Roaming\mozilla\Firefox\Profiles\px8d1dwq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.06.30 14:03:44 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Malik\AppData\Roaming\mozilla\Firefox\Profiles\px8d1dwq.default\extensions\ich@maltegoetz.de [2012.10.30 14:46:44 | 000,021,507 | ---- | M] () (No name found) -- C:\Users\Malik\AppData\Roaming\mozilla\firefox\profiles\px8d1dwq.default\extensions\leethax@leethax.net.xpi [2013.07.03 21:09:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.07.03 21:09:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.07.03 21:09:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.07.03 21:09:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2013.07.10 21:39:21 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (QuickTime) - {D4704207-C86B-4811-951E-6F322F9CEDE7} - C:\Users\Malik\AppData\LocalLow\QuickTime\IE\QuickTime.dll (Apple Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe (NTI Corporation) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Malik\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - Startup: C:\Users\Malik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C9FFBFA-E9BD-41BA-8F24-01E55F14D22F}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2815F07-F996-4088-A467-BDED97484400}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.02.03 08:11:25 | 000,055,136 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2011.11.14 17:40:17 | 000,000,049 | R--- | M] () - D:\Autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {26B2162E-985F-A187-7E58-D3746EEBF87F} - Java (Sun) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP MsConfig:64bit - StartUpReg: ffdwnd - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.07.11 22:21:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Malik\Desktop\OTL.exe [2013.07.11 20:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2013.07.11 20:46:51 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.07.11 20:45:03 | 009,833,328 | ---- | C] (SurfRight B.V.) -- C:\Users\Malik\Desktop\HitmanPro_x64.exe [2013.07.11 20:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2013.07.11 20:30:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.07.11 20:29:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.07.11 20:08:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.07.11 17:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.07.11 17:17:31 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.07.11 17:17:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.07.11 17:13:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.07.11 05:23:47 | 000,000,000 | ---D | C] -- C:\FRST [2013.07.10 21:28:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.07.10 21:28:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.07.10 21:28:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.07.10 21:28:40 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.07.10 21:28:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.07.10 21:25:06 | 005,087,643 | R--- | C] (Swearware) -- C:\Users\Malik\Desktop\ComboFix.exe [2013.07.10 20:29:31 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Malik\Desktop\tdsskiller.exe [2013.07.03 21:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.06.30 16:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.11 22:21:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Malik\Desktop\OTL.exe [2013.07.11 20:49:17 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.11 20:49:17 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.11 20:49:17 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.11 20:49:17 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.11 20:49:17 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.11 20:49:13 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.11 20:49:13 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.11 20:47:34 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2013.07.11 20:45:08 | 009,833,328 | ---- | M] (SurfRight B.V.) -- C:\Users\Malik\Desktop\HitmanPro_x64.exe [2013.07.11 20:41:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.11 20:41:44 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys [2013.07.11 20:37:00 | 000,650,027 | ---- | M] () -- C:\Users\Malik\Desktop\adwcleaner.exe [2013.07.11 20:09:16 | 000,002,031 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.07.11 17:17:32 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.10 21:39:21 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.07.10 21:25:33 | 005,087,643 | R--- | M] (Swearware) -- C:\Users\Malik\Desktop\ComboFix.exe [2013.07.10 20:29:49 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Malik\Desktop\tdsskiller.exe [2013.07.09 15:39:44 | 000,002,656 | ---- | M] () -- C:\ProgramData\lfejq.js [2013.07.01 03:22:59 | 