Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan.Droppper.BC.Miner + Rootkits

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.11.2012, 09:56   #1
datk4lb
 
Trojan.Droppper.BC.Miner + Rootkits - Standard

Trojan.Droppper.BC.Miner + Rootkits



Guten Morgen liebe Boarduser

Ihr habt richtig geraten, ich habe einen Virus bzw. Trojaner und brauche Hilfe um den loszuwerden. Da ich mir hier schon einen Thread durchgelesen habe, der den selben Trojaner betrifft dachte ich mir füge ich gleich die Malwarebytes Log mit hinzu.
Zitat:
Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.09.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
dome :: BITCH [Administrator]

Schutz: Aktiviert

09.11.2012 09:50:51
mbam-log-2012-11-09 (09-53-52).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 202499
Laufzeit: 2 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Windows\Installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\U\000000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\U\80000032.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.

(Ende)
Ich hoffe, dass mir hier geholfen werden kann und bedanke mich schonmal im Vorraus für die Hilfe

Alt 09.11.2012, 10:18   #2
Psychotic
/// Malwareteam
 
Trojan.Droppper.BC.Miner + Rootkits - Standard

Trojan.Droppper.BC.Miner + Rootkits





Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.

Schritt 1: defogger


Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
  • Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Sollte Defogger eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.




Schritt 2: aswMBR


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.




Schritt 3: Scan mit TDSS-Killer



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________

__________________

Alt 09.11.2012, 10:42   #3
datk4lb
 
Trojan.Droppper.BC.Miner + Rootkits - Standard

Trojan.Droppper.BC.Miner + Rootkits



Bin echt begeistert wie schnell und professionell das hier läuft :P
Ihr habt doch sicher Antwortskripte oder?

Okay, zum Thema:

Schritt 1: Ausgeführt

Schritt 2: Ausgeführt, hier das Logbuch

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-09 10:27:19
-----------------------------
10:27:19.817    OS Version: Windows x64 6.1.7601 Service Pack 1
10:27:19.817    Number of processors: 4 586 0x2A07
10:27:19.818    ComputerName: BITCH  UserName: dome
10:27:21.145    Initialize success
10:27:22.189    AVAST engine defs: 12110801
10:27:30.703    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
10:27:30.705    Disk 0 Vendor: MAXTOR_STM3250310AS 3.AAA Size: 238475MB BusType: 3
10:27:30.735    Disk 0 MBR read successfully
10:27:30.738    Disk 0 MBR scan
10:27:30.762    Disk 0 Windows 7 default MBR code
10:27:30.787    Disk 0 Partition 1 00     07    HPFS/NTFS NTFS        75000 MB offset 2048
10:27:30.839    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        75000 MB offset 153602048
10:27:30.859    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS        88473 MB offset 307202048
10:27:30.899    Disk 0 scanning C:\Windows\system32\drivers
10:27:41.423    Service scanning
10:27:55.860    Modules scanning
10:27:55.868    Disk 0 trace - called modules:
10:27:55.891    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
10:27:56.222    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d90060]
10:27:56.227    3 CLASSPNP.SYS[fffff8800194443f] -> nt!IofCallDriver -> [0xfffffa8007ade520]
10:27:56.232    5 ACPI.sys[fffff88000ee07a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8007ada680]
10:27:56.929    AVAST engine scan C:\Windows
10:27:58.405    AVAST engine scan C:\Windows\system32
10:28:45.923    File: C:\Windows\system32\services.exe  **INFECTED** Win32:Sirefef-ZT [Trj]
10:29:05.767    File: C:\Windows\assembly\GAC_32\Desktop.ini  **INFECTED** Win32:Sirefef-PL [Rtk]
10:29:07.257    File: C:\Windows\assembly\GAC_64\Desktop.ini  **INFECTED** Win32:Sirefef-PL [Rtk]
10:29:48.305    AVAST engine scan C:\Windows\system32\drivers
10:29:55.703    AVAST engine scan C:\Users\dome
10:37:24.919    AVAST engine scan C:\ProgramData
10:38:35.646    Scan finished successfully
10:39:19.487    Disk 0 MBR has been saved successfully to "C:\Users\dome\Desktop\MBR.dat"
10:39:19.490    The log file has been saved successfully to "C:\Users\dome\Desktop\aswMBR.txt"
         
