|
Exploit:Java/CVE-2013 etc. Hallo allerseits! Ich habe mich vor einigen Tagen bei Ebay angemeldet und beim ersten Versuch eines Bietens gemerkt, dass ich auf eine Website geleitet werde, die meine Kreditkartennummer zur Authentifizierung verlangt. Obwohl ich im ersten Moment durch die https-Ad diese sogar eingeben wollte, habe ich rechtzeitig geschnallt, dass das wohl keine so gute Idee ist. Habe danach ein wenig gesucht und ähnliche Trojaner-Fälle gefunden. Ich nehme an, ich habe mir das ganze über eine lange nicht aktualisierte Java-Version eingefangen. Habe auf Anraten des Ebay-Supports alle temporären Internetdateien sowie den Cache gelöscht; einen Virenscan mit dem Defender durchgeführt (erfolglos). Da es nicht verschwand, anschließend Malwarebytes drübergejagt, und dann fand währenddessen lustigerweise der Defender drei Dateien: Exploit:JS/Blacole.GB Exploit:Java/CVE-2013-2423 Exploit:Java/CVE-2013-1493 Auf seine Empfehlung (dumm, ich weiß) habe ich leider auf "Entfernen" gedrückt. Nun tauchen, nur zur Info, die Dateien im Defender nicht mehr unter dem Menüpunkt "unter Quarantäne" auf, jedoch noch unter "alle Elemente" mit dem Status "in Quarantäne". Anschließend waren Malwarebytes und tdsskiller erfolglos auf der Suche auf meinem PC. Das Problem ist aber nicht verschwunden. Ich bitte um Hilfe. Vielen Dank im Voraus.! Kaese OTL logfile created on: 09.07.2013 17:34:00 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Timmi\Desktop 64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16599) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 6,09 Gb Available Physical Memory | 76,91% Memory free 9,10 Gb Paging File | 7,22 Gb Available in Paging File | 79,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 126,95 Gb Total Space | 83,69 Gb Free Space | 65,92% Space Free | Partition Type: NTFS Drive D: | 804,56 Gb Total Space | 719,04 Gb Free Space | 89,37% Space Free | Partition Type: NTFS Computer Name: TIMMIS | User Name: Timmi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.09 17:32:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Timmi\Desktop\OTL.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.03.06 02:21:50 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe PRC - [2010.09.29 15:08:58 | 000,200,624 | ---- | M] (Telefónica I+D) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe ========== Modules (No Company Name) ========== MOD - [2013.03.18 20:32:24 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.05.04 08:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013.05.04 08:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2013.04.09 06:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.07.26 05:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 05:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV - [2013.06.29 02:05:11 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.03.06 02:21:50 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service) SRV - [2013.02.28 19:09:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.10 05:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.12.14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.07.26 05:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2010.09.29 15:08:58 | 000,200,624 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.05.04 09:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2013.05.04 09:34:17 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2013.05.04 09:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013.03.02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2013.03.02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013.02.10 05:25:27 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012.12.14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 04:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid) DRV:64bit: - [2012.07.26 04:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp) DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 04:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr) DRV:64bit: - [2012.07.26 04:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp) DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.06.02 16:31:56 | 000,589,824 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2012.06.02 16:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2010.10.20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.09 08:49:52 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2010.08.31 12:09:00 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2010.08.07 11:49:04 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2010.07.27 03:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ew_hwusbdev.sys -- (ew_hwusbdev) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68 FF - prefs.js..extensions.enabledAddons: %7B8AA36F4F-6DC7-4c06-77AF-5035170634FE%7D:2013.01.16 FF - prefs.js..extensions.enabledAddons: client%40anonymox.net:1.0.2 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.7 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013.04.05 13:35:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.04.16 13:33:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.07.01 22:11:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.07.01 22:11:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.03.24 16:40:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timmi\AppData\Roaming\mozilla\Extensions [2013.07.04 00:50:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timmi\AppData\Roaming\mozilla\Firefox\Profiles\271z4be7.default\extensions [2013.05.08 23:03:28 | 000,363,920 | ---- | M] () (No name found) -- C:\Users\Timmi\AppData\Roaming\mozilla\firefox\profiles\271z4be7.default\extensions\client@anonymox.net.xpi [2013.07.04 00:50:42 | 000,534,371 | ---- | M] () (No name found) -- C:\Users\Timmi\AppData\Roaming\mozilla\firefox\profiles\271z4be7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.03.24 18:37:25 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Timmi\AppData\Roaming\mozilla\firefox\profiles\271z4be7.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013.06.29 02:04:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.06.29 02:05:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.04.05 13:35:37 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A0B976A-5829-470F-B52C-434CB743C64E}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D04FDD5C-702D-4BC2-B168-5D0E37254FCA}: NameServer = 193.189.244.225 193.189.244.206 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{97e173f9-ac3b-11e2-be6f-ac72897cf16d}\Shell - "" = AutoRun O33 - MountPoints2\{97e173f9-ac3b-11e2-be6f-ac72897cf16d}\Shell\AutoRun\command - "" = "G:\AutoRun.exe" O33 - MountPoints2\{97e17424-ac3b-11e2-be6f-ac72897cf16d}\Shell - "" = AutoRun O33 - MountPoints2\{97e17424-ac3b-11e2-be6f-ac72897cf16d}\Shell\AutoRun\command - "" = "G:\AutoRun.exe" O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = "G:\AutoRun.exe" O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.09 17:32:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Timmi\Desktop\OTL.exe [2013.07.09 17:05:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.07.09 17:03:36 | 000,000,000 | ---D | C] -- C:\Users\Timmi\AppData\Roaming\GetRightToGo [2013.07.09 17:02:17 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.07.09 17:01:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.07.09 16:41:04 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Timmi\Desktop\tdsskiller.exe [2013.07.09 16:12:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2013.07.09 15:50:31 | 000,000,000 | ---D | C] -- C:\Users\Timmi\AppData\Roaming\Malwarebytes [2013.07.09 15:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.07.09 15:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.07.09 15:49:55 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.07.09 15:49:41 | 000,000,000 | ---D | C] -- C:\Users\Timmi\AppData\Local\Programs [2013.07.01 22:11:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.06.29 02:04:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.06.11 16:11:06 | 000,000,000 | ---D | C] -- C:\Users\Timmi\AppData\Roaming\Broken Sword 2.5 [2013.06.11 16:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broken Sword 2.5 ========== Files - Modified Within 30 Days ========== [2013.07.09 17:32:59 | 000,000,000 | ---- | M] () -- C:\Users\Timmi\defogger_reenable [2013.07.09 17:32:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Timmi\Desktop\OTL.exe [2013.07.09 17:31:48 | 000,050,477 | ---- | M] () -- C:\Users\Timmi\Desktop\Defogger.exe [2013.07.09 16:46:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.09 16:44:09 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.07.09 16:44:04 | 2503,675,903 | -HS- | M] () -- C:\hiberfil.sys [2013.07.09 16:41:21 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Timmi\Desktop\tdsskiller.exe [2013.07.09 15:50:14 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013.07.07 15:12:30 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.07 15:12:30 | 000,753,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.07 15:12:30 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.07 15:12:30 | 000,155,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.07 15:12:30 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.21 08:18:34 | 000,307,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.06.11 16:10:10 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\Broken Sword 2.5.lnk ========== Files Created - No Company Name ========== [2013.07.09 17:32:59 | 000,000,000 | ---- | C] () -- C:\Users\Timmi\defogger_reenable [2013.07.09 17:31:46 | 000,050,477 | ---- | C] () -- C:\Users\Timmi\Desktop\Defogger.exe [2013.07.09 15:50:14 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013.06.21 08:18:19 | 000,307,904 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.06.14 21:51:27 | 000,386,646 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2013.06.11 16:10:10 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\Broken Sword 2.5.lnk [2013.03.24 16:50:03 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012.12.14 03:42:30 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2012.12.14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.12.14 03:42:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== ZeroAccess Check ========== [2013.04.05 13:32:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.06.11 16:20:50 | 000,000,000 | ---D | M] -- C:\Users\Timmi\AppData\Roaming\Broken Sword 2.5 [2013.07.09 17:04:15 | 000,000,000 | ---D | M] -- C:\Users\Timmi\AppData\Roaming\GetRightToGo [2013.03.24 16:51:57 | 000,000,000 | ---D | M] -- C:\Users\Timmi\AppData\Roaming\OpenOffice.org [2013.04.17 17:29:43 | 000,000,000 | ---D | M] -- C:\Users\Timmi\AppData\Roaming\Origin [2013.04.17 18:04:57 | 000,000,000 | ---D | M] -- C:\Users\Timmi\AppData\Roaming\Sports Interactive [2013.04.05 15:28:52 | 000,000,000 | ---D | M] -- C:\Users\Timmi\AppData\Roaming\Swiss Academic Software [2013.04.09 16:33:09 | 000,000,000 | ---D | M] -- C:\Users\Timmi\AppData\Roaming\Thunderbird [2013.04.25 21:14:29 | 000,000,000 | ---D | M] -- C:\Users\Timmi\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > OTL Extras logfile created on: 09.07.2013 17:34:00 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Timmi\Desktop 64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16599) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 