000,000,132 | ---- | M] () -- C:\Users\Malik\AppData\Roaming\Adobe PNG Format CS5 Prefs [2013.06.30 16:58:04 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.06.18 20:53:38 | 004,889,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.06.18 17:02:35 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.06.18 17:02:35 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.11 20:47:34 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2013.07.11 20:36:54 | 000,650,027 | ---- | C] () -- C:\Users\Malik\Desktop\adwcleaner.exe [2013.07.11 20:09:16 | 000,002,031 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.07.11 20:09:15 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.07.11 17:17:32 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.10 21:28:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.07.10 21:28:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.07.10 21:28:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.07.10 21:28:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.07.10 21:28:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.07.09 15:39:44 | 000,002,656 | ---- | C] () -- C:\ProgramData\lfejq.js [2013.06.30 16:56:30 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.06.18 17:02:35 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.06.18 17:02:35 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.01.28 22:37:54 | 000,000,132 | ---- | C] () -- C:\Users\Malik\AppData\Roaming\Adobe BMP Format CS5 Prefs [2012.12.29 13:20:44 | 000,000,856 | ---- | C] () -- C:\Windows\client.config.ini [2012.09.06 14:27:33 | 000,000,019 | ---- | C] () -- C:\Windows\popcinfo.dat [2012.08.29 01:10:18 | 000,001,456 | ---- | C] () -- C:\Users\Malik\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2012.07.16 17:29:27 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEAsm.dll [2012.07.16 17:29:27 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEAsmr.dll [2012.07.16 16:56:10 | 000,430,080 | ---- | C] ( ) -- C:\Windows\SysWow64\LMFX1N32comc.dll [2012.07.16 16:56:06 | 000,430,080 | ---- | C] ( ) -- C:\Windows\SysWow64\LMADKQ32comc.dll [2012.06.12 14:52:09 | 000,000,132 | ---- | C] () -- C:\Users\Malik\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012.02.27 15:39:55 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2012.02.20 12:17:43 | 1799,350,784 | ---- | C] () -- C:\Windows\SysWow64\MAESTIA_SETUP-1.bin [2012.02.20 12:16:49 | 1257,667,440 | ---- | C] () -- C:\Windows\SysWow64\MAESTIA_SETUP-2.bin [2011.08.11 18:15:16 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.06.10 14:24:21 | 000,000,000 | ---D | M] -- C:\Users\Malik\AppData\Roaming\.mono [2012.06.12 19:46:12 | 000,000,000 | ---D | M] -- C:\Users\Malik\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.06.12 11:16:13 | 000,000,000 | ---D | M] -- C:\Users\Malik\AppData\Roaming\com.adobe.dmp.contentviewer [2013.04.16 04:07:33 | 000,000,000 | ---D | M] -- C:\Users\Malik\AppData\Roaming\DVDVideoSoft [2011.12.04 20:19:43 | 000,000,000 | ---D | M] -- C:\Users\Malik\AppData\Roaming\OpenOffice.org [2013.06.04 08:34:13 | 000,000,000 | ---D | M] -- C:\Users\Malik\AppData\Roaming\Origin [2013.06.10 14:20:09 | 000,000,000 | ---D | M] -- C:\Users\Malik\AppData\Roaming\Pokémon Trading Card Game Online [2011.08.20 03:59:37 | 000,000,000 | ---D | M] -- C:\Users\Malik\AppData\Roaming\SNS [2012.07.16 18:43:52 | 000,000,000 | ---D | M] -- C:\Users\Malik\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2013.05.09 15:20:11 | 000,000,000 | ---D | M] -- C:\Users\Malik\AppData\Roaming\TERA [2012.10.16 14:50:46 | 000,000,000 | ---D | M] -- C:\Users\Malik\AppData\Roaming\TS3Client [2012.07.29 21:05:46 | 000,000,000 | ---D | M] -- C:\Users\Malik\AppData\Roaming\ts3overlay [2011.12.24 04:12:59 | 000,000,000 | ---D | M] -- C:\Users\Malik\AppData\Roaming\Unity [2012.09.05 20:22:07 | 000,000,000 | ---D | M] -- C:\Users\Malik\AppData\Roaming\WildTangent ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2013.07.11 17:13:35 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011.04.13 22:22:42 | 000,000,000 | ---D | M] -- C:\book [2013.07.11 20:34:01 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2012.08.17 15:07:10 | 000,000,000 | ---D | M] -- C:\Crash [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.08.11 13:39:15 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2013.07.11 18:40:39 | 000,000,000 | ---D | M] -- C:\FRST [2011.04.13 22:18:10 | 000,000,000 | ---D | M] -- C:\Intel [2012.07.16 17:28:23 | 000,000,000 | ---D | M] -- C:\Lexmark [2011.08.11 13:40:38 | 000,000,000 | ---D | M] -- C:\OEM [2011.09.14 23:01:16 | 000,000,000 | ---D | M] -- C:\Perfect World Entertainment [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.07.11 20:47:34 | 000,000,000 | R--D | M] -- C:\Program Files [2013.07.11 20:29:49 