Schritt 3: Ausgeführt, hier das Logbuch

Code:
ATTFilter
10:39:49.0714 3244  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:39:49.0841 3244  ============================================================
10:39:49.0841 3244  Current date / time: 2012/11/09 10:39:49.0841
10:39:49.0841 3244  SystemInfo:
10:39:49.0841 3244  
10:39:49.0841 3244  OS Version: 6.1.7601 ServicePack: 1.0
10:39:49.0841 3244  Product type: Workstation
10:39:49.0842 3244  ComputerName: BITCH
10:39:49.0842 3244  UserName: dome
10:39:49.0842 3244  Windows directory: C:\Windows
10:39:49.0842 3244  System windows directory: C:\Windows
10:39:49.0842 3244  Running under WOW64
10:39:49.0842 3244  Processor architecture: Intel x64
10:39:49.0842 3244  Number of processors: 4
10:39:49.0842 3244  Page size: 0x1000
10:39:49.0842 3244  Boot type: Normal boot
10:39:49.0842 3244  ============================================================
10:39:50.0657 3244  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:39:50.0663 3244  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:39:56.0592 3244  ============================================================
10:39:56.0592 3244  \Device\Harddisk0\DR0:
10:39:56.0613 3244  MBR partitions:
10:39:56.0613 3244  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x927C000
10:39:56.0613 3244  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x927C800, BlocksNum 0x927C000
10:39:56.0613 3244  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x124F8800, BlocksNum 0xACCC800
10:39:56.0613 3244  \Device\Harddisk1\DR1:
10:39:56.0613 3244  MBR partitions:
10:39:56.0613 3244  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
10:39:56.0613 3244  ============================================================
10:39:56.0642 3244  C: <-> \Device\Harddisk0\DR0\Partition3
10:39:56.0677 3244  D: <-> \Device\Harddisk0\DR0\Partition1
10:39:56.0704 3244  E: <-> \Device\Harddisk0\DR0\Partition2
10:39:56.0731 3244  H: <-> \Device\Harddisk1\DR1\Partition1
10:39:56.0732 3244  ============================================================
10:39:56.0732 3244  Initialize success
10:39:56.0732 3244  ============================================================
10:40:01.0414 3648  ============================================================
10:40:01.0414 3648  Scan started
10:40:01.0414 3648  Mode: Manual; 
10:40:01.0414 3648  ============================================================
10:40:02.0510 3648  ================ Scan system memory ========================
10:40:02.0510 3648  System memory - ok
10:40:02.0510 3648  ================ Scan services =============================
10:40:02.0631 3648  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:40:02.0634 3648  1394ohci - ok
10:40:02.0671 3648  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:40:02.0678 3648  ACPI - ok
10:40:02.0697 3648  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:40:02.0698 3648  AcpiPmi - ok
10:40:02.0779 3648  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:40:02.0781 3648  AdobeARMservice - ok
10:40:02.0866 3648  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:40:02.0869 3648  AdobeFlashPlayerUpdateSvc - ok
10:40:02.0911 3648  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
10:40:02.0920 3648  adp94xx - ok
10:40:02.0945 3648  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
10:40:02.0952 3648  adpahci - ok
10:40:02.0965 3648  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
10:40:02.0969 3648  adpu320 - ok
10:40:02.0999 3648  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:40:03.0002 3648  AeLookupSvc - ok
10:40:03.0053 3648  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
10:40:03.0062 3648  AFD - ok
10:40:03.0090 3648  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
10:40:03.0092 3648  agp440 - ok
10:40:03.0107 3648  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
10:40:03.0109 3648  ALG - ok
10:40:03.0134 3648  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:40:03.0135 3648  aliide - ok
10:40:03.0166 3648  [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:40:03.0171 3648  AMD External Events Utility - ok
10:40:03.0188 3648  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
10:40:03.0189 3648  amdide - ok
10:40:03.0207 3648  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
10:40:03.0209 3648  AmdK8 - ok
10:40:03.0421 3648  [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
10:40:03.0624 3648  amdkmdag - ok
10:40:03.0638 3648  [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
10:40:03.0643 3648  amdkmdap - ok
10:40:03.0654 3648  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
10:40:03.0655 3648  AmdPPM - ok
10:40:03.0693 3648  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:40:03.0695 3648  amdsata - ok
10:40:03.0707 3648  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
10:40:03.0711 3648  amdsbs - ok
10:40:03.0729 3648  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:40:03.0729 3648  amdxata - ok
10:40:03.0764 3648  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
10:40:03.0766 3648  AppID - ok
10:40:03.0785 3648  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:40:03.0787 3648  AppIDSvc - ok
10:40:03.0806 3648  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
10:40:03.0808 3648  Appinfo - ok
10:40:03.0835 3648  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
10:40:03.0839 3648  AppMgmt - ok
10:40:03.0869 3648  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
10:40:03.0870 3648  arc - ok
10:40:03.0885 3648  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
10:40:03.0887 3648  arcsas - ok
10:40:03.0934 3648  aspnet_state - ok
10:40:03.0960 3648  [ B9DA213B5271DB5FCE962D827E6D620D ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
10:40:03.0961 3648  aswFsBlk - ok
10:40:04.0002 3648  [ 21C9835D0E5AD2FF0F16134BCB32CC71 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
10:40:04.0005 3648  aswMonFlt - ok
10:40:04.0042 3648  [ 1B96A5867ABD4FA6135D8298FCCCF9C6 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
10:40:04.0044 3648  aswRdr - ok
10:40:04.0069 3648  [ 6E98BB288696777A3A8A07A52B0EAEE9 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
10:40:04.0102 3648  aswSnx - ok
10:40:04.0127 3648  [ D9FB49F16E4EB02EFECAE8CBFE4BCB4C ] aswSP           C:\Windows\system32\drivers\aswSP.sys
10:40:04.0133 3648  aswSP - ok
10:40:04.0158 3648  [ 7352BB9A564B94BBD7C9CBF165F55006 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
10:40:04.0159 3648  aswTdi - ok
10:40:04.0180 3648  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:40:04.0182 3648  AsyncMac - ok
10:40:04.0208 3648  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
10:40:04.0209 3648  atapi - ok
10:40:04.0261 3648  [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
10:40:04.0264 3648  AtiHDAudioService - ok
10:40:04.0308 3648  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:40:04.0325 3648  AudioEndpointBuilder - ok
10:40:04.0349 3648  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:40:04.0355 3648  AudioSrv - ok
10:40:04.0415 3648  [ 4041D31508A2A084DFB42C595854090F ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:40:04.0416 3648  avast! Antivirus - ok
10:40:04.0451 3648  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:40:04.0454 3648  AxInstSV - ok
10:40:04.0488 3648  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
10:40:04.0495 3648  b06bdrv - ok
10:40:04.0531 3648  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:40:04.0536 3648  b57nd60a - ok
10:40:04.0572 3648  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:40:04.0575 3648  BDESVC - ok
10:40:04.0582 3648  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:40:04.0583 3648  Beep - ok
10:40:04.0593 3648  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:40:04.0594 3648  blbdrive - ok
10:40:04.0625 3648  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:40:04.0627 3648  bowser - ok
10:40:04.0642 3648  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:40:04.0643 3648  BrFiltLo - ok
10:40:04.0658 3648  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:40:04.0659 3648  BrFiltUp - ok
10:40:04.0682 3648  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
10:40:04.0686 3648  Browser - ok
10:40:04.0704 3648  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:40:04.0709 3648  Brserid - ok
10:40:04.0720 3648  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:40:04.0721 3648  BrSerWdm - ok
10:40:04.0734 3648  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:40:04.0735 3648  BrUsbMdm - ok
10:40:04.0742 3648  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:40:04.0743 3648  BrUsbSer - ok
10:40:04.0755 3648  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
10:40:04.0757 3648  BTHMODEM - ok
10:40:04.0781 3648  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
10:40:04.0784 3648  bthserv - ok
10:40:04.0817 3648  [ 55913573C41CF091F93A1AC07965EA7E ] busenum         C:\Windows\system32\DRIVERS\SteelBus64.sys
10:40:04.0820 3648  busenum - ok
10:40:04.0831 3648  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:40:04.0833 3648  cdfs - ok
10:40:04.0875 3648  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:40:04.0878 3648  cdrom - ok
10:40:04.0910 3648  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
10:40:04.0913 3648  CertPropSvc - ok
10:40:04.0936 3648  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
10:40:04.0951 3648  circlass - ok
10:40:04.0977 3648  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
10:40:04.0984 3648  CLFS - ok
10:40:05.0005 3648  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:40:05.0008 3648  clr_optimization_v2.0.50727_32 - ok
10:40:05.0050 3648  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:40:05.0053 3648  clr_optimization_v2.0.50727_64 - ok
10:40:05.0110 3648  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:40:05.0128 3648  clr_optimization_v4.0.30319_32 - ok
10:40:05.0166 3648  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:40:05.0188 3648  clr_optimization_v4.0.30319_64 - ok
10:40:05.0216 3648  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:40:05.0217 3648  CmBatt - ok
10:40:05.0240 3648  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:40:05.0242 3648  cmdide - ok
10:40:05.0283 3648  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
10:40:05.0300 3648  CNG - ok
10:40:05.0313 3648  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
10:40:05.0314 3648  Compbatt - ok
10:40:05.0345 3648  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
10:40:05.0347 3648  CompositeBus - ok
10:40:05.0356 3648  COMSysApp - ok
10:40:05.0368 3648  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
10:40:05.0369 3648  crcdisk - ok
10:40:05.0407 3648  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:40:05.0411 3648  CryptSvc - ok
10:40:05.0446 3648  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
10:40:05.0453 3648  CSC - ok
10:40:05.0480 3648  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
10:40:05.0497 3648  CscService - ok
10:40:05.0533 3648  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:40:05.0550 3648  DcomLaunch - ok
10:40:05.0582 3648  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
10:40:05.0588 3648  defragsvc - ok
10:40:05.0618 3648  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:40:05.0621 3648  DfsC - ok
10:40:05.0651 3648  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:40:05.0657 3648  Dhcp - ok
10:40:05.0685 3648  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
10:40:05.0687 3648  discache - ok
10:40:05.0714 3648  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
10:40:05.0716 3648  Disk - ok
10:40:05.0741 3648  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:40:05.0746 3648  Dnscache - ok
10:40:05.0766 3648  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:40:05.0772 3648  dot3svc - ok
10:40:05.0793 3648  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
10:40:05.0798 3648  DPS - ok
10:40:05.0825 3648  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:40:05.0826 3648  drmkaud - ok
10:40:05.0860 3648  [ FB9BEF3401EE5ECC2603311B9C64F44A ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:40:05.0864 3648  dtsoftbus01 - ok
10:40:05.0907 3648  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:40:05.0941 3648  DXGKrnl - ok
10:40:05.0962 3648  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
10:40:05.0966 3648  EapHost - ok
10:40:06.0058 3648  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
10:40:06.0135 3648  ebdrv - ok
10:40:06.0151 3648  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
10:40:06.0153 3648  EFS - ok
10:40:06.0198 3648  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:40:06.0208 3648  ehRecvr - ok
10:40:06.0241 3648  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
10:40:06.0243 3648  ehSched - ok
10:40:06.0272 3648  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
10:40:06.0279 3648  elxstor - ok
10:40:06.0296 3648  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:40:06.0297 3648  ErrDev - ok
10:40:06.0330 3648  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
10:40:06.0336 3648  EventSystem - ok
10:40:06.0366 3648  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
10:40:06.0369 3648  exfat - ok
10:40:06.0384 3648  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:40:06.0388 3648  fastfat - ok
10:40:06.0420 3648  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
10:40:06.0437 3648  Fax - ok
10:40:06.0454 3648  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
10:40:06.0455 3648  fdc - ok
10:40:06.0481 3648  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
10:40:06.0482 3648  fdPHost - ok
10:40:06.0488 3648  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:40:06.0489 3648  FDResPub - ok
10:40:06.0499 3648  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:40:06.0500 3648  FileInfo - ok
10:40:06.0505 3648  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:40:06.0506 3648  Filetrace - ok
10:40:06.0518 3648  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:40:06.0519 3648  flpydisk - ok
10:40:06.0543 3648  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:40:06.0547 3648  FltMgr - ok
10:40:06.0581 3648  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
10:40:06.0607 3648  FontCache - ok
10:40:06.0640 3648  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:40:06.0641 3648  FontCache3.0.0.0 - ok
10:40:06.0658 3648  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:40:06.0659 3648  FsDepends - ok
10:40:06.0680 3648  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:40:06.0682 3648  Fs_Rec - ok
10:40:06.0717 3648  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:40:06.0722 3648  fvevol - ok
10:40:06.0745 3648  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
10:40:06.0747 3648  gagp30kx - ok
10:40:06.0778 3648  GEARAspiWDM - ok
10:40:06.0817 3648  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
10:40:06.0842 3648  gpsvc - ok
10:40:06.0919 3648  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:40:06.0920 3648  gupdate - ok
10:40:06.0935 3648  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:40:06.0936 3648  gupdatem - ok
10:40:06.0952 3648  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:40:06.0954 3648  hcw85cir - ok
10:40:06.0973 3648  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:40:06.0979 3648  HdAudAddService - ok
10:40:07.0014 3648  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
10:40:07.0017 3648  HDAudBus - ok
10:40:07.0028 3648  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
10:40:07.0030 3648  HidBatt - ok
10:40:07.0044 3648  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
10:40:07.0046 3648  HidBth - ok
10:40:07.0061 3648  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
10:40:07.0063 3648  HidIr - ok
10:40:07.0086 3648  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
10:40:07.0089 3648  hidserv - ok
10:40:07.0126 3648  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:40:07.0127 3648  HidUsb - ok
10:40:07.0149 3648  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:40:07.0153 3648  hkmsvc - ok
10:40:07.0182 3648  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:40:07.0189 3648  HomeGroupListener - ok
10:40:07.0213 3648  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:40:07.0219 3648  HomeGroupProvider - ok
10:40:07.0236 3648  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:40:07.0238 3648  HpSAMD - ok
10:40:07.0270 3648  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:40:07.0288 3648  HTTP - ok
10:40:07.0310 3648  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:40:07.0310 3648  hwpolicy - ok
10:40:07.0339 3648  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
10:40:07.0341 3648  i8042prt - ok
10:40:07.0361 3648  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:40:07.0366 3648  iaStorV - ok
10:40:07.0417 3648  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:40:07.0434 3648  idsvc - ok
10:40:07.0458 3648  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
10:40:07.0459 3648  iirsp - ok
10:40:07.0503 3648  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
10:40:07.0520 3648  IKEEXT - ok
10:40:07.0602 3648  [ 13089F31AA37CDE1CE3784EE01A48484 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:40:07.0654 3648  IntcAzAudAddService - ok
10:40:07.0672 3648  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
10:40:07.0673 3648  intelide - ok
10:40:07.0703 3648  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:40:07.0704 3648  intelppm - ok
10:40:07.0727 3648  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:40:07.0730 3648  IPBusEnum - ok
10:40:07.0753 3648  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:40:07.0756 3648  IpFilterDriver - ok
10:40:07.0782 3648  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:40:07.0783 3648  IPMIDRV - ok
10:40:07.0814 3648  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:40:07.0817 3648  IPNAT - ok
10:40:07.0832 3648  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:40:07.0833 3648  IRENUM - ok
10:40:07.0861 3648  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:40:07.0862 3648  isapnp - ok
10:40:07.0877 3648  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:40:07.0883 3648  iScsiPrt - ok
10:40:07.0902 3648  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:40:07.0904 3648  kbdclass - ok
10:40:08.0025 3648  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:40:08.0026 3648  kbdhid - ok
10:40:08.0092 3648  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
10:40:08.0094 3648  KeyIso - ok
10:40:08.0110 3648  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:40:08.0112 3648  KSecDD - ok
10:40:08.0121 3648  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:40:08.0125 3648  KSecPkg - ok
10:40:08.0140 3648  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:40:08.0141 3648  ksthunk - ok
10:40:08.0165 3648  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:40:08.0173 3648  KtmRm - ok
10:40:08.0205 3648  [ 86DCBF8A41C78561A1DA07AB5E7B1CCC ] LADF_DHP2       C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys
10:40:08.0207 3648  LADF_DHP2 - ok
10:40:08.0219 3648  [ 175C04C7813CE64616B5CB046E5E1383 ] LADF_SBVM       C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys
10:40:08.0225 3648  LADF_SBVM - ok
10:40:08.0256 3648  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:40:08.0263 3648  LanmanServer - ok
10:40:08.0288 3648  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:40:08.0290 3648  LanmanWorkstation - ok
10:40:08.0317 3648  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:40:08.0318 3648  lltdio - ok
10:40:08.0355 3648  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:40:08.0359 3648  lltdsvc - ok
10:40:08.0370 3648  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:40:08.0372 3648  lmhosts - ok
10:40:08.0393 3648  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
10:40:08.0395 3648  LSI_FC - ok
10:40:08.0417 3648  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
10:40:08.0420 3648  LSI_SAS - ok
10:40:08.0440 3648  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:40:08.0442 3648  LSI_SAS2 - ok
10:40:08.0455 3648  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:40:08.0457 3648  LSI_SCSI - ok
10:40:08.0479 3648  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
10:40:08.0481 3648  luafv - ok
10:40:08.0506 3648  [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
10:40:08.0507 3648  MBAMProtector - ok
10:40:08.0567 3648  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:40:08.0575 3648  MBAMScheduler - ok
10:40:08.0599 3648  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:40:08.0616 3648  MBAMService - ok
10:40:08.0637 3648  [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt          C:\Windows\system32\drivers\MBfilt64.sys
10:40:08.0638 3648  MBfilt - ok
10:40:08.0695 3648  [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
10:40:08.0699 3648  McComponentHostService - ok
10:40:08.0721 3648  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:40:08.0724 3648  Mcx2Svc - ok
10:40:08.0745 3648  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
10:40:08.0747 3648  megasas - ok
10:40:08.0765 3648  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
10:40:08.0771 3648  MegaSR - ok
10:40:08.0792 3648  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
10:40:08.0794 3648  MEIx64 - ok
10:40:08.0809 3648  [ D70476AD02D6FD75282B196D3B58831D ] MEMSWEEP2       C:\Windows\system32\E034.tmp
10:40:08.0811 3648  MEMSWEEP2 - ok
10:40:08.0830 3648  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
10:40:08.0834 3648  MMCSS - ok
10:40:08.0852 3648  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
10:40:08.0854 3648  Modem - ok
10:40:08.0875 3648  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:40:08.0876 3648  monitor - ok
10:40:08.0895 3648  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:40:08.0897 3648  mouclass - ok
10:40:08.0917 3648  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:40:08.0918 3648  mouhid - ok
10:40:08.0948 3648  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:40:08.0950 3648  mountmgr - ok
10:40:08.0988 3648  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:40:08.0991 3648  MozillaMaintenance - ok
10:40:09.0003 3648  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:40:09.0006 3648  mpio - ok
10:40:09.0025 3648  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:40:09.0027 3648  mpsdrv - ok
10:40:09.0049 3648  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:40:09.0052 3648  MRxDAV - ok
10:40:09.0092 3648  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:40:09.0106 3648  mrxsmb - ok
10:40:09.0150 3648  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:40:09.0167 3648  mrxsmb10 - ok
10:40:09.0200 3648  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:40:09.0210 3648  mrxsmb20 - ok
10:40:09.0223 3648  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:40:09.0232 3648  msahci - ok
10:40:09.0290 3648  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:40:09.0294 3648  msdsm - ok
10:40:09.0326 3648  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
10:40:09.0374 3648  MSDTC - ok
10:40:09.0403 3648  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:40:09.0404 3648  Msfs - ok
10:40:09.0428 3648  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:40:09.0429 3648  mshidkmdf - ok
10:40:09.0443 3648  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:40:09.0444 3648  msisadrv - ok
10:40:09.0463 3648  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:40:09.0469 3648  MSiSCSI - ok
10:40:09.0471 3648  msiserver - ok
10:40:09.0524 3648  [ 192476C10371DC83243D67432B2CDCBF ] MSI_MSIBIOS_010507 C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys
10:40:09.0525 3648  MSI_MSIBIOS_010507 - ok
10:40:09.0544 3648  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:40:09.0545 3648  MSKSSRV - ok
10:40:09.0553 3648  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:40:09.0554 3648  MSPCLOCK - ok
10:40:09.0565 3648  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:40:09.0566 3648  MSPQM - ok
10:40:09.0591 3648  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:40:09.0598 3648  MsRPC - ok
10:40:09.0632 3648  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
10:40:09.0634 3648  mssmbios - ok
10:40:09.0649 3648  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:40:09.0650 3648  MSTEE - ok
10:40:09.0662 3648  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
10:40:09.0664 3648  MTConfig - ok
10:40:09.0679 3648  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:40:09.0681 3648  Mup - ok
10:40:09.0714 3648  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
10:40:09.0725 3648  napagent - ok
10:40:09.0770 3648  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:40:09.0776 3648  NativeWifiP - ok
10:40:09.0845 3648  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:40:09.0876 3648  NDIS - ok
10:40:09.0897 3648  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:40:09.0898 3648  NdisCap - ok
10:40:09.0924 3648  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:40:09.0926 3648  NdisTapi - ok
10:40:09.0941 3648  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:40:09.0943 3648  Ndisuio - ok
10:40:09.0958 3648  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:40:09.0962 3648  NdisWan - ok