6,09 Gb Available Physical Memory | 76,91% Memory free 9,10 Gb Paging File | 7,22 Gb Available in Paging File | 79,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 126,95 Gb Total Space | 83,69 Gb Free Space | 65,92% Space Free | Partition Type: NTFS Drive D: | 804,56 Gb Total Space | 719,04 Gb Free Space | 89,37% Space Free | Partition Type: NTFS Computer Name: TIMMIS | User Name: Timmi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1A0F89CA-5FC2-43A7-8852-518D4B096BDF}" = lport=10243 | protocol=6 | dir=in | app=system | "{41C5EF1F-27B7-4674-8603-F1EC2EEAF865}" = lport=137 | protocol=17 | dir=in | app=system | "{522C1863-E80E-4499-974C-A9CFB87DE966}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{691DC377-0627-4458-B589-4320C499BEF7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{73E0376B-B0A8-4ADE-878D-4B86DB409641}" = rport=445 | protocol=6 | dir=out | app=system | "{7E9C28AC-3E18-40C7-B8CE-543E5B530E99}" = lport=445 | protocol=6 | dir=in | app=system | "{84425985-8D94-477F-8CA8-177C6754F151}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8D4029F9-D200-43B9-A3F7-6C6E2ACAE184}" = lport=139 | protocol=6 | dir=in | app=system | "{93E08B12-4884-42C4-896C-CE4161BFCB89}" = lport=2869 | protocol=6 | dir=in | app=system | "{9A110454-2052-4F55-BB3D-D1EE29144663}" = rport=139 | protocol=6 | dir=out | app=system | "{9EFAC639-13DB-4DDA-8BB1-69BA965B0E66}" = rport=10243 | protocol=6 | dir=out | app=system | "{A1EC3B6A-29F9-4AA2-B454-CC2E0314CBFD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BAA6A692-23EE-4C86-BB78-B18600E126F4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C1566D96-D37B-40AE-B1F6-076A0EC9E4DE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{D2137CA5-17A1-4444-A5CA-EBEA35AD1A1D}" = lport=138 | protocol=17 | dir=in | app=system | "{DFF676D3-B0D7-4C05-A109-76584AC36B87}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E10E2BE6-00C7-48A2-AFD3-39A44E0C27A2}" = rport=137 | protocol=17 | dir=out | app=system | "{E5B4BABB-C0EA-4254-85A8-FB53F701D98D}" = rport=138 | protocol=17 | dir=out | app=system | "{F0B98985-7D85-42E7-938D-D1600B9F7023}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F96261A6-3FB4-49AE-8800-288761737377}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{FFFD8253-EC03-415B-9C80-65F9186FE1F7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02BA4D99-2A83-4ADB-A633-256DB835436E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{077BF90C-6DF6-4696-B32A-81D58B065002}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe | "{153B7471-B48F-4C54-A74D-AE49ED325E98}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{189E8F4A-2790-44E9-B412-EC84AAC1B120}" = protocol=6 | dir=out | app=system | "{19163CFC-4FDD-4C1C-AA94-98E9950C1FD4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{19F14398-E7EC-4079-A821-FEDE1A3AD37E}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | "{22F1B290-FDD9-4B22-B5EA-1CB1068F2836}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\football manager 2013 demo\fm.exe | "{26DCAA1D-B1CC-4859-9B78-1F6986A24D9C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{27505365-1CAD-4AF4-8EB5-B715951FFAB1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{2B071A0F-CEA3-4335-9C88-7E4A9D009A59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2CEA260B-F8A0-4DF9-A69C-20610A21A562}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{3EAC616A-0859-4387-A776-4CCAADD8447B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{41F07F46-9A8B-451D-91C0-72ED8F6E7FDC}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{44078CDF-4917-4801-8089-D9CA682C6446}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | "{58F83DCF-D03C-4D25-A3A2-41DC05AF776E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{60CEB602-2BE4-447A-8FED-8D200B63A246}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{61F389B5-5559-4D2A-810E-C763D40DC791}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{625F0B1D-85D5-4DFA-B907-A858AA476621}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{6AA9796E-3FB2-4AA1-9340-8DC05DA73559}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "{7B9DD555-76A2-4F0B-9BCB-CA0C54C4E5D8}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{83EBA733-3039-4CD4-B747-EBC3323A09D1}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{90F06798-0E04-48C1-BB3E-7E77EF6EFE89}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{9100BD55-5004-455C-B62E-5637ECF7D8C8}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | "{9108F9DA-55D6-4A52-AC80-483724B5E516}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{912AAE53-4432-4738-AE6D-7723294E0F76}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{9895B66C-F4F7-4CC3-8220-633495362ADA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A250A396-A0D8-4F14-970B-B39588BC68FC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A46EC3D0-E9EA-4C05-8E94-DA8C62277A06}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{A9BB5E4F-07AB-48A2-BFE9-D58D468551C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AA8F2FCF-C9DB-43BC-B7EF-C92262218B72}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{AAF95B0F-AA6C-45ED-9340-FF7AF899ABE8}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 13 demo\game\fifa13_demo.exe | "{AC7D2FF3-F18C-413E-B852-E70235C4E48B}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{AF806673-19A6-403F-ADB6-C2F8CD19E57C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B0D332B0-59ED-4E82-847B-277524A3FA24}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 13 demo\game\fifa13_demo.exe | "{B13873FA-8AA1-4050-8588-51B1242864E5}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\football manager 2013 demo\fm.exe | "{B3DC6C0E-AF01-4C0E-B02E-806E7AEDE260}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{B47598E3-E7EE-49C5-947F-CF436262F820}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B7AAE101-2147-4F02-94A6-2A0521C6D0A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{BD7B8F99-EEF3-49A9-8A9D-0DCF7246B327}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{CE18D98F-44F3-4FC6-81C1-F73170E72CF5}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{D155E957-A12A-4723-AA0A-D14EC91AC7D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DCE70B1B-DC79-4ECC-AEC7-0F1EC886B9D1}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe | "{E0C5B614-8119-4F12-83F6-DC78E75E6A5D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{F112B69A-AC9B-4DF5-9395-5CCF0F3E7F6B}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{F81409FF-A070-4338-A0E3-4D26AD1FFFCA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FCF7936F-5832-4354-90B8-10D1D97DF789}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.12.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "CCleaner" = CCleaner "HitmanPro37" = HitmanPro 3.7 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{3F499657-766A-4A5F-AEE9-A1F8D295A4CE}" = FIFA 13 Demo "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{65F8E0A6-A290-4D47-B391-D6353D756854}" = Pro Evolution Soccer 2013 DEMO "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch "{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi "{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "7-Zip" = 7-Zip 9.20 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "Broken Sword 2.5_is1" = Broken Sword 2.5 "GeoGebra 4.2" = GeoGebra 4.2 "HUAWEI DataCard Driver" = HUAWEI DataCard Driver 4.20.12.00 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de) "Mozilla Thunderbird 17.0.7 (x86 de)" = Mozilla Thunderbird 17.0.7 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "o2DE" = Mobile Connection Manager "Origin" = Origin "RealPlayer 16.0" = RealPlayer "SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows "Steam App 216530" = Football Manager 2013 Demo ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 06.07.2013 05:41:47 | Computer Name = Timmis | Source = Microsoft-Windows-Immersive-Shell | ID = 2486 Description = Die App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“ wurde nicht innerhalb der vorgesehenen Zeit gestartet. Error - 08.07.2013 07:55:52 | Computer Name = Timmis | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: pes2013-unlock.exe, Version: 1.0.0.0, Zeitstempel: 0x4ffa93be Name des fehlerhaften Moduls: pes2013-unlock.exe, Version: 1.0.0.0, Zeitstempel: 0x4ffa93be Ausnahmecode: 0xc0000005 Fehleroffset: 0x004a98a6 ID des fehlerhaften Prozesses: 0xfd0 Startzeit der fehlerhaften Anwendung: 0x01ce7bcf876645c7 Pfad der fehlerhaften Anwendung: D:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013 DEMO\pes2013-unlock.exe Pfad des fehlerhaften Moduls: D:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013 DEMO\pes2013-unlock.exe Berichtskennung: 5605930d-e7c5-11e2-be7d-ac72897cf16d Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 08.07.2013 08:40:53 | Computer Name = Timmis | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 08.07.2013 16:00:35 | Computer Name = Timmis | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: pes2013-unlock.exe, Version: 1.0.0.0, Zeitstempel: 0x4ffa93be Name des fehlerhaften Moduls: pes2013-unlock.exe, Version: 1.0.0.0, Zeitstempel: 0x4ffa93be Ausnahmecode: 0xc0000005 Fehleroffset: 0x004a98a6 ID des fehlerhaften Prozesses: 0xea8 Startzeit der fehlerhaften Anwendung: 0x01ce7c074e173631 Pfad der fehlerhaften Anwendung: D:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013 DEMO\pes2013-unlock.exe Pfad des fehlerhaften Moduls: D:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013 DEMO\pes2013-unlock.exe Berichtskennung: 0ce5ff6c-e809-11e2-be7d-ac72897cf16d Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 08.07.2013 17:39:27 | Computer Name = Timmis | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 08.07.2013 17:51:42 | Computer Name = Timmis | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 08.07.2013 18:17:57 | Computer Name = Timmis | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: pes2013-unlock.exe, Version: 1.0.0.0, Zeitstempel: 0x4ffa93be Name des fehlerhaften Moduls: pes2013-unlock.exe, Version: 1.0.0.0, Zeitstempel: 0x4ffa93be Ausnahmecode: 0xc0000005 Fehleroffset: 0x004a98a6 ID des fehlerhaften Prozesses: 0x2c Startzeit der fehlerhaften Anwendung: 0x01ce7c25e509e239 Pfad der fehlerhaften Anwendung: D:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013 DEMO\pes2013-unlock.exe Pfad des fehlerhaften Moduls: D:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013 DEMO\pes2013-unlock.exe Berichtskennung: 3de33777-e81c-11e2-be7d-ac72897cf16d Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 08.07.2013 18:25:33 | Computer Name = Timmis | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 08.07.2013 18:26:18 | Computer Name = Timmis | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 09.07.2013 11:12:35 | Computer Name = Timmis | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". [ System Events ] Error - 06.07.2013 06:04:43 | Computer Name = Timmis | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 06.07.2013 06:04:43 | Computer Name = Timmis | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 07.07.2013 10:19:39 | Computer Name = Timmis | Source = NetBT | ID = 4321 Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.55 registriert werden. Der Computer mit IP-Adresse 192.168.178.29 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 08.07.2013 18:40:06 | Computer Name = Timmis | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 08.07.2013 18:40:06 | Computer Name = Timmis | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 09.07.2013 10:38:51 | Computer Name = Timmis | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?09.?07.?2013 um 16:21:39 unerwartet heruntergefahren. Error - 09.07.2013 10:41:02 | Computer Name = Timmis | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 09.07.2013 10:41:02 | Computer Name = Timmis | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 09.07.2013 10:46:34 | Computer Name = Timmis | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 09.07.2013 10:46:34 | Computer Name = Timmis | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 < End of report > Die Gmer.txt folgt nach dem Scan (will jetzt erstmal das Thema starten, bevor ich die InetVerbindung trenne). |