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.07.11 20:46:51 | 000,000,000 | ---D | M] -- C:\ProgramData [2011.08.11 13:39:15 | 000,000,000 | -HSD | M] -- C:\Programme [2013.07.11 05:12:43 | 000,000,000 | ---D | M] -- C:\Qoobox [2011.08.11 13:39:15 | 000,000,000 | ---D | M] -- C:\Recovery [2013.07.11 23:49:09 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.08.11 13:39:22 | 000,000,000 | R--D | M] -- C:\Users [2013.07.11 20:34:24 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 07:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2010.07.17 21:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2010.02.04 12:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.07.17 21:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2010.02.04 12:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2010.07.17 21:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2010.02.04 12:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2010.07.17 21:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2010.02.04 12:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2010.09.14 03:18:16 | 000,353,304 | ---- | M] (Intel Corporation) MD5=F4F4CBC7F6C7CB940AA9F0AAF3EF1104 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x86\iaStor.sys [2010.09.14 03:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x64\iaStor.sys [2010.09.14 04:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\drivers\iaStor.sys [2010.09.14 04:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\erdnt\cache64\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache86\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.07.17 21:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.07.12 00:03:15 | 004,194,304 | -HS- | M] () -- C:\Users\Malik\ntuser.dat [2013.07.12 00:03:15 | 000,262,144 | -HS- | M] () -- C:\Users\Malik\ntuser.dat.LOG1 [2011.08.11 13:39:27 | 000,000,000 | -HS- | M] () -- C:\Users\Malik\ntuser.dat.LOG2 [2011.08.11 23:10:42 | 000,065,536 | -HS- | M] () -- C:\Users\Malik\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011.08.11 23:10:42 | 000,524,288 | -HS- | M] () -- C:\Users\Malik\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011.08.11 23:10:42 | 000,524,288 | -HS- | M] () -- C:\Users\Malik\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.04.23 02:35:29 | 000,065,536 | -HS- | M] () -- C:\Users\Malik\ntuser.dat{036d203b-8c5d-11e1-97a9-b870f471e4e7}.TM.blf [2012.04.23 02:35:29 | 000,524,288 | -HS- | M] () -- C:\Users\Malik\ntuser.dat{036d203b-8c5d-11e1-97a9-b870f471e4e7}.TMContainer00000000000000000001.regtrans-ms [2012.04.23 02:35:29 | 000,524,288 | -HS- | M] () -- C:\Users\Malik\ntuser.dat{036d203b-8c5d-11e1-97a9-b870f471e4e7}.TMContainer00000000000000000002.regtrans-ms [2011.08.11 13:39:27 | 000,000,020 | -HS- | M] () -- C:\Users\Malik\ntuser.ini [2011.12.05 23:18:26 | 000,088,576 | -HS- | M] () -- C:\Users\Malik\Thumbs.db < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > Code:
ATTFilter OTL Extras logfile created on: 11.07.2013 22:24:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Malik\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16618)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 63,81% Memory free
7,71 Gb Paging File | 6,22 Gb Available in Paging File | 80,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,16 Gb Total Space | 288,26 Gb Free Space | 64,04% Space Free | Partition Type: NTFS
Drive D: | 5,22 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: MALIK-PC | User Name: Malik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{056134BE-FC5C-4F33-8C54-1CA660838B14}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{119B66A3-88BA-43B8-8255-9FD58A592ECC}" = lport=137 | protocol=17 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{237E72B1-DC52-411D-AD5F-30237A58E670}" = lport=139 | protocol=6 | dir=in | app=system |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3C39FC2C-050D-4AB7-81D1-67A7A1015001}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{41E48DD7-07C4-436E-92C8-3F3E9CCFB160}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4DF2138B-8D1A-43EA-A0C5-E394EDDB15A6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{51BEDB33-F829-4DF1-AE35-3EC30E089598}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{647FC8E0-600D-4478-8F1B-D43D0015ED31}" = rport=445 | protocol=6 | dir=out | app=system |
"{68A9B9F9-53D0-4D91-B7B5-14C878E8257F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8B6B152E-2830-4CBA-9988-07E5AA37999F}" = lport=138 | protocol=17 | dir=in | app=system |