10:40:09.0989 3648  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:40:09.0991 3648  NDProxy - ok
10:40:10.0064 3648  [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
10:40:10.0089 3648  Nero BackItUp Scheduler 4.0 - ok
10:40:10.0113 3648  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:40:10.0114 3648  NetBIOS - ok
10:40:10.0134 3648  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:40:10.0140 3648  NetBT - ok
10:40:10.0157 3648  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
10:40:10.0160 3648  Netlogon - ok
10:40:10.0190 3648  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
10:40:10.0199 3648  Netman - ok
10:40:10.0231 3648  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:40:10.0242 3648  NetMsmqActivator - ok
10:40:10.0258 3648  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:40:10.0260 3648  NetPipeActivator - ok
10:40:10.0278 3648  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
10:40:10.0289 3648  netprofm - ok
10:40:10.0295 3648  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:40:10.0297 3648  NetTcpActivator - ok
10:40:10.0301 3648  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:40:10.0303 3648  NetTcpPortSharing - ok
10:40:10.0338 3648  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
10:40:10.0340 3648  nfrd960 - ok
10:40:10.0370 3648  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:40:10.0387 3648  NlaSvc - ok
10:40:10.0401 3648  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:40:10.0403 3648  Npfs - ok
10:40:10.0430 3648  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
10:40:10.0434 3648  nsi - ok
10:40:10.0441 3648  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:40:10.0442 3648  nsiproxy - ok
10:40:10.0496 3648  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:40:10.0539 3648  Ntfs - ok
10:40:10.0555 3648  [ 1B32C54B95121AB1683C7B83B2DB4B96 ] NTIOLib_1_0_4   C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys
10:40:10.0556 3648  NTIOLib_1_0_4 - ok
10:40:10.0567 3648  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
10:40:10.0568 3648  Null - ok
10:40:10.0590 3648  [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
10:40:10.0592 3648  nusb3hub - ok
10:40:10.0606 3648  [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:40:10.0610 3648  nusb3xhc - ok
10:40:10.0645 3648  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:40:10.0648 3648  nvraid - ok
10:40:10.0663 3648  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:40:10.0667 3648  nvstor - ok
10:40:10.0705 3648  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:40:10.0708 3648  nv_agp - ok
10:40:10.0720 3648  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:40:10.0721 3648  ohci1394 - ok
10:40:10.0755 3648  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:40:10.0772 3648  p2pimsvc - ok
10:40:10.0803 3648  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:40:10.0820 3648  p2psvc - ok
10:40:10.0843 3648  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
10:40:10.0853 3648  Parport - ok
10:40:10.0882 3648  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:40:10.0883 3648  partmgr - ok
10:40:10.0905 3648  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:40:10.0949 3648  PcaSvc - ok
10:40:10.0973 3648  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
10:40:10.0977 3648  pci - ok
10:40:11.0000 3648  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
10:40:11.0001 3648  pciide - ok
10:40:11.0023 3648  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
10:40:11.0027 3648  pcmcia - ok
10:40:11.0047 3648  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:40:11.0049 3648  pcw - ok
10:40:11.0068 3648  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:40:11.0080 3648  PEAUTH - ok
10:40:11.0116 3648  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
10:40:11.0150 3648  PeerDistSvc - ok
10:40:11.0221 3648  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:40:11.0224 3648  PerfHost - ok
10:40:11.0272 3648  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
10:40:11.0306 3648  pla - ok
10:40:11.0338 3648  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:40:11.0355 3648  PlugPlay - ok
10:40:11.0379 3648  PnkBstrA - ok
10:40:11.0393 3648  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:40:11.0397 3648  PNRPAutoReg - ok
10:40:11.0413 3648  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:40:11.0419 3648  PNRPsvc - ok
10:40:11.0443 3648  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:40:11.0460 3648  PolicyAgent - ok
10:40:11.0487 3648  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
10:40:11.0495 3648  Power - ok
10:40:11.0524 3648  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:40:11.0527 3648  PptpMiniport - ok
10:40:11.0556 3648  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
10:40:11.0557 3648  Processor - ok
10:40:11.0582 3648  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:40:11.0588 3648  ProfSvc - ok
10:40:11.0598 3648  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:40:11.0601 3648  ProtectedStorage - ok
10:40:11.0619 3648  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:40:11.0622 3648  Psched - ok
10:40:11.0671 3648  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
10:40:11.0706 3648  ql2300 - ok
10:40:11.0730 3648  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
10:40:11.0733 3648  ql40xx - ok
10:40:11.0755 3648  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
10:40:11.0763 3648  QWAVE - ok
10:40:11.0778 3648  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:40:11.0780 3648  QWAVEdrv - ok
10:40:11.0790 3648  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:40:11.0791 3648  RasAcd - ok
10:40:11.0812 3648  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:40:11.0814 3648  RasAgileVpn - ok
10:40:11.0842 3648  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
10:40:11.0848 3648  RasAuto - ok
10:40:11.0873 3648  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:40:11.0877 3648  Rasl2tp - ok
10:40:11.0898 3648  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
10:40:11.0908 3648  RasMan - ok
10:40:11.0935 3648  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:40:11.0938 3648  RasPppoe - ok
10:40:11.0958 3648  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:40:11.0961 3648  RasSstp - ok
10:40:11.0972 3648  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:40:11.0978 3648  rdbss - ok
10:40:11.0998 3648  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:40:12.0000 3648  rdpbus - ok
10:40:12.0004 3648  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:40:12.0006 3648  RDPCDD - ok
10:40:12.0030 3648  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
10:40:12.0034 3648  RDPDR - ok
10:40:12.0057 3648  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:40:12.0058 3648  RDPENCDD - ok
10:40:12.0065 3648  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:40:12.0067 3648  RDPREFMP - ok
10:40:12.0128 3648  [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:40:12.0130 3648  RdpVideoMiniport - ok
10:40:12.0154 3648  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:40:12.0159 3648  RDPWD - ok
10:40:12.0190 3648  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:40:12.0195 3648  rdyboost - ok
10:40:12.0229 3648  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:40:12.0234 3648  RemoteAccess - ok
10:40:12.0256 3648  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:40:12.0262 3648  RemoteRegistry - ok
10:40:12.0269 3648  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:40:12.0275 3648  RpcEptMapper - ok
10:40:12.0287 3648  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
10:40:12.0290 3648  RpcLocator - ok
10:40:12.0322 3648  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
10:40:12.0330 3648  RpcSs - ok
10:40:12.0356 3648  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:40:12.0358 3648  rspndr - ok
10:40:12.0398 3648  [ AFC12DFA4C7B089673AD67402CA19EDB ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
10:40:12.0405 3648  RTL8167 - ok
10:40:12.0423 3648  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
10:40:12.0424 3648  s3cap - ok
10:40:12.0456 3648  [ E13D43901EC079280A2A9BAD9A2CCDA7 ] SAlphamHid      C:\Windows\system32\DRIVERS\SAlpham64.sys
10:40:12.0457 3648  SAlphamHid - ok
10:40:12.0465 3648  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
10:40:12.0467 3648  SamSs - ok
10:40:12.0470 3648  SAVRKBootTasks - ok
10:40:12.0482 3648  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:40:12.0485 3648  sbp2port - ok
10:40:12.0511 3648  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:40:12.0527 3648  SCardSvr - ok
10:40:12.0549 3648  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:40:12.0550 3648  scfilter - ok
10:40:12.0590 3648  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
10:40:12.0624 3648  Schedule - ok
10:40:12.0649 3648  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:40:12.0651 3648  SCPolicySvc - ok
10:40:12.0672 3648  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:40:12.0679 3648  SDRSVC - ok
10:40:12.0700 3648  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:40:12.0701 3648  secdrv - ok
10:40:12.0713 3648  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
10:40:12.0718 3648  seclogon - ok
10:40:12.0743 3648  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
10:40:12.0748 3648  SENS - ok
10:40:12.0761 3648  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:40:12.0766 3648  SensrSvc - ok
10:40:12.0785 3648  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:40:12.0786 3648  Serenum - ok
10:40:12.0803 3648  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:40:12.0805 3648  Serial - ok
10:40:12.0828 3648  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
10:40:12.0829 3648  sermouse - ok
10:40:12.0853 3648  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:40:12.0858 3648  SessionEnv - ok
10:40:12.0875 3648  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:40:12.0877 3648  sffdisk - ok
10:40:12.0886 3648  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:40:12.0888 3648  sffp_mmc - ok
10:40:12.0899 3648  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:40:12.0900 3648  sffp_sd - ok
10:40:12.0920 3648  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
10:40:12.0922 3648  sfloppy - ok
10:40:12.0951 3648  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:40:12.0961 3648  ShellHWDetection - ok
10:40:12.0986 3648  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:40:12.0987 3648  SiSRaid2 - ok
10:40:13.0001 3648  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
10:40:13.0004 3648  SiSRaid4 - ok
10:40:13.0064 3648  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
10:40:13.0068 3648  SkypeUpdate - ok
10:40:13.0090 3648  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:40:13.0093 3648  Smb - ok
10:40:13.0124 3648  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:40:13.0128 3648  SNMPTRAP - ok
10:40:13.0187 3648  [ E9CBBDC94EECED8E96FC847AA48F597F ] Sony Ericsson PCCompanion C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
10:40:13.0191 3648  Sony Ericsson PCCompanion - ok
10:40:13.0213 3648  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:40:13.0214 3648  spldr - ok
10:40:13.0242 3648  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
10:40:13.0259 3648  Spooler - ok
10:40:13.0353 3648  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
10:40:13.0430 3648  sppsvc - ok
10:40:13.0458 3648  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:40:13.0464 3648  sppuinotify - ok
10:40:13.0492 3648  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:40:13.0500 3648  srv - ok
10:40:13.0516 3648  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:40:13.0525 3648  srv2 - ok
10:40:13.0537 3648  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:40:13.0541 3648  srvnet - ok
10:40:13.0572 3648  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:40:13.0581 3648  SSDPSRV - ok
10:40:13.0594 3648  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:40:13.0603 3648  SstpSvc - ok
10:40:13.0638 3648  Steam Client Service - ok
10:40:13.0661 3648  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
10:40:13.0663 3648  stexstor - ok
10:40:13.0701 3648  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
10:40:13.0726 3648  stisvc - ok
10:40:13.0752 3648  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
10:40:13.0754 3648  storflt - ok
10:40:13.0775 3648  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
10:40:13.0777 3648  storvsc - ok
10:40:13.0794 3648  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
10:40:13.0795 3648  swenum - ok
10:40:13.0823 3648  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
10:40:13.0836 3648  swprv - ok
10:40:13.0882 3648  Synth3dVsc - ok
10:40:13.0933 3648  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
10:40:13.0976 3648  SysMain - ok
10:40:13.0998 3648  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:40:14.0004 3648  TabletInputService - ok
10:40:14.0030 3648  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:40:14.0047 3648  TapiSrv - ok
10:40:14.0068 3648  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
10:40:14.0073 3648  TBS - ok
10:40:14.0131 3648  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:40:14.0174 3648  Tcpip - ok
10:40:14.0217 3648  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:40:14.0224 3648  TCPIP6 - ok
10:40:14.0241 3648  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:40:14.0242 3648  tcpipreg - ok
10:40:14.0259 3648  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:40:14.0261 3648  TDPIPE - ok
10:40:14.0281 3648  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:40:14.0283 3648  TDTCP - ok
10:40:14.0303 3648  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:40:14.0305 3648  tdx - ok
10:40:14.0330 3648  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
10:40:14.0333 3648  TermDD - ok
10:40:14.0366 3648  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
10:40:14.0392 3648  TermService - ok
10:40:14.0415 3648  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
10:40:14.0420 3648  Themes - ok
10:40:14.0435 3648  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
10:40:14.0439 3648  THREADORDER - ok
10:40:14.0444 3648  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
10:40:14.0457 3648  TrkWks - ok
10:40:14.0481 3648  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:40:14.0484 3648  TrustedInstaller - ok
10:40:14.0505 3648  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:40:14.0507 3648  tssecsrv - ok
10:40:14.0518 3648  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:40:14.0520 3648  TsUsbFlt - ok
10:40:14.0524 3648  tsusbhub - ok
10:40:14.0555 3648  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:40:14.0557 3648  tunnel - ok
10:40:14.0573 3648  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
10:40:14.0575 3648  uagp35 - ok
10:40:14.0590 3648  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:40:14.0597 3648  udfs - ok
10:40:14.0622 3648  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:40:14.0627 3648  UI0Detect - ok
10:40:14.0656 3648  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:40:14.0658 3648  uliagpkx - ok
10:40:14.0685 3648  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:40:14.0687 3648  umbus - ok
10:40:14.0711 3648  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
10:40:14.0712 3648  UmPass - ok
10:40:14.0731 3648  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
10:40:14.0739 3648  UmRdpService - ok
10:40:14.0764 3648  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
10:40:14.0774 3648  upnphost - ok
10:40:14.0791 3648  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
10:40:14.0794 3648  usbaudio - ok
10:40:14.0814 3648  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:40:14.0817 3648  usbccgp - ok
10:40:14.0849 3648  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:40:14.0852 3648  usbcir - ok
10:40:14.0862 3648  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
10:40:14.0864 3648  usbehci - ok
10:40:14.0891 3648  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:40:14.0897 3648  usbhub - ok
10:40:14.0914 3648  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:40:14.0916 3648  usbohci - ok
10:40:14.0939 3648  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:40:14.0940 3648  usbprint - ok
10:40:14.0965 3648  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
10:40:14.0966 3648  usbscan - ok
10:40:14.0983 3648  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:40:14.0986 3648  USBSTOR - ok
10:40:15.0003 3648  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
10:40:15.0005 3648  usbuhci - ok
10:40:15.0027 3648  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
10:40:15.0032 3648  UxSms - ok
10:40:15.0038 3648  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
10:40:15.0041 3648  VaultSvc - ok
10:40:15.0061 3648  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:40:15.0063 3648  vdrvroot - ok
10:40:15.0099 3648  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
10:40:15.0111 3648  vds - ok
10:40:15.0145 3648  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:40:15.0146 3648  vga - ok
10:40:15.0156 3648  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:40:15.0158 3648  VgaSave - ok
10:40:15.0172 3648  VGPU - ok
10:40:15.0198 3648  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:40:15.0202 3648  vhdmp - ok
10:40:15.0237 3648  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:40:15.0239 3648  viaide - ok
10:40:15.0259 3648  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
10:40:15.0263 3648  vmbus - ok
10:40:15.0279 3648  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
10:40:15.0280 3648  VMBusHID - ok
10:40:15.0302 3648  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:40:15.0305 3648  volmgr - ok
10:40:15.0334 3648  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:40:15.0341 3648  volmgrx - ok
10:40:15.0360 3648  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:40:15.0366 3648  volsnap - ok
10:40:15.0399 3648  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
10:40:15.0402 3648  vsmraid - ok
10:40:15.0450 3648  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
10:40:15.0493 3648  VSS - ok
10:40:15.0501 3648  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
10:40:15.0503 3648  vwifibus - ok
10:40:15.0534 3648  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
10:40:15.0551 3648  W32Time - ok
10:40:15.0563 3648  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
10:40:15.0565 3648  WacomPen - ok
10:40:15.0600 3648  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:40:15.0601 3648  WANARP - ok
10:40:15.0610 3648  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:40:15.0611 3648  Wanarpv6 - ok
10:40:15.0658 3648  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
10:40:15.0692 3648  wbengine - ok
10:40:15.0710 3648  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:40:15.0715 3648  WbioSrvc - ok
10:40:15.0741 3648  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:40:15.0758 3648  wcncsvc - ok
10:40:15.0766 3648  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:40:15.0772 3648  WcsPlugInService - ok
10:40:15.0794 3648  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
10:40:15.0795 3648  Wd - ok
10:40:15.0823 3648  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:40:15.0834 3648  Wdf01000 - ok
10:40:15.0852 3648  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:40:15.0860 3648  WdiServiceHost - ok
10:40:15.0865 3648  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:40:15.0871 3648  WdiSystemHost - ok
10:40:15.0883 3648  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
10:40:15.0891 3648  WebClient - ok
10:40:15.0904 3648  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:40:15.0912 3648  Wecsvc - ok
10:40:15.0922 3648  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:40:15.0930 3648  wercplsupport - ok
10:40:15.0957 3648  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:40:15.0963 3648  WerSvc - ok
10:40:15.0997 3648  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:40:15.0998 3648  WfpLwf - ok
10:40:16.0011 3648  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:40:16.0012 3648  WIMMount - ok
10:40:16.0022 3648  WinHttpAutoProxySvc - ok
10:40:16.0065 3648  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:40:16.0069 3648  Winmgmt - ok
10:40:16.0120 3648  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
10:40:16.0170 3648  WinRM - ok
10:40:16.0214 3648  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
10:40:16.0215 3648  WinUsb - ok
10:40:16.0252 3648  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:40:16.0277 3648  Wlansvc - ok
10:40:16.0389 3648  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:40:16.0441 3648  wlidsvc - ok
10:40:16.0467 3648  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:40:16.0467 3648  WmiAcpi - ok
10:40:16.0495 3648  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:40:16.0500 3648  wmiApSrv - ok
10:40:16.0521 3648  WMPNetworkSvc - ok
10:40:16.0545 3648  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:40:16.0550 3648  WPCSvc - ok
10:40:16.0568 3648  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:40:16.0576 3648  WPDBusEnum - ok
10:40:16.0604 3648  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:40:16.0606 3648  ws2ifsl - ok
10:40:16.0609 3648  WSearch - ok
10:40:16.0630 3648  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:40:16.0633 3648  WudfPf - ok
10:40:16.0660 3648  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:40:16.0664 3648  WUDFRd - ok
10:40:16.0676 3648  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:40:16.0682 3648  wudfsvc - ok
10:40:16.0707 3648  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:40:16.0723 3648  WwanSvc - ok
10:40:16.0752 3648  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
10:40:16.0755 3648  xusb21 - ok
10:40:16.0766 3648  ================ Scan global ===============================
10:40:16.0783 3648  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:40:16.0807 3648  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:40:16.0820 3648  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:40:16.0850 3648  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:40:16.0887 3648  [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
10:40:16.0896 3648  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
10:40:16.0896 3648  C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
10:40:16.0896 3648  ================ Scan MBR ==================================
10:40:16.0921 3648  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:40:17.0079 3648  \Device\Harddisk0\DR0 - ok
10:40:17.0080 3648  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
10:40:17.0123 3648  \Device\Harddisk1\DR1 - ok
10:40:17.0124 3648  ================ Scan VBR ==================================
10:40:17.0147 3648  [ D5D9E334525B81E06E54CE9C022984D9 ] \Device\Harddisk0\DR0\Partition1
10:40:17.0148 3648  \Device\Harddisk0\DR0\Partition1 - ok
10:40:17.0166 3648  [ AA0BF0CFFE9D883A3C3E47C40E74BC8E ] \Device\Harddisk0\DR0\Partition2
10:40:17.0168 3648  \Device\Harddisk0\DR0\Partition2 - ok
10:40:17.0186 3648  [ 78110A215898813A177283011549D486 ] \Device\Harddisk0\DR0\Partition3
10:40:17.0188 3648  \Device\Harddisk0\DR0\Partition3 - ok
10:40:17.0190 3648  [ 62A173D3EDF59699C0C240B20AD6CB55 ] \Device\Harddisk1\DR1\Partition1
10:40:17.0191 3648  \Device\Harddisk1\DR1\Partition1 - ok
10:40:17.0192 3648  ============================================================
10:40:17.0192 3648  Scan finished
10:40:17.0192 3648  ============================================================
10:40:17.0195 3284  Detected object count: 1
10:40:17.0195 3284  Actual detected object count: 1
10:40:23.0302 3284  C:\Windows\system32\services.exe - copied to quarantine
10:40:24.0479 3284  C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
10:40:24.0490 3284  C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
10:40:24.0509 3284  C:\Windows\installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\@ - copied to quarantine
10:40:24.0532 3284  C:\Windows\installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\L\00000004.@ - copied to quarantine
10:40:24.0534 3284  C:\Windows\installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\U\00000004.@ - copied to quarantine
10:40:24.0536 3284  C:\Windows\installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\U\00000008.@ - copied to quarantine
10:40:24.0537 3284  C:\Windows\installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\U\000000cb.@ - copied to quarantine
10:40:24.0539 3284  C:\Windows\installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\U\80000000.@ - copied to quarantine
10:40:24.0541 3284  C:\Windows\installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\U\80000032.@ - copied to quarantine
10:40:24.0543 3284  C:\Windows\installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\U\80000064.@ - copied to quarantine
10:41:06.0854 3284  Backup copy not found, trying to cure infected file..
10:41:06.0854 3284  C:\Windows\system32\services.exe - Cure failed (FFFFFFFF)
10:41:06.0854 3284  C:\Windows\system32\services.exe - processing error
10:41:06.0854 3284  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure
         