Hallo, Zitat:
|
GMER Logfile: Code: GMER 2.1.19163 - GMER - Rootkit Detector and RemoverDa! (: |
Ich habe gesehen, dass du auch andere Tools schon heruntergeladen hast (wie TDSSKiller, Combofix, MBAM..). Poste bitte ebenfalls noch alle Logs, die damit schon erstellt worden sind. |
TdssKiller: 18:10:41.0417 0804 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 18:10:41.0745 0804 ============================================================ 18:10:41.0745 0804 Current date / time: 2013/07/09 18:10:41.0745 18:10:41.0745 0804 SystemInfo: 18:10:41.0745 0804 18:10:41.0745 0804 OS Version: 6.2.9200 ServicePack: 0.0 18:10:41.0745 0804 Product type: Workstation 18:10:41.0745 0804 ComputerName: TIMMIS 18:10:41.0745 0804 UserName: Timmi 18:10:41.0745 0804 Windows directory: C:\Windows 18:10:41.0745 0804 System windows directory: C:\Windows 18:10:41.0745 0804 Running under WOW64 18:10:41.0745 0804 Processor architecture: Intel x64 18:10:41.0745 0804 Number of processors: 4 18:10:41.0745 0804 Page size: 0x1000 18:10:41.0745 0804 Boot type: Normal boot 18:10:41.0745 0804 ============================================================ 18:10:42.0964 0804 BG loaded 18:10:43.0479 0804 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:10:43.0667 0804 ============================================================ 18:10:43.0667 0804 \Device\Harddisk0\DR0: 18:10:43.0667 0804 MBR partitions: 18:10:43.0667 0804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFDE8182 18:10:43.0667 0804 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFDE8800, BlocksNum 0x6491D800 18:10:43.0667 0804 ============================================================ 18:10:43.0667 0804 C: <-> \Device\Harddisk0\DR0\Partition1 18:10:43.0698 0804 D: <-> \Device\Harddisk0\DR0\Partition2 18:10:43.0698 0804 ============================================================ 18:10:43.0698 0804 Initialize success 18:10:43.0698 0804 ============================================================ Combofix konnte nicht ausgeführt werden (nehme an, das liegt am Betriebssystem Win8?) MBAM: Malwarebytes Anti-Malware (Test) 1.75.0.1300 Malwarebytes : Free anti-malware download Datenbank Version: v2013.07.09.05 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16599 Timmi :: TIMMIS [Administrator] Schutz: Aktiviert 09.07.2013 16:45:50 mbam-log-2013-07-09 (16-45-50).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 231832 Laufzeit: 5 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) --- Ich hatte mit MBAM auch einen vollständigen Suchlauf begonnen, dabei wurde allerdings mein PC heruntergefahren (ich glaube aber, das war ein profanes Akku-Problem). Gruß |
Und passiert das in beiden Browsern oder nur in einem? |
Habe gerade im IE nachgesehen: auch dort. |
Übrigens: Das TDSSKiller-Log ist nicht vollständig. Sieht das wirklich so aus? Poste es sonst bitte noch einmal ganz. Zitat:
|
Habe es gerade einfach noch einmal gemacht, jetzt sieht es so aus: 18:25:47.0970 3292 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 18:25:48.0267 3292 ============================================================ 18:25:48.0267 3292 Current date / time: 2013/07/09 18:25:48.0267 18:25:48.0267 3292 SystemInfo: 18:25:48.0267 3292 18:25:48.0267 3292 OS Version: 6.2.9200 ServicePack: 0.0 18:25:48.0267 3292 Product type: Workstation 18:25:48.0267 3292 ComputerName: TIMMIS 18:25:48.0267 3292 UserName: Timmi 18:25:48.0267 3292 Windows directory: C:\Windows 18:25:48.0267 3292 System windows directory: C:\Windows 18:25:48.0267 3292 Running under WOW64 18:25:48.0267 3292 Processor architecture: Intel x64 18:25:48.0267 3292 Number of processors: 4 18:25:48.0267 3292 Page size: 0x1000 18:25:48.0267 3292 Boot type: Normal boot 18:25:48.0267 3292 ============================================================ 18:25:49.0470 3292 BG loaded 18:25:52.0033 3292 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:25:52.0064 3292 ============================================================ 18:25:52.0064 3292 \Device\Harddisk0\DR0: 18:25:52.0064 3292 MBR partitions: 18:25:52.0064 3292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFDE8182 18:25:52.0064 3292 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFDE8800, BlocksNum 0x6491D800 18:25:52.0064 3292 ============================================================ 18:25:52.0064 3292 C: <-> \Device\Harddisk0\DR0\Partition1 18:25:52.0080 3292 D: <-> \Device\Harddisk0\DR0\Partition2 18:25:52.0080 3292 ============================================================ 18:25:52.0080 3292 Initialize success 18:25:52.0080 3292 ============================================================ 18:25:59.0486 0236 ============================================================ 18:25:59.0486 0236 Scan started 18:25:59.0486 0236 Mode: Manual; SigCheck; TDLFS; 18:25:59.0486 0236 ============================================================ 18:26:00.0643 0236 ================ Scan system memory ======================== 18:26:00.0643 0236 System memory - ok 18:26:00.0658 0236 ================ Scan services ============================= 18:26:00.0783 0236 [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys 18:26:00.0893 0236 1394ohci - ok 18:26:00.0908 0236 [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware C:\Windows\system32\drivers\3ware.sys 18:26:00.0955 0236 3ware - ok 18:26:00.0987 0236 [ 975AABEB243B800C23626D6B652C5A9C ] ACPI C:\Windows\system32\drivers\ACPI.sys 18:26:01.0018 0236 ACPI - ok 18:26:01.0049 0236 [ DC968C37822117E576B933F34A2D130C ] acpiex C:\Windows\system32\Drivers\acpiex.sys 18:26:01.0080 0236 acpiex - ok 18:26:01.0096 0236 [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys 18:26:01.0127 0236 acpipagr - ok 18:26:01.0143 0236 [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys 18:26:01.0158 0236 AcpiPmi - ok 18:26:01.0174 0236 [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime C:\Windows\System32\drivers\acpitime.sys 18:26:01.0205 0236 acpitime - ok 18:26:01.0252 0236 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 18:26:01.0283 0236 AdobeARMservice - ok 18:26:01.0315 0236 [ 93C6388592B99925C1D1576E465BC80F ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 18:26:01.0377 0236 adp94xx - ok 18:26:01.0408 0236 [ D27763E0247292654E7F7D16444C7C72 ] adpahci C:\Windows\system32\drivers\adpahci.sys 18:26:01.0455 0236 adpahci - ok 18:26:01.0471 0236 [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 18:26:01.0502 0236 adpu320 - ok 18:26:01.0549 0236 [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 18:26:01.0580 0236 AeLookupSvc - ok 18:26:01.0612 0236 [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD C:\Windows\system32\drivers\afd.sys 18:26:01.0658 0236 AFD - ok 18:26:01.0674 0236 [ 01590377A5AB19E792528C628A2A68F9 ] agp440 C:\Windows\system32\drivers\agp440.sys 18:26:01.0690 0236 agp440 - ok 18:26:01.0721 0236 [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG C:\Windows\System32\alg.exe 18:26:01.0752 0236 ALG - ok 18:26:01.0768 0236 [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll 18:26:01.0799 0236 AllUserInstallAgent - ok 18:26:01.0815 0236 [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8 C:\Windows\System32\drivers\amdk8.sys 18:26:01.0846 0236 AmdK8 - ok 18:26:01.0846 0236 [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys 18:26:01.0862 0236 AmdPPM - ok 18:26:01.0877 0236 [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata C:\Windows\system32\drivers\amdsata.sys 18:26:01.0893 0236 amdsata - ok 18:26:01.0924 0236 [ 00452671904F5EE94B50BF0219C97164 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 18:26:01.0955 0236 amdsbs - ok 18:26:01.0987 0236 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata C:\Windows\system32\drivers\amdxata.sys 18:26:02.0018 0236 amdxata - ok 18:26:02.0018 0236 [ 83B3682CE922FB0F415734B26D9D6233 ] AppID C:\Windows\system32\drivers\appid.sys 18:26:02.0049 0236 AppID - ok 18:26:02.0065 0236 [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc C:\Windows\System32\appidsvc.dll 18:26:02.0096 0236 AppIDSvc - ok 18:26:02.0127 0236 [ 4F750B7EFCB6520AE01E01D082D7D476 ] Appinfo C:\Windows\System32\appinfo.dll 18:26:02.0158 0236 Appinfo - ok 18:26:02.0190 0236 [ 2D14788C5D0836292BEB27BBE109BE56 ] AppMgmt C:\Windows\System32\appmgmts.dll 18:26:02.0237 0236 AppMgmt - ok 18:26:02.0268 0236 [ E933401B392387F4BE34DE8BAF1722A7 ] arc C:\Windows\system32\drivers\arc.sys 18:26:02.0299 0236 arc - ok 18:26:02.0315 0236 [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas C:\Windows\system32\drivers\arcsas.sys 18:26:02.0346 0236 arcsas - ok 18:26:02.0362 0236 [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 18:26:02.0408 0236 AsyncMac - ok 18:26:02.0408 0236 [ A721FF570C2387E383BDDEA9632863C9 ] atapi C:\Windows\system32\drivers\atapi.sys 18:26:02.0440 0236 atapi - ok 18:26:02.0471 0236 [ BCD7A47EF587DC00DD61D12D9C2D1E44 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll 18:26:02.0565 0236 AudioEndpointBuilder - ok 18:26:02.0612 0236 [ 810F30FF8490ED5ED510621DF10DE320 ] Audiosrv C:\Windows\System32\Audiosrv.dll 18:26:02.0721 0236 Audiosrv - ok 18:26:02.0737 0236 [ 89491EF71D5EA011127832C588002853 ] AxInstSV C:\Windows\System32\AxInstSV.dll 18:26:02.0783 0236 AxInstSV - ok 18:26:02.0815 0236 [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 18:26:02.0877 0236 b06bdrv - ok 18:26:02.0908 0236 [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys 18:26:02.0955 0236 BasicDisplay - ok 18:26:02.0971 0236 [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys 18:26:02.0987 0236 BasicRender - ok 18:26:03.0033 0236 [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC C:\Windows\System32\bdesvc.dll 18:26:03.0065 0236 BDESVC - ok 18:26:03.0080 0236 [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep C:\Windows\system32\drivers\Beep.sys 18:26:03.0112 0236 Beep - ok 18:26:03.0143 0236 [ 9E6A544F465C582AB42444A217CF04DC ] BFE C:\Windows\System32\bfe.dll 18:26:03.0190 0236 BFE - ok 18:26:03.0237 0236 [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS C:\Windows\System32\qmgr.dll 18:26:03.0315 0236 BITS - ok 18:26:03.0330 0236 [ B17AC10B47C7FCB44D22A1F06415840E ] bowser C:\Windows\system32\DRIVERS\bowser.sys 18:26:03.0362 0236 bowser - ok 18:26:03.0393 0236 [ 038FA1B55531E7020DB705B42FCCE373 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll 18:26:03.0440 0236 BrokerInfrastructure - ok 18:26:03.0487 0236 [ 310068BDA80B1D55C36580FD8A873FAF ] Browser C:\Windows\System32\browser.dll 18:26:03.0518 0236 Browser - ok 18:26:03.0549 0236 [ F17DEEAC7D51D44CF1BFF8DD4F0A2B6D ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys 18:26:03.0580 0236 BthAvrcpTg - ok 18:26:03.0596 0236 [ A8B20D852B07AE19A13B5D47EC4E4C3B ] BthEnum C:\Windows\System32\drivers\BthEnum.sys 18:26:03.0643 0236 BthEnum - ok 18:26:03.0674 0236 [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys 18:26:03.0737 0236 BthHFEnum - ok 18:26:03.0768 0236 [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys 18:26:03.0784 0236 bthhfhid - ok 18:26:03.0799 0236 [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys 18:26:03.0862 0236 BTHMODEM - ok 18:26:03.0893 0236 [ 091BB978E9504D0AD14586929431A957 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 18:26:03.0924 0236 BthPan - ok 18:26:03.0971 0236 [ 13795CAA34239D97A7211E7F9D96E012 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 18:26:04.0080 0236 BTHPORT - ok 18:26:04.0112 0236 [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv C:\Windows\system32\bthserv.dll 18:26:04.0143 0236 bthserv - ok 18:26:04.0159 0236 [ 1F715957F5236D30B6020A19A4271F6A ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 18:26:04.0284 0236 BTHUSB - ok 18:26:04.0315 0236 [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 18:26:04.0362 0236 cdfs - ok 18:26:04.0393 0236 [ 339BFF85D788268752DA8C9644B188EE ] cdrom C:\Windows\System32\drivers\cdrom.sys 18:26:04.0424 0236 cdrom - ok 18:26:04.0440 0236 [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc C:\Windows\System32\certprop.dll 18:26:04.0502 0236 CertPropSvc - ok 18:26:04.0534 0236 [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass C:\Windows\System32\drivers\circlass.sys 18:26:04.0580 0236 circlass - ok 18:26:04.0612 0236 [ 9905168708DB68849B879B5548F68AB3 ] CLFS C:\Windows\system32\drivers\CLFS.sys 18:26:04.0659 0236 CLFS - ok 18:26:04.0705 0236 [ 2DC8538A2260647484A6C921CA837313 ] CmBatt C:\Windows\System32\drivers\CmBatt.sys 18:26:04.0721 0236 CmBatt - ok 18:26:04.0768 0236 [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG C:\Windows\system32\Drivers\cng.sys 18:26:04.0830 0236 CNG - ok 18:26:04.0862 0236 [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys 18:26:04.0940 0236 CompositeBus - ok 18:26:04.0955 0236 COMSysApp - ok 18:26:04.0971 0236 [ D9CB0782AF819548072AA45B70F8B22D ] condrv C:\Windows\system32\drivers\condrv.sys 18:26:05.0002 0236 condrv - ok 18:26:05.0080 0236 [ 815F3180B5117E42E422188E9CCC89C6 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe 18:26:05.0127 0236 cphs - ok 18:26:05.0174 0236 [ AFA426B0E7975CEB21F8B6711EFA8945 ] CryptSvc C:\Windows\system32\cryptsvc.dll 18:26:05.0205 0236 CryptSvc - ok 18:26:05.0252 0236 [ F2C69C3D98249DE14D4B2832516D4FD5 ] CSC C:\Windows\system32\drivers\csc.sys 18:26:05.0299 0236 CSC - ok 18:26:05.0330 0236 [ 22CCB6AFF617AAC6121DF6CDA5ABF3F4 ] CscService C:\Windows\System32\cscsvc.dll 18:26:05.0393 0236 CscService - ok 18:26:05.0424 0236 [ C4D01BD86D6B207275FC143EEA951D75 ] dam C:\Windows\system32\drivers\dam.sys 18:26:05.0456 0236 dam - ok 18:26:05.0518 0236 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch C:\Windows\system32\rpcss.dll 18:26:05.0565 0236 DcomLaunch - ok 18:26:05.0596 0236 [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc C:\Windows\System32\defragsvc.dll 18:26:05.0643 0236 defragsvc - ok 18:26:05.0674 0236 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll 18:26:05.0737 0236 DeviceAssociationService - ok 18:26:05.0784 0236 [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall C:\Windows\system32\umpnpmgr.dll 18:26:05.0815 0236 DeviceInstall - ok 18:26:05.0846 0236 [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys 18:26:05.0877 0236 Dfsc - ok 18:26:05.0909 0236 [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp C:\Windows\system32\dhcpcore.dll 18:26:05.0940 0236 Dhcp - ok 18:26:05.0956 0236 [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache C:\Windows\system32\drivers\discache.sys 18:26:06.0002 0236 discache - ok 18:26:06.0018 0236 [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk C:\Windows\system32\drivers\disk.sys 18:26:06.0065 0236 disk - ok 18:26:06.0081 0236 [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc C:\Windows\System32\drivers\dmvsc.sys 18:26:06.0096 0236 dmvsc - ok 18:26:06.0159 0236 [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache C:\Windows\System32\dnsrslvr.dll 18:26:06.0190 0236 Dnscache - ok 18:26:06.0221 0236 [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc C:\Windows\System32\dot3svc.dll 18:26:06.0268 0236 dot3svc - ok 18:26:06.0315 0236 [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS C:\Windows\system32\dps.dll 18:26:06.0362 0236 DPS - ok 18:26:06.0393 0236 [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 18:26:06.0424 0236 drmkaud - ok 18:26:06.0440 0236 [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll 18:26:06.0487 0236 DsmSvc - ok 18:26:06.0549 0236 [ 6D1B8A9A2C0BD4851D8AF1AB43E67AD9 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 18:26:06.0659 0236 DXGKrnl - ok 18:26:06.0674 0236 [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost C:\Windows\System32\eapsvc.dll 18:26:06.0721 0236 Eaphost - ok 18:26:06.0815 0236 [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv C:\Windows\system32\drivers\evbda.sys 18:26:07.0049 0236 ebdrv - ok 18:26:07.0081 0236 [ F702AB6181513303AB0FC8D59E52708B ] EFS C:\Windows\System32\lsass.exe 18:26:07.0112 0236 EFS - ok 18:26:07.0127 0236 [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys 18:26:07.0159 0236 EhStorClass - ok 18:26:07.0174 0236 [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys 18:26:07.0190 0236 EhStorTcgDrv - ok 18:26:07.0206 0236 [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev C:\Windows\System32\drivers\errdev.sys 18:26:07.0237 0236 ErrDev - ok 18:26:07.0299 0236 [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem C:\Windows\system32\es.dll 18:26:07.0346 0236 EventSystem - ok 18:26:07.0362 0236 [ D83EB7ADE99D99A4CD6568AC1261D35E ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys 18:26:07.0424 0236 ewusbnet - ok 18:26:07.0487 0236 [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys 18:26:07.0534 0236 ew_hwusbdev - ok 18:26:07.0565 0236 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat C:\Windows\system32\drivers\exfat.sys 18:26:07.0612 0236 exfat - ok 18:26:07.0643 0236 [ 60996602A7111FD2D086E803F33E4282 ] fastfat C:\Windows\system32\drivers\fastfat.sys 18:26:07.0690 0236 fastfat - ok 18:26:07.0721 0236 [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax C:\Windows\system32\fxssvc.exe 18:26:07.0784 0236 Fax - ok 18:26:07.0784 0236 [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc C:\Windows\System32\drivers\fdc.sys 18:26:07.0831 0236 fdc - ok 18:26:07.0846 0236 [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost C:\Windows\system32\fdPHost.dll 18:26:07.0893 0236 fdPHost - ok 18:26:07.0909 0236 [ 872506AAB591E8908DF4461475AF92DF ] FDResPub C:\Windows\system32\fdrespub.dll 18:26:07.0971 0236 FDResPub - ok 18:26:08.0003 0236 [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc C:\Windows\system32\fhsvc.dll 18:26:08.0081 0236 fhsvc - ok 18:26:08.0112 0236 [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 18:26:08.0128 0236 FileInfo - ok 18:26:08.0159 0236 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 18:26:08.0206 0236 Filetrace - ok 18:26:08.0221 0236 [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk C:\Windows\System32\drivers\flpydisk.sys 18:26:08.0268 0236 flpydisk - ok 18:26:08.0284 0236 [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 18:26:08.0331 0236 FltMgr - ok 18:26:08.0393 0236 [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache C:\Windows\system32\FntCache.dll 18:26:08.0456 0236 FontCache - ok 18:26:08.0534 0236 [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 18:26:08.0565 0236 FontCache3.0.0.0 - ok 18:26:08.0596 0236 [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 18:26:08.0628 0236 FsDepends - ok 18:26:08.0643 0236 [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 18:26:08.0674 0236 Fs_Rec - ok 18:26:08.0721 0236 [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 18:26:08.0784 0236 fvevol - ok 18:26:08.0799 0236 [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM C:\Windows\System32\drivers\fxppm.sys 18:26:08.0831 0236 FxPPM - ok 18:26:08.0846 0236 [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 18:26:08.0878 0236 gagp30kx - ok 18:26:08.0909 0236 [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys 18:26:08.0940 0236 gencounter - ok 18:26:08.0971 0236 [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys 18:26:09.0003 0236 GPIOClx0101 - ok 18:26:09.0049 0236 [ 5358678C6370F2ADC5291849F6503262 ] gpsvc C:\Windows\System32\gpsvc.dll 18:26:09.0143 0236 gpsvc - ok 18:26:09.0174 0236 [ C2504AA983B5D411F7D31402E8B57725 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 18:26:09.0206 0236 HdAudAddService - ok 18:26:09.0253 0236 [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys 18:26:09.0284 0236 HDAudBus - ok 18:26:09.0299 0236 [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt C:\Windows\System32\drivers\HidBatt.sys 18:26:09.0331 0236 HidBatt - ok 18:26:09.0378 0236 [ 085F150D002B7F0153D3C06DDF33A143 ] HidBth C:\Windows\System32\drivers\hidbth.sys 18:26:09.0440 0236 HidBth - ok 18:26:09.0471 0236 [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys 18:26:09.0518 0236 hidi2c - ok 18:26:09.0518 0236 [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr C:\Windows\System32\drivers\hidir.sys 18:26:09.0581 0236 HidIr - ok 18:26:09.0612 0236 [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv C:\Windows\System32\hidserv.dll 18:26:09.0643 0236 hidserv - ok 18:26:09.0674 0236 [ 012C354B4AB48E9A7A657DF39E3A2073 ] HidUsb C:\Windows\System32\drivers\hidusb.sys 18:26:09.0721 0236 HidUsb - ok 18:26:09.0753 0236 [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc C:\Windows\system32\kmsvc.dll 18:26:09.0799 0236 hkmsvc - ok 18:26:09.0831 0236 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\Windows\system32\ListSvc.dll 18:26:09.0862 0236 HomeGroupListener - ok 18:26:09.0893 0236 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll 18:26:09.0940 0236 HomeGroupProvider - ok 18:26:09.0971 0236 [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 18:26:10.0003 0236 HpSAMD - ok 18:26:10.0050 0236 [ F4A91D985EB9D1D2717D538F3424603C ] HTTP C:\Windows\system32\drivers\HTTP.sys 18:26:10.0143 0236 HTTP - ok 18:26:10.0175 0236 [ C2212C930D7A6CC21972B9882683D271 ] huawei_enumerator C:\Windows\System32\drivers\ew_jubusenum.sys 18:26:10.0237 0236 huawei_enumerator - ok 18:26:10.0284 0236 [ 6E05228393CD614B983568EC40C262C3 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys 18:26:10.0331 0236 hwdatacard - ok 18:26:10.0346 0236 [ 2A98301068801700906C06649860FE94 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 18:26:10.0362 0236 hwpolicy - ok 18:26:10.0378 0236 [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys 18:26:10.0409 0236 hyperkbd - ok 18:26:10.0456 0236 [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys 18:26:10.0518 0236 HyperVideo - ok 18:26:10.0534 0236 [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt C:\Windows\System32\drivers\i8042prt.sys 18:26:10.0612 0236 i8042prt - ok 18:26:10.0643 0236 [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 18:26:10.0690 0236 iaStorV - ok 18:26:10.0940 0236 [ 348214F96642FD4FEF630DE021BA3540 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 