"{A037EB40-B914-4C7B-9125-504C4B77FAD2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B669DA91-33EB-4C08-8902-010F3D87D967}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BADDE39F-D5A2-484C-B763-07444CD50805}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BD363833-6D1C-4B69-8175-520793488D02}" = lport=445 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C0961D37-198C-49A9-8C2D-7D460BC16325}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C3466134-BB63-4862-8739-A7BEA36EDAF9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CCF83ABD-EF9C-474C-83D4-91E12CE8E62E}" = rport=139 | protocol=6 | dir=out | app=system |
"{CE3C1B39-ACA3-4C33-9F21-B8A13960FF65}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CECAAC11-C144-4E03-8A63-8DE0186B81FD}" = rport=138 | protocol=17 | dir=out | app=system |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2FACA40-29EA-41D3-9D1A-49386D29C570}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D4D0B7EE-FF41-4798-9C31-6EF003721C08}" = rport=137 | protocol=17 | dir=out | app=system |
"{DFA89103-B692-4821-AA66-6230070BE625}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FDFE0E2E-B7C6-492F-9020-1EB94F7F8742}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{04ED9817-7D99-4535-A077-528DD50CD0D7}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{14178ACA-626E-4CAF-AA98-45ECBBE1352C}" = protocol=6 | dir=out | app=system |
"{142E401C-09C4-494F-A353-A15B2EFDDE27}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{19B7D63A-B6A8-40D8-AC44-C911F6FAF88C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1C76A15F-3958-40B0-8F77-CC48868F3A2E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{26F6E4BA-44EF-450E-8906-71B14ED9F8B3}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{2A298F0C-D102-46C0-ADBB-50143384B348}" = dir=in | app=c:\program files (x86)\cyberlink\homemedia\homemedia.exe |
"{31C897AB-D9C7-4C17-A919-C1C7C57F31FE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{378F5843-207A-43AA-AA93-DFB23B3BD977}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{3C4D18C5-8249-459F-A2C8-DF1BABBDDA8C}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4632C76C-B7E4-49CE-A1C9-CC0713AB5250}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{47F6E9A6-1353-4CAD-AF69-0DF7D225FBCC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{48175DD0-755A-4C4B-BC98-CF7C03061A3B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{53DACEBE-8B76-48BF-AD3A-050CDCCD286E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{5435007A-1A89-465A-9386-17039BFBEC35}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{58A4F7EB-FC5A-4512-8D40-AD30F891B596}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5DFAD08C-0C8F-4265-80FF-F7C522A891DE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{69A89AA9-AC7A-483E-9DD0-E52974A5FBF5}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{6E491D43-87DF-4B47-B693-1A41CF4352BE}" = protocol=6 | dir=in | app=c:\users\malik\appdata\local\akamai\netsession_win.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A221CDF-BE84-4E63-9672-E41A30A27D4B}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark\psu\lmpsu.exe |
"{9D85C7BD-3E39-411A-AA3E-1B45928D8637}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{A2ACAC79-002A-4B50-A691-AD335F9B3A35}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A9AFBB89-1A5E-47CB-9DAC-9ABB43FF9B02}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B173852F-07ED-44EC-AD11-B3B3E2BC3741}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4C7544C-D218-4738-A7B4-E70BB0750E29}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{BC88E96F-33E0-4BAA-98CF-8801DBF8266D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{BD90F9DD-3305-452A-B20A-80322176398A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BF3F336C-1375-407E-A63B-A9A8C31AB402}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BF7C9102-2010-4A6B-A275-B5CC80742301}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C00A6BD0-F059-4870-8CA6-B1312FF5BFE5}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C0CF085E-56D9-45B7-9CCA-BFCCB7435465}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{C5747F23-65D1-4340-9D54-107B7E9265A7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C9765EFB-6B84-43CE-B58C-55074CFB1C33}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark\psu\lmpsu.exe |
"{CA0D83B6-D958-4E30-B6FC-79B43E81A47B}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DB86B7C9-4337-4F3D-B726-287EBA37D854}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E453FEED-5CAD-4A48-B9FC-481A3824E73D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E7006515-843B-45F2-A08A-4B392E205B5A}" = protocol=17 | dir=in | app=c:\users\malik\appdata\local\akamai\netsession_win.exe |