__________________

Alt 09.11.2012, 10:54   #4
Psychotic
/// Malwareteam
 
Trojan.Droppper.BC.Miner + Rootkits - Standard

Trojan.Droppper.BC.Miner + Rootkits



Zitat:
User select action: Cure
Du solltest doch meinen Anweisungen genau folgen!

Jetzt haben wir ein böses Problem!

Lass den TDSS-Killer noch einmal laufen, wähle am Schluß (FALLS etwas gefunden wird!) SKIP und poste das neue logfile hier!
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 09.11.2012, 10:56   #5
datk4lb
 
Trojan.Droppper.BC.Miner + Rootkits - Standard

Trojan.Droppper.BC.Miner + Rootkits



Ich sehe gerade, dass ich ausversehen auf Cure gekommen bin bei Schritt 3. Habe nochmal gescannt und diesmal geskippt.

Code:
ATTFilter
10:54:56.0187 2016  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:54:57.0285 2016  ============================================================
10:54:57.0285 2016  Current date / time: 2012/11/09 10:54:57.0285
10:54:57.0285 2016  SystemInfo:
10:54:57.0285 2016  
10:54:57.0285 2016  OS Version: 6.1.7601 ServicePack: 1.0
10:54:57.0285 2016  Product type: Workstation
10:54:57.0285 2016  ComputerName: BITCH
10:54:57.0286 2016  UserName: dome
10:54:57.0286 2016  Windows directory: C:\Windows
10:54:57.0286 2016  System windows directory: C:\Windows
10:54:57.0286 2016  Running under WOW64
10:54:57.0286 2016  Processor architecture: Intel x64
10:54:57.0286 2016  Number of processors: 4
10:54:57.0286 2016  Page size: 0x1000
10:54:57.0286 2016  Boot type: Normal boot
10:54:57.0286 2016  ============================================================
10:54:58.0088 2016  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:54:58.0134 2016  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:54:58.0136 2016  ============================================================
10:54:58.0136 2016  \Device\Harddisk0\DR0:
10:54:58.0138 2016  MBR partitions:
10:54:58.0138 2016  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x927C000
10:54:58.0138 2016  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x927C800, BlocksNum 0x927C000
10:54:58.0138 2016  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x124F8800, BlocksNum 0xACCC800
10:54:58.0138 2016  \Device\Harddisk1\DR1:
10:54:58.0139 2016  MBR partitions:
10:54:58.0139 2016  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
10:54:58.0139 2016  ============================================================
10:54:58.0167 2016  C: <-> \Device\Harddisk0\DR0\Partition3
10:54:58.0203 2016  D: <-> \Device\Harddisk0\DR0\Partition1
10:54:58.0229 2016  E: <-> \Device\Harddisk0\DR0\Partition2
10:54:58.0237 2016  H: <-> \Device\Harddisk1\DR1\Partition1
10:54:58.0238 2016  ============================================================
10:54:58.0238 2016  Initialize success
10:54:58.0238 2016  ============================================================
10:55:01.0161 0948  ============================================================
10:55:01.0161 0948  Scan started
10:55:01.0161 0948  Mode: Manual; 
10:55:01.0161 0948  ============================================================
10:55:02.0086 0948  ================ Scan system memory ========================
10:55:02.0086 0948  System memory - ok
10:55:02.0087 0948  ================ Scan services =============================
10:55:02.0207 0948  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:55:02.0209 0948  1394ohci - ok
10:55:02.0256 0948  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:55:02.0259 0948  ACPI - ok
10:55:02.0274 0948  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:55:02.0274 0948  AcpiPmi - ok
10:55:02.0355 0948  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:55:02.0356 0948  AdobeARMservice - ok
10:55:02.0451 0948  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:55:02.0453 0948  AdobeFlashPlayerUpdateSvc - ok
10:55:02.0496 0948  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
10:55:02.0500 0948  adp94xx - ok
10:55:02.0530 0948  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
10:55:02.0533 0948  adpahci - ok
10:55:02.0550 0948  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
10:55:02.0552 0948  adpu320 - ok
10:55:02.0576 0948  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:55:02.0577 0948  AeLookupSvc - ok
10:55:02.0629 0948  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
10:55:02.0634 0948  AFD - ok
10:55:02.0658 0948  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
10:55:02.0659 0948  agp440 - ok
10:55:02.0675 0948  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
10:55:02.0676 0948  ALG - ok
10:55:02.0702 0948  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:55:02.0703 0948  aliide - ok
10:55:02.0742 0948  [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:55:02.0745 0948  AMD External Events Utility - ok
10:55:02.0765 0948  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
10:55:02.0765 0948  amdide - ok
10:55:02.0792 0948  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
10:55:02.0793 0948  AmdK8 - ok
10:55:03.0022 0948  [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
10:55:03.0062 0948  amdkmdag - ok
10:55:03.0081 0948  [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
10:55:03.0082 0948  amdkmdap - ok
10:55:03.0097 0948  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
10:55:03.0097 0948  AmdPPM - ok
10:55:03.0137 0948  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:55:03.0138 0948  amdsata - ok
10:55:03.0150 0948  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
10:55:03.0152 0948  amdsbs - ok
10:55:03.0172 0948  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:55:03.0173 0948  amdxata - ok
10:55:03.0207 0948  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
10:55:03.0208 0948  AppID - ok
10:55:03.0228 0948  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:55:03.0230 0948  AppIDSvc - ok
10:55:03.0249 0948  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
10:55:03.0250 0948  Appinfo - ok
10:55:03.0278 0948  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
10:55:03.0280 0948  AppMgmt - ok
10:55:03.0303 0948  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
10:55:03.0305 0948  arc - ok
10:55:03.0320 0948  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
10:55:03.0321 0948  arcsas - ok
10:55:03.0368 0948  aspnet_state - ok
10:55:03.0395 0948  [ B9DA213B5271DB5FCE962D827E6D620D ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
10:55:03.0396 0948  aswFsBlk - ok
10:55:03.0437 0948  [ 21C9835D0E5AD2FF0F16134BCB32CC71 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
10:55:03.0438 0948  aswMonFlt - ok
10:55:03.0477 0948  [ 1B96A5867ABD4FA6135D8298FCCCF9C6 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
10:55:03.0478 0948  aswRdr - ok
10:55:03.0503 0948  [ 6E98BB288696777A3A8A07A52B0EAEE9 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
10:55:03.0510 0948  aswSnx - ok
10:55:03.0528 0948  [ D9FB49F16E4EB02EFECAE8CBFE4BCB4C ] aswSP           C:\Windows\system32\drivers\aswSP.sys
10:55:03.0531 0948  aswSP - ok
10:55:03.0559 0948  [ 7352BB9A564B94BBD7C9CBF165F55006 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
10:55:03.0560 0948  aswTdi - ok
10:55:03.0582 0948  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:55:03.0582 0948  AsyncMac - ok
10:55:03.0609 0948  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
10:55:03.0610 0948  atapi - ok
10:55:03.0663 0948  [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
10:55:03.0664 0948  AtiHDAudioService - ok
10:55:03.0709 0948  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:55:03.0715 0948  AudioEndpointBuilder - ok
10:55:03.0734 0948  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:55:03.0740 0948  AudioSrv - ok
10:55:03.0800 0948  [ 4041D31508A2A084DFB42C595854090F ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:55:03.0801 0948  avast! Antivirus - ok
10:55:03.0836 0948  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:55:03.0837 0948  AxInstSV - ok
10:55:03.0873 0948  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
10:55:03.0877 0948  b06bdrv - ok
10:55:03.0899 0948  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:55:03.0902 0948  b57nd60a - ok
10:55:03.0940 0948  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:55:03.0942 0948  BDESVC - ok
10:55:03.0950 0948  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:55:03.0950 0948  Beep - ok
10:55:03.0969 0948  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:55:03.0970 0948  blbdrive - ok
10:55:03.0993 0948  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:55:03.0994 0948  bowser - ok
10:55:04.0010 0948  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:55:04.0011 0948  BrFiltLo - ok
10:55:04.0026 0948  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:55:04.0027 0948  BrFiltUp - ok
10:55:04.0050 0948  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
10:55:04.0052 0948  Browser - ok
10:55:04.0072 0948  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:55:04.0075 0948  Brserid - ok
10:55:04.0088 0948  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:55:04.0089 0948  BrSerWdm - ok
10:55:04.0102 0948  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:55:04.0103 0948  BrUsbMdm - ok
10:55:04.0110 0948  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:55:04.0111 0948  BrUsbSer - ok
10:55:04.0123 0948  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
10:55:04.0124 0948  BTHMODEM - ok
10:55:04.0158 0948  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
10:55:04.0159 0948  bthserv - ok
10:55:04.0194 0948  [ 55913573C41CF091F93A1AC07965EA7E ] busenum         C:\Windows\system32\DRIVERS\SteelBus64.sys
10:55:04.0195 0948  busenum - ok
10:55:04.0208 0948  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:55:04.0209 0948  cdfs - ok
10:55:04.0251 0948  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:55:04.0253 0948  cdrom - ok
10:55:04.0287 0948  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
10:55:04.0289 0948  CertPropSvc - ok
10:55:04.0312 0948  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
10:55:04.0313 0948  circlass - ok
10:55:04.0345 0948  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
10:55:04.0349 0948  CLFS - ok
10:55:04.0382 0948  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:55:04.0383 0948  clr_optimization_v2.0.50727_32 - ok
10:55:04.0427 0948  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:55:04.0428 0948  clr_optimization_v2.0.50727_64 - ok
10:55:04.0486 0948  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:55:04.0488 0948  clr_optimization_v4.0.30319_32 - ok
10:55:04.0534 0948  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:55:04.0536 0948  clr_optimization_v4.0.30319_64 - ok
10:55:04.0567 0948  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:55:04.0568 0948  CmBatt - ok
10:55:04.0592 0948  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:55:04.0592 0948  cmdide - ok
10:55:04.0634 0948  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
10:55:04.0638 0948  CNG - ok
10:55:04.0673 0948  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
10:55:04.0674 0948  Compbatt - ok
10:55:04.0771 0948  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
10:55:04.0772 0948  CompositeBus - ok
10:55:04.0799 0948  COMSysApp - ok
10:55:04.0811 0948  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
10:55:04.0812 0948  crcdisk - ok
10:55:04.0842 0948  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:55:04.0844 0948  CryptSvc - ok
10:55:04.0874 0948  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
10:55:04.0879 0948  CSC - ok
10:55:04.0917 0948  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
10:55:04.0923 0948  CscService - ok
10:55:04.0959 0948  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:55:04.0967 0948  DcomLaunch - ok
10:55:04.0992 0948  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
10:55:04.0996 0948  defragsvc - ok
10:55:05.0020 0948  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:55:05.0021 0948  DfsC - ok
10:55:05.0044 0948  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:55:05.0048 0948  Dhcp - ok
10:55:05.0078 0948  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
10:55:05.0079 0948  discache - ok
10:55:05.0107 0948  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
10:55:05.0108 0948  Disk - ok
10:55:05.0133 0948  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:55:05.0136 0948  Dnscache - ok
10:55:05.0158 0948  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:55:05.0161 0948  dot3svc - ok
10:55:05.0177 0948  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
10:55:05.0180 0948  DPS - ok
10:55:05.0209 0948  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:55:05.0209 0948  drmkaud - ok
10:55:05.0243 0948  [ FB9BEF3401EE5ECC2603311B9C64F44A ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:55:05.0246 0948  dtsoftbus01 - ok
10:55:05.0282 0948  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:55:05.0290 0948  DXGKrnl - ok
10:55:05.0312 0948  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
10:55:05.0315 0948  EapHost - ok
10:55:05.0408 0948  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
10:55:05.0422 0948  ebdrv - ok
10:55:05.0451 0948  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
10:55:05.0453 0948  EFS - ok
10:55:05.0500 0948  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:55:05.0506 0948  ehRecvr - ok
10:55:05.0525 0948  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
10:55:05.0527 0948  ehSched - ok
10:55:05.0565 0948  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
10:55:05.0570 0948  elxstor - ok
10:55:05.0589 0948  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:55:05.0589 0948  ErrDev - ok
10:55:05.0615 0948  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
10:55:05.0619 0948  EventSystem - ok
10:55:05.0650 0948  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
10:55:05.0652 0948  exfat - ok
10:55:05.0669 0948  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:55:05.0671 0948  fastfat - ok
10:55:05.0722 0948  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
10:55:05.0729 0948  Fax - ok
10:55:05.0746 0948  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
10:55:05.0747 0948  fdc - ok
10:55:05.0765 0948  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
10:55:05.0767 0948  fdPHost - ok
10:55:05.0780 0948  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:55:05.0782 0948  FDResPub - ok
10:55:05.0808 0948  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:55:05.0809 0948  FileInfo - ok
10:55:05.0823 0948  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:55:05.0824 0948  Filetrace - ok
10:55:05.0852 0948  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:55:05.0853 0948  flpydisk - ok
10:55:05.0878 0948  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:55:05.0881 0948  FltMgr - ok
10:55:05.0919 0948  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
10:55:05.0929 0948  FontCache - ok
10:55:05.0974 0948  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:55:05.0975 0948  FontCache3.0.0.0 - ok
10:55:05.0992 0948  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:55:05.0993 0948  FsDepends - ok
10:55:06.0022 0948  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:55:06.0023 0948  Fs_Rec - ok
10:55:06.0043 0948  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:55:06.0045 0948  fvevol - ok
10:55:06.0062 0948  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
10:55:06.0063 0948  gagp30kx - ok
10:55:06.0095 0948  GEARAspiWDM - ok
10:55:06.0142 0948  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
10:55:06.0150 0948  gpsvc - ok
10:55:06.0236 0948  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:55:06.0237 0948  gupdate - ok
10:55:06.0252 0948  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:55:06.0253 0948  gupdatem - ok
10:55:06.0270 0948  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:55:06.0271 0948  hcw85cir - ok
10:55:06.0290 0948  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:55:06.0293 0948  HdAudAddService - ok
10:55:06.0331 0948  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
10:55:06.0333 0948  HDAudBus - ok
10:55:06.0346 0948  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
10:55:06.0347 0948  HidBatt - ok
10:55:06.0361 0948  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
10:55:06.0362 0948  HidBth - ok
10:55:06.0387 0948  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
10:55:06.0388 0948  HidIr - ok
10:55:06.0412 0948  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
10:55:06.0414 0948  hidserv - ok
10:55:06.0443 0948  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:55:06.0444 0948  HidUsb - ok
10:55:06.0475 0948  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:55:06.0478 0948  hkmsvc - ok
10:55:06.0499 0948  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:55:06.0503 0948  HomeGroupListener - ok
10:55:06.0530 0948  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:55:06.0535 0948  HomeGroupProvider - ok
10:55:06.0553 0948  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:55:06.0554 0948  HpSAMD - ok
10:55:06.0598 0948  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:55:06.0604 0948  HTTP - ok
10:55:06.0635 0948  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:55:06.0636 0948  hwpolicy - ok
10:55:06.0665 0948  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
10:55:06.0667 0948  i8042prt - ok
10:55:06.0688 0948  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:55:06.0692 0948  iaStorV - ok
10:55:06.0786 0948  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:55:06.0793 0948  idsvc - ok
10:55:06.0817 0948  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
10:55:06.0818 0948  iirsp - ok
10:55:06.0864 0948  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
10:55:06.0872 0948  IKEEXT - ok
10:55:06.0960 0948  [ 13089F31AA37CDE1CE3784EE01A48484 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:55:06.0974 0948  IntcAzAudAddService - ok
10:55:06.0989 0948  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
10:55:06.0990 0948  intelide - ok
10:55:07.0020 0948  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:55:07.0021 0948  intelppm - ok
10:55:07.0045 0948  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:55:07.0048 0948  IPBusEnum - ok
10:55:07.0070 0948  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:55:07.0072 0948  IpFilterDriver - ok
10:55:07.0099 0948  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:55:07.0100 0948  IPMIDRV - ok
10:55:07.0132 0948  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:55:07.0133 0948  IPNAT - ok
10:55:07.0149 0948  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:55:07.0150 0948  IRENUM - ok
10:55:07.0178 0948  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:55:07.0179 0948  isapnp - ok
10:55:07.0194 0948  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:55:07.0197 0948  iScsiPrt - ok
10:55:07.0210 0948  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:55:07.0212 0948  kbdclass - ok
10:55:07.0225 0948  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:55:07.0226 0948  kbdhid - ok
10:55:07.0234 0948  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
10:55:07.0237 0948  KeyIso - ok
10:55:07.0260 0948  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:55:07.0262 0948  KSecDD - ok
10:55:07.0272 0948  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:55:07.0274 0948  KSecPkg - ok
10:55:07.0290 0948  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:55:07.0291 0948  ksthunk - ok
10:55:07.0324 0948  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:55:07.0329 0948  KtmRm - ok
10:55:07.0364 0948  [ 86DCBF8A41C78561A1DA07AB5E7B1CCC ] LADF_DHP2       C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys
10:55:07.0366 0948  LADF_DHP2 - ok
10:55:07.0379 0948  [ 175C04C7813CE64616B5CB046E5E1383 ] LADF_SBVM       C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys
10:55:07.0382 0948  LADF_SBVM - ok
10:55:07.0415 0948  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:55:07.0420 0948  LanmanServer - ok
10:55:07.0447 0948  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:55:07.0452 0948  LanmanWorkstation - ok
10:55:07.0485 0948  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:55:07.0486 0948  lltdio - ok
10:55:07.0523 0948  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:55:07.0528 0948  lltdsvc - ok
10:55:07.0554 0948  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:55:07.0556 0948  lmhosts - ok
10:55:07.0577 0948  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
10:55:07.0578 0948  LSI_FC - ok
10:55:07.0602 0948  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
10:55:07.0603 0948  LSI_SAS - ok
10:55:07.0624 0948  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:55:07.0626 0948  LSI_SAS2 - ok
10:55:07.0639 0948  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:55:07.0641 0948  LSI_SCSI - ok
10:55:07.0655 0948  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
10:55:07.0656 0948  luafv - ok
10:55:07.0690 0948  [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
10:55:07.0690 0948  MBAMProtector - ok
10:55:07.0759 0948  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:55:07.0763 0948  MBAMScheduler - ok
10:55:07.0791 0948  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:55:07.0796 0948  MBAMService - ok
10:55:07.0813 0948  [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt          C:\Windows\system32\drivers\MBfilt64.sys
10:55:07.0814 0948  MBfilt - ok
10:55:07.0871 0948  [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
10:55:07.0874 0948  McComponentHostService - ok
10:55:07.0897 0948  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:55:07.0900 0948  Mcx2Svc - ok
10:55:07.0921 0948  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
10:55:07.0922 0948  megasas - ok
10:55:07.0949 0948  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
10:55:07.0952 0948  MegaSR - ok
10:55:07.0976 0948  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
10:55:07.0977 0948  MEIx64 - ok
10:55:07.0993 0948  [ D70476AD02D6FD75282B196D3B58831D ] MEMSWEEP2       C:\Windows\system32\E034.tmp
10:55:07.0995 0948  MEMSWEEP2 - ok
10:55:08.0014 0948  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
10:55:08.0017 0948  MMCSS - ok
10:55:08.0028 0948  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
10:55:08.0029 0948  Modem - ok
10:55:08.0050 0948  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:55:08.0051 0948  monitor - ok
10:55:08.0071 0948  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:55:08.0072 0948  mouclass - ok
10:55:08.0093 0948  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:55:08.0094 0948  mouhid - ok
10:55:08.0182 0948  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:55:08.0183 0948  mountmgr - ok
10:55:08.0264 0948  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:55:08.0265 0948  MozillaMaintenance - ok
10:55:08.0278 0948  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:55:08.0280 0948  mpio - ok
10:55:08.0292 0948  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:55:08.0293 0948  mpsdrv - ok
10:55:08.0316 0948  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:55:08.0318 0948  MRxDAV - ok
10:55:08.0343 0948  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:55:08.0345 0948  mrxsmb - ok
10:55:08.0367 0948  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:55:08.0370 0948  mrxsmb10 - ok
10:55:08.0384 0948  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:55:08.0386 0948  mrxsmb20 - ok
10:55:08.0398 0948  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:55:08.0399 0948  msahci - ok
10:55:08.0424 0948  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:55:08.0426 0948  msdsm - ok
10:55:08.0452 0948  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
10:55:08.0455 0948  MSDTC - ok
10:55:08.0478 0948  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:55:08.0479 0948  Msfs - ok
10:55:08.0495 0948  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:55:08.0496 0948  mshidkmdf - ok
10:55:08.0518 0948  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:55:08.0519 0948  msisadrv - ok
10:55:08.0539 0948  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:55:08.0542 0948  MSiSCSI - ok
10:55:08.0545 0948  msiserver - ok
10:55:08.0591 0948  [ 192476C10371DC83243D67432B2CDCBF ] MSI_MSIBIOS_010507 C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys
10:55:08.0592 0948  MSI_MSIBIOS_010507 - ok
10:55:08.0611 0948  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:55:08.0612 0948  MSKSSRV - ok
10:55:08.0620 0948  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:55:08.0621 0948  MSPCLOCK - ok
10:55:08.0632 0948  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:55:08.0633 0948  MSPQM - ok
10:55:08.0658 0948  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:55:08.0662 0948  MsRPC - ok
10:55:08.0691 0948  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
10:55:08.0692 0948  mssmbios - ok
10:55:08.0708 0948  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:55:08.0709 0948  MSTEE - ok
10:55:08.0721 0948  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
10:55:08.0722 0948  MTConfig - ok
10:55:08.0738 0948  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:55:08.0740 0948  Mup - ok
10:55:08.0773 0948  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
10:55:08.0780 0948  napagent - ok
10:55:08.0812 0948  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:55:08.0816 0948  NativeWifiP - ok
10:55:08.0871 0948  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:55:08.0879 0948  NDIS - ok
10:55:08.0898 0948  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:55:08.0899 0948  NdisCap - ok
10:55:08.0925 0948  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:55:08.0926 0948  NdisTapi - ok
10:55:08.0941 0948  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:55:08.0943 0948  Ndisuio - ok
10:55:08.0959 0948  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:55:08.0961 0948  NdisWan - ok
10:55:08.0989 0948  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:55:08.0991 0948  NDProxy - ok
10:55:09.0071 0948  [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
10:55:09.0079 0948  Nero BackItUp Scheduler 4.0 - ok
10:55:09.0097 0948  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:55:09.0098 0948  NetBIOS - ok
10:55:09.0118 0948  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:55:09.0121 0948  NetBT - ok
10:55:09.0141 0948  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
10:55:09.0144 0948  Netlogon - ok
10:55:09.0174 0948  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
10:55:09.0180 0948  Netman - ok
10:55:09.0215 0948  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:55:09.0217 0948  NetMsmqActivator - ok
10:55:09.0233 0948  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:55:09.0235 0948  NetPipeActivator - ok
10:55:09.0262 0948  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
10:55:09.0269 0948  netprofm - ok
10:55:09.0290 0948  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:55:09.0292 0948  NetTcpActivator - ok
10:55:09.0298 0948  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:55:09.0300 0948  NetTcpPortSharing - ok
10:55:09.0330 0948  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
10:55:09.0331 0948  nfrd960 - ok
10:55:09.0362 0948  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:55:09.0368 0948  NlaSvc - ok
10:55:09.0377 0948  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:55:09.0378 0948  Npfs - ok
10:55:09.0405 0948  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
10:55:09.0409 0948  nsi - ok
10:55:09.0416 0948  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:55:09.0417 0948  nsiproxy - ok
10:55:09.0472 0948  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:55:09.0484 0948  Ntfs - ok
10:55:09.0506 0948  [ 1B32C54B95121AB1683C7B83B2DB4B96 ] NTIOLib_1_0_4   C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys
10:55:09.0506 0948  NTIOLib_1_0_4 - ok
10:55:09.0518 0948  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
10:55:09.0519 0948  Null - ok
10:55:09.0541 0948  [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
10:55:09.0542 0948  nusb3hub - ok
10:55:09.0556 0948  [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:55:09.0558 0948  nusb3xhc - ok
10:55:09.0588 0948  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:55:09.0590 0948  nvraid - ok
10:55:09.0606 0948  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:55:09.0608 0948  nvstor - ok
10:55:09.0639 0948  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:55:09.0641 0948  nv_agp - ok
10:55:09.0654 0948  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:55:09.0655 0948  ohci1394 - ok
10:55:09.0689 0948  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:55:09.0695 0948  p2pimsvc - ok
10:55:09.0720 0948  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:55:09.0727 0948  p2psvc - ok
10:55:09.0751 0948  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
10:55:09.0753 0948  Parport - ok
10:55:09.0774 0948  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:55:09.0775 0948  partmgr - ok
10:55:09.0789 0948  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:55:09.0793 0948  PcaSvc - ok
10:55:09.0808 0948  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
10:55:09.0810 0948  pci - ok
10:55:09.0859 0948  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
10:55:09.0860 0948  pciide - ok
10:55:09.0881 0948  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
10:55:09.0884 0948  pcmcia - ok
10:55:09.0898 0948  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:55:09.0899 0948  pcw - ok
10:55:09.0919 0948  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:55:09.0925 0948  PEAUTH - ok
10:55:09.0966 0948  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
10:55:09.0979 0948  PeerDistSvc - ok
10:55:10.0038 0948  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:55:10.0041 0948  PerfHost - ok
10:55:10.0089 0948  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
10:55:10.0102 0948  pla - ok
10:55:10.0130 0948  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:55:10.0137 0948  PlugPlay - ok
10:55:10.0155 0948  PnkBstrA - ok
10:55:10.0168 0948  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:55:10.0172 0948  PNRPAutoReg - ok
10:55:10.0189 0948  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:55:10.0194 0948  PNRPsvc - ok
10:55:10.0218 0948  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:55:10.0224 0948  PolicyAgent - ok
10:55:10.0255 0948  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
10:55:10.0260 0948  Power - ok
10:55:10.0291 0948  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:55:10.0293 0948  PptpMiniport - ok
10:55:10.0323 0948  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
10:55:10.0325 0948  Processor - ok
10:55:10.0350 0948  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:55:10.0355 0948  ProfSvc - ok
10:55:10.0366 0948  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:55:10.0369 0948  ProtectedStorage - ok
10:55:10.0387 0948  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:55:10.0389 0948  Psched - ok
10:55:10.0439 0948  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
10:55:10.0451 0948  ql2300 - ok
10:55:10.0472 0948  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
10:55:10.0474 0948  ql40xx - ok
10:55:10.0497 0948  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
10:55:10.0503 0948  QWAVE - ok
10:55:10.0512 0948  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:55:10.0513 0948  QWAVEdrv - ok
10:55:10.0524 0948  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:55:10.0525 0948  RasAcd - ok
10:55:10.0546 0948  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:55:10.0547 0948  RasAgileVpn - ok
10:55:10.0560 0948  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
10:55:10.0564 0948  RasAuto - ok
10:55:10.0591 0948  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:55:10.0593 0948  Rasl2tp - ok
10:55:10.0616 0948  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
10:55:10.0622 0948  RasMan - ok
10:55:10.0644 0948  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:55:10.0646 0948  RasPppoe - ok
10:55:10.0668 0948  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:55:10.0669 0948  RasSstp - ok
10:55:10.0681 0948  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:55:10.0684 0948  rdbss - ok
10:55:10.0707 0948  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:55:10.0708 0948  rdpbus - ok
10:55:10.0722 0948  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:55:10.0723 0948  RDPCDD - ok
10:55:10.0747 0948  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
10:55:10.0749 0948  RDPDR - ok
10:55:10.0774 0948  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:55:10.0775 0948  RDPENCDD - ok
10:55:10.0783 0948  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:55:10.0784 0948  RDPREFMP - ok
10:55:10.0838 0948  [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:55:10.0839 0948  RdpVideoMiniport - ok
10:55:10.0863 0948  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:55:10.0866 0948  RDPWD - ok
10:55:10.0899 0948  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:55:10.0902 0948  rdyboost - ok
10:55:10.0930 0948  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:55:10.0933 0948  RemoteAccess - ok
10:55:10.0965 0948  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:55:10.0970 0948  RemoteRegistry - ok
10:55:10.0978 0948  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:55:10.0983 0948  RpcEptMapper - ok
10:55:10.0996 0948  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
10:55:10.0999 0948  RpcLocator - ok
10:55:11.0031 0948  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
10:55:11.0039 0948  RpcSs - ok
10:55:11.0065 0948  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:55:11.0066 0948  rspndr - ok
10:55:11.0107 0948  [ AFC12DFA4C7B089673AD67402CA19EDB ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
10:55:11.0111 0948  RTL8167 - ok
10:55:11.0132 0948  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
10:55:11.0133 0948  s3cap - ok
10:55:11.0165 0948  [ E13D43901EC079280A2A9BAD9A2CCDA7 ] SAlphamHid      C:\Windows\system32\DRIVERS\SAlpham64.sys
10:55:11.0166 0948  SAlphamHid - ok
10:55:11.0174 0948  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
10:55:11.0177 0948  SamSs - ok
10:55:11.0180 0948  SAVRKBootTasks - ok
10:55:11.0192 0948  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:55:11.0193 0948  sbp2port - ok
10:55:11.0220 0948  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:55:11.0225 0948  SCardSvr - ok
10:55:11.0250 0948  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:55:11.0251 0948  scfilter - ok
10:55:11.0290 0948  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
10:55:11.0302 0948  Schedule - ok
10:55:11.0325 0948  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:55:11.0327 0948  SCPolicySvc - ok
10:55:11.0348 0948  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:55:11.0353 0948  SDRSVC - ok
10:55:11.0376 0948  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:55:11.0377 0948  secdrv - ok
10:55:11.0389 0948  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
10:55:11.0393 0948  seclogon - ok
10:55:11.0418 0948  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
10:55:11.0423 0948  SENS - ok
10:55:11.0437 0948  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:55:11.0441 0948  SensrSvc - ok
10:55:11.0455 0948  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:55:11.0456 0948  Serenum - ok
10:55:11.0479 0948  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:55:11.0481 0948  Serial - ok
10:55:11.0512 0948  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
10:55:11.0513 0948  sermouse - ok
10:55:11.0537 0948  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:55:11.0542 0948  SessionEnv - ok
10:55:11.0559 0948  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:55:11.0560 0948  sffdisk - ok
10:55:11.0570 0948  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:55:11.0571 0948  sffp_mmc - ok
10:55:11.0583 0948  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:55:11.0584 0948  sffp_sd - ok
10:55:11.0604 0948  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
10:55:11.0605 0948  sfloppy - ok
10:55:11.0635 0948  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:55:11.0642 0948  ShellHWDetection - ok
10:55:11.0661 0948  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:55:11.0663 0948  SiSRaid2 - ok
10:55:11.0677 0948  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
10:55:11.0679 0948  SiSRaid4 - ok
10:55:11.0740 0948  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
10:55:11.0742 0948  SkypeUpdate - ok
10:55:11.0766 0948  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:55:11.0768 0948  Smb - ok
10:55:11.0800 0948  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:55:11.0804 0948  SNMPTRAP - ok
10:55:11.0880 0948  [ E9CBBDC94EECED8E96FC847AA48F597F ] Sony Ericsson PCCompanion C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
10:55:11.0882 0948  Sony Ericsson PCCompanion - ok
10:55:11.0897 0948  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:55:11.0898 0948  spldr - ok
10:55:11.0926 0948  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
10:55:11.0934 0948  Spooler - ok
10:55:12.0020 0948  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
10:55:12.0043 0948  sppsvc - ok
10:55:12.0067 0948  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:55:12.0069 0948  sppuinotify - ok
10:55:12.0101 0948  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:55:12.0105 0948  srv - ok
10:55:12.0117 0948  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:55:12.0121 0948  srv2 - ok
10:55:12.0137 0948  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:55:12.0138 0948  srvnet - ok
10:55:12.0173 0948  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:55:12.0179 0948  SSDPSRV - ok
10:55:12.0187 0948  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:55:12.0192 0948  SstpSvc - ok
10:55:12.0222 0948  Steam Client Service - ok
10:55:12.0245 0948  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
10:55:12.0246 0948  stexstor - ok
10:55:12.0285 0948  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
10:55:12.0294 0948  stisvc - ok
10:55:12.0320 0948  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
10:55:12.0321 0948  storflt - ok
10:55:12.0335 0948  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
10:55:12.0336 0948  storvsc - ok
10:55:12.0361 0948  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
10:55:12.0362 0948  swenum - ok
10:55:12.0391 0948  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
10:55:12.0399 0948  swprv - ok
10:55:12.0424 0948  Synth3dVsc - ok
10:55:12.0476 0948  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
10:55:12.0490 0948  SysMain - ok
10:55:12.0507 0948  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:55:12.0509 0948  TabletInputService - ok
10:55:12.0538 0948  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:55:12.0542 0948  TapiSrv - ok
10:55:12.0560 0948  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
10:55:12.0563 0948  TBS - ok
10:55:12.0624 0948  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:55:12.0638 0948  Tcpip - ok
10:55:12.0684 0948  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:55:12.0692 0948  TCPIP6 - ok
10:55:12.0708 0948  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:55:12.0709 0948  tcpipreg - ok
10:55:12.0727 0948  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:55:12.0727 0948  TDPIPE - ok
10:55:12.0749 0948  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:55:12.0750 0948  TDTCP - ok
10:55:12.0770 0948  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:55:12.0772 0948  tdx - ok
10:55:12.0806 0948  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
10:55:12.0808 0948  TermDD - ok
10:55:12.0842 0948  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
10:55:12.0851 0948  TermService - ok
10:55:12.0874 0948  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
10:55:12.0878 0948  Themes - ok
10:55:12.0895 0948  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
10:55:12.0898 0948  THREADORDER - ok
10:55:12.0907 0948  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
10:55:12.0912 0948  TrkWks - ok
10:55:12.0941 0948  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:55:12.0943 0948  TrustedInstaller - ok
10:55:12.0964 0948  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:55:12.0965 0948  tssecsrv - ok
10:55:12.0978 0948  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:55:12.0979 0948  TsUsbFlt - ok
10:55:12.0981 0948  tsusbhub - ok
10:55:13.0014 0948  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:55:13.0016 0948  tunnel - ok
10:55:13.0032 0948  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
10:55:13.0033 0948  uagp35 - ok
10:55:13.0050 0948  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:55:13.0053 0948  udfs - ok
10:55:13.0073 0948  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:55:13.0077 0948  UI0Detect - ok
10:55:13.0090 0948  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:55:13.0091 0948  uliagpkx - ok
10:55:13.0119 0948  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:55:13.0120 0948  umbus - ok
10:55:13.0137 0948  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
10:55:13.0138 0948  UmPass - ok
10:55:13.0157 0948  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
10:55:13.0162 0948  UmRdpService - ok
10:55:13.0181 0948  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
10:55:13.0187 0948  upnphost - ok
10:55:13.0209 0948  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
10:55:13.0210 0948  usbaudio - ok
10:55:13.0232 0948  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:55:13.0233 0948  usbccgp - ok
10:55:13.0259 0948  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:55:13.0260 0948  usbcir - ok
10:55:13.0271 0948  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
10:55:13.0273 0948  usbehci - ok
10:55:13.0300 0948  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:55:13.0303 0948  usbhub - ok
10:55:13.0315 0948  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:55:13.0316 0948  usbohci - ok
10:55:13.0340 0948  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:55:13.0341 0948  usbprint - ok
10:55:13.0366 0948  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
10:55:13.0367 0948  usbscan - ok
10:55:13.0384 0948  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:55:13.0386 0948  USBSTOR - ok
10:55:13.0396 0948  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
10:55:13.0397 0948  usbuhci - ok
10:55:13.0419 0948  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
10:55:13.0424 0948  UxSms - ok
10:55:13.0431 0948  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
10:55:13.0433 0948  VaultSvc - ok
10:55:13.0454 0948  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:55:13.0455 0948  vdrvroot - ok
10:55:13.0491 0948  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
10:55:13.0498 0948  vds - ok
10:55:13.0529 0948  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:55:13.0530 0948  vga - ok
10:55:13.0541 0948  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:55:13.0542 0948  VgaSave - ok
10:55:13.0556 0948  VGPU - ok
10:55:13.0582 0948  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:55:13.0584 0948  vhdmp - ok
10:55:13.0605 0948  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:55:13.0606 0948  viaide - ok
10:55:13.0634 0948  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
10:55:13.0637 0948  vmbus - ok
10:55:13.0655 0948  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
10:55:13.0656 0948  VMBusHID - ok
10:55:13.0678 0948  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:55:13.0680 0948  volmgr - ok
10:55:13.0710 0948  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:55:13.0713 0948  volmgrx - ok
10:55:13.0736 0948  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:55:13.0739 0948  volsnap - ok
10:55:13.0775 0948  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
10:55:13.0777 0948  vsmraid - ok
10:55:13.0825 0948  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
10:55:13.0838 0948  VSS - ok
10:55:13.0844 0948  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
10:55:13.0845 0948  vwifibus - ok
10:55:13.0876 0948  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
10:55:13.0884 0948  W32Time - ok
10:55:13.0897 0948  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
10:55:13.0898 0948  WacomPen - ok
10:55:13.0934 0948  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:55:13.0935 0948  WANARP - ok
10:55:13.0945 0948  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:55:13.0946 0948  Wanarpv6 - ok
10:55:13.0997 0948  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
10:55:14.0013 0948  wbengine - ok
10:55:14.0027 0948  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:55:14.0030 0948  WbioSrvc - ok
10:55:14.0060 0948  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:55:14.0067 0948  wcncsvc - ok
10:55:14.0076 0948  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:55:14.0080 0948  WcsPlugInService - ok
10:55:14.0103 0948  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
10:55:14.0104 0948  Wd - ok
10:55:14.0123 0948  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:55:14.0127 0948  Wdf01000 - ok
10:55:14.0136 0948  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:55:14.0140 0948  WdiServiceHost - ok
10:55:14.0153 0948  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:55:14.0157 0948  WdiSystemHost - ok
10:55:14.0176 0948  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
10:55:14.0181 0948  WebClient - ok
10:55:14.0197 0948  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:55:14.0202 0948  Wecsvc - ok
10:55:14.0214 0948  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:55:14.0218 0948  wercplsupport - ok
10:55:14.0233 0948  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:55:14.0237 0948  WerSvc - ok
10:55:14.0256 0948  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:55:14.0257 0948  WfpLwf - ok
10:55:14.0270 0948  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:55:14.0271 0948  WIMMount - ok
10:55:14.0276 0948  WinHttpAutoProxySvc - ok
10:55:14.0316 0948  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:55:14.0319 0948  Winmgmt - ok
10:55:14.0377 0948  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
10:55:14.0396 0948  WinRM - ok
10:55:14.0448 0948  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
10:55:14.0449 0948  WinUsb - ok
10:55:14.0486 0948  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:55:14.0497 0948  Wlansvc - ok
10:55:14.0607 0948  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:55:14.0621 0948  wlidsvc - ok
10:55:14.0643 0948  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:55:14.0643 0948  WmiAcpi - ok
10:55:14.0671 0948  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:55:14.0672 0948  wmiApSrv - ok
10:55:14.0689 0948  WMPNetworkSvc - ok
10:55:14.0713 0948  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:55:14.0718 0948  WPCSvc - ok
10:55:14.0736 0948  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:55:14.0740 0948  WPDBusEnum - ok
10:55:14.0763 0948  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:55:14.0764 0948  ws2ifsl - ok
10:55:14.0767 0948  WSearch - ok
10:55:14.0789 0948  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:55:14.0790 0948  WudfPf - ok
10:55:14.0819 0948  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:55:14.0821 0948  WUDFRd - ok
10:55:14.0835 0948  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:55:14.0839 0948  wudfsvc - ok
10:55:14.0857 0948  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:55:14.0861 0948  WwanSvc - ok
10:55:14.0896 0948  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
10:55:14.0897 0948  xusb21 - ok
10:55:14.0909 0948  ================ Scan global ===============================
10:55:14.0927 0948  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:55:14.0950 0948  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:55:14.0967 0948  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
10:55:14.0994 0948  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:55:15.0022 0948  [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
10:55:15.0029 0948  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
10:55:15.0029 0948  C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
10:55:15.0029 0948  ================ Scan MBR ==================================
10:55:15.0056 0948  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:55:15.0211 0948  \Device\Harddisk0\DR0 - ok
10:55:15.0215 0948  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
10:55:15.0341 0948  \Device\Harddisk1\DR1 - ok
10:55:15.0342 0948  ================ Scan VBR ==================================
10:55:15.0366 0948  [ D5D9E334525B81E06E54CE9C022984D9 ] \Device\Harddisk0\DR0\Partition1
10:55:15.0367 0948  \Device\Harddisk0\DR0\Partition1 - ok
10:55:15.0385 0948  [ AA0BF0CFFE9D883A3C3E47C40E74BC8E ] \Device\Harddisk0\DR0\Partition2
10:55:15.0387 0948  \Device\Harddisk0\DR0\Partition2 - ok
10:55:15.0405 0948  [ 78110A215898813A177283011549D486 ] \Device\Harddisk0\DR0\Partition3
10:55:15.0406 0948  \Device\Harddisk0\DR0\Partition3 - ok
10:55:15.0410 0948  [ 62A173D3EDF59699C0C240B20AD6CB55 ] \Device\Harddisk1\DR1\Partition1
10:55:15.0413 0948  \Device\Harddisk1\DR1\Partition1 - ok
10:55:15.0414 0948  ============================================================
10:55:15.0414 0948  Scan finished
10:55:15.0414 0948  ============================================================
10:55:15.0422 4760  Detected object count: 1
10:55:15.0422 4760  Actual detected object count: 1
10:55:21.0608 4760  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - skipped by user
10:55:21.0608 4760  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Skip
         