18:26:11.0143 0236 igfx - ok 18:26:11.0159 0236 [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp C:\Windows\system32\drivers\iirsp.sys 18:26:11.0190 0236 iirsp - ok 18:26:11.0284 0236 [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT C:\Windows\System32\ikeext.dll 18:26:11.0346 0236 IKEEXT - ok 18:26:11.0659 0236 [ 50D261E6921C29C516FDCB68A262829B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 18:26:11.0846 0236 IntcAzAudAddService - ok 18:26:11.0878 0236 [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide C:\Windows\system32\drivers\intelide.sys 18:26:11.0893 0236 intelide - ok 18:26:11.0925 0236 [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm C:\Windows\System32\drivers\intelppm.sys 18:26:11.0956 0236 intelppm - ok 18:26:11.0971 0236 [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:26:12.0003 0236 IpFilterDriver - ok 18:26:12.0050 0236 [ C217B8D2E58C57A319B16125C3D4B69C ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 18:26:12.0112 0236 iphlpsvc - ok 18:26:12.0128 0236 [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys 18:26:12.0143 0236 IPMIDRV - ok 18:26:12.0159 0236 [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 18:26:12.0206 0236 IPNAT - ok 18:26:12.0222 0236 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM C:\Windows\system32\drivers\irenum.sys 18:26:12.0253 0236 IRENUM - ok 18:26:12.0253 0236 [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp C:\Windows\system32\drivers\isapnp.sys 18:26:12.0284 0236 isapnp - ok 18:26:12.0315 0236 [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys 18:26:12.0347 0236 iScsiPrt - ok 18:26:12.0362 0236 [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys 18:26:12.0393 0236 kbdclass - ok 18:26:12.0409 0236 [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys 18:26:12.0456 0236 kbdhid - ok 18:26:12.0472 0236 [ FB6C185092E18011EF49989425C2AA87 ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys 18:26:12.0503 0236 kdnic - ok 18:26:12.0518 0236 [ F702AB6181513303AB0FC8D59E52708B ] KeyIso C:\Windows\system32\lsass.exe 18:26:12.0550 0236 KeyIso - ok 18:26:12.0565 0236 [ DFA480F6DED551464F3A5B959F437800 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 18:26:12.0597 0236 KSecDD - ok 18:26:12.0628 0236 [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 18:26:12.0659 0236 KSecPkg - ok 18:26:12.0690 0236 [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 18:26:12.0737 0236 ksthunk - ok 18:26:12.0768 0236 [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm C:\Windows\system32\msdtckrm.dll 18:26:12.0800 0236 KtmRm - ok 18:26:12.0847 0236 [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer C:\Windows\System32\srvsvc.dll 18:26:12.0893 0236 LanmanServer - ok 18:26:12.0925 0236 [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 18:26:12.0956 0236 LanmanWorkstation - ok 18:26:12.0972 0236 [ CEEFD29FC551F289810B0B9381B321DC ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 18:26:13.0018 0236 lltdio - ok 18:26:13.0050 0236 [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc C:\Windows\System32\lltdsvc.dll 18:26:13.0097 0236 lltdsvc - ok 18:26:13.0128 0236 [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts C:\Windows\System32\lmhsvc.dll 18:26:13.0159 0236 lmhosts - ok 18:26:13.0190 0236 [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 18:26:13.0222 0236 LSI_SAS - ok 18:26:13.0237 0236 [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 18:26:13.0268 0236 LSI_SAS2 - ok 18:26:13.0284 0236 [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 18:26:13.0315 0236 LSI_SCSI - ok 18:26:13.0331 0236 [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys 18:26:13.0347 0236 LSI_SSS - ok 18:26:13.0378 0236 [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM C:\Windows\System32\lsm.dll 18:26:13.0440 0236 LSM - ok 18:26:13.0472 0236 [ 2BDC5D711FA61307CE6190D47C956368 ] luafv C:\Windows\system32\drivers\luafv.sys 18:26:13.0518 0236 luafv - ok 18:26:13.0581 0236 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 18:26:13.0597 0236 MBAMProtector - ok 18:26:13.0675 0236 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 18:26:13.0878 0236 MBAMScheduler - ok 18:26:13.0925 0236 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 18:26:14.0175 0236 MBAMService - ok 18:26:14.0206 0236 [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas C:\Windows\system32\drivers\megasas.sys 18:26:14.0237 0236 megasas - ok 18:26:14.0284 0236 [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 18:26:14.0331 0236 MegaSR - ok 18:26:14.0347 0236 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\System32\drivers\HECIx64.sys 18:26:14.0362 0236 MEIx64 - ok 18:26:14.0409 0236 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS C:\Windows\system32\mmcss.dll 18:26:14.0425 0236 MMCSS - ok 18:26:14.0440 0236 [ 780098AD5DA8A4822E2563984C85EF7B ] Modem C:\Windows\system32\drivers\modem.sys 18:26:14.0472 0236 Modem - ok 18:26:14.0503 0236 [ EA8EAD3F5B762F889CC7F3966625B48B ] monitor C:\Windows\System32\drivers\monitor.sys 18:26:14.0597 0236 monitor - ok 18:26:14.0612 0236 [ 618446B98C79776654340CE27C73485E ] mouclass C:\Windows\System32\drivers\mouclass.sys 18:26:14.0628 0236 mouclass - ok 18:26:14.0659 0236 [ C0ADEBED913295803B579ED288936CBB ] mouhid C:\Windows\System32\drivers\mouhid.sys 18:26:14.0706 0236 mouhid - ok 18:26:14.0737 0236 [ 89D263DBF08119CE16273991C120D6DD ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 18:26:14.0769 0236 mountmgr - ok 18:26:14.0815 0236 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 18:26:14.0831 0236 MozillaMaintenance - ok 18:26:14.0878 0236 [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 18:26:14.0909 0236 mpsdrv - ok 18:26:14.0956 0236 [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc C:\Windows\system32\mpssvc.dll 18:26:15.0019 0236 MpsSvc - ok 18:26:15.0034 0236 [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 18:26:15.0081 0236 MRxDAV - ok 18:26:15.0112 0236 [ 93179D48066918323628CB016D8C94DC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 18:26:15.0159 0236 mrxsmb - ok 18:26:15.0190 0236 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:26:15.0222 0236 mrxsmb10 - ok 18:26:15.0253 0236 [ 5C7DD2E5759FFCCD2C7341C1B90F2B26 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:26:15.0284 0236 mrxsmb20 - ok 18:26:15.0315 0236 [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys 18:26:15.0347 0236 MsBridge - ok 18:26:15.0378 0236 [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC C:\Windows\System32\msdtc.exe 18:26:15.0409 0236 MSDTC - ok 18:26:15.0440 0236 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs C:\Windows\system32\drivers\Msfs.sys 18:26:15.0456 0236 Msfs - ok 18:26:15.0487 0236 [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys 18:26:15.0519 0236 msgpiowin32 - ok 18:26:15.0534 0236 [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 18:26:15.0565 0236 mshidkmdf - ok 18:26:15.0597 0236 [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys 18:26:15.0628 0236 mshidumdf - ok 18:26:15.0659 0236 [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 18:26:15.0675 0236 msisadrv - ok 18:26:15.0706 0236 [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI C:\Windows\system32\iscsiexe.dll 18:26:15.0737 0236 MSiSCSI - ok 18:26:15.0753 0236 msiserver - ok 18:26:15.0769 0236 [ 509809566E49F4411055864EA8D437CD ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 18:26:15.0800 0236 MSKSSRV - ok 18:26:15.0815 0236 [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys 18:26:15.0847 0236 MsLldp - ok 18:26:15.0862 0236 [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 18:26:15.0894 0236 MSPCLOCK - ok 18:26:15.0909 0236 [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 18:26:15.0940 0236 MSPQM - ok 18:26:15.0956 0236 [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 18:26:16.0019 0236 MsRPC - ok 18:26:16.0050 0236 [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios C:\Windows\System32\drivers\mssmbios.sys 18:26:16.0065 0236 mssmbios - ok 18:26:16.0097 0236 [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 18:26:16.0112 0236 MSTEE - ok 18:26:16.0144 0236 [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig C:\Windows\System32\drivers\MTConfig.sys 18:26:16.0175 0236 MTConfig - ok 18:26:16.0190 0236 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup C:\Windows\system32\Drivers\mup.sys 18:26:16.0222 0236 Mup - ok 18:26:16.0237 0236 [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis C:\Windows\system32\drivers\mvumis.sys 18:26:16.0269 0236 mvumis - ok 18:26:16.0300 0236 [ 4B18840511D720BA118D3017E8165875 ] napagent C:\Windows\system32\qagentRT.dll 18:26:16.0347 0236 napagent - ok 18:26:16.0378 0236 [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 18:26:16.0425 0236 NativeWifiP - ok 18:26:16.0456 0236 [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc C:\Windows\System32\ncasvc.dll 18:26:16.0503 0236 NcaSvc - ok 18:26:16.0519 0236 [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll 18:26:16.0550 0236 NcdAutoSetup - ok 18:26:16.0597 0236 [ 03CFE4108D1DE16D6C59455B5C73319C ] NDIS C:\Windows\system32\drivers\ndis.sys 18:26:16.0675 0236 NDIS - ok 18:26:16.0706 0236 [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 18:26:16.0737 0236 NdisCap - ok 18:26:16.0753 0236 [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys 18:26:16.0816 0236 NdisImPlatform - ok 18:26:16.0847 0236 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 18:26:16.0894 0236 NdisTapi - ok 18:26:16.0909 0236 [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 18:26:16.0941 0236 Ndisuio - ok 18:26:16.0956 0236 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 18:26:17.0019 0236 NdisWan - ok 18:26:17.0019 0236 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY C:\Windows\system32\DRIVERS\ndiswan.sys 18:26:17.0066 0236 NDISWANLEGACY - ok 18:26:17.0097 0236 [ 3730942D7DB2F8BB5F84542B7FF6F650 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 18:26:17.0175 0236 NDProxy - ok 18:26:17.0191 0236 [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu C:\Windows\system32\drivers\Ndu.sys 18:26:17.0237 0236 Ndu - ok 18:26:17.0253 0236 [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 18:26:17.0284 0236 NetBIOS - ok 18:26:17.0316 0236 [ 7CEC25C682D319D484630B3952C31A11 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 18:26:17.0347 0236 NetBT - ok 18:26:17.0378 0236 [ F702AB6181513303AB0FC8D59E52708B ] Netlogon C:\Windows\system32\lsass.exe 18:26:17.0409 0236 Netlogon - ok 18:26:17.0425 0236 [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman C:\Windows\System32\netman.dll 18:26:17.0472 0236 Netman - ok 18:26:17.0519 0236 [ 79FA9393C67EBBF92A56923592CF7A7C ] netprofm C:\Windows\System32\netprofmsvc.dll 18:26:17.0597 0236 netprofm - ok 18:26:17.0628 0236 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:26:17.0659 0236 NetTcpPortSharing - ok 18:26:17.0878 0236 [ 57B9C04D673F236D41FAB03842C8640B ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys 18:26:18.0191 0236 NETwNs64 - ok 18:26:18.0222 0236 [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 18:26:18.0237 0236 nfrd960 - ok 18:26:18.0269 0236 [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc C:\Windows\System32\nlasvc.dll 18:26:18.0331 0236 NlaSvc - ok 18:26:18.0331 0236 [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs C:\Windows\system32\drivers\Npfs.sys 18:26:18.0378 0236 Npfs - ok 18:26:18.0394 0236 [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys 18:26:18.0441 0236 npsvctrig - ok 18:26:18.0472 0236 [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi C:\Windows\system32\nsisvc.dll 18:26:18.0503 0236 nsi - ok 18:26:18.0519 0236 [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 18:26:18.0550 0236 nsiproxy - ok 18:26:18.0612 0236 [ 76929F4A69E425911A63B407E26C2589 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 18:26:18.0753 0236 Ntfs - ok 18:26:18.0769 0236 [ 4163ADE07DB51843AE31F65B94F5398D ] Null C:\Windows\system32\drivers\Null.sys 18:26:18.0800 0236 Null - ok 18:26:19.0066 0236 [ 0A2F27B5BCC45B64E152DD6AE0815198 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 18:26:19.0519 0236 nvlddmkm - ok 18:26:19.0550 0236 [ EB12E165FD233F2DDC47B11423186177 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys 18:26:19.0566 0236 nvpciflt - ok 18:26:19.0581 0236 [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid C:\Windows\system32\drivers\nvraid.sys 18:26:19.0613 0236 nvraid - ok 18:26:19.0628 0236 [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor C:\Windows\system32\drivers\nvstor.sys 18:26:19.0659 0236 nvstor - ok 18:26:19.0691 0236 [ 574087EA9105F23FB522A4FDDD5292D9 ] nvsvc C:\Windows\system32\nvvsvc.exe 18:26:19.0769 0236 nvsvc - ok 18:26:19.0831 0236 [ ABA5A88740635D37A2B6CEB27DBC738A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 18:26:19.0925 0236 nvUpdatusService - ok 18:26:19.0941 0236 [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 18:26:19.0988 0236 nv_agp - ok 18:26:20.0019 0236 [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 18:26:20.0050 0236 p2pimsvc - ok 18:26:20.0066 0236 [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc C:\Windows\system32\p2psvc.dll 18:26:20.0113 0236 p2psvc - ok 18:26:20.0144 0236 [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport C:\Windows\System32\drivers\parport.sys 18:26:20.0175 0236 Parport - ok 18:26:20.0206 0236 [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr C:\Windows\system32\drivers\partmgr.sys 18:26:20.0238 0236 partmgr - ok 18:26:20.0269 0236 [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc C:\Windows\System32\pcasvc.dll 18:26:20.0316 0236 PcaSvc - ok 18:26:20.0331 0236 [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci C:\Windows\system32\drivers\pci.sys 18:26:20.0363 0236 pci - ok 18:26:20.0394 0236 [ F9908D274D458220F91E89B54D78D837 ] pciide C:\Windows\system32\drivers\pciide.sys 18:26:20.0409 0236 pciide - ok 18:26:20.0488 0236 [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 18:26:20.0534 0236 pcmcia - ok 18:26:20.0566 0236 [ CEBBAD5391C2644560C55628A40BFD27 ] pcw C:\Windows\system32\drivers\pcw.sys 18:26:20.0581 0236 pcw - ok 18:26:20.0613 0236 [ 0698DEDEAD6A00AD0D468C687D830FBF ] pdc C:\Windows\system32\drivers\pdc.sys 18:26:20.0644 0236 pdc - ok 18:26:20.0691 0236 [ 61FE70659CD43E07F94DA4DC31DEC493 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 18:26:20.0784 0236 PEAUTH - ok 18:26:20.0863 0236 [ DF0D9BDCB600913F40FF125BF8CE1979 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 18:26:20.0956 0236 PeerDistSvc - ok 18:26:21.0066 0236 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost C:\Windows\SysWow64\perfhost.exe 18:26:21.0081 0236 PerfHost - ok 18:26:21.0144 0236 [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla C:\Windows\system32\pla.dll 18:26:21.0253 0236 pla - ok 18:26:21.0285 0236 [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 18:26:21.0316 0236 PlugPlay - ok 18:26:21.0347 0236 [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 18:26:21.0378 0236 PNRPAutoReg - ok 18:26:21.0394 0236 [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 18:26:21.0441 0236 PNRPsvc - ok 18:26:21.0472 0236 [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 18:26:21.0535 0236 PolicyAgent - ok 18:26:21.0566 0236 [ F1E067F56373F11EA4B785CAE823740A ] Power C:\Windows\system32\umpo.dll 18:26:21.0597 0236 Power - ok 18:26:21.0628 0236 [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 18:26:21.0675 0236 PptpMiniport - ok 18:26:21.0785 0236 [ 9D59831262CAD44E709D695FC9D5E7AB ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll 18:26:21.0910 0236 PrintNotify - ok 18:26:21.0941 0236 [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor C:\Windows\System32\drivers\processr.sys 18:26:21.0972 0236 Processor - ok 18:26:21.0988 0236 [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc C:\Windows\system32\profsvc.dll 18:26:22.0019 0236 ProfSvc - ok 18:26:22.0050 0236 [ EB8034147D4820CD31BFCB11A2A652DF ] Psched C:\Windows\system32\DRIVERS\pacer.sys 18:26:22.0081 0236 Psched - ok 18:26:22.0113 0236 [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE C:\Windows\system32\qwave.dll 18:26:22.0144 0236 QWAVE - ok 18:26:22.0175 0236 [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 18:26:22.0206 0236 QWAVEdrv - ok 18:26:22.0222 0236 [ 873C60F8178100557740A832FCE10B5F ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 18:26:22.0269 0236 RasAcd - ok 18:26:22.0300 0236 [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 18:26:22.0331 0236 RasAgileVpn - ok 18:26:22.0363 0236 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto C:\Windows\System32\rasauto.dll 18:26:22.0410 0236 RasAuto - ok 18:26:22.0441 0236 [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 18:26:22.0488 0236 Rasl2tp - ok 18:26:22.0503 0236 [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan C:\Windows\System32\rasmans.dll 18:26:22.0566 0236 RasMan - ok 18:26:22.0581 0236 [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 18:26:22.0613 0236 RasPppoe - ok 18:26:22.0644 0236 [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 18:26:22.0675 0236 RasSstp - ok 18:26:22.0722 0236 [ CA03D642ACE58E1BA54E4B383F91CD69 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 18:26:22.0800 0236 rdbss - ok 18:26:22.0831 0236 [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys 18:26:22.0863 0236 rdpbus - ok 18:26:22.0894 0236 [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 18:26:22.0910 0236 RDPDR - ok 18:26:22.0956 0236 [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 18:26:22.0988 0236 RdpVideoMiniport - ok 18:26:23.0003 0236 [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 18:26:23.0035 0236 RDPWD - ok 18:26:23.0066 0236 [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 18:26:23.0097 0236 rdyboost - ok 18:26:23.0128 0236 [ 89525CC2DBAD44F7199B9CC188B3F9C5 ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 18:26:23.0144 0236 RealNetworks Downloader Resolver Service - ok 18:26:23.0175 0236 [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess C:\Windows\System32\mprdim.dll 18:26:23.0222 0236 RemoteAccess - ok 18:26:23.0253 0236 [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry C:\Windows\system32\regsvc.dll 18:26:23.0316 0236 RemoteRegistry - ok 18:26:23.0347 0236 [ CCBFCABDFE2BC22F0645CEAADDB36004 ] RFCOMM C:\Windows\System32\drivers\rfcomm.sys 18:26:23.0394 0236 RFCOMM - ok 18:26:23.0441 0236 [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 18:26:23.0472 0236 RpcEptMapper - ok 18:26:23.0503 0236 [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator C:\Windows\system32\locator.exe 18:26:23.0535 0236 RpcLocator - ok 18:26:23.0566 0236 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs C:\Windows\system32\rpcss.dll 18:26:23.0628 0236 RpcSs - ok 18:26:23.0644 0236 [ E04E770DD198B9399640717145E79EBF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 18:26:23.0675 0236 rspndr - ok 18:26:23.0722 0236 [ 15923AA360F7675D3D43C9669316A0BA ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x64.sys 18:26:23.0769 0236 RTL8168 - ok 18:26:23.0800 0236 [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap C:\Windows\System32\drivers\vms3cap.sys 18:26:23.0832 0236 s3cap - ok 18:26:23.0863 0236 [ F702AB6181513303AB0FC8D59E52708B ] SamSs C:\Windows\system32\lsass.exe 18:26:23.0878 0236 SamSs - ok 18:26:23.0910 0236 [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 18:26:23.0941 0236 sbp2port - ok 18:26:23.0957 0236 [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr C:\Windows\System32\SCardSvr.dll 18:26:24.0003 0236 SCardSvr - ok 18:26:24.0035 0236 [ 5D7733A12756B267FCA021672B26BC9E ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 18:26:24.0066 0236 scfilter - ok 18:26:24.0113 0236 [ ED40ED9A65F3E79A8C43DD50C5FDADBF ] Schedule C:\Windows\system32\schedsvc.dll 18:26:24.0238 0236 Schedule - ok 18:26:24.0269 0236 [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc C:\Windows\System32\certprop.dll 18:26:24.0300 0236 SCPolicySvc - ok 18:26:24.0332 0236 [ 047315E75392CEA447ACC86257824C16 ] sdbus C:\Windows\System32\drivers\sdbus.sys 18:26:24.0378 0236 sdbus - ok 18:26:24.0410 0236 [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC C:\Windows\System32\SDRSVC.dll 18:26:24.0457 0236 SDRSVC - ok 18:26:24.0472 0236 [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor C:\Windows\System32\drivers\sdstor.sys 18:26:24.0503 0236 sdstor - ok 18:26:24.0519 0236 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 18:26:24.0550 0236 secdrv - ok 18:26:24.0566 0236 [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon C:\Windows\system32\seclogon.dll 18:26:24.0613 0236 seclogon - ok 18:26:24.0628 0236 [ 9C51620998F0763039DFA6BF68E475ED ] SENS C:\Windows\System32\sens.dll 18:26:24.0691 0236 SENS - ok 18:26:24.0707 0236 [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc C:\Windows\system32\sensrsvc.dll 18:26:24.0738 0236 SensrSvc - ok 18:26:24.0769 0236 [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx C:\Windows\system32\drivers\SerCx.sys 18:26:24.0800 0236 SerCx - ok 18:26:24.0800 0236 [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum C:\Windows\System32\drivers\serenum.sys 18:26:24.0832 0236 Serenum - ok 18:26:24.0847 0236 [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial C:\Windows\System32\drivers\serial.sys 18:26:24.0878 0236 Serial - ok 18:26:24.0894 0236 [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse C:\Windows\System32\drivers\sermouse.sys 18:26:24.0941 0236 sermouse - ok 18:26:24.0988 0236 [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv C:\Windows\system32\sessenv.dll 18:26:25.0035 0236 SessionEnv - ok 18:26:25.0035 0236 [ 7EE65419B29302C795714FF8073969A1 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys 18:26:25.0082 0236 sfloppy - ok 18:26:25.0113 0236 [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess C:\Windows\System32\ipnathlp.dll 18:26:25.0160 0236 SharedAccess - ok 18:26:25.0191 0236 [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll 18:26:25.0253 0236 ShellHWDetection - ok 18:26:25.0269 0236 [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 18:26:25.0316 0236 SiSRaid2 - ok 18:26:25.0316 0236 [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 18:26:25.0363 0236 SiSRaid4 - ok 18:26:25.0394 0236 [ 3467821FD04A66C9786DF0C8C0219A73 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 18:26:25.0425 0236 SkypeUpdate - ok 18:26:25.0457 0236 [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 18:26:25.0535 0236 SNMPTRAP - ok 18:26:25.0566 0236 [ FD3AF5575B99871BADB94E7699DBCE08 ] spaceport C:\Windows\system32\drivers\spaceport.sys 18:26:25.0613 0236 spaceport - ok 18:26:25.0613 0236 [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx C:\Windows\system32\drivers\SpbCx.sys 18:26:25.0660 0236 SpbCx - ok 18:26:25.0691 0236 [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler C:\Windows\System32\spoolsv.exe 18:26:25.0738 0236 Spooler - ok 18:26:25.0863 0236 [ EC84D961501054F87A6878EC5D53388F ] sppsvc C:\Windows\system32\sppsvc.exe 18:26:26.0050 0236 sppsvc - ok 18:26:26.0097 0236 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv C:\Windows\system32\DRIVERS\srv.sys 18:26:26.0129 0236 srv - ok 18:26:26.0175 0236 [ 56218A571ECF8D55E0CDFF8DF2546CF1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 18:26:26.0238 0236 srv2 - ok 18:26:26.0254 0236 [ 14FC338B80CFF7E04215133B568D15C4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 18:26:26.0316 0236 srvnet - ok 18:26:26.0347 0236 [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 18:26:26.0394 0236 SSDPSRV - ok 18:26:26.0410 0236 [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc C:\Windows\system32\sstpsvc.dll 18:26:26.0457 0236 SstpSvc - ok 18:26:26.0488 0236 Steam Client Service - ok 18:26:26.0519 0236 [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor C:\Windows\system32\drivers\stexstor.sys 18:26:26.0550 0236 stexstor - ok 18:26:26.0597 0236 [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc C:\Windows\System32\wiaservc.dll 18:26:26.0644 0236 stisvc - ok 18:26:26.0675 0236 [ B240874B2CA0CD02E8CD11E140B14C57 ] storahci C:\Windows\system32\drivers\storahci.sys 18:26:26.0707 0236 storahci - ok 18:26:26.0722 0236 [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys 18:26:26.0754 0236 storflt - ok 18:26:26.0769 0236 [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc C:\Windows\system32\storsvc.dll 18:26:26.0800 0236 StorSvc - ok 18:26:26.0816 0236 [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc C:\Windows\system32\drivers\storvsc.sys 18:26:26.0847 0236 storvsc - ok 18:26:26.0863 0236 [ 1A36AC469140F87CDE62D7F8524E270C ] storvsp C:\Windows\System32\drivers\storvsp.sys 18:26:26.0894 0236 storvsp - ok 18:26:26.0910 0236 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc C:\Windows\system32\svsvc.dll 18:26:26.0972 0236 svsvc - ok 18:26:26.0988 0236 [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum C:\Windows\System32\drivers\swenum.sys 18:26:27.0019 0236 swenum - ok 18:26:27.0050 0236 [ 502F9488540051F3E6C39889ECFA76BB ] swprv C:\Windows\System32\swprv.dll 18:26:27.0113 0236 swprv - ok 18:26:27.0175 0236 [ A06CB9269D29EE3D0F3F5630ABB660B8 ] SysMain C:\Windows\system32\sysmain.dll 18:26:27.0254 0236 SysMain - ok 18:26:27.0285 0236 [ 6FB88606C4A71E1BFAF97D63A676C673 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll 18:26:27.0332 0236 SystemEventsBroker - ok 18:26:27.0347 0236 [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll 18:26:27.0379 0236 TabletInputService - ok 18:26:27.0410 0236 [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv C:\Windows\System32\tapisrv.dll 18:26:27.0457 0236 TapiSrv - ok 18:26:27.0535 0236 [ D750CE2A52F1B95E654CF2904C88EF1F ] Tcpip C:\Windows\system32\drivers\tcpip.sys 18:26:27.0691 0236 Tcpip - ok 18:26:27.0738 0236 [ D750CE2A52F1B95E654CF2904C88EF1F ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 18:26:27.0910 0236 TCPIP6 - ok 18:26:27.0941 0236 [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 18:26:27.0972 0236 tcpipreg - ok 18:26:28.0004 0236 [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 18:26:28.0035 0236 tdx - ok 18:26:28.0051 0236 [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt C:\Windows\System32\drivers\terminpt.sys 18:26:28.0082 0236 terminpt - ok 18:26:28.0129 0236 [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService C:\Windows\System32\termsrv.dll 18:26:28.0176 0236 TermService - ok 18:26:28.0222 0236 [ 46B389E1A1C8E66D877402FC0821A371 ] TGCM_ImportWiFiSvc C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe 18:26:28.0504 0236 TGCM_ImportWiFiSvc - ok 18:26:28.0535 0236 [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes C:\Windows\system32\themeservice.dll 18:26:28.0597 0236 Themes - ok 18:26:28.0629 0236 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER C:\Windows\system32\mmcss.dll 18:26:28.0660 0236 THREADORDER - ok 18:26:28.0691 0236 [ 4515B9E4140F04FB3907692DF89FCA87 ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll 18:26:28.0722 0236 TimeBroker - ok 18:26:28.0754 0236 [ 6F0BFF80EE2A5BC841286A51F893CBAD ] TPM C:\Windows\system32\drivers\tpm.sys 18:26:28.0785 0236 TPM - ok 18:26:28.0801 0236 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks C:\Windows\System32\trkwks.dll 18:26:28.0847 0236 TrkWks - ok 18:26:28.0894 0236 [ 8ABBB5CE0C62E0A6D28F32F44B7F865C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 18:26:28.0926 0236 TrustedInstaller - ok 18:26:28.0957 0236 [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 18:26:28.0972 0236 TsUsbFlt - ok 18:26:28.0988 0236 [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys 18:26:29.0019 0236 TsUsbGD - ok 18:26:29.0035 0236 [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 18:26:29.0082 0236 tunnel - ok 18:26:29.0097 0236 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35 C:\Windows\system32\drivers\uagp35.sys 18:26:29.0113 0236 uagp35 - ok 18:26:29.0144 0236 [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys 18:26:29.0160 0236 UASPStor - ok 18:26:29.0207 0236 [ 7C33D8B8A5EA2321B84A1B6653CBD0DB ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys 18:26:29.0238 0236 UCX01000 - ok 18:26:29.0269 0236 [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 18:26:29.0316 0236 udfs - ok 18:26:29.0363 0236 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect C:\Windows\system32\UI0Detect.exe 18:26:29.0394 0236 UI0Detect - ok 18:26:29.0410 0236 [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 18:26:29.0441 0236 uliagpkx - ok 18:26:29.0457 0236 [ 02CEB3FE6152668A7BA420B93B664860 ] umbus C:\Windows\System32\drivers\umbus.sys 18:26:29.0488 0236 umbus - ok 18:26:29.0504 0236 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass C:\Windows\System32\drivers\umpass.sys 18:26:29.0551 0236 UmPass - ok 18:26:29.0566 0236 [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService C:\Windows\System32\umrdp.dll 18:26:29.0613 0236 UmRdpService - ok 18:26:29.0644 0236 [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost C:\Windows\System32\upnphost.dll 18:26:29.0691 0236 upnphost - ok 18:26:29.0722 0236 [ 3FBE0784E42E7BA93FCC5201D2BAFE23 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 18:26:29.0832 0236 usbaudio - ok 18:26:29.0847 0236 [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp C:\Windows\System32\drivers\usbccgp.sys 18:26:29.0879 0236 usbccgp - ok 18:26:29.0894 0236 [ B395B62B62F28106218FA6FB17F4C797 ] usbcir C:\Windows\System32\drivers\usbcir.sys 18:26:29.0957 0236 usbcir - ok 18:26:29.0988 0236 [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci C:\Windows\System32\drivers\usbehci.sys 18:26:30.0035 0236 usbehci - ok 18:26:30.0051 0236 [ ADBF89B8E0BB372FEFE2E4B84E1E20AE ] usbhub C:\Windows\System32\drivers\usbhub.sys 18:26:30.0113 0236 usbhub - ok 18:26:30.0144 0236 [ EA040D4C6C94F315A85F3D0EAA884B37 ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys 18:26:30.0191 0236 USBHUB3 - ok 18:26:30.0207 0236 [ 325F6179009B5A7F6118951A5BA422AB ] usbohci C:\Windows\System32\drivers\usbohci.sys 18:26:30.0254 0236 usbohci - ok 18:26:30.0269 0236 [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint C:\Windows\System32\drivers\usbprint.sys 18:26:30.0316 0236 usbprint - ok 18:26:30.0348 0236 [ A9858597B6DB695F78A37F6755A6FF98 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 18:26:30.0410 0236 usbscan - ok 18:26:30.0426 0236 [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS 18:26:30.0457 0236 USBSTOR - ok 18:26:30.0488 0236 [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci C:\Windows\System32\drivers\usbuhci.sys 18:26:30.0535 0236 usbuhci - ok 18:26:30.0551 0236 [ 09799E701B4327097E9F63D3FE221083 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 18:26:30.0582 0236 usbvideo - ok 18:26:30.0629 0236 [ 11C0CF143D246E2F0E9BDBF17A0CC70B ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS 18:26:30.0691 0236 USBXHCI - ok 18:26:30.0723 0236 [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc C:\Windows\system32\lsass.exe 18:26:30.0754 0236 VaultSvc - ok 18:26:30.0769 0236 [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 18:26:30.0816 0236 vdrvroot - ok 18:26:30.0863 0236 [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds C:\Windows\System32\vds.exe 18:26:30.0926 0236 vds - ok 18:26:30.0941 0236 [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys 18:26:30.0973 0236 VerifierExt - ok 18:26:31.0004 0236 [ 500BE6B2E49883720D0AE8BB859ED7A3 ] vhdmp C:\Windows\System32\drivers\vhdmp.sys 18:26:31.0066 0236 vhdmp - ok 18:26:31.0098 0236 [ F5B4A14B00E89250C50982AC762DDD1D ] viaide C:\Windows\system32\drivers\viaide.sys 18:26:31.0113 0236 viaide - ok 18:26:31.0144 0236 [ 0E43886F01C85B47BA0A3157274BCF59 ] Vid C:\Windows\System32\drivers\Vid.sys 18:26:31.0160 0236 Vid - ok 18:26:31.0191 0236 [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus C:\Windows\system32\drivers\vmbus.sys 18:26:31.0207 0236 vmbus - ok 18:26:31.0223 0236 [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys 18:26:31.0254 0236 VMBusHID - ok 18:26:31.0254 0236 [ B4F432A51826FFC66F4DF72A83E8E4B1 ] vmbusr C:\Windows\System32\drivers\vmbusr.sys 18:26:31.0285 0236 vmbusr - ok 18:26:31.0316 0236 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat C:\Windows\System32\ICSvc.dll 18:26:31.0348 0236 vmicheartbeat - ok 18:26:31.0363 0236 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll 18:26:31.0394 0236 vmickvpexchange - ok 18:26:31.0410 0236 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv C:\Windows\System32\ICSvc.dll 18:26:31.0441 0236 vmicrdv - ok 18:26:31.0457 0236 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown C:\Windows\System32\ICSvc.dll 18:26:31.0488 0236 vmicshutdown - ok 18:26:31.0504 0236 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync C:\Windows\System32\ICSvc.dll 18:26:31.0535 0236 vmictimesync - ok 18:26:31.0551 0236 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss C:\Windows\System32\ICSvc.dll 18:26:31.0582 0236 vmicvss - ok 18:26:31.0598 0236 [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr C:\Windows\system32\drivers\volmgr.sys 18:26:31.0629 0236 volmgr - ok 18:26:31.0644 0236 [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 18:26:31.0691 0236 volmgrx - ok 18:26:31.0723 0236 [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap C:\Windows\system32\drivers\volsnap.sys 18:26:31.0785 0236 volsnap - ok 18:26:31.0801 0236 [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci C:\Windows\System32\drivers\vpci.sys 18:26:31.0816 0236 vpci - ok 18:26:31.0832 0236 [ 0190AFFF28F600461C0164353CC7EE27 ] vpcivsp C:\Windows\System32\drivers\vpcivsp.sys 18:26:31.0863 0236 vpcivsp - ok 18:26:31.0879 0236 [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 18:26:31.0910 0236 vsmraid - ok 18:26:31.0957 0236 [ D0C69E44BC1E1D4AD290FD84104623D8 ] VSS C:\Windows\system32\vssvc.exe 18:26:32.0019 0236 VSS - ok 18:26:32.0051 0236 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys 18:26:32.0082 0236 VSTXRAID - ok 18:26:32.0098 0236 [ 62460A45435A26A334907E3F2EA45611 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 18:26:32.0129 0236 