"{E80BE769-F110-4DC8-A4CF-CED9A17116BD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EAD9A1B0-6F5E-40D9-AFE2-5956276E9155}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F14DF55D-F784-4CD7-AB59-FD39E7FC5F9E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F14E2EB4-199B-45ED-BBD4-E91D4B57B04F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F1C33EBE-1336-4506-8D10-51A4AFF34855}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F20260E3-21FF-4DB6-8D9B-1BF4FF806B7E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{0B0AE530-8FF8-467B-9A18-46C5AEAE275E}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe |
"TCP Query User{2C6FB547-4517-4AEE-B5E4-2111A22780F6}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{3B16A63F-497A-466A-BBC7-76F7E9EB795A}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"TCP Query User{3E9DB7B5-E2AC-4EE8-A61C-53CEA651836F}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{6E6412C7-43B5-45C0-A019-C1F1D9F43E6F}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{869C0D1C-6367-43AA-B14B-1DE2482F8806}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{9518A03D-3B5F-4E8F-BA33-232BA5BFBCAF}C:\users\malik\appdata\roaming\kalydo\kalydoplayer\bin2\kalydoloader.exe" = protocol=6 | dir=in | app=c:\users\malik\appdata\roaming\kalydo\kalydoplayer\bin2\kalydoloader.exe |
"TCP Query User{AAC34257-43E9-4317-9723-4167308F968D}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{AB6F6429-198C-4EB2-A34F-78156E1844A6}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"TCP Query User{D1DBA29D-085F-451F-A4EB-00597AB87B8C}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"TCP Query User{DED9D375-D420-469E-88CA-2D1F06D48550}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{F077EB1F-3D73-46B0-A66C-1881D18C5E95}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"TCP Query User{F1C7C0DC-26C1-4679-A266-16EBD537DCB7}C:\users\malik\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\malik\appdata\local\akamai\netsession_win.exe |
"UDP Query User{1BC2D1CA-D7AD-45E9-8023-60D68DA49095}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{227DBD05-33EF-4990-8E93-6A087CF585AE}C:\users\malik\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\malik\appdata\local\akamai\netsession_win.exe |
"UDP Query User{37AD22AE-CF7A-475E-85BB-E24FBCF7792D}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"UDP Query User{48248200-A380-4B99-93EE-9A995A059496}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{52595E21-BD66-4EC0-BC6E-7BE65B0C5AB6}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe |
"UDP Query User{5AFB400C-9CBD-4AA3-A5FA-085B4E7FD8F2}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{7ED1DF97-AD6A-4AF8-8BC4-936BFC280676}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{A10E460B-84E0-49F7-AA42-74F3B28B5A30}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"UDP Query User{B79DA171-B838-4EBE-8F69-C1C76C440883}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{C28A643D-59C7-41F4-8D5C-CD9B507A57D2}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"UDP Query User{DCEF32B2-1424-4486-A672-BE5B4F553793}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{E2A053CA-EB72-49F9-8F34-5A097DDEA738}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"UDP Query User{E98A55DA-2AC4-483B-B3B5-3A161482DC39}C:\users\malik\appdata\roaming\kalydo\kalydoplayer\bin2\kalydoloader.exe" = protocol=17 | dir=in | app=c:\users\malik\appdata\roaming\kalydo\kalydoplayer\bin2\kalydoloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{029A4933-3F36-4E4F-AEC3-2207AB26463D}" = Broadcom Gigabit NetLink Controller
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HitmanPro37" = HitmanPro 3.7
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wacom Tablet Driver" = Wacom Tablett
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 64 bit
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = Die Sims™ 3 Showtime
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{60E59A6C-7399-495A-B85C-C829F4E59602}" = Adobe Creative Suite 5.5 Design Premium
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = Die Sims™ 3 Stadt-Accessoires
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = HomeMedia
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Akamai" = Akamai NetSession Interface
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Packard Bell MyBackup
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"Origin" = Origin
"Packard Bell Game Console" = Packard Bell Game Console
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"VLC media player" = VLC media player 2.0.7
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"World of Warcraft" = World of Warcraft
"WT088216" = Agatha Christie - Death on the Nile
"WT088226" = Bejeweled 2 Deluxe
"WT088228" = Build-a-lot 2
"WT088235" = Chuzzle Deluxe
"WT088238" = Diner Dash 2 Restaurant Rescue
"WT088260" = Farm Frenzy
"WT088268" = Insaniquarium Deluxe
"WT088269" = Jewel Quest Solitaire 2
"WT088283" = Plants vs. Zombies
"WT088416" = FATE
"WT088420" = Final Drive Nitro
"WT088448" = John Deere Drive Green
"WT088452" = Penguins!
"WT088456" = Polar Bowler
"WT088460" = Polar Golfer
"WT088508" = Virtual Villagers 4 - The Tree of Life
"WT088531" = Zuma's Revenge
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.03.2012 11:05:36 | Computer Name = Malik-PC | Source = Application Hang | ID = 1002
Description = Programm Sims3LauncherW.exe, Version 0.1.0.27 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 388 Startzeit: 01cd0b61aeedddc0 Endzeit: 10 Anwendungspfad:
C:\Program Files (x86)\Electronic Arts\Die Sims 3\Game\Bin\Sims3LauncherW.exe Berichts-ID:
1f62eaa3-7755-11e1-a4bc-b870f471e4e7
Error - 26.03.2012 11:12:15 | Computer Name = Malik-PC | Source = Application Hang | ID = 1002
Description = Programm Sims3LauncherW.exe, Version 0.1.0.27 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 105c Startzeit: 01cd0b62883e7e58 Endzeit: 0 Anwendungspfad:
C:\Program Files (x86)\Electronic Arts\Die Sims 3\Game\Bin\Sims3LauncherW.exe Berichts-ID:
ef89790e-7755-11e1-bad3-b870f471e4e7
Error - 26.03.2012 11:31:10 | Computer Name = Malik-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Setup.exe_Origin, Version: 8.2.2.2413,
Zeitstempel: 0x4e14f617 Name des fehlerhaften Moduls: System.dll, Version: 0.0.0.0,
Zeitstempel: 0x4e14f60b Ausnahmecode: 0xc0000005 Fehleroffset: 0x000018cb ID des fehlerhaften
Prozesses: 0x6e0 Startzeit der fehlerhaften Anwendung: 0x01cd0b656a357709 Pfad der
fehlerhaften Anwendung: C:\Users\Malik\AppData\Local\Temp\Setup.exe Pfad des fehlerhaften
Moduls: C:\Users\Malik\AppData\Local\Temp\nsiFC49.tmp\System.dll Berichtskennung:
b6169c4c-7758-11e1-bad3-b870f471e4e7
Error - 26.03.2012 18:24:19 | Computer Name = Malik-PC | Source = Application Hang | ID = 1002
Description = Programm WoW.exe, Version 4.3.3.15354 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 12dc Startzeit:
01cd0b8d00aab64d Endzeit: 11 Anwendungspfad: C:\Program Files (x86)\World of Warcraft\WoW.exe
Berichts-ID:
Error - 26.03.2012 20:51:11 | Computer Name = Malik-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 03.04.2012 10:59:52 | Computer Name = Malik-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 06.04.2012 19:11:44 | Computer Name = Malik-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Malik\Downloads\SoftonicDownloader_fuer_bagnon.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 06.04.2012 19:11:53 | Computer Name = Malik-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Malik\Downloads\SoftonicDownloader_fuer_bagnon.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 06.04.2012 19:11:55 | Computer Name = Malik-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Malik\Downloads\SoftonicDownloader_fuer_bagnon.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 06.04.2012 19:11:57 | Computer Name = Malik-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Malik\Downloads\SoftonicDownloader_fuer_bagnon.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 06.04.2012 19:12:08 | Computer Name = Malik-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Malik\Downloads\SoftonicDownloader_fuer_bagnon.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
[ System Events ]
Error - 11.07.2013 12:42:00 | Computer Name = Malik-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxeaCATSCustConnectService erreicht.
Error - 11.07.2013 12:42:00 | Computer Name = Malik-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxeaCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 11.07.2013 14:21:54 | Computer Name = Malik-PC | Source = bowser | ID = 8003
Description =
Error - 11.07.2013 14:27:54 | Computer Name = Malik-PC | Source = bowser | ID = 8003
Description =
Error - 11.07.2013 14:36:55 | Computer Name = Malik-PC | Source = bowser | ID = 8003
Description =
Error - 11.07.2013 14:39:55 | Computer Name = Malik-PC | Source = bowser | ID = 8003
Description =
Error - 11.07.2013 14:42:56 | Computer Name = Malik-PC | Source = bowser | ID = 8003
Description =
Error - 11.07.2013 14:45:57 | Computer Name = Malik-PC | Source = bowser | ID = 8003
Description =
Error - 11.07.2013 15:00:58 | Computer Name = Malik-PC | Source = bowser | ID = 8003
Description =
Error - 11.07.2013 16:22:06 | Computer Name = Malik-PC | Source = bowser | ID = 8003
Description =
< End of report >
|
|
| Themen zu GVU Trojaner Vers. 2.12 eingefangen, bisherige Maßnahmen erfolglos |
| bildschirm, boot, brauche, chip, diverse, eingabeaufforderung, folge, foren, forum, gen, gvu trojaner 2.12, hartnäckig, hilfe benötigt, intel, kaspersky, nichts, online, packard bell, plötzlich, profi, rechner, sicherheit, starten, suche, systemwiederherstellung, trojaner, version, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