Na das nenn ich mal Gedankenübertragung :P


Alt 09.11.2012, 11:05   #6
Psychotic
/// Malwareteam
 
Trojan.Droppper.BC.Miner + Rootkits - Standard

Trojan.Droppper.BC.Miner + Rootkits



Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> Trojan.Droppper.BC.Miner + Rootkits

Alt 09.11.2012, 11:38   #7
datk4lb
 
Trojan.Droppper.BC.Miner + Rootkits - Standard

Trojan.Droppper.BC.Miner + Rootkits



So Combofix ist fertig.

Code:
ATTFilter
ComboFix 12-11-09.02 - dome 09.11.2012  11:21:34.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.8163.6330 [GMT 1:00]
ausgeführt von:: c:\users\dome\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\@
c:\windows\Installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\L\00000004.@
c:\windows\Installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\U\00000004.@
c:\windows\Installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\U\00000008.@
c:\windows\Installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\U\000000cb.@
c:\windows\Installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\U\80000000.@
c:\windows\Installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\U\80000032.@
c:\windows\Installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}\U\80000064.@
c:\windows\IsUn0407.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
H:\install.exe
.
Infizierte Kopie von c:\windows\system32\services.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-09 bis 2012-11-09  ))))))))))))))))))))))))))))))
.
.
2012-11-09 09:40 . 2012-11-09 09:40	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-11-08 21:16 . 2012-11-08 21:16	--------	d-----w-	c:\users\dome\AppData\Roaming\Malwarebytes
2012-11-08 21:15 . 2012-11-08 21:15	--------	d-----w-	c:\programdata\Malwarebytes
2012-11-08 21:15 . 2012-11-08 21:15	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-08 21:15 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-08 18:22 . 2012-11-08 18:22	--------	d-sh--w-	c:\windows\SysWow64\%APPDATA%
2012-11-06 09:12 . 2012-10-12 07:19	9291768	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FFCC89B4-7D0E-4F35-B82C-BD180CA515AD}\mpengine.dll
2012-11-02 12:45 . 2012-11-02 12:45	--------	d-----w-	c:\program files (x86)\SR Squad Manager
2012-10-30 09:16 . 2012-10-30 09:16	--------	d-----w-	c:\users\dome\AppData\Local\Package Cache
2012-10-28 12:11 . 2012-10-28 12:11	289768	----a-w-	c:\windows\system32\javaws.exe
2012-10-28 12:11 . 2012-10-28 12:11	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-10-28 12:11 . 2012-10-28 12:11	189416	----a-w-	c:\windows\system32\javaw.exe
2012-10-28 12:11 . 2012-10-28 12:11	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-10-28 12:11 . 2012-10-28 12:11	188904	----a-w-	c:\windows\system32\java.exe
2012-10-28 12:07 . 2012-10-28 12:07	--------	d-----w-	c:\programdata\Ask
2012-10-28 12:06 . 2012-10-28 12:06	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-10-28 12:04 . 2012-10-28 12:04	--------	d-----w-	c:\program files (x86)\Helden-Software
2012-10-12 21:37 . 2012-10-12 21:37	--------	d-----w-	c:\program files (x86)\NVIDIA Corporation
2012-10-11 07:55 . 2012-10-11 07:55	--------	d-----w-	c:\program files (x86)\THQ
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-28 12:11 . 2011-07-25 21:30	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-10-08 19:26 . 2012-04-05 20:44	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 19:26 . 2011-07-25 15:48	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-04 18:58 . 2012-10-04 18:58	178800	----a-w-	c:\windows\SysWow64\CmdLineExt_x64.dll
2012-08-24 11:15 . 2012-09-22 12:46	17810944	----a-w-	c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 12:46	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 12:46	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 12:46	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 12:46	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 12:46	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 12:46	237056	----a-w-	c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 12:46	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 12:46	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 12:46	816640	----a-w-	c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 12:46	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 12:46	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 12:46	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 12:46	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 12:46	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 12:46	248320	----a-w-	c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 12:46	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 12:46	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 12:46	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 12:46	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 12:46	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 12:46	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 13:51	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 13:51	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 13:51	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 13:51	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 07:53	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-10 13:06	44032	----a-w-	c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files (x86)\uTorrentBar_DE\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
2011-05-09 09:49	176936	----a-w-	c:\program files (x86)\uTorrentBar_DE\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-08-10 22:54	194928	----a-w-	c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files (x86)\uTorrentBar_DE\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-08-01 124480]
"Steam"="d:\program files (x86)\Steam\Steam.exe" [2012-08-06 1353080]
"Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2010-08-02 402944]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-10-30 963984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"Logitech G35"="c:\program files (x86)\Logitech\G35\G35.exe" [2010-10-05 1811800]
"Live Update 5"="c:\program files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe" [2012-01-30 315392]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"Philips Device Listener"="c:\program files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2012-06-23 380416]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-09-06 413696]
.
c:\users\dome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-8-10 0]
Logitech blank Produktregistrierung.lnk - c:\program files (x86)\Logitech\G35\eReg.exe [2008-2-13 493832]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\E034.tmp [2010-05-26 6144]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-06-08 153808]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-25 254528]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 69976]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys [2012-01-20 106496]
S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys [2010-09-29 62168]
S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys [2010-09-29 377176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [2010-05-10 33592]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys [2012-01-20 34944]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:26]
.
2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-04 09:38]
.
2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-04 09:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15	135408	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-17 6602856]
"SteelSeries Engine"="c:\program files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" [2012-01-20 227328]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = hxxp://search.chatzum.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{22C4C66D-6ECE-4231-B3E8-4F8D9D78DB66}: NameServer = 195.50.140.246 195.50.140.180
FF - ProfilePath - c:\users\dome\AppData\Roaming\Mozilla\Firefox\Profiles\34ry4oxj.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://utils.chatzum.com/?url=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extentions.y2layers.installId - c5c0669b-6248-43fb-87bd-8c6791d7aeb3
FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,buzzdock,YontooNewOffers
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - c:\program files (x86)\ChatZum Toolbar\tbunsoDFA0.tmp\tbcore3.dll
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKLM-Run-Super-Charger - c:\program files (x86)\MSI\Super-Charger\StartSuperCharger.exe
WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-ChatZum Toolbar - c:\program files (x86)\ChatZum Toolbar\tbunsoDFA0.tmp\uninstaller.exe
AddRemove-PunkBusterSvc - e:\bf3\Battlefield 3\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\E034.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-161220022-3051712212-4226366938-1000\Software\G*e*n*i*e*"!\FM Genie Scout 12]
"GameDir"="c:\\Users\\dome\\Documents\\Sports Interactive\\Football Manager 2012\\games"
"ShortlistDir"="c:\\Users\\dome\\Documents\\Sports Interactive\\Football Manager 2012\\shortlists"
"FMPath"=""
"ScreenshotsDir"="c:\\Users\\dome\\Documents\\Sports Interactive\\Football Manager 2012"
"SaveDir"="c:\\Users\\dome\\Documents\\Sports Interactive\\Football Manager 2012\\"
"HistoryDir"="c:\\FM Genie Scout 12\\History Points"
"LangDB"="c:\\FM Genie Scout 12\\lang_db.dat"
"LastSaveGame"=""
"Language"="German"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000032
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009fe2
"VersionOf201"=dword:0000007b
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"ShowGuidNotification"=dword:00000000
"ShowDonateNotification"=dword:00000000
"Version"=dword:000000cc
"UniqueID"="56-A5B0-E22F"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000004
"StaffSearchFeatureNum"=dword:00000000
"ClubSearchFeatureNum"=dword:00000003
"FilterByClubFeatureNum"=dword:00000004
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000006
"HintsFeatureNum"=dword:00000000
"GenieReportFeatureNum"=dword:00000002
"TopFormationFeatureNum"=dword:00000002
"ScreenshotFeatureNum"=dword:00000000
"AdClicksNum"=dword:00000000
"AdImpressionsNum"=dword:00000020
"GameLoadedCounter"=dword:00000007
.
[HKEY_USERS\S-1-5-21-161220022-3051712212-4226366938-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-161220022-3051712212-4226366938-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-161220022-3051712212-4226366938-1000\Software\SecuROM\License information*]
"datasecu"=hex:46,e2,c8,a6,e8,a9,0b,8c,80,bf,bf,1f,7c,f8,a5,c8,7c,dd,95,df,13,
   d3,4b,0c,85,db,96,e5,46,72,29,d1,4e,c1,41,ca,fc,6e,6e,69,b0,be,94,2f,53,dc,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\MSI\Live Update 5\LU5.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-11-09  11:36:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-11-09 10:36
.
Vor Suchlauf: 4.809.953.280 Bytes frei
Nach Suchlauf: 6.329.303.040 Bytes frei
.
- - End Of File - - 1BA4FCF8545935E5673DD0AC64F17D7F
         

Alt 09.11.2012, 11:49   #8
Psychotic
/// Malwareteam
 
Trojan.Droppper.BC.Miner + Rootkits - Standard

Trojan.Droppper.BC.Miner + Rootkits



Schritt 1: Software deinstallieren



  • Klicke Start-->Systemsteuerung.
  • Öffne Programme und Funktionen.
  • Suche und deinstalliere folgende Einträge:
    Zitat:
    uTorrent
    uTorrentBar
    Yontoo
    Ask Toolbar
    McAfee Security Scan Plus
  • Schließe das Fenster.




Schritt 2: CF-Script



Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
FOLDER::
c:\windows\Installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}
DDS::
mStart Page = hxxp://search.chatzum.com/
FIREFOX::
FF - ProfilePath - c:\users\dome\AppData\Roaming\Mozilla\Firefox\Profiles\34ry4oxj.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - user.js: extentions.y2layers.installId - c5c0669b-6248-43fb-87bd-8c6791d7aeb3
FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,buzzdock,YontooNewOffers
FF - user.js: extensions.autoDisableScopes - 14
REGISTRY::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
CLEARJAVACACHE::
         
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.



Schritt 3: Scan mit adwCleaner





Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 09.11.2012, 12:10   #9
datk4lb
 
Trojan.Droppper.BC.Miner + Rootkits - Standard

Trojan.Droppper.BC.Miner + Rootkits



So hier der Combofixlog:

Code:
ATTFilter
ComboFix 12-11-09.02 - dome 09.11.2012  12:00:29.2.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.8163.6207 [GMT 1:00]
ausgeführt von:: c:\users\dome\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\dome\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{be8e5ada-1a9b-1200-cc19-2a95d1b7b793}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-09 bis 2012-11-09  ))))))))))))))))))))))))))))))
.
.
2012-11-09 11:03 . 2012-11-09 11:03	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-09 11:01 . 2012-11-09 11:01	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FFCC89B4-7D0E-4F35-B82C-BD180CA515AD}\offreg.dll
2012-11-09 09:40 . 2012-11-09 09:40	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-11-08 21:16 . 2012-11-08 21:16	--------	d-----w-	c:\users\dome\AppData\Roaming\Malwarebytes
2012-11-08 21:15 . 2012-11-08 21:15	--------	d-----w-	c:\programdata\Malwarebytes
2012-11-08 21:15 . 2012-11-08 21:15	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-08 21:15 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-08 18:22 . 2012-11-08 18:22	--------	d-sh--w-	c:\windows\SysWow64\%APPDATA%
2012-11-06 09:12 . 2012-10-12 07:19	9291768	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FFCC89B4-7D0E-4F35-B82C-BD180CA515AD}\mpengine.dll
2012-11-02 12:45 . 2012-11-02 12:45	--------	d-----w-	c:\program files (x86)\SR Squad Manager
2012-10-30 09:16 . 2012-10-30 09:16	--------	d-----w-	c:\users\dome\AppData\Local\Package Cache
2012-10-28 12:11 . 2012-10-28 12:11	289768	----a-w-	c:\windows\system32\javaws.exe
2012-10-28 12:11 . 2012-10-28 12:11	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-10-28 12:11 . 2012-10-28 12:11	189416	----a-w-	c:\windows\system32\javaw.exe
2012-10-28 12:11 . 2012-10-28 12:11	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-10-28 12:11 . 2012-10-28 12:11	188904	----a-w-	c:\windows\system32\java.exe
2012-10-28 12:07 . 2012-10-28 12:07	--------	d-----w-	c:\programdata\Ask
2012-10-28 12:06 . 2012-10-28 12:06	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-10-28 12:04 . 2012-10-28 12:04	--------	d-----w-	c:\program files (x86)\Helden-Software
2012-10-12 21:37 . 2012-10-12 21:37	--------	d-----w-	c:\program files (x86)\NVIDIA Corporation
2012-10-11 07:55 . 2012-10-11 07:55	--------	d-----w-	c:\program files (x86)\THQ
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-28 12:11 . 2011-07-25 21:30	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-10-08 19:26 . 2012-04-05 20:44	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 19:26 . 2011-07-25 15:48	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-04 18:58 . 2012-10-04 18:58	178800	----a-w-	c:\windows\SysWow64\CmdLineExt_x64.dll
2012-08-24 11:15 . 2012-09-22 12:46	17810944	----a-w-	c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 12:46	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 12:46	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 12:46	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 12:46	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 12:46	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 12:46	237056	----a-w-	c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 12:46	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 12:46	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 12:46	816640	----a-w-	c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 12:46	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 12:46	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 12:46	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 12:46	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 12:46	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 12:46	248320	----a-w-	c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 12:46	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 12:46	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 12:46	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 12:46	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 12:46	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 12:46	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 13:51	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 13:51	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 13:51	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 13:51	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 07:53	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-10 13:06	44032	----a-w-	c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files (x86)\uTorrentBar_DE\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
2011-05-09 09:49	176936	----a-w-	c:\program files (x86)\uTorrentBar_DE\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files (x86)\uTorrentBar_DE\prxtbuTo0.dll" [2011-05-09 176936]
"{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}"= "c:\program files (x86)\ChatZum Toolbar\tbunsoDFA0.tmp\tbcore3.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_CLASSES_ROOT\clsid\{37d48d9c-3f7e-412f-b5bf-611be7ccfca1}]
[HKEY_CLASSES_ROOT\TBSB09850.TBSB09850.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB09850.TBSB09850]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-08-01 124480]
"Steam"="d:\program files (x86)\Steam\Steam.exe" [2012-08-06 1353080]
"Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2010-08-02 402944]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"Logitech G35"="c:\program files (x86)\Logitech\G35\G35.exe" [2010-10-05 1811800]
"Live Update 5"="c:\program files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe" [2012-01-30 315392]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"Philips Device Listener"="c:\program files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2012-06-23 380416]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-09-06 413696]
.
c:\users\dome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-8-10 0]
Logitech blank Produktregistrierung.lnk - c:\program files (x86)\Logitech\G35\eReg.exe [2008-2-13 493832]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\E034.tmp [2010-05-26 6144]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-06-08 153808]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-25 254528]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 69976]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys [2012-01-20 106496]
S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys [2010-09-29 62168]
S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys [2010-09-29 377176]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [2010-05-10 33592]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys [2012-01-20 34944]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:26]
.
2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-04 09:38]
.
2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-04 09:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15	135408	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-17 6602856]
"SteelSeries Engine"="c:\program files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" [2012-01-20 227328]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = hxxp://search.chatzum.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{22C4C66D-6ECE-4231-B3E8-4F8D9D78DB66}: NameServer = 195.50.140.246 195.50.140.180
FF - ProfilePath - c:\users\dome\AppData\Roaming\Mozilla\Firefox\Profiles\34ry4oxj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://utils.chatzum.com/?url=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-ChatZum Toolbar - c:\program files (x86)\ChatZum Toolbar\tbunsoDFA0.tmp\uninstaller.exe
AddRemove-PunkBusterSvc - e:\bf3\Battlefield 3\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\E034.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-161220022-3051712212-4226366938-1000\Software\G*e*n*i*e*"!\FM Genie Scout 12]
"GameDir"="c:\\Users\\dome\\Documents\\Sports Interactive\\Football Manager 2012\\games"
"ShortlistDir"="c:\\Users\\dome\\Documents\\Sports Interactive\\Football Manager 2012\\shortlists"
"FMPath"=""
"ScreenshotsDir"="c:\\Users\\dome\\Documents\\Sports Interactive\\Football Manager 2012"
"SaveDir"="c:\\Users\\dome\\Documents\\Sports Interactive\\Football Manager 2012\\"
"HistoryDir"="c:\\FM Genie Scout 12\\History Points"
"LangDB"="c:\\FM Genie Scout 12\\lang_db.dat"
"LastSaveGame"=""
"Language"="German"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000032
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009fe2
"VersionOf201"=dword:0000007b
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"ShowGuidNotification"=dword:00000000
"ShowDonateNotification"=dword:00000000
"Version"=dword:000000cc
"UniqueID"="56-A5B0-E22F"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000004
"StaffSearchFeatureNum"=dword:00000000
"ClubSearchFeatureNum"=dword:00000003
"FilterByClubFeatureNum"=dword:00000004
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000006
"HintsFeatureNum"=dword:00000000
"GenieReportFeatureNum"=dword:00000002
"TopFormationFeatureNum"=dword:00000002
"ScreenshotFeatureNum"=dword:00000000
"AdClicksNum"=dword:00000000
"AdImpressionsNum"=dword:00000020
"GameLoadedCounter"=dword:00000007
.
[HKEY_USERS\S-1-5-21-161220022-3051712212-4226366938-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-161220022-3051712212-4226366938-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-161220022-3051712212-4226366938-1000\Software\SecuROM\License information*]
"datasecu"=hex:46,e2,c8,a6,e8,a9,0b,8c,80,bf,bf,1f,7c,f8,a5,c8,7c,dd,95,df,13,
   d3,4b,0c,85,db,96,e5,46,72,29,d1,4e,c1,41,ca,fc,6e,6e,69,b0,be,94,2f,53,dc,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-09  12:06:45
ComboFix-quarantined-files.txt  2012-11-09 11:06
ComboFix2.txt  2012-11-09 10:36
.
Vor Suchlauf: 6.566.825.984 Bytes frei
Nach Suchlauf: 6.968.528.896 Bytes frei
.
- - End Of File - - D4030C4A90F16B5E168177870E9965CB
         
und hier ADWCleanerlog:

Code:
ATTFilter
# AdwCleaner v2.007 - Datei am 09/11/2012 um 12:08:45 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : dome - BITCH
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\dome\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Windows\SysWOW64\conduitEngine.tmp
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\Program Files (x86)\uTorrentBar_DE
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\Users\dome\AppData\Local\Conduit
Ordner Gefunden : C:\Users\dome\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\dome\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\dome\AppData\LocalLow\Toolbar4
Ordner Gefunden : C:\Users\dome\AppData\LocalLow\uTorrentBar_DE
Ordner Gefunden : C:\Users\dome\AppData\Roaming\Mozilla\Firefox\Profiles\34ry4oxj.default\ConduitCommon

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\uTorrentBar_DE
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\ChatZum Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\Software\ChatZum Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Schlüssel Gefunden : HKLM\Software\uTorrentBar_DE
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F088D26-D02C-495C-A455-98D62A30ACA3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBE6655B-9E49-468B-B496-48315365D729}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ChatZum Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_DE Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Schlüssel Gefunden : HKU\S-1-5-21-161220022-3051712212-4226366938-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gefunden : HKU\S-1-5-21-161220022-3051712212-4226366938-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.chatzum.com/
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.chatzum.com/

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Users\dome\AppData\Roaming\Mozilla\Firefox\Profiles\34ry4oxj.default\prefs.js

Gefunden : user_pref("CT2851647..clientLogIsEnabled", false);
Gefunden : user_pref("CT2851647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gefunden : user_pref("CT2851647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gefunden : user_pref("CT2851647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2851647.CTID", "CT2851647");
Gefunden : user_pref("CT2851647.CurrentServerDate", "25-7-2011");
Gefunden : user_pref("CT2851647.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2851647.DialogsGetterLastCheckTime", "Mon Jul 25 2011 16:32:07 GMT+0200");
Gefunden : user_pref("CT2851647.DownloadReferralCookieData", "");
Gefunden : user_pref("CT2851647.EMailNotifierPollDate", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gefunden : user_pref("CT2851647.FeedLastCount2532783744689806690", 139);
Gefunden : user_pref("CT2851647.FeedPollDate2429156812186649977", "Mon Jul 25 2011 16:32:06 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813040823546", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813130095866", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813224203613", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813230837251", "Mon Jul 25 2011 16:32:06 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813454291735", "Mon Jul 25 2011 16:32:06 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813729834876", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156813860870021", "Mon Jul 25 2011 16:32:06 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156814264681793", "Mon Jul 25 2011 16:32:06 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156814863075366", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gefunden : user_pref("CT2851647.FeedPollDate2429156815257761081", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gefunden : user_pref("CT2851647.FeedTTL2429156813040823546", 15);
Gefunden : user_pref("CT2851647.FeedTTL2429156813130095866", 10);
Gefunden : user_pref("CT2851647.FeedTTL2429156813454291735", 5);
Gefunden : user_pref("CT2851647.FeedTTL2429156814264681793", 5);
Gefunden : user_pref("CT2851647.FirstServerDate", "25-7-2011");
Gefunden : user_pref("CT2851647.FirstTime", true);
Gefunden : user_pref("CT2851647.FirstTimeFF3", true);
Gefunden : user_pref("CT2851647.FixPageNotFoundErrors", false);
Gefunden : user_pref("CT2851647.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2851647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2851647.HasUserGlobalKeys", true);
Gefunden : user_pref("CT2851647.Initialize", true);
Gefunden : user_pref("CT2851647.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2851647.InstallationAndCookieDataSentCount", 1);
Gefunden : user_pref("CT2851647.InstallationType", "UnknownIntegration");
Gefunden : user_pref("CT2851647.InstalledDate", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gefunden : user_pref("CT2851647.IsGrouping", false);
Gefunden : user_pref("CT2851647.IsInitSetupIni", true);
Gefunden : user_pref("CT2851647.IsMulticommunity", false);
Gefunden : user_pref("CT2851647.IsOpenThankYouPage", true);
Gefunden : user_pref("CT2851647.IsOpenUninstallPage", false);
Gefunden : user_pref("CT2851647.LanguagePackLastCheckTime", "Mon Jul 25 2011 16:32:07 GMT+0200");
Gefunden : user_pref("CT2851647.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2851647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2851647.LastLogin_3.5.0.12", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gefunden : user_pref("CT2851647.LatestVersion", "3.3.3.2");
Gefunden : user_pref("CT2851647.Locale", "de");
Gefunden : user_pref("CT2851647.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2851647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2851647.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2851647.MyStuffEnabledAtInstallation", true);
Gefunden : user_pref("CT2851647.OriginalFirstVersion", "3.5.0.12");
Gefunden : user_pref("CT2851647.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2851647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Gefunden : user_pref("CT2851647.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2851647.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2851647.SearchInNewTabLastCheckTime", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gefunden : user_pref("CT2851647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2851647.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gefunden : user_pref("CT2851647.SearchProtectorToolbarDisabled", true);
Gefunden : user_pref("CT2851647.ServiceMapLastCheckTime", "Mon Jul 25 2011 16:32:03 GMT+0200");
Gefunden : user_pref("CT2851647.SettingsLastCheckTime", "Mon Jul 25 2011 16:32:03 GMT+0200");
Gefunden : user_pref("CT2851647.SettingsLastUpdate", "1311168866");
Gefunden : user_pref("CT2851647.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2851647.ThirdPartyComponentsLastCheck", "Mon Jul 25 2011 16:32:03 GMT+0200");
Gefunden : user_pref("CT2851647.ThirdPartyComponentsLastUpdate", "1255344657");
Gefunden : user_pref("CT2851647.ToolbarShrinkedFromSetup", false);
Gefunden : user_pref("CT2851647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851647");
Gefunden : user_pref("CT2851647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gefunden : user_pref("CT2851647.UserID", "UN52651897385341616");
Gefunden : user_pref("CT2851647.WeatherNetwork", "");
Gefunden : user_pref("CT2851647.WeatherPollDate", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gefunden : user_pref("CT2851647.WeatherUnit", "C");
Gefunden : user_pref("CT2851647.alertChannelId", "1243681");
Gefunden : user_pref("CT2851647.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Gefunden : user_pref("CT2851647.components.1000034", false);
Gefunden : user_pref("CT2851647.components.1000234", false);
Gefunden : user_pref("CT2851647.components.129351532245432032", false);
Gefunden : user_pref("CT2851647.components.129351532245744535", false);
Gefunden : user_pref("CT2851647.components.129416031642500897", false);
Gefunden : user_pref("CT2851647.components.2532783744689806690", false);
Gefunden : user_pref("CT2851647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gefunden : user_pref("CT2851647.globalFirstTimeInfoLastCheckTime", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gefunden : user_pref("CT2851647.homepageProtectorEnableByLogin", true);
Gefunden : user_pref("CT2851647.initDone", true);
Gefunden : user_pref("CT2851647.isAppTrackingManagerOn", true);
Gefunden : user_pref("CT2851647.myStuffEnabled", true);
Gefunden : user_pref("CT2851647.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2851647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2851647.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2851647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2851647.searchProtectorDialogDelayInSec", 10);
Gefunden : user_pref("CT2851647.searchProtectorEnableByLogin", true);
Gefunden : user_pref("CT2851647.testingCtid", "");
Gefunden : user_pref("CT2851647.toolbarAppMetaDataLastCheckTime", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gefunden : user_pref("CT2851647.toolbarContextMenuLastCheckTime", "Mon Jul 25 2011 16:32:07 GMT+0200");
Gefunden : user_pref("CT2851647.usagesFlag", 2);
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1243681/1239354/DE", "\"0\"[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851647", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851647",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2851647&octid=[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Gefunden : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\dome\\AppData\\Roaming\\Mozilla\\Fi[...]
Gefunden : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12");
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "data:text/plain,keyword.URL=hxxp://de.se[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2851647");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2851647");
Gefunden : user_pref("CommunityToolbar.ToolbarsList4", "CT2851647");
Gefunden : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Jul 25 2011 16:32:06 GMT+0200");
Gefunden : user_pref("CommunityToolbar.globalUserId", "8039b80e-c71f-4395-97ef-76d5d2df4b4e");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jul 25 2011 16:32:0[...]
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Jul 25 2011 16:32:14 GMT+020[...]
Gefunden : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.locale", "en");
Gefunden : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gefunden : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");
Gefunden : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.notifications.userId", "05cf1917-110a-40e8-8559-270e1ac94e35");
Gefunden : user_pref("browser.newtab.url", "search.chatzum.com");
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("id_chatzum_installed_version", "1.0.17");
Gefunden : user_pref("id_chatzum_tabpage", "hxxp%3A//searchsafer.com/");
Gefunden : user_pref("keyword.URL", "hxxp://utils.chatzum.com/?url=");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\dome\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [23985 octets] - [09/11/2012 12:08:45]

########## EOF - C:\AdwCleaner[R1].txt - [24046 octets] ##########
         

Alt 09.11.2012, 12:15   #10
Psychotic
/// Malwareteam
 
Trojan.Droppper.BC.Miner + Rootkits - Standard

Trojan.Droppper.BC.Miner + Rootkits



Schritt 1: Fix mit adwCleaner


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



Schritt 2: OTL

  • Doppelklick auf die OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 09.11.2012, 12:37   #11
datk4lb
 
Trojan.Droppper.BC.Miner + Rootkits - Standard

Trojan.Droppper.BC.Miner + Rootkits



So hier die erneute ADWlog:

Code:
ATTFilter
# AdwCleaner v2.007 - Datei am 09/11/2012 um 12:20:58 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : dome - BITCH
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\dome\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Windows\SysWOW64\conduitEngine.tmp
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\uTorrentBar_DE
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\dome\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\dome\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\dome\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\dome\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\dome\AppData\LocalLow\uTorrentBar_DE
Ordner Gelöscht : C:\Users\dome\AppData\Roaming\Mozilla\Firefox\Profiles\34ry4oxj.default\ConduitCommon

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\uTorrentBar_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Schlüssel Gelöscht : HKLM\Software\uTorrentBar_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F088D26-D02C-495C-A455-98D62A30ACA3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBE6655B-9E49-468B-B496-48315365D729}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_DE Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Users\dome\AppData\Roaming\Mozilla\Firefox\Profiles\34ry4oxj.default\prefs.js

C:\Users\dome\AppData\Roaming\Mozilla\Firefox\Profiles\34ry4oxj.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT2851647..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2851647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2851647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2851647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2851647.CTID", "CT2851647");
Gelöscht : user_pref("CT2851647.CurrentServerDate", "25-7-2011");
Gelöscht : user_pref("CT2851647.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2851647.DialogsGetterLastCheckTime", "Mon Jul 25 2011 16:32:07 GMT+0200");
Gelöscht : user_pref("CT2851647.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2851647.EMailNotifierPollDate", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedLastCount2532783744689806690", 139);
Gelöscht : user_pref("CT2851647.FeedPollDate2429156812186649977", "Mon Jul 25 2011 16:32:06 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156813040823546", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156813130095866", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156813224203613", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156813230837251", "Mon Jul 25 2011 16:32:06 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156813454291735", "Mon Jul 25 2011 16:32:06 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156813729834876", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156813860870021", "Mon Jul 25 2011 16:32:06 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156814264681793", "Mon Jul 25 2011 16:32:06 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156814863075366", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedPollDate2429156815257761081", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gelöscht : user_pref("CT2851647.FeedTTL2429156813040823546", 15);
Gelöscht : user_pref("CT2851647.FeedTTL2429156813130095866", 10);
Gelöscht : user_pref("CT2851647.FeedTTL2429156813454291735", 5);
Gelöscht : user_pref("CT2851647.FeedTTL2429156814264681793", 5);
Gelöscht : user_pref("CT2851647.FirstServerDate", "25-7-2011");
Gelöscht : user_pref("CT2851647.FirstTime", true);
Gelöscht : user_pref("CT2851647.FirstTimeFF3", true);
Gelöscht : user_pref("CT2851647.FixPageNotFoundErrors", false);
Gelöscht : user_pref("CT2851647.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2851647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2851647.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2851647.Initialize", true);
Gelöscht : user_pref("CT2851647.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2851647.InstallationAndCookieDataSentCount", 1);
Gelöscht : user_pref("CT2851647.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2851647.InstalledDate", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gelöscht : user_pref("CT2851647.IsGrouping", false);
Gelöscht : user_pref("CT2851647.IsInitSetupIni", true);
Gelöscht : user_pref("CT2851647.IsMulticommunity", false);
Gelöscht : user_pref("CT2851647.IsOpenThankYouPage", true);
Gelöscht : user_pref("CT2851647.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2851647.LanguagePackLastCheckTime", "Mon Jul 25 2011 16:32:07 GMT+0200");
Gelöscht : user_pref("CT2851647.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2851647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2851647.LastLogin_3.5.0.12", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gelöscht : user_pref("CT2851647.LatestVersion", "3.3.3.2");
Gelöscht : user_pref("CT2851647.Locale", "de");
Gelöscht : user_pref("CT2851647.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2851647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2851647.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2851647.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2851647.OriginalFirstVersion", "3.5.0.12");
Gelöscht : user_pref("CT2851647.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2851647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Gelöscht : user_pref("CT2851647.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2851647.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2851647.SearchInNewTabLastCheckTime", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gelöscht : user_pref("CT2851647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2851647.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2851647.SearchProtectorToolbarDisabled", true);
Gelöscht : user_pref("CT2851647.ServiceMapLastCheckTime", "Mon Jul 25 2011 16:32:03 GMT+0200");
Gelöscht : user_pref("CT2851647.SettingsLastCheckTime", "Mon Jul 25 2011 16:32:03 GMT+0200");
Gelöscht : user_pref("CT2851647.SettingsLastUpdate", "1311168866");
Gelöscht : user_pref("CT2851647.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2851647.ThirdPartyComponentsLastCheck", "Mon Jul 25 2011 16:32:03 GMT+0200");
Gelöscht : user_pref("CT2851647.ThirdPartyComponentsLastUpdate", "1255344657");
Gelöscht : user_pref("CT2851647.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT2851647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851647");
Gelöscht : user_pref("CT2851647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2851647.UserID", "UN52651897385341616");
Gelöscht : user_pref("CT2851647.WeatherNetwork", "");
Gelöscht : user_pref("CT2851647.WeatherPollDate", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gelöscht : user_pref("CT2851647.WeatherUnit", "C");
Gelöscht : user_pref("CT2851647.alertChannelId", "1243681");
Gelöscht : user_pref("CT2851647.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Gelöscht : user_pref("CT2851647.components.1000034", false);
Gelöscht : user_pref("CT2851647.components.1000234", false);
Gelöscht : user_pref("CT2851647.components.129351532245432032", false);
Gelöscht : user_pref("CT2851647.components.129351532245744535", false);
Gelöscht : user_pref("CT2851647.components.129416031642500897", false);
Gelöscht : user_pref("CT2851647.components.2532783744689806690", false);
Gelöscht : user_pref("CT2851647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2851647.globalFirstTimeInfoLastCheckTime", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gelöscht : user_pref("CT2851647.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2851647.initDone", true);
Gelöscht : user_pref("CT2851647.isAppTrackingManagerOn", true);
Gelöscht : user_pref("CT2851647.myStuffEnabled", true);
Gelöscht : user_pref("CT2851647.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2851647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2851647.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2851647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2851647.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2851647.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2851647.testingCtid", "");
Gelöscht : user_pref("CT2851647.toolbarAppMetaDataLastCheckTime", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gelöscht : user_pref("CT2851647.toolbarContextMenuLastCheckTime", "Mon Jul 25 2011 16:32:07 GMT+0200");
Gelöscht : user_pref("CT2851647.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1243681/1239354/DE", "\"0\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851647", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851647",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2851647&octid=[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\dome\\AppData\\Roaming\\Mozilla\\Fi[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "data:text/plain,keyword.URL=hxxp://de.se[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2851647");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2851647");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2851647");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Jul 25 2011 16:32:06 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "8039b80e-c71f-4395-97ef-76d5d2df4b4e");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jul 25 2011 16:32:0[...]
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Jul 25 2011 16:32:14 GMT+020[...]
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Jul 25 2011 16:32:05 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "05cf1917-110a-40e8-8559-270e1ac94e35");
Gelöscht : user_pref("browser.newtab.url", "search.chatzum.com");
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("id_chatzum_installed_version", "1.0.17");
Gelöscht : user_pref("id_chatzum_tabpage", "hxxp%3A//searchsafer.com/");
Gelöscht : user_pref("keyword.URL", "hxxp://utils.chatzum.com/?url=");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\dome\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [24078 octets] - [09/11/2012 12:08:45]
AdwCleaner[S1].txt - [23476 octets] - [09/11/2012 12:20:58]

########## EOF - C:\AdwCleaner[S1].txt - [23537 octets] ##########
         
Hier OTL1:

Code:
ATTFilter
OTL logfile created on: 09.11.2012 12:29:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\dome\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,97 Gb Total Physical Memory | 5,75 Gb Available Physical Memory | 72,17% Memory free
15,94 Gb Paging File | 13,48 Gb Available in Paging File | 84,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 86,40 Gb Total Space | 6,60 Gb Free Space | 7,63% Space Free | Partition Type: NTFS
Drive D: | 73,24 Gb Total Space | 12,64 Gb Free Space | 17,26% Space Free | Partition Type: NTFS
Drive E: | 73,24 Gb Total Space | 48,39 Gb Free Space | 66,07% Space Free | Partition Type: NTFS
Drive F: | 6,90 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 931,51 Gb Total Space | 118,35 Gb Free Space | 12,70% Space Free | Partition Type: NTFS
 
Computer Name: BITCH | User Name: dome | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\dome\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
PRC - C:\Program Files (x86)\MSI\Live Update 5\LU5.exe (Micro-Star International)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))
PRC - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe ()
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe ()
MOD - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\MExplorer.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (busenum) -- C:\Windows\SysNative\drivers\SteelBus64.sys (SteelSeries Corporation)
DRV:64bit: - (SAlphamHid) -- C:\Windows\SysNative\drivers\SAlpham64.sys (SteelSeries Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (LADF_SBVM) -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys (Logitech)
DRV:64bit: - (LADF_DHP2) -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys (Logitech)
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\E034.tmp (Sophos Plc)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (GEARAspiWDM) -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (NTIOLib_1_0_4) -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys (MSI)
DRV - (SAVRKBootTasks) -- C:\Windows\SysWOW64\SAVRKBootTasks.sys (Sophos Plc)
DRV - (MSI_MSIBIOS_010507) -- C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys (Your Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 13 19 D2 D6 66 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{B7A63A07-C732-4FA5-ADE4-A03EF0983B4F}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=100A77E8-47D9-48FE-A858-2FAFD0ACFB36&apn_sauid=DF9929F8-081B-498F-B770-5D3B0564326D
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1426
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.3: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\dome\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.22 10:00:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 00:06:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.28 13:08:34 | 000,000,000 | ---D | M]
 
[2012.01.05 14:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dome\AppData\Roaming\mozilla\Extensions
[2012.01.05 14:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dome\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012.11.03 10:16:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dome\AppData\Roaming\mozilla\Firefox\Profiles\34ry4oxj.default\extensions
[2012.09.15 08:34:59 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\dome\AppData\Roaming\mozilla\Firefox\Profiles\34ry4oxj.default\extensions\ich@maltegoetz.de
[2012.11.03 10:16:02 | 000,530,388 | ---- | M] () (No name found) -- C:\Users\dome\AppData\Roaming\mozilla\firefox\profiles\34ry4oxj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.07.26 00:27:24 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\dome\AppData\Roaming\mozilla\firefox\profiles\34ry4oxj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.27 00:06:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.27 00:06:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2012.10.27 00:06:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.03.22 10:00:34 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.10.27 00:06:51 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.02.20 09:36:11 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.10 18:24:43 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.20 09:36:11 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.20 09:36:11 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.20 09:36:11 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.20 09:36:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2012.11.09 11:30:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SteelSeries Engine] C:\Programme\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe ()
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe ()
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe ()
O4 - HKCU..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\dome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\dome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Produktregistrierung.lnk = C:\Program Files (x86)\Logitech\G35\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Users\dome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22C4C66D-6ECE-4231-B3E8-4F8D9D78DB66}: NameServer = 195.50.140.246 195.50.140.180
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.08.31 08:39:28 | 008,110,472 | R--- | M] (Electronic Arts, Inc.) - F:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2012.09.05 04:18:38 | 000,000,000 | R--D | M] - F:\Autorun -- [ UDF ]
O32 - AutoRun File - [2012.08.31 08:41:57 | 000,048,902 | R--- | M] () - F:\Autorun.ico -- [ UDF ]
O32 - AutoRun File - [2012.09.05 04:18:36 | 000,000,124 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.09 12:27:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\dome\Desktop\OTL.exe
[2012.11.09 12:22:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.09 12:06:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.09 11:54:38 | 004,998,937 | R--- | C] (Swearware) -- C:\Users\dome\Desktop\ComboFix.exe
[2012.11.09 11:18:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.09 11:18:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.09 11:18:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.09 11:12:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.09 11:12:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.09 10:40:23 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.11.09 10:28:35 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\dome\Desktop\tdsskiller.exe
[2012.11.09 10:25:42 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\dome\Desktop\aswMBR.exe
[2012.11.08 22:16:29 | 000,000,000 | ---D | C] -- C:\Users\dome\AppData\Roaming\Malwarebytes
[2012.11.08 22:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.08 22:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.08 22:15:24 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.08 22:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.08 19:22:31 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012.11.06 16:34:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 13
[2012.11.05 18:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012.11.04 16:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Sports
[2012.11.02 13:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SR Squad Manager
[2012.11.02 13:45:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SR Squad Manager
[2012.10.30 10:16:39 | 000,000,000 | ---D | C] -- C:\Users\dome\AppData\Local\Package Cache
[2012.10.28 13:11:44 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.10.28 13:11:44 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.10.28 13:11:36 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.10.28 13:11:36 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.10.28 13:11:36 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012.10.28 13:06:55 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.10.28 13:04:24 | 000,000,000 | ---D | C] -- C:\Users\dome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Helden-Software
[2012.10.28 13:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Helden-Software
[2012.10.28 13:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Helden-Software
[2012.10.27 00:06:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.12 22:37:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.10.11 08:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2012.10.11 08:55:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2012.10.10 14:06:54 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.10.10 14:06:54 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.10.10 14:06:53 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.10.10 14:06:44 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.10.10 14:06:44 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.10.10 14:06:43 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.10.10 14:06:43 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.10.10 14:06:42 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.10.10 14:06:42 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.10.10 14:06:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.10.10 14:06:42 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.10.10 14:06:42 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.10.10 14:06:42 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.10.10 14:06:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.10.10 14:06:42 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 14:06:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.10.10 14:06:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 14:06:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 14:06:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 14:06:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 14:06:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 14:06:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 14:06:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 14:06:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 14:06:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 14:06:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 14:06:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 14:06:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 14:06:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 14:06:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 14:06:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 14:06:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 14:06:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 14:06:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 14:06:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 14:06:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 14:06:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 14:06:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 14:06:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 14:06:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 14:06:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 14:06:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 14:06:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 14:06:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 14:06:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 14:06:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 14:06:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 14:06:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 14:06:41 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 14:06:41 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 14:06:41 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 14:06:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 14:06:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 14:06:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 14:06:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 14:06:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 14:06:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 14:06:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 14:06:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 14:06:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 14:06:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 14:06:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 14:06:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 14:06:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 14:06:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 14:06:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 14:06:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 14:06:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 14:06:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 14:06:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 14:06:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 14:06:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.10.10 14:06:29 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.10.10 14:06:09 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.10.10 14:06:08 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.09 12:31:24 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.09 12:31:24 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.09 12:29:46 | 001,642,566 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.09 12:29:46 | 000,707,446 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.09 12:29:46 | 000,661,064 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.09 12:29:46 | 000,153,038 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.09 12:29:46 | 000,125,254 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.09 12:27:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dome\Desktop\OTL.exe
[2012.11.09 12:26:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.09 12:26:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.09 12:23:41 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.09 12:22:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.09 12:21:57 | 2124,791,807 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.09 12:08:04 | 000,541,569 | ---- | M] () -- C:\Users\dome\Desktop\adwcleaner.exe
[2012.11.09 11:55:00 | 004,998,937 | R--- | M] (Swearware) -- C:\Users\dome\Desktop\ComboFix.exe
[2012.11.09 11:30:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.11.09 10:39:19 | 000,000,512 | ---- | M] () -- C:\Users\dome\Desktop\MBR.dat
[2012.11.09 10:28:37 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\dome\Desktop\tdsskiller.exe
[2012.11.09 10:26:11 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\dome\Desktop\aswMBR.exe
[2012.11.09 10:25:05 | 000,000,168 | ---- | M] () -- C:\Users\dome\defogger_reenable
[2012.11.09 10:24:31 | 000,050,477 | ---- | M] () -- C:\Users\dome\Desktop\Defogger.exe
[2012.11.08 22:15:25 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.06 16:34:49 | 000,000,726 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 13.lnk
[2012.11.05 18:47:57 | 000,000,728 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.11.04 16:44:56 | 000,000,533 | ---- | M] () -- C:\Users\Public\Desktop\NBA 2K12.lnk
[2012.11.02 13:54:13 | 000,001,103 | ---- | M] () -- C:\Users\dome\AppData\Roaming\SquadManagerOptions.xml
[2012.11.02 13:45:03 | 000,002,595 | ---- | M] () -- C:\Users\Public\Desktop\SR Squad Manager.lnk
[2012.10.30 10:16:42 | 000,001,901 | ---- | M] () -- C:\Users\dome\Desktop\MechWarrior Online.lnk
[2012.10.28 13:12:12 | 000,000,285 | ---- | M] () -- C:\Users\dome\.dsa4.properties
[2012.10.28 13:11:29 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.10.28 13:11:29 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.10.28 13:11:29 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012.10.28 13:11:28 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.10.28 13:11:28 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.10.28 13:11:28 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.10.28 13:06:39 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.10.12 09:02:06 | 000,000,222 | ---- | M] () -- C:\Users\dome\Desktop\XCOM Enemy Unknown.url
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.09 12:08:01 | 000,541,569 | ---- | C] () -- C:\Users\dome\Desktop\adwcleaner.exe
[2012.11.09 11:18:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.09 11:18:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.09 11:18:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.09 11:18:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.09 11:18:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.09 10:39:19 | 000,000,512 | ---- | C] () -- C:\Users\dome\Desktop\MBR.dat
[2012.11.09 10:25:05 | 000,000,168 | ---- | C] () -- C:\Users\dome\defogger_reenable
[2012.11.09 10:24:30 | 000,050,477 | ---- | C] () -- C:\Users\dome\Desktop\Defogger.exe
[2012.11.08 22:15:25 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.06 16:34:49 | 000,000,726 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 13.lnk
[2012.11.05 18:47:42 | 000,000,728 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.11.04 16:44:56 | 000,000,533 | ---- | C] () -- C:\Users\Public\Desktop\NBA 2K12.lnk
[2012.11.02 13:45:03 | 000,002,595 | ---- | C] () -- C:\Users\Public\Desktop\SR Squad Manager.lnk
[2012.10.30 10:16:42 | 000,001,901 | ---- | C] () -- C:\Users\dome\Desktop\MechWarrior Online.lnk
[2012.10.12 09:02:06 | 000,000,222 | ---- | C] () -- C:\Users\dome\Desktop\XCOM Enemy Unknown.url
[2012.09.30 09:53:21 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2012.08.05 19:21:22 | 000,000,092 | ---- | C] () -- C:\Users\dome\AppData\Local\fusioncache.dat
[2012.07.04 17:53:38 | 000,000,531 | ---- | C] () -- C:\Windows\eReg.dat
[2012.04.10 18:48:28 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.04.03 21:57:39 | 000,003,937 | ---- | C] () -- C:\Users\dome\.heldEinstellungen4_1.xml
[2012.04.03 21:57:38 | 000,000,285 | ---- | C] () -- C:\Users\dome\.dsa4.properties
[2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.12.29 13:55:07 | 000,000,000 | ---- | C] () -- C:\Users\dome\AppData\Local\{1F866D96-11B0-4FE7-89EA-F8F0F714BCD4}
[2011.11.18 14:42:15 | 000,000,000 | ---- | C] () -- C:\Users\dome\AppData\Local\{581710D3-45DF-4CD5-9C6A-9CAF59E1FBE0}
[2011.10.28 10:28:32 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.10.28 10:28:29 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.20 22:26:22 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.08 17:25:19 | 000,001,103 | ---- | C] () -- C:\Users\dome\AppData\Roaming\SquadManagerOptions.xml
[2011.09.08 17:23:32 | 001,669,102 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.03 23:32:35 | 000,000,205 | ---- | C] () -- C:\Users\dome\AppData\Roaming\default.rss
[2011.07.25 14:50:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.07.25 14:47:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2012.11.06 00:01:51 | 000,001,830 | ---- | M] ()(C:\Windows\SysNative\???????????????????????????????????????????????????i????????????????????8???????????????????????????????????????°?????????8???-?????????????????J???????????????????????????????????????°?????????8???-??.lnk) -- C:\Windows\SysNative\㩈獜牥敩屮浡牥捩湡搠摡䅜敭楲慣慄⁤*敓獡湯㔠䅜敭楲慣慄⁤*㔰へ‴*牂楡獮䈠慲湩⁳湡⁤畁潴潭楢敬⹳癡i猀㈥愰摮㈥䄰瑵浯扯汩獥愮楶䜀ႚ쉅ᜂ樴㡥耀8Ѡ䆘߯䃈߯䛠߯៰Ѡ㧠߯⃠Ѡ꽈ѝ껠ѝꛀѝꤰѝꮠѝ䋐߯ᰀѠᤨѠ㶈߯ᏠѠ㯨߯䖨߯㱐߯∘Ѡ⊀ѠᬰѠᚸѠ᫈Ѡ⁸ѠឈѠ‐Ѡ䐈߯ᣀѠ↰Ѡ᩠ѠᡘѠ㢨߯ᜐ樴悆耀JѠ䆘߯䃈߯䛠߯៰Ѡ㧠߯⃠Ѡ꽈ѝ껠ѝꛀѝꤰѝꮠѝ䋐߯ᰀѠᤨѠ㶈߯ᏠѠ㯨߯䖨߯㱐߯∘Ѡ⊀ѠᬰѠᚸѠ᫈Ѡ⁸ѠឈѠ‐Ѡ䐈.lnk
[2012.11.06 00:01:51 | 000,001,830 | ---- | C] ()(C:\Windows\SysNative\???????????????????????????????????????????????????i????????????????????8???????????????????????????????????????°?????????8???-?????????????????J???????????????????????????????????????°?????????8???-??.lnk) -- C:\Windows\SysNative\㩈獜牥敩屮浡牥捩湡搠摡䅜敭楲慣慄⁤*敓獡湯㔠䅜敭楲慣慄⁤*㔰へ‴*牂楡獮䈠慲湩⁳湡⁤畁潴潭楢敬⹳癡i猀㈥愰摮㈥䄰瑵浯扯汩獥愮楶䜀ႚ쉅ᜂ樴㡥耀8Ѡ䆘߯䃈߯䛠߯៰Ѡ㧠߯⃠Ѡ꽈ѝ껠ѝꛀѝꤰѝꮠѝ䋐߯ᰀѠᤨѠ㶈߯ᏠѠ㯨߯䖨߯㱐߯∘Ѡ⊀ѠᬰѠᚸѠ᫈Ѡ⁸ѠឈѠ‐Ѡ䐈߯ᣀѠ↰Ѡ᩠ѠᡘѠ㢨߯ᜐ樴悆耀JѠ䆘߯䃈߯䛠߯៰Ѡ㧠߯⃠Ѡ꽈ѝ껠ѝꛀѝꤰѝꮠѝ䋐߯ᰀѠᤨѠ㶈߯ᏠѠ㯨߯䖨߯㱐߯∘Ѡ⊀ѠᬰѠᚸѠ᫈Ѡ⁸ѠឈѠ‐Ѡ䐈.lnk

< End of report >
         
Hier OTL2:

Code:
ATTFilter
OTL Extras logfile created on: 09.11.2012 12:29:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\dome\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,97 Gb Total Physical Memory | 5,75 Gb Available Physical Memory | 72,17% Memory free
15,94 Gb Paging File | 13,48 Gb Available in Paging File | 84,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 86,40 Gb Total Space | 6,60 Gb Free Space | 7,63% Space Free | Partition Type: NTFS
Drive D: | 73,24 Gb Total Space | 12,64 Gb Free Space | 17,26% Space Free | Partition Type: NTFS
Drive E: | 73,24 Gb Total Space | 48,39 Gb Free Space | 66,07% Space Free | Partition Type: NTFS
Drive F: | 6,90 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 931,51 Gb Total Space | 118,35 Gb Free Space | 12,70% Space Free | Partition Type: NTFS
 
Computer Name: BITCH | User Name: dome | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1A763B1F-E034-4D61-9BF4-1E3989582857}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{869F7E61-AA2D-4B7B-AE6A-463FFB0A4B2D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | 
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{1C167CC5-8176-4B6C-A10B-ADAA3B7FE507}C:\program files (x86)\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"UDP Query User{8363B301-1B22-4D5C-8934-408D30C4344C}C:\program files (x86)\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}" = Logitech G35
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"SteelSeries Engine" = SteelSeries Engine
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04E9B02B-4F85-4B73-B865-27B9B8B35877}" = NBA 2K12
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.7.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39930321-4C58-4B8B-BCBF-342698C9801D}" = Max Payne
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5C318BD3-BA72-43E4-9D16-A18210B4A5A5}" = Media Go
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9c5ea4f3-9ea7-4090-be3d-64df995bd61f}" = Nero 9 Essentials
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C93F8F79-128F-483E-93D9-A7744F8A66BD}_is1" = DS-Timer Version 1.0.0.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DE29025A-091F-4998-AD2D-24C84421190F}" = Railroad Tycoon 3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EE22C0A1-89C4-47EC-91EF-201B4F404757}" = SR Squad Manager
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.00.175
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F8511A0F-D91D-4E3D-A59C-3CA8FB8EAFE8}" = MechWarrior Online
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Close Combat The Longest Day5.50" = Close Combat The Longest Day
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dead.Island.Game.of.The.Year.Edition_is1" = Dead.Island.Game.of.The.Year.Edition
"Diablo III" = Diablo III
"EAX(tm) Unified (SHELL)" = EAX(tm) Unified (SHELL)
"ESN Sonar-0.70.3" = ESN Sonar
"ESN Sonar-0.70.4" = ESN Sonar
"Guild Wars 2" = Guild Wars 2
"IDroo" = IDroo 1.0.0.154
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"mIRC" = mIRC
"Mount&Blade" = Mount&Blade
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"OpenTTD" = OpenTTD 1.2.1
"Origin" = Origin
"Philips Songbird" = Philips Songbird
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"RollerCoaster Tycoon Setup" = Roll
"S2TNG" = Die Siedler II - Die nächste Generation
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 49520" = Borderlands 2
"Steam App 730" = Counter-Strike: Global Offensive
"Tony Hawks Pro Skater HD_is1" = Tony Hawks Pro Skater HD
"VLC media player" = VLC media player 2.0.2
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"xSIMS_Nude_Clothes_Females" = Sims 3 - Nude Clothes Females
"xSIMS_TS3_Fem_Micro_Bikini_01" = Sims 3 - Fem Micro Bikini 1
"xSIMS_TS3_Fem_Suspenders_Set_1_Bra_1" = Sims 3 - Fem Suspenders Set 1 - Bra 1
"xSIMS_TS3_G-String_Swaro_01" = Sims 3 - G-String Swaro 1
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{74d11f91-05cc-44f6-8e49-94fe7f33c79b}" = MechWarrior Online
"SOE-PlanetSide 2 Beta" = PlanetSide 2 Beta
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.09.2012 09:28:06 | Computer Name = bitch | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in  Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 30.09.2012 09:28:45 | Computer Name = bitch | Source = Application Error | ID = 1000
Error - 30.09.2012 09:28:48 | Computer Name = bitch | Source = Application Error
 | ID = 1000
 
Error - 30.09.2012 09:28:51 | Computer Name = bitch | Source = Application Error | ID = 1000
Error - 30.09.2012 09:28:53 | Computer Name = bitch | Source = Application Error
 | ID = 1000
 
Error - 30.09.2012 09:28:55 | Computer Name = bitch | Source = Application Error | ID = 1000
Error - 30.09.2012 09:29:18 | Computer Name = bitch | Source = Application Error
 | ID = 1000
 
Error - 30.09.2012 09:29:46 | Computer Name = bitch | Source = Application Error | ID = 1000
Error - 30.09.2012 09:31:07 | Computer Name = bitch | Source = Application Error
 | ID = 1000
 
Error - 30.09.2012 09:31:10 | Computer Name = bitch | Source = Application Error | ID = 1000
Error - 30.09.2012 09:31:32 | Computer Name = bitch | Source = Application Error
 | ID = 1000
 
Error - 30.09.2012 15:26:45 | Computer Name = bitch | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: demo32.exe, Version: 0.0.0.0, Zeitstempel:
 0x41783a3f  Name des fehlerhaften Moduls: demo32.exe, Version: 0.0.0.0, Zeitstempel:
 0x41783a3f  Ausnahmecode: 0xc0000006  Fehleroffset: 0x00040e66  ID des fehlerhaften Prozesses:
 0x440  Startzeit der fehlerhaften Anwendung: 0x01cd9f40f1490fe6  Pfad der fehlerhaften
 Anwendung: F:\demo32.exe  Pfad des fehlerhaften Moduls: F:\demo32.exe  Berichtskennung:
 c4d83cf5-0b34-11e2-b646-6c626d43c553
 
Error - 30.09.2012 15:26:46 | Computer Name = bitch | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
 werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
 gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern, oder
 der Datenträger fehlt.  Das Programm demo32.exe wurde wegen dieses Fehlers geschlossen.

Programm:
 demo32.exe  Datei:     Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1.
 Öffnen Sie die Datei erneut.  Diese Situation ist eventuell ein temporäres Problem,
 das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.  2.  Wenn
 Sie weiterhin nicht auf die Datei zugreifen können und   - diese sich im Netzwerk 
befindet,   dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
 besteht und dass eine Verbindung mit dem Server hergestellt werden kann.   - diese
 sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
 überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.  3. Überprüfen
 und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
 im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
 Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
 Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
 besteht.  5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
 werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
   Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, 
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.    Zusätzliche
 Daten  Fehlerwert: C0000013  Datenträgertyp: 0
 
Error - 30.09.2012 15:28:24 | Computer Name = bitch | Source = MsiInstaller | ID = 1013
Description = 
 
Error - 30.09.2012 15:35:10 | Computer Name = bitch | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Sony\Media Go\MediaGo.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files (x86)\Sony\Media Go\Sony.Mrs.MANIFEST" in Zeile  3.  Die im Manifest gefundene
 Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.  Verweis:
 Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0".  Definition:
 Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
[ System Events ]
Error - 09.11.2012 06:30:55 | Computer Name = bitch | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 09.11.2012 06:30:55 | Computer Name = bitch | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 09.11.2012 07:02:09 | Computer Name = bitch | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 09.11.2012 07:03:45 | Computer Name = bitch | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 09.11.2012 07:06:16 | Computer Name = bitch | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 09.11.2012 07:21:57 | Computer Name = bitch | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 09.11.2012 07:21:59 | Computer Name = bitch | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 09.11.2012 07:22:47 | Computer Name = bitch | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 MBAMScheduler erreicht.
 
Error - 09.11.2012 07:22:47 | Computer Name = bitch | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%1053
 
Error - 09.11.2012 07:24:04 | Computer Name = bitch | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SAVRKBootTasks
 
 
< End of report >
         
Also laut letztem Scan ist der Rechner wieder sauber.

Wenn es das soweit war, bedanke ich mich recht herzlich für die schnelle und vorallem gute Hilfe

Alt 12.11.2012, 07:14   #12
Psychotic
/// Malwareteam
 
Trojan.Droppper.BC.Miner + Rootkits - Standard

Trojan.Droppper.BC.Miner + Rootkits



Zitat:
Also laut letztem Scan ist der Rechner wieder sauber.
Was für ein Scan, bitte?
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 15.11.2012, 08:23   #13
Psychotic
/// Malwareteam
 
Trojan.Droppper.BC.Miner + Rootkits - Standard

Trojan.Droppper.BC.Miner + Rootkits



Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 19.11.2012, 13:30   #14
Psychotic
/// Malwareteam
 
Trojan.Droppper.BC.Miner + Rootkits - Standard

Trojan.Droppper.BC.Miner + Rootkits



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Antwort

Themen zu Trojan.Droppper.BC.Miner + Rootkits
00000008.@, access, administrator, aktion, anti-malware, autostart, brauche, dateien, explorer, malwarebytes, morgen, registrierung, richtig, rootkit, rootkits, schonmal, service, speicher, thread, trojaner, version, virus.win64.zaccess.a




Ähnliche Themen: Trojan.Droppper.BC.Miner + Rootkits


  1. Bitcoin Miner c:\windows\logs\logonui.exe
    Plagegeister aller Art und deren Bekämpfung - 20.11.2014 (8)
  2. Externe FP mit PUP.Optional.Miner
    Log-Analyse und Auswertung - 27.03.2014 (3)
  3. Synology-NAS-Geräte als Bitcoin-Miner missbraucht
    Nachrichten - 14.02.2014 (0)
  4. Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner
    Log-Analyse und Auswertung - 10.11.2013 (11)
  5. Bitcoin Miner in svhost.exe erscheint nach Neustart wieder
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (27)
  6. Coin-miner zieht alle ressourcen! Processor 100%
    Plagegeister aller Art und deren Bekämpfung - 19.06.2013 (24)
  7. Miner.exe, TR/hijacker.Gen, etc?
    Log-Analyse und Auswertung - 13.06.2013 (12)
  8. Coin Miner,msdcsc entfernen
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (42)
  9. Exploit.Script.Generic, Exploit.JS.Pdfka.gfa, Backdoor.Win32.ZAccess.ypw, Backdoor.Win32.ZAccess.yqi, Trojan.Win32.Miner.dw und weitere
    Log-Analyse und Auswertung - 02.10.2012 (7)
  10. Security Shield (trojan.lameshield) entfernt - Rootkits?
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (21)
  11. Diverse Infizierungen u.a. Trojan.Small ; Trojan.Sirefef ; Rootkits
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (5)
  12. Coin Miner Virus
    Überwachung, Datenschutz und Spam - 15.10.2011 (1)
  13. Hilfe!! Data Miner in Registry :o(
    Plagegeister aller Art und deren Bekämpfung - 16.01.2009 (1)
  14. Data Miner
    Log-Analyse und Auswertung - 01.02.2007 (1)
  15. Trojaner VBS.Psyme.x und JS.Miner
    Plagegeister aller Art und deren Bekämpfung - 01.06.2005 (5)
  16. Data Miner
    Antiviren-, Firewall- und andere Schutzprogramme - 04.04.2005 (12)
  17. Trojan Downloader JS Miner
    Plagegeister aller Art und deren Bekämpfung - 22.02.2005 (1)

Zum Thema Trojan.Droppper.BC.Miner + Rootkits - Guten Morgen liebe Boarduser Ihr habt richtig geraten, ich habe einen Virus bzw. Trojaner und brauche Hilfe um den loszuwerden. Da ich mir hier schon einen Thread durchgelesen habe, der - Trojan.Droppper.BC.Miner + Rootkits...
Archiv
Du betrachtest: Trojan.Droppper.BC.Miner + Rootkits auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.