vwifibus - ok 18:26:32.0144 0236 [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 18:26:32.0176 0236 vwififlt - ok 18:26:32.0223 0236 [ F690B6EEAA94576727B24376D7ED3601 ] W32Time C:\Windows\system32\w32time.dll 18:26:32.0269 0236 W32Time - ok 18:26:32.0285 0236 [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen C:\Windows\System32\drivers\wacompen.sys 18:26:32.0379 0236 WacomPen - ok 18:26:32.0410 0236 [ 61F6972FF9AC9A8D0B4D62076DC30051 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 18:26:32.0582 0236 Wanarp - ok 18:26:32.0598 0236 [ 61F6972FF9AC9A8D0B4D62076DC30051 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 18:26:32.0629 0236 Wanarpv6 - ok 18:26:32.0676 0236 [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine C:\Windows\system32\wbengine.exe 18:26:32.0770 0236 wbengine - ok 18:26:32.0801 0236 [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 18:26:32.0848 0236 WbioSrvc - ok 18:26:32.0863 0236 [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc C:\Windows\System32\wcmsvc.dll 18:26:32.0910 0236 Wcmsvc - ok 18:26:32.0941 0236 [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc C:\Windows\System32\wcncsvc.dll 18:26:33.0004 0236 wcncsvc - ok 18:26:33.0004 0236 [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 18:26:33.0035 0236 WcsPlugInService - ok 18:26:33.0066 0236 [ B3A4D918DAB90505B6BC7B70632913CB ] Wd C:\Windows\system32\drivers\wd.sys 18:26:33.0098 0236 Wd - ok 18:26:33.0129 0236 [ 6F4B5DDDC3B86091E94BC47347A78AF7 ] WdBoot C:\Windows\system32\drivers\WdBoot.sys 18:26:33.0160 0236 WdBoot - ok 18:26:33.0191 0236 [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 18:26:33.0254 0236 Wdf01000 - ok 18:26:33.0285 0236 [ 99D404A9A0AFC4734E014EBEBAC13F8F ] WdFilter C:\Windows\system32\drivers\WdFilter.sys 18:26:33.0332 0236 WdFilter - ok 18:26:33.0348 0236 [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost C:\Windows\system32\wdi.dll 18:26:33.0410 0236 WdiServiceHost - ok 18:26:33.0426 0236 [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost C:\Windows\system32\wdi.dll 18:26:33.0488 0236 WdiSystemHost - ok 18:26:33.0504 0236 [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient C:\Windows\System32\webclnt.dll 18:26:33.0551 0236 WebClient - ok 18:26:33.0582 0236 [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc C:\Windows\system32\wecsvc.dll 18:26:33.0613 0236 Wecsvc - ok 18:26:33.0629 0236 [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport C:\Windows\System32\wercplsupport.dll 18:26:33.0707 0236 wercplsupport - ok 18:26:33.0738 0236 [ 5F70EBFC1F75B487DE79501E3CCBDB54 ] WerSvc C:\Windows\System32\WerSvc.dll 18:26:33.0785 0236 WerSvc - ok 18:26:33.0801 0236 [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys 18:26:33.0848 0236 WFPLWFS - ok 18:26:33.0879 0236 [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc C:\Windows\System32\wiarpc.dll 18:26:33.0910 0236 WiaRpc - ok 18:26:33.0926 0236 [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount C:\Windows\system32\drivers\wimmount.sys 18:26:33.0957 0236 WIMMount - ok 18:26:33.0973 0236 WinDefend - ok 18:26:33.0988 0236 WinHttpAutoProxySvc - ok 18:26:34.0051 0236 [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 18:26:34.0082 0236 Winmgmt - ok 18:26:34.0160 0236 [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM C:\Windows\system32\WsmSvc.dll 18:26:34.0301 0236 WinRM - ok 18:26:34.0379 0236 [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc C:\Windows\System32\wlansvc.dll 18:26:34.0441 0236 WlanSvc - ok 18:26:34.0504 0236 [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc C:\Windows\system32\wlidsvc.dll 18:26:34.0598 0236 wlidsvc - ok 18:26:34.0613 0236 [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys 18:26:34.0645 0236 WmiAcpi - ok 18:26:34.0676 0236 [ D113499052C5E541906B727779F0F959 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 18:26:34.0707 0236 wmiApSrv - ok 18:26:34.0738 0236 WMPNetworkSvc - ok 18:26:34.0754 0236 [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys 18:26:34.0785 0236 wpcfltr - ok 18:26:34.0801 0236 [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc C:\Windows\System32\wpcsvc.dll 18:26:34.0832 0236 WPCSvc - ok 18:26:34.0863 0236 [ 3013658A4D327854BEEC4A08D9655194 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 18:26:34.0910 0236 WPDBusEnum - ok 18:26:34.0926 0236 [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys 18:26:34.0942 0236 WpdUpFltr - ok 18:26:34.0973 0236 [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 18:26:35.0004 0236 ws2ifsl - ok 18:26:35.0035 0236 [ 012CFE7F0F95266F554EE3B91EE2128A ] wscsvc C:\Windows\system32\wscsvc.dll 18:26:35.0113 0236 wscsvc - ok 18:26:35.0113 0236 WSearch - ok 18:26:35.0207 0236 [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService C:\Windows\System32\WSService.dll 18:26:35.0379 0236 WSService - ok 18:26:35.0488 0236 [ BE302BABE45EC05995F8DC66E37BBB3D ] wuauserv C:\Windows\system32\wuaueng.dll 18:26:35.0613 0236 wuauserv - ok 18:26:35.0645 0236 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 18:26:35.0692 0236 WudfPf - ok 18:26:35.0707 0236 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys 18:26:35.0754 0236 WUDFRd - ok 18:26:35.0785 0236 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 18:26:35.0817 0236 wudfsvc - ok 18:26:35.0832 0236 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys 18:26:35.0863 0236 WUDFWpdFs - ok 18:26:35.0910 0236 [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc C:\Windows\System32\wwansvc.dll 18:26:35.0957 0236 WwanSvc - ok 18:26:35.0988 0236 ================ Scan global =============================== 18:26:36.0004 0236 [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll 18:26:36.0051 0236 [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll 18:26:36.0082 0236 [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll 18:26:36.0113 0236 [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe 18:26:36.0129 0236 [Global] - ok 18:26:36.0129 0236 ================ Scan MBR ================================== 18:26:36.0145 0236 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 18:26:36.0395 0236 \Device\Harddisk0\DR0 - ok 18:26:36.0395 0236 ================ Scan VBR ================================== 18:26:36.0395 0236 [ 0108EA81E0D903EC5441255DF54E43AC ] \Device\Harddisk0\DR0\Partition1 18:26:36.0410 0236 \Device\Harddisk0\DR0\Partition1 - ok 18:26:36.0426 0236 [ 485F9F69EC10DF19F3441DAEDE30770B ] \Device\Harddisk0\DR0\Partition2 18:26:36.0442 0236 \Device\Harddisk0\DR0\Partition2 - ok 18:26:36.0442 0236 ============================================================ 18:26:36.0442 0236 Scan finished 18:26:36.0442 0236 ============================================================ 18:26:36.0457 3552 Detected object count: 0 18:26:36.0457 3552 Actual detected object count: 0 ----- Die Website hat folgende URL: https://arbd.ebay.de/ws/eBayISAPI.dll?VAppPaige&&reqinput=867f876cce8c51a2ea5d7529440961aa0c9ed735bf282ee8d812272aa32897a5695e259d8ca34c0b775108d0600fe02485bd6c1f6bf1885610d3 81635468e608d6dd9aeebf5882f20213ce5e0e82517104826ce9a264085344511ab0f5d427a697a92b732e9cfd74de7c9f8d68a0216625ca8186b57d6ad07b751727d4f76daa8d34f73aa1 f1d361ddfc63c8c3b0d708d1313ccb559fd370fce781a0ddef890a&guest=1 Für den Fall, dass man sie nicht aufrufen kann, folgenden Text: "Bestätigung Ihrer Identität Hilfe– wird in einem neuen Fenster oder in einem neuen Reiter geöffnet Hilfe Um auch weiterhin die Sicherheit des eBay-Marktplatzes gewährleisten zu können, begrenzen wir die Anzahl der Artikel, die über ein Mitgliedskonto gekauft oder verkauft werden können. Der Umfang dieser Einschränkungen kann sich von Zeit zu Zeit zu ändern, abhängig von Ihren bisherigen Aktivitäten und Ihren allgemeinen Leistungen. Für Ihr Mitgliedskonto wurde jetzt das von uns gesetzte Limit bezüglich Bieten und Kaufen erreicht. Sie können jedoch durch eine zusätzliche Verifizierung Ihr Limit erhöhen. Vielen Dank für Ihr Verständnis. Bitte füllen Sie die Felder aus und klicken Sie dann auf Weiter. Kreditkartennummer Visa/Master SicherSo schützt eBay Ihre Bankkontodaten– wird in einem neuen Fenster oder in einem neuen Reiter geöffnet. Gültig bisAblauf der Gültigkeit: Jahr Prüfnummer Visa-Karte Wo finde ich die Prüfnummer?– wird in einem neuen Fenster oder in einem neuen Reiter geöffnet Rechnungsdaten (Angaben zum Kartenhalter ändern) Bitte prüfen Sie, ob der Name und die Adresse, die unten angegeben sind, mit den bei Ihrem Kreditkartenunternehmen hinterlegten Informationen übereinstimmen. [Meine Anschrift] Diese Karte wird nicht belastet." |
Zitat:
|
Korrekt. Die Aussage war in etwa: "Oooh nein, das macht Ebay nicht. Ebay verifiziert nicht via Kreditkartennummern. Ich gehe davon aus, dass Sie einen Virus haben." |
Downloade dir bitte Farbar Recovery Scan Tool 64-Bit und speichere es auf den Desktop.
|
FRST.txt: FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2013 01Addition.txt:FRST Additions Logfile: Code: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2013 01 |
Versuch noch einmal Combofix durchlaufen zu lassen. Die alte combofix.exe löschen und neu herunterladen: Scan mit Combofix
|
Es tut mir leid, ich habe aus Versehen die Maus zweimal minimal bewegt. Ich hoffe, das macht nichts weiter aus. Code: ComboFix 13-07-09.01 - Timmi 11.07.2013 17:25:59.1.4 - x64 |
Hmm. Kannst du bitte mal testen, ob diese Abfrage auch auftritt, wenn du dich an einem anderen Rechner in dein Ebay-Konto einloggst? |
Bei Gelegenheit, also heute Abend. Würde mich aber ehrlich gesagt eher noch mehr beunruhigen als erleichtern. :D |
Der Punkt ist, dass ich bis hierhin keine Malware gesehen habe. Aber das muss eben gar nichts heissen.. Wenn das Problem nur bei diesem einen Rechner auftritt, dann kann es klar eingegrenzt werden auf ein Malwareproblem auf deinem Rechner. Ansonsten, wenn es auch auf anderen Rechner vorkommt (auch auf einem Rechner in einem anderen Netzwerk), muss man sich sonst was überlegen.. |
Gut, daran habe ich nicht gedacht: heute Abend habe ich zur Zugriff auf andere Rechner meines Heimnetzwerkes. Wäre für einen ersten Test natürlich auch sinnvoll, aber alles Andere wird dann wohl noch etwas auf sich warten lassen. Mich als Laien machen natürlich die drei Funde des Defender von vor ein paar Tagen stutzig. |
Zitat:
Zitat:
Ich hab gesehen, dass du kürzlich ein Java 7 Update 21 deinstalliert hast. Die beiden Exploits, die der Defender gemeldet hat, nutzen Lücken aus, die bis Java 7 Update 15 bzw. Java 7 Update 17 exisitieren und bei nachfolgenden Versionen geschlossen wurden: CVE - CVE-2013-1493, CVE - CVE-2013-2423 |
Okay, danke für die Infos. Das Java-Update war eben die Reaktion auf diese Funde, genau. Jetzt wird es lustig: auf anderen Rechnern im Netzwerk tritt das selbe Problem auf. Langsam bin ich verwirrt. |
Ich hab ein wenig den Verdacht, dass die Auskunft, die du von ebay erhalten hast, nicht ganz richtig war.. :) Hast du die Möglichkeit, in nächster Zeit das Ganze nochmals mit einem Rechner zu testen, der nicht im gleichen Netzwerk steht, so dass gar kein Zusammenhang mehr besteht? |
Hi, ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe? Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos. |
Fehlende Rückmeldung Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten. Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 07:20 Uhr. |
Copyright ©2000-2025, Trojaner-Board
WARNUNG an die MITLESER: