| |
| |||||||
Log-Analyse und Auswertung: GVU TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
20.05.2013, 15:42
| #1 |
 |  GVU Trojaner Hallo hab seit ein paar Tagen mit einem GVU Trojaner zu kämpfen das heist: konnte am Anfang gar nichts mehr machen 30 sec nach dem Start kam dieses fenster mit der GVU meldung ( zahlunsaufforderung usw ) binn dan im abresicherten Modus ins Internet und hab ein malware scaner runtergeladen der den Trojaner auch gefunden hat, leider funktioniert mein laptop seit dem sehr langsam, vermute das da noch nicht alles weg ist. hab mich hier umgelesen und bereits ein OTL txt file ertellt. wie gehts jetzt weiter?? Bitte um Hilfe |
|
20.05.2013, 15:47
| #2 |
| /// Malware-holic   | GVU Trojaner hi
__________________wie währs wenn du das otl file reinstellst>? sonst wertet es sich schlecht aus :d welchen scanner hast du mit welchem ergebniss genutzt? mache bitte jetzt nur, was ich poste, thx
__________________ |
|
20.05.2013, 16:18
| #3 |
| | GVU Trojaner Hallo
__________________hab Malwarebytes Anti-Malware benutzt es waren ca 40 dateien infiziert die ich alle entfernt habe. hier ist das OTL txt file OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.05.2013 15:11:22 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\STROMBERG\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 34,32% Memory free 7,71 Gb Paging File | 4,60 Gb Available in Paging File | 59,71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 685,54 Gb Total Space | 624,41 Gb Free Space | 91,08% Space Free | Partition Type: NTFS Computer Name: STROMBERG-PC | User Name: STROMBERG | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\STROMBERG\Desktop\OTL.exe (OldTimer Tools) PRC - C:\program files (x86)\plus-hd-1.8\plus-hd-1.8-bg.exe (Plus HD) PRC - C:\Program Files (x86)\Desk 365\desk365.exe (337 Technology Limited.) PRC - C:\Program Files (x86)\Desk 365\deskSvc.exe (337 Technology Limited.) PRC - C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic) PRC - C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe (Giraffic) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\24x7Help\App24x7Help.exe (Crawler, LLC) PRC - C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe () PRC - C:\Program Files (x86)\24x7Help\App24x7Svc.exe (PCRx.com, LLC) PRC - C:\Program Files (x86)\24x7Help\App24x7Hook.exe (PCRx.com, LLC) PRC - C:\Programme\Web Assistant\ExtensionUpdaterService.exe () PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent) PRC - C:\Program Files (x86)\Iminent\Iminent.exe (Iminent) PRC - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Windows\SysWOW64\PnkBstrB.exe () PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (Wajam) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe (Microsoft Corporation.) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) PRC - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Desk 365\edeskcmn.dll () MOD - C:\Program Files (x86)\Desk 365\libpng.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6f120c76113dc5166d2a5a5d21900f39\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll () MOD - C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe () MOD - c:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\protector.dll () MOD - C:\Programme\Web Assistant\Extension32.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Iminent\Iminent.WinCore.Yahoo.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\PROGRA~2\Yahoo!\Messenger\yui.dll () MOD - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll () MOD - C:\Users\STROMBERG\AppData\Local\Microsoft\BingBar\Apps\Translator_f5cbd3ef4c144434b17913278004e270\7.2.229\Blingext.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll () MOD - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll () MOD - C:\Program Files (x86)\IMinent Toolbar\tbhelper.dll () ========== Services (SafeList) ========== SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.) SRV:64bit: - (lxea_device) -- C:\Windows\SysNative\lxeacoms.exe ( ) SRV - (desksvc) -- C:\Program Files (x86)\Desk 365\deskSvc.exe (337 Technology Limited.) SRV - (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (bProtector) -- C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe () SRV - (24x7HelpSvc) -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe (PCRx.com, LLC) SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe () SRV - (SrvUpdater) -- C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe () SRV - (ffdshow manager) -- C:\ProgramData\ffdshow manager\2.2.580.185\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe () SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (WajamUpdater) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (Wajam) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.) SRV - (Live Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (EgisTec Ticket Service) -- C:\Programme\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. ) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (EPSON_EB_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros) DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros) DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://en.v9.com/?utm_source=b&utm_medium=sof&from=sof&uid=TOSHIBAXMK7559GSXP_128FT2E5TXX128FT2E5T&ts=1368967965 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://en.v9.com/?utm_source=b&utm_medium=sof&from=sof&uid=TOSHIBAXMK7559GSXP_128FT2E5TXX128FT2E5T&ts=1368967965 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.v9.com/web/?utm_source=b&utm_medium=sof&from=sof&uid=TOSHIBAXMK7559GSXP_128FT2E5TXX128FT2E5T&ts=0 IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=341&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=4154370091684806&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://en.v9.com/?utm_source=b&utm_medium=sof&from=sof&uid=TOSHIBAXMK7559GSXP_128FT2E5TXX128FT2E5T&ts=1368967965 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.ro IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.ro IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://en.v9.com/?utm_source=b&utm_medium=sof&from=sof&uid=TOSHIBAXMK7559GSXP_128FT2E5TXX128FT2E5T&ts=1368967965 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://search.v9.com/web/?utm_source=b&utm_medium=sof&from=sof&uid=TOSHIBAXMK7559GSXP_128FT2E5TXX128FT2E5T&ts=0 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.ro IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.v9.com/web/?utm_source=b&utm_medium=sof&from=sof&uid=TOSHIBAXMK7559GSXP_128FT2E5TXX128FT2E5T&ts=0 IE - HKLM\..\URLSearchHook: {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNT0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0CEAE1A5-6A57-4979-90E8-5432F6DD28FE} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=341&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=4154370091684806&q={searchTerms} IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=&ref=toolbox&q={searchTerms} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&st=5&q={searchTerms}&barid={2AD2505B-740D-48E4-8512-3A2B0E175341} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.ro IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.ro IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3197087 IE - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2653012 IE - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://en.v9.com/?utm_source=b&utm_medium=sof&from=sof&uid=TOSHIBAXMK7559GSXP_128FT2E5TXX128FT2E5T&ts=1368967965 IE - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.ro IE - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.ro IE - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3197087 IE - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002\..\URLSearchHook: {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNT0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found IE - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found IE - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002\..\SearchScopes,DefaultScope = {0CEAE1A5-6A57-4979-90E8-5432F6DD28FE} IE - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002\..\SearchScopes\{0CEAE1A5-6A57-4979-90E8-5432F6DD28FE}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012 IE - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119721&babsrc=SP_ss&mntrId=f2a71230000000000000f6d53d082823 IE - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.v9.com/web/?utm_source=b&utm_medium=sof&from=sof&uid=TOSHIBAXMK7559GSXP_128FT2E5TXX128FT2E5T&ts=0 IE - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=341&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=4154370091684806&q={searchTerms} IE - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=&ref=toolbox&q={searchTerms} IE - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80772&lng=de IE - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002\..\SearchScopes\{CC7CF042-133C-4FEF-AF36-92EC61A60083}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3197087 IE - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb155/?search={searchTerms}&loc=IB_DS&a=6PQDzPtP4Q&i=26 IE - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&st=5&q={searchTerms}&barid={2AD2505B-740D-48E4-8512-3A2B0E175341} IE - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "MyStart Search" FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\STROMBERG\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2013.03.01 02:00:27 | 000,000,000 | ---D | M] 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2013.03.01 02:00:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}: C:\Program Files\Acer ProShield\FFExt [2012.01.25 23:54:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{d4da7309-b89a-45ec-8ebb-cfb2ae13618b}: C:\Program Files\Acer ProShield\FFExt20 [2012.01.25 23:54:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.07.03 21:51:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2013.03.01 02:00:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com [2012.09.01 21:54:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\Web Assistant\Firefox [2013.03.01 02:00:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.20 15:01:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\ffdshow manager\2.2.580.185\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.09.01 22:30:12 | 000,000,000 | ---D | M] [2012.11.09 01:50:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\STROMBERG\AppData\Roaming\mozilla\Extensions [2012.11.10 15:45:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\STROMBERG\AppData\Roaming\mozilla\Firefox\Profiles\gc72w6f5.default\extensions [2012.11.10 15:45:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\STROMBERG\AppData\Roaming\mozilla\Firefox\Profiles\gc72w6f5.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2013.05.19 23:27:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\STROMBERG\AppData\Roaming\mozilla\Firefox\Profiles\ryqbll1h.default-1352555086748\Extensions [2013.02.27 22:08:25 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\STROMBERG\AppData\Roaming\mozilla\Firefox\Profiles\ryqbll1h.default-1352555086748\Extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2013.05.19 23:27:38 | 000,000,000 | ---D | M] ("Plus-HD-1.8") -- C:\Users\STROMBERG\AppData\Roaming\mozilla\Firefox\Profiles\ryqbll1h.default-1352555086748\Extensions\0eaaffce-7723-4006-a544-4ecbadf3def3@652db316-8ddb-4d93-9028-3267d5a914a9.com [2013.02.19 22:55:23 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\STROMBERG\AppData\Roaming\mozilla\Firefox\Profiles\ryqbll1h.default-1352555086748\Extensions\ffxtlbr@delta.com [2013.03.06 00:15:29 | 000,000,000 | ---D | M] (Movie2kDownloader) -- C:\Users\STROMBERG\AppData\Roaming\mozilla\Firefox\Profiles\ryqbll1h.default-1352555086748\Extensions\movie2kdownloader@movie2kdownloader.com [2013.02.27 22:08:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\STROMBERG\AppData\Roaming\mozilla\Firefox\Profiles\ryqbll1h.default-1352555086748\Extensions\staged [2013.05.19 23:27:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\STROMBERG\AppData\Roaming\mozilla\Firefox\Profiles\ryqbll1h.default-1352555086748\Extensions\0eaaffce-7723-4006-a544-4ecbadf3def3@652db316-8ddb-4d93-9028-3267d5a914a9.com\chrome\content\extensionCode [2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\STROMBERG\AppData\Roaming\mozilla\firefox\profiles\ryqbll1h.default-1352555086748\Extensions\movie2kdownloader@movie2kdownloader.com.xpi [2012.07.23 00:36:56 | 000,004,584 | ---- | M] () (No name found) -- C:\Users\STROMBERG\AppData\Roaming\mozilla\firefox\profiles\ryqbll1h.default-1352555086748\Extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}.xpi [2013.05.18 16:36:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.27 22:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2013.02.19 22:55:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com [2013.02.27 22:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\staged [2013.05.18 16:36:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.18 16:36:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.02.27 22:07:00 | 000,006,484 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.08.24 15:02:46 | 000,002,157 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchTheWeb.xml [2012.11.09 01:50:13 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2013.05.19 14:52:46 | 000,000,721 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://en.v9.com/?utm_source=b&utm_medium=sof&from=sof&uid=TOSHIBAXMK7559GSXP_128FT2E5TXX128FT2E5T&ts=1368967965 CHR - Extension: No name found = C:\Users\STROMBERG\AppData\Local\Google\Chrome\User Data\Default\Extensions\bblnhhgpgomleanhbppdnkpofhjijgdp\2.3.15.10_0\ CHR - Extension: No name found = C:\Users\STROMBERG\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.4_0\ CHR - Extension: No name found = C:\Users\STROMBERG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf\1.0_0\ CHR - Extension: No name found = C:\Users\STROMBERG\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\ CHR - Extension: No name found = C:\Users\STROMBERG\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.1_0\ CHR - Extension: No name found = C:\Users\STROMBERG\AppData\Local\Google\Chrome\User Data\Default\Extensions\fealnpfjifonchkodiffbdkfaipmpkhe\2.3.15.251_0\ CHR - Extension: No name found = C:\Users\STROMBERG\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\5.14.1.0_0\ CHR - Extension: No name found = C:\Users\STROMBERG\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\ CHR - Extension: No name found = C:\Users\STROMBERG\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\ CHR - Extension: No name found = C:\Users\STROMBERG\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\ CHR - Extension: No name found = C:\Users\STROMBERG\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcbanjcfnoiefihobdmmjmaljifgnkhh\1.23.6_0\crossrider CHR - Extension: No name found = C:\Users\STROMBERG\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcbanjcfnoiefihobdmmjmaljifgnkhh\1.23.6_0\ CHR - Extension: No name found = C:\Users\STROMBERG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: No name found = C:\Users\STROMBERG\AppData\Local\Google\Chrome\User Data\Default\Extensions\bblnhhgpgomleanhbppdnkpofhjijgdp\2.3.15.10_0\ CHR - Extension: No name found = C:\Users\STROMBERG\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.4_0\ CHR - Extension: No name found = C:\Users\STROMBERG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf\1.0_0\ CHR - Extension: No name found = C:\Users\STROMBERG\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\ CHR - Extension: No name found = C:\Users\STROMBERG\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.1_0\ CHR - Extension: No name found = C:\Users\STROMBERG\AppData\Local\Google\Chrome\User Data\Default\Extensions\fealnpfjifonchkodiffbdkfaipmpkhe\2.3.15.251_0\ CHR - Extension: No name found = C:\Users\STROMBERG\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\5.14.1.0_0\ CHR - Extension: No name found = C:\Users\STROMBERG\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\ CHR - Extension: No name found = C:\Users\STROMBERG\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\ CHR - Extension: No name found = C:\Users\STROMBERG\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\ CHR - Extension: No name found = C:\Users\STROMBERG\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcbanjcfnoiefihobdmmjmaljifgnkhh\1.23.6_0\crossrider CHR - Extension: No name found = C:\Users\STROMBERG\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcbanjcfnoiefihobdmmjmaljifgnkhh\1.23.6_0\ CHR - Extension: No name found = C:\Users\STROMBERG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll () O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL (Bandoo Media, inc) O2:64bit: - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\PROGRA~2\SEARCH~2\Datamngr\x64\BROWSE~1.DLL (Bandoo Media Inc) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (iNTERNET TURBO Toolbar) - {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNT0.dll (Conduit Ltd.) O2 - BHO: (Plus-HD-1.8) - {11111111-1111-1111-1111-110311251140} - C:\Program Files (x86)\Plus-HD-1.8\Plus-HD-1.8-bho.dll (Plus HD) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll File not found O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll () O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (EgisPBIE Sign-in Helper) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Programme\Acer ProShield\x86\EgisPBIE.dll (Egis Technology Inc.) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc) O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent) O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com) O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (iNTERNET TURBO Toolbar) - {09152f0b-739c-4dec-a245-1aa8a37594f1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNT0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll File not found O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002\..\Toolbar\WebBrowser: (iNTERNET TURBO Toolbar) - {09152F0B-739C-4DEC-A245-1AA8A37594F1} - C:\Program Files (x86)\iNTERNET_TURBO\prxtbiNT0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll () O3 - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002\..\Toolbar\WebBrowser: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - Reg Error: Value error. File not found O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [ProShieldTSR] C:\Program Files\Acer ProShield\EgisTSR.exe (Egis Technology Inc. ) O4 - HKLM..\Run: [24x7HELP] C:\Program Files (x86)\24x7Help\App24x7Help.exe (Crawler, LLC) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent) O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3360553633-3869384906-3284700676-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002..\Run: [Desk 365] C:\Program Files (x86)\Desk 365\desk365.exe (337 Technology Limited.) O4 - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002..\Run: [Driver Detective] C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe (PC Drivers Headquarters) O4 - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002..\Run: [Driver Mender] C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe (PC Drivers Headquarters) O4 - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002..\Run: [EPSON SX130 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE /FU "C:\Windows\TEMP\E_S3D22.tmp" /EF "HKCU" File not found O4 - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002..\Run: [Facebook Update] C:\Users\STROMBERG\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002..\Run: [Messenger (Yahoo!)] ~"C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found O4 - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002..\Run: [Orbitum] C:\Users\STROMBERG\AppData\Local\Orbitum\Application\chrome.exe File not found O4 - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3360553633-3869384906-3284700676-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3360553633-3869384906-3284700676-1000..\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe () O4 - Startup: C:\Users\STROMBERG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\S-1-5-21-3360553633-3869384906-3284700676-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.145.0.cab (Battlefield Heroes Updater) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EF519CB-6278-40C8-9F4E-3D8B78B74500}: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD0CD9F0-1C3C-4550-843C-D59C9448B863}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~2\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\SEARCH~2\Datamngr\x64\datamngr.dll (Bandoo Media Inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~2\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\SEARCH~2\Datamngr\x64\IEBHO.dll (Bandoo Media Inc) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (c:\progra~3\bprote~1\261125~1.80\{eab34~1\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\protector.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{96e135ed-e32e-11e1-9bcd-047d7b1c8c8a}\Shell - "" = AutoRun O33 - MountPoints2\{96e135ed-e32e-11e1-9bcd-047d7b1c8c8a}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\index.html O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.20 15:07:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\STROMBERG\Desktop\OTL.exe [2013.05.19 14:58:06 | 000,000,000 | ---D | C] -- C:\Users\STROMBERG\Desktop\McafeeRootkitDetective_1.1 [2013.05.19 14:54:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\337 [2013.05.19 14:53:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desk 365 [2013.05.19 14:53:25 | 000,000,000 | ---D | C] -- C:\Users\STROMBERG\AppData\Roaming\Desk 365 [2013.05.19 14:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Desk 365 [2013.05.19 14:52:26 | 000,000,000 | ---D | C] -- C:\Users\STROMBERG\AppData\Roaming\eIntaller [2013.05.19 14:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plus-HD-1.8 [2013.05.19 14:49:20 | 000,871,816 | ---- | C] (Yuna Software) -- C:\Users\STROMBERG\Desktop\Setup.exe [2013.05.18 14:48:55 | 000,000,000 | ---D | C] -- C:\Users\STROMBERG\AppData\Roaming\Malwarebytes [2013.05.18 14:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.18 14:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.18 14:46:15 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.05.18 14:46:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.05.18 14:45:37 | 000,000,000 | ---D | C] -- C:\Users\STROMBERG\AppData\Local\Programs [2013.05.17 15:08:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.17 15:08:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.17 15:08:45 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.17 15:08:45 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.17 15:08:45 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.17 15:08:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.17 15:08:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.17 15:08:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.17 15:08:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.17 15:08:44 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.17 15:08:44 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.17 15:08:44 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.17 15:08:43 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.17 15:08:43 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.17 15:08:43 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.17 13:51:12 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.05.17 13:51:12 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.05.17 13:51:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013.05.17 13:50:58 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.17 13:50:58 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.17 13:50:57 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.17 13:50:57 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.14 21:34:56 | 000,000,000 | ---D | C] -- C:\Users\STROMBERG\AppData\Roaming\Peqyc [2013.05.14 21:34:56 | 000,000,000 | ---D | C] -- C:\Users\STROMBERG\AppData\Roaming\Ikyv [2013.05.14 21:34:56 | 000,000,000 | ---D | C] -- C:\Users\STROMBERG\AppData\Roaming\Bepoi [2013.05.14 21:27:49 | 016,948,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2013.05.13 19:14:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.05.08 22:07:03 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.05 11:14:19 | 000,000,000 | ---D | C] -- C:\Users\STROMBERG\AppData\Local\Facebook [2013.05.04 00:19:34 | 000,000,000 | ---D | C] -- C:\Users\STROMBERG\AppData\Roaming\Ymycu [2013.05.04 00:19:34 | 000,000,000 | ---D | C] -- C:\Users\STROMBERG\AppData\Roaming\Somy [2013.05.04 00:19:34 | 000,000,000 | ---D | C] -- C:\Users\STROMBERG\AppData\Roaming\Huebmu ========== Files - Modified Within 30 Days ========== [2013.05.20 15:07:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\STROMBERG\Desktop\OTL.exe [2013.05.20 15:02:28 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\PC Performer_DEFAULT.job [2013.05.20 14:56:25 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.20 14:56:25 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.20 14:54:30 | 000,001,178 | ---- | M] () -- C:\Windows\tasks\Plus-HD-1.8-updater.job [2013.05.20 14:54:30 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\Plus-HD-1.8-enabler.job [2013.05.20 14:52:30 | 000,001,190 | ---- | M] () -- C:\Windows\tasks\Plus-HD-1.8-codedownloader.job [2013.05.20 14:51:37 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.20 14:51:37 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.20 14:51:37 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.20 14:51:37 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.20 14:51:37 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.20 14:51:31 | 000,001,822 | ---- | M] () -- C:\Windows\tasks\Plus-HD-1.8-firefoxinstaller.job [2013.05.20 14:50:32 | 000,001,896 | ---- | M] () -- C:\Windows\tasks\Plus-HD-1.8-chromeinstaller.job [2013.05.20 14:48:11 | 000,000,000 | ---- | M] () -- C:\END [2013.05.20 14:42:53 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.20 14:42:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.20 14:42:05 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys [2013.05.20 01:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.20 01:23:30 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.19 14:52:54 | 000,001,381 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.19 14:52:53 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.05.19 14:49:25 | 000,871,816 | ---- | M] (Yuna Software) -- C:\Users\STROMBERG\Desktop\Setup.exe [2013.05.19 14:49:21 | 001,720,705 | ---- | M] () -- C:\Users\STROMBERG\Desktop\McafeeRootkitDetective_1.1.zip [2013.05.19 14:19:30 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3360553633-3869384906-3284700676-1002UA.job [2013.05.19 14:12:32 | 000,318,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.18 14:46:16 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.14 21:35:25 | 000,163,069 | ---- | M] () -- C:\Users\STROMBERG\AppData\Local\2433f433 [2013.05.14 21:35:25 | 000,163,050 | ---- | M] () -- C:\Users\STROMBERG\AppData\Roaming\2433f433 [2013.05.14 21:35:25 | 000,163,026 | ---- | M] () -- C:\ProgramData\2433f433 [2013.05.14 21:28:23 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.14 21:28:23 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.14 21:27:50 | 016,948,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2013.05.08 22:06:40 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.06 19:59:41 | 000,013,821 | ---- | M] () -- C:\Users\STROMBERG\Desktop\claudiu.htm [2013.05.06 19:50:25 | 000,013,163 | ---- | M] () -- C:\Users\STROMBERG\Desktop\imgres.htm [2013.05.06 19:32:31 | 000,044,049 | ---- | M] () -- C:\Users\STROMBERG\Desktop\wildes-rumaenien-2170088.jpg [2013.05.06 19:30:30 | 000,120,486 | ---- | M] () -- C:\Users\STROMBERG\Desktop\wildes-rumaenien-2401516.jpg [2013.05.05 11:19:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3360553633-3869384906-3284700676-1002Core.job ========== Files Created - No Company Name ========== [2013.05.19 14:54:14 | 000,001,178 | ---- | C] () -- C:\Windows\tasks\Plus-HD-1.8-updater.job [2013.05.19 14:54:11 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\Plus-HD-1.8-enabler.job [2013.05.19 14:52:26 | 000,001,190 | ---- | C] () -- C:\Windows\tasks\Plus-HD-1.8-codedownloader.job [2013.05.19 14:51:10 | 000,001,822 | ---- | C] () -- C:\Windows\tasks\Plus-HD-1.8-firefoxinstaller.job [2013.05.19 14:50:29 | 000,001,896 | ---- | C] () -- C:\Windows\tasks\Plus-HD-1.8-chromeinstaller.job [2013.05.19 14:49:20 | 001,720,705 | ---- | C] () -- C:\Users\STROMBERG\Desktop\McafeeRootkitDetective_1.1.zip [2013.05.18 14:46:16 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.17 12:43:29 | 000,000,000 | ---- | C] () -- C:\END [2013.05.14 21:35:25 | 000,163,069 | ---- | C] () -- C:\Users\STROMBERG\AppData\Local\2433f433 [2013.05.14 21:35:25 | 000,163,050 | ---- | C] () -- C:\Users\STROMBERG\AppData\Roaming\2433f433 [2013.05.14 21:35:25 | 000,163,026 | ---- | C] () -- C:\ProgramData\2433f433 [2013.05.13 19:15:00 | 000,001,393 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.05.13 19:15:00 | 000,001,381 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.06 19:42:58 | 000,013,163 | ---- | C] () -- C:\Users\STROMBERG\Desktop\imgres.htm [2013.05.06 19:32:31 | 000,044,049 | ---- | C] () -- C:\Users\STROMBERG\Desktop\wildes-rumaenien-2170088.jpg [2013.05.06 19:30:30 | 000,120,486 | ---- | C] () -- C:\Users\STROMBERG\Desktop\wildes-rumaenien-2401516.jpg [2013.05.06 19:25:23 | 000,013,821 | ---- | C] () -- C:\Users\STROMBERG\Desktop\claudiu.htm [2013.05.05 11:14:21 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3360553633-3869384906-3284700676-1002UA.job [2013.05.05 11:14:21 | 000,000,922 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3360553633-3869384906-3284700676-1002Core.job [2012.10.14 16:32:39 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI [2012.10.10 11:25:42 | 000,007,619 | ---- | C] () -- C:\Users\STROMBERG\AppData\Local\Resmon.ResmonCfg [2012.09.01 22:30:49 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012.08.13 11:11:02 | 141,421,187 | ---- | C] () -- C:\Program Files\openofficeorg1.cab [2012.08.13 11:09:30 | 003,166,208 | ---- | C] () -- C:\Program Files\openofficeorg341.msi [2012.08.13 11:09:30 | 000,473,600 | ---- | C] () -- C:\Program Files\setup.exe [2012.08.13 11:09:30 | 000,000,294 | ---- | C] () -- C:\Program Files\setup.ini [2012.08.02 14:04:00 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.08.02 14:03:56 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.07.16 21:58:00 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.23 22:40:30 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini [2012.06.23 19:52:11 | 000,000,920 | ---- | C] () -- C:\Users\STROMBERG\AppData\Roaming\AbsoluteReminder.xml [2011.11.08 13:43:31 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll [2011.11.08 13:42:41 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe [2011.11.08 13:40:14 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.11.08 13:39:34 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.11.08 13:39:34 | 000,214,760 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.11.08 13:39:33 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.11.08 13:39:33 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.11.08 13:39:31 | 013,355,008 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.09.08 01:11:48 | 000,322,880 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
20.05.2013, 16:28
| #4 |
| /// Malware-holic | GVU Trojaner
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.05.2013, 16:35
| #5 |
| | GVU Trojaner Hi markusg du meinst ich soll Anti-Malware noch mal laufen lassen und das ergebnis dir posten korekt? |
|
20.05.2013, 16:45
| #6 |
| /// Malware-holic | GVU Trojaner nein, da steht, poste alle Malwarebytes logs mit funden. und dazu der link wo man sie findet. Heißt, alle bisherigen mit Funden
__________________ --> GVU Trojaner |
|
20.05.2013, 16:57
| #7 |
| | GVU Trojaner Hallo hier das Log file Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.20.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 STROMBERG :: STROMBERG-PC [Administrator] Schutz: Aktiviert 20.05.2013 17:40:12 MBAM-log-2013-05-20 (17-48-24).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 242791 Laufzeit: 6 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) |
|
20.05.2013, 17:00
| #8 |
| /// Malware-holic | GVU Trojaner spreche ich ne Fremdsprache? was habe ich oben geschrieben, steht da, dass ich ein neues Log will, glaube nicht.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.05.2013, 17:18
| #9 |
| | GVU Trojaner sorry keine fremdsprache ich kenn mich nur nicht aus mit log fils usw aber ich lern dazu ich glaube das hast du gemeint ich hab 3 files gefunden 1. Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.18.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 STROMBERG :: STROMBERG-PC [Administrator] Schutz: Aktiviert 18.05.2013 14:52:45 mbam-log-2013-05-18 (14-52-45).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 242564 Laufzeit: 7 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 15 HKCR\CLSID\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} (PUP.Datamngr) -> Keine Aktion durchgeführt. HKCR\TypeLib\{1FDC0B61-91AC-4157-9B27-CAD9A09AB67E} (PUP.Datamngr) -> Keine Aktion durchgeführt. HKCR\BrowserConnection.Loader.1 (PUP.Datamngr) -> Keine Aktion durchgeführt. HKCR\BrowserConnection.Loader (PUP.Datamngr) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Keine Aktion durchgeführt. HKCR\CLSID\{f34c9277-6577-4dff-b2d7-7d58092f272f} (PUP.Datamngr) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\loadtbs-3.0 (PUP.LoadTubes) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.InstallBrain) -> Keine Aktion durchgeführt. HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 2 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Daten: Search-Results Toolbar -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f34c9277-6577-4dff-b2d7-7d58092f272f} (PUP.Datamngr) -> Daten: -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 4 C:\Users\STROMBERG\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\chrome@loadtubes.com (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\html (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt. Infizierte Dateien: 24 C:\Program Files (x86)\Search Results Toolbar\Datamngr\BrowserConnection.dll (PUP.Datamngr) -> Keine Aktion durchgeführt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\ytdl.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\STROMBERG\Downloads\der_rosenkrieg_id4068601id.exe (PUP.Adware.MediaGet) -> Keine Aktion durchgeführt. C:\Users\STROMBERG\Downloads\lagaan.exe (PUP.Adware.Agent) -> Keine Aktion durchgeführt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\license.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.html (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.js (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\chrome@loadtubes.com\download.js (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\chrome@loadtubes.com\fire.js (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\chrome@loadtubes.com\manifest.json (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\html\dimensions.ini (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\html\install.html (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\html\uninstall.html (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\html\uninstallComplete.html (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.InstallBrain) -> Keine Aktion durchgeführt. C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Keine Aktion durchgeführt. C:\$Recycle.Bin\S-1-5-21-3360553633-3869384906-3284700676-1002\$RZF1OCG.exe (Trojan.Zbot.FV) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Public\Desktop\MP3 Downloader.lnk (Rogue.Link) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) 2: Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.18.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 STROMBERG :: STROMBERG-PC [Administrator] Schutz: Aktiviert 18.05.2013 15:26:35 mbam-log-2013-05-18 (15-26-35).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 241580 Laufzeit: 6 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 15 HKCR\CLSID\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} (PUP.Datamngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{1FDC0B61-91AC-4157-9B27-CAD9A09AB67E} (PUP.Datamngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\BrowserConnection.Loader.1 (PUP.Datamngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\BrowserConnection.Loader (PUP.Datamngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{f34c9277-6577-4dff-b2d7-7d58092f272f} (PUP.Datamngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\loadtbs-3.0 (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Daten: Search-Results Toolbar -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f34c9277-6577-4dff-b2d7-7d58092f272f} (PUP.Datamngr) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 4 C:\Users\STROMBERG\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\chrome@loadtubes.com (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 22 C:\Program Files (x86)\Search Results Toolbar\Datamngr\BrowserConnection.dll (PUP.Datamngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\ytdl.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\STROMBERG\Downloads\der_rosenkrieg_id4068601id.exe (PUP.Adware.MediaGet) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\STROMBERG\Downloads\lagaan.exe (PUP.Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\license.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.js (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\chrome@loadtubes.com\download.js (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\chrome@loadtubes.com\fire.js (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\chrome@loadtubes.com\manifest.json (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\html\dimensions.ini (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\html\install.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\html\uninstall.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\STROMBERG\AppData\Roaming\loadtbs\html\uninstallComplete.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) 3: Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.18.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 STROMBERG :: STROMBERG-PC [Administrator] Schutz: Aktiviert 19.05.2013 14:25:23 mbam-log-2013-05-19 (14-25-23).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 241760 Laufzeit: 7 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Löschen bei Neustart. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
20.05.2013, 17:22
| #10 |
| /// Malware-holic | GVU Trojaner Ok, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.05.2013, 17:46
| #11 |
| | GVU Trojaner so hat geklappt hier das ergebnis: 18:37:40.0454 1840 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 18:37:40.0954 1840 ============================================================ 18:37:40.0954 1840 Current date / time: 2013/05/20 18:37:40.0954 18:37:40.0954 1840 SystemInfo: 18:37:40.0954 1840 18:37:40.0954 1840 OS Version: 6.1.7601 ServicePack: 1.0 18:37:40.0954 1840 Product type: Workstation 18:37:40.0954 1840 ComputerName: STROMBERG-PC 18:37:40.0954 1840 UserName: STROMBERG 18:37:40.0954 1840 Windows directory: C:\Windows 18:37:40.0954 1840 System windows directory: C:\Windows 18:37:40.0954 1840 Running under WOW64 18:37:40.0954 1840 Processor architecture: Intel x64 18:37:40.0954 1840 Number of processors: 4 18:37:40.0954 1840 Page size: 0x1000 18:37:40.0954 1840 Boot type: Normal boot 18:37:40.0954 1840 ============================================================ 18:37:41.0564 1840 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:37:41.0564 1840 ============================================================ 18:37:41.0564 1840 \Device\Harddisk0\DR0: 18:37:41.0574 1840 MBR partitions: 18:37:41.0574 1840 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000 18:37:41.0574 1840 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x55B13000 18:37:41.0574 1840 ============================================================ 18:37:41.0594 1840 C: <-> \Device\Harddisk0\DR0\Partition2 18:37:41.0594 1840 ============================================================ 18:37:41.0594 1840 Initialize success 18:37:41.0594 1840 ============================================================ 18:38:39.0374 5188 ============================================================ 18:38:39.0374 5188 Scan started 18:38:39.0374 5188 Mode: Manual; SigCheck; TDLFS; 18:38:39.0374 5188 ============================================================ 18:38:39.0754 5188 ================ Scan system memory ======================== 18:38:39.0754 5188 System memory - ok 18:38:39.0754 5188 ================ Scan services ============================= 18:38:39.0934 5188 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 18:38:40.0084 5188 1394ohci - ok 18:38:40.0164 5188 [ 695C8282B15ACC6D45C32A2EA23050A2 ] 24x7HelpSvc C:\Program Files (x86)\24x7Help\App24x7Svc.exe 18:38:40.0204 5188 24x7HelpSvc - ok 18:38:40.0294 5188 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe 18:38:40.0324 5188 ABBYY.Licensing.FineReader.Sprint.9.0 - ok 18:38:40.0374 5188 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 18:38:40.0384 5188 ACPI - ok 18:38:40.0404 5188 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 18:38:40.0514 5188 AcpiPmi - ok 18:38:40.0584 5188 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 18:38:40.0594 5188 AdobeARMservice - ok 18:38:40.0694 5188 AdobeFlashPlayerUpdateSvc - ok 18:38:40.0744 5188 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 18:38:40.0764 5188 adp94xx - ok 18:38:40.0814 5188 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 18:38:40.0824 5188 adpahci - ok 18:38:40.0834 5188 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 18:38:40.0854 5188 adpu320 - ok 18:38:40.0884 5188 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 18:38:41.0054 5188 AeLookupSvc - ok 18:38:41.0094 5188 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 18:38:41.0174 5188 AFD - ok 18:38:41.0214 5188 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 18:38:41.0234 5188 agp440 - ok 18:38:41.0264 5188 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 18:38:41.0334 5188 ALG - ok 18:38:41.0364 5188 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 18:38:41.0374 5188 aliide - ok 18:38:41.0394 5188 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 18:38:41.0414 5188 amdide - ok 18:38:41.0444 5188 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 18:38:41.0494 5188 AmdK8 - ok 18:38:41.0514 5188 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 18:38:41.0544 5188 AmdPPM - ok 18:38:41.0584 5188 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 18:38:41.0594 5188 amdsata - ok 18:38:41.0624 5188 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 18:38:41.0644 5188 amdsbs - ok 18:38:41.0654 5188 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 18:38:41.0664 5188 amdxata - ok 18:38:41.0764 5188 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 18:38:41.0784 5188 AntiVirSchedulerService - ok 18:38:41.0844 5188 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 18:38:41.0864 5188 AntiVirService - ok 18:38:41.0904 5188 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 18:38:42.0034 5188 AppID - ok 18:38:42.0064 5188 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 18:38:42.0124 5188 AppIDSvc - ok 18:38:42.0174 5188 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll 18:38:42.0264 5188 Appinfo - ok 18:38:42.0304 5188 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 18:38:42.0324 5188 arc - ok 18:38:42.0344 5188 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 18:38:42.0364 5188 arcsas - ok 18:38:42.0384 5188 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 18:38:42.0454 5188 AsyncMac - ok 18:38:42.0484 5188 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 18:38:42.0514 5188 atapi - ok 18:38:42.0554 5188 [ 185F180536188C1A4ED605234721A5B9 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys 18:38:42.0654 5188 AthBTPort - ok 18:38:42.0684 5188 [ 1D1C5E029F0742F04F88C16E7A6AB0E0 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe 18:38:42.0714 5188 AtherosSvc ( UnsignedFile.Multi.Generic ) - warning 18:38:42.0714 5188 AtherosSvc - detected UnsignedFile.Multi.Generic (1) 18:38:42.0794 5188 [ C8679A07267F030704168E45E27C3D43 ] athr C:\Windows\system32\DRIVERS\athrx.sys 18:38:42.0874 5188 athr - ok 18:38:42.0914 5188 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 18:38:42.0964 5188 AudioEndpointBuilder - ok 18:38:42.0974 5188 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 18:38:43.0004 5188 AudioSrv - ok 18:38:43.0074 5188 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 18:38:43.0094 5188 avgntflt - ok 18:38:43.0154 5188 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 18:38:43.0174 5188 avipbb - ok 18:38:43.0224 5188 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 18:38:43.0234 5188 avkmgr - ok 18:38:43.0264 5188 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 18:38:43.0364 5188 AxInstSV - ok 18:38:43.0414 5188 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 18:38:43.0474 5188 b06bdrv - ok 18:38:43.0504 5188 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 18:38:43.0544 5188 b57nd60a - ok 18:38:43.0624 5188 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe 18:38:43.0644 5188 BBSvc - ok 18:38:43.0694 5188 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe 18:38:43.0704 5188 BBUpdate - ok 18:38:43.0724 5188 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 18:38:43.0794 5188 BDESVC - ok 18:38:43.0834 5188 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 18:38:43.0894 5188 Beep - ok 18:38:43.0954 5188 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 18:38:44.0004 5188 BFE - ok 18:38:44.0044 5188 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 18:38:44.0114 5188 BITS - ok 18:38:44.0144 5188 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 18:38:44.0174 5188 blbdrive - ok 18:38:44.0204 5188 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 18:38:44.0264 5188 bowser - ok 18:38:44.0424 5188 [ CA2E0AAA6943618108D786FF31848989 ] bProtector C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe 18:38:44.0474 5188 bProtector - ok 18:38:44.0504 5188 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 18:38:44.0534 5188 BrFiltLo - ok 18:38:44.0544 5188 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 18:38:44.0554 5188 BrFiltUp - ok 18:38:44.0614 5188 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 18:38:44.0654 5188 Browser - ok 18:38:44.0684 5188 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 18:38:44.0764 5188 Brserid - ok 18:38:44.0794 5188 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 18:38:44.0844 5188 BrSerWdm - ok 18:38:44.0874 5188 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 18:38:44.0934 5188 BrUsbMdm - ok 18:38:44.0954 5188 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 18:38:44.0984 5188 BrUsbSer - ok 18:38:45.0044 5188 [ D74A81CCF0372C955862692B7AF272C9 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys 18:38:45.0074 5188 BTATH_A2DP - ok 18:38:45.0104 5188 [ 3118072D09DAA1961A9F6549A4E8433A ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys 18:38:45.0144 5188 btath_avdt - ok 18:38:45.0164 5188 [ E6B734A37ADE36FE1A77035F4E484C8C ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys 18:38:45.0234 5188 BTATH_BUS - ok 18:38:45.0264 5188 [ FB3833E63FF602B69C2FF085846DCF43 ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys 18:38:45.0314 5188 BTATH_HCRP - ok 18:38:45.0354 5188 [ 8008D892A2BDA67EEFBE25E14EB5DC83 ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys 18:38:45.0434 5188 BTATH_LWFLT - ok 18:38:45.0464 5188 [ ABCD3C16CA850A7594CEB9AD5D966810 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys 18:38:45.0524 5188 BTATH_RCP - ok 18:38:45.0584 5188 [ 65350DC9B058B34BBD3AC837C38C2817 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys 18:38:45.0614 5188 BtFilter - ok 18:38:45.0644 5188 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 18:38:45.0714 5188 BthEnum - ok 18:38:45.0734 5188 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 18:38:45.0764 5188 BTHMODEM - ok 18:38:45.0804 5188 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 18:38:45.0844 5188 BthPan - ok 18:38:45.0904 5188 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 18:38:45.0954 5188 BTHPORT - ok 18:38:45.0974 5188 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 18:38:46.0004 5188 bthserv - ok 18:38:46.0024 5188 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 18:38:46.0054 5188 BTHUSB - ok 18:38:46.0084 5188 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 18:38:46.0124 5188 cdfs - ok 18:38:46.0194 5188 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 18:38:46.0204 5188 cdrom - ok 18:38:46.0244 5188 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 18:38:46.0294 5188 CertPropSvc - ok 18:38:46.0324 5188 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 18:38:46.0374 5188 circlass - ok 18:38:46.0404 5188 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 18:38:46.0424 5188 CLFS - ok 18:38:46.0464 5188 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:38:46.0474 5188 clr_optimization_v2.0.50727_32 - ok 18:38:46.0504 5188 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 18:38:46.0524 5188 clr_optimization_v2.0.50727_64 - ok 18:38:46.0594 5188 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:38:46.0604 5188 clr_optimization_v4.0.30319_32 - ok 18:38:46.0634 5188 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 18:38:46.0644 5188 clr_optimization_v4.0.30319_64 - ok 18:38:46.0694 5188 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 18:38:46.0714 5188 CmBatt - ok 18:38:46.0744 5188 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 18:38:46.0754 5188 cmdide - ok 18:38:46.0804 5188 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 18:38:46.0854 5188 CNG - ok 18:38:46.0924 5188 [ 2A214FCC149E2A061BD2EB6FB00BB0ED ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys 18:38:46.0964 5188 CnxtHdAudService - ok 18:38:47.0004 5188 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 18:38:47.0024 5188 Compbatt - ok 18:38:47.0054 5188 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 18:38:47.0084 5188 CompositeBus - ok 18:38:47.0114 5188 COMSysApp - ok 18:38:47.0154 5188 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 18:38:47.0164 5188 crcdisk - ok 18:38:47.0214 5188 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 18:38:47.0294 5188 CryptSvc - ok 18:38:47.0334 5188 [ 9D0D050170D47E778B624A28C90F23DE ] CxAudMsg C:\Windows\system32\CxAudMsg64.exe 18:38:47.0354 5188 CxAudMsg - ok 18:38:47.0414 5188 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 18:38:47.0474 5188 DcomLaunch - ok 18:38:47.0514 5188 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 18:38:47.0574 5188 defragsvc - ok 18:38:47.0644 5188 [ 6A6E6DE4DB7FC1C1AC304F912F4ADD70 ] desksvc C:\Program Files (x86)\Desk 365\deskSvc.exe 18:38:47.0654 5188 desksvc - ok 18:38:47.0694 5188 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 18:38:47.0754 5188 DfsC - ok 18:38:47.0804 5188 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 18:38:47.0874 5188 Dhcp - ok 18:38:47.0894 5188 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 18:38:47.0944 5188 discache - ok 18:38:47.0994 5188 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 18:38:48.0004 5188 Disk - ok 18:38:48.0034 5188 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 18:38:48.0094 5188 Dnscache - ok 18:38:48.0104 5188 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 18:38:48.0164 5188 dot3svc - ok 18:38:48.0194 5188 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 18:38:48.0244 5188 DPS - ok 18:38:48.0284 5188 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 18:38:48.0314 5188 drmkaud - ok 18:38:48.0404 5188 [ 0F1BA8F7F4B33C87031E0B0916958B26 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe 18:38:48.0414 5188 DsiWMIService - ok 18:38:48.0464 5188 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 18:38:48.0484 5188 DXGKrnl - ok 18:38:48.0524 5188 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 18:38:48.0584 5188 EapHost - ok 18:38:48.0674 5188 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 18:38:48.0734 5188 ebdrv - ok 18:38:48.0764 5188 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 18:38:48.0834 5188 EFS - ok 18:38:48.0904 5188 [ 52B5293C2DA546915F2121B7DA837955 ] EgisTec Ticket Service C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe 18:38:48.0914 5188 EgisTec Ticket Service - ok 18:38:48.0984 5188 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 18:38:49.0054 5188 ehRecvr - ok 18:38:49.0074 5188 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 18:38:49.0134 5188 ehSched - ok 18:38:49.0194 5188 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 18:38:49.0224 5188 elxstor - ok 18:38:49.0294 5188 [ AC5C64F828C0A6A1350971501AC2A0C7 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe 18:38:49.0334 5188 ePowerSvc - ok 18:38:49.0394 5188 [ 7DB097F4F6786307168C0DDDEC43A565 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE 18:38:49.0424 5188 EPSON_EB_RPCV4_04 ( UnsignedFile.Multi.Generic ) - warning 18:38:49.0424 5188 EPSON_EB_RPCV4_04 - detected UnsignedFile.Multi.Generic (1) 18:38:49.0454 5188 [ 258AA65A0862E19B7DE6981FDA3758AD ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE 18:38:49.0464 5188 EPSON_PM_RPCV4_04 ( UnsignedFile.Multi.Generic ) - warning 18:38:49.0464 5188 EPSON_PM_RPCV4_04 - detected UnsignedFile.Multi.Generic (1) 18:38:49.0474 5188 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 18:38:49.0504 5188 ErrDev - ok 18:38:49.0554 5188 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 18:38:49.0604 5188 EventSystem - ok 18:38:49.0664 5188 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 18:38:49.0694 5188 exfat - ok 18:38:49.0714 5188 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 18:38:49.0784 5188 fastfat - ok 18:38:49.0824 5188 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 18:38:49.0904 5188 Fax - ok 18:38:49.0934 5188 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 18:38:49.0974 5188 fdc - ok 18:38:50.0024 5188 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 18:38:50.0054 5188 fdPHost - ok 18:38:50.0074 5188 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 18:38:50.0134 5188 FDResPub - ok 18:38:50.0234 5188 [ C51201B83740AAA847DB40770CB6B230 ] ffdshow manager C:\ProgramData\ffdshow manager\2.2.580.185\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe 18:38:50.0274 5188 ffdshow manager - ok 18:38:50.0294 5188 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 18:38:50.0314 5188 FileInfo - ok 18:38:50.0324 5188 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 18:38:50.0384 5188 Filetrace - ok 18:38:50.0464 5188 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 18:38:50.0484 5188 FLEXnet Licensing Service - ok 18:38:50.0504 5188 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 18:38:50.0524 5188 flpydisk - ok 18:38:50.0544 5188 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 18:38:50.0554 5188 FltMgr - ok 18:38:50.0604 5188 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 18:38:50.0664 5188 FontCache - ok 18:38:50.0704 5188 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 18:38:50.0714 5188 FontCache3.0.0.0 - ok 18:38:50.0734 5188 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 18:38:50.0744 5188 FsDepends - ok 18:38:50.0774 5188 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 18:38:50.0784 5188 Fs_Rec - ok 18:38:50.0824 5188 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 18:38:50.0844 5188 fvevol - ok 18:38:50.0874 5188 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 18:38:50.0884 5188 gagp30kx - ok 18:38:50.0924 5188 Giraffic - ok 18:38:50.0974 5188 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 18:38:51.0014 5188 gpsvc - ok 18:38:51.0074 5188 [ 84E58FEA8B1A7537696A20C59CB9B0C9 ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe 18:38:51.0094 5188 GREGService ( UnsignedFile.Multi.Generic ) - warning 18:38:51.0094 5188 GREGService - detected UnsignedFile.Multi.Generic (1) 18:38:51.0194 5188 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:38:51.0204 5188 gupdate - ok 18:38:51.0234 5188 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:38:51.0254 5188 gupdatem - ok 18:38:51.0274 5188 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 18:38:51.0344 5188 hcw85cir - ok 18:38:51.0354 5188 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 18:38:51.0404 5188 HdAudAddService - ok 18:38:51.0444 5188 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 18:38:51.0474 5188 HDAudBus - ok 18:38:51.0504 5188 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 18:38:51.0534 5188 HidBatt - ok 18:38:51.0564 5188 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 18:38:51.0604 5188 HidBth - ok 18:38:51.0634 5188 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 18:38:51.0654 5188 HidIr - ok 18:38:51.0684 5188 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 18:38:51.0744 5188 hidserv - ok 18:38:51.0794 5188 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 18:38:51.0814 5188 HidUsb - ok 18:38:51.0834 5188 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 18:38:51.0884 5188 hkmsvc - ok 18:38:51.0924 5188 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 18:38:51.0984 5188 HomeGroupListener - ok 18:38:52.0004 5188 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 18:38:52.0044 5188 HomeGroupProvider - ok 18:38:52.0094 5188 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 18:38:52.0114 5188 HpSAMD - ok 18:38:52.0134 5188 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 18:38:52.0194 5188 HTTP - ok 18:38:52.0224 5188 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 18:38:52.0234 5188 hwpolicy - ok 18:38:52.0264 5188 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 18:38:52.0284 5188 i8042prt - ok 18:38:52.0314 5188 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\drivers\iaStor.sys 18:38:52.0334 5188 iaStor - ok 18:38:52.0394 5188 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 18:38:52.0414 5188 IAStorDataMgrSvc - ok 18:38:52.0464 5188 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 18:38:52.0474 5188 iaStorV - ok 18:38:52.0584 5188 [ 2C3CC41FEFCB77E2826886E6B7EF93AE ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe 18:38:52.0624 5188 IconMan_R - ok 18:38:52.0664 5188 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 18:38:52.0704 5188 idsvc - ok 18:38:52.0964 5188 [ A47D902F5C0C43DCF5EE2CAE02BF39A8 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 18:38:53.0284 5188 igfx - ok 18:38:53.0304 5188 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 18:38:53.0324 5188 iirsp - ok 18:38:53.0364 5188 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 18:38:53.0434 5188 IKEEXT - ok 18:38:53.0484 5188 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 18:38:53.0494 5188 intelide - ok 18:38:53.0514 5188 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 18:38:53.0544 5188 intelppm - ok 18:38:53.0584 5188 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 18:38:53.0634 5188 IPBusEnum - ok 18:38:53.0664 5188 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:38:53.0704 5188 IpFilterDriver - ok 18:38:53.0744 5188 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 18:38:53.0824 5188 iphlpsvc - ok 18:38:53.0844 5188 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 18:38:53.0874 5188 IPMIDRV - ok 18:38:53.0904 5188 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 18:38:53.0954 5188 IPNAT - ok 18:38:53.0984 5188 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 18:38:54.0004 5188 IRENUM - ok 18:38:54.0024 5188 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 18:38:54.0034 5188 isapnp - ok 18:38:54.0044 5188 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 18:38:54.0064 5188 iScsiPrt - ok 18:38:54.0104 5188 [ F415A88162D23977B5EDAE4F0410E903 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe 18:38:54.0134 5188 IviRegMgr - ok 18:38:54.0144 5188 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 18:38:54.0164 5188 kbdclass - ok 18:38:54.0194 5188 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 18:38:54.0224 5188 kbdhid - ok 18:38:54.0244 5188 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 18:38:54.0264 5188 KeyIso - ok 18:38:54.0294 5188 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 18:38:54.0304 5188 KSecDD - ok 18:38:54.0354 5188 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 18:38:54.0374 5188 KSecPkg - ok 18:38:54.0414 5188 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 18:38:54.0474 5188 ksthunk - ok 18:38:54.0504 5188 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 18:38:54.0554 5188 KtmRm - ok 18:38:54.0604 5188 [ 95CA93FC12BE372BB952669F37FFF9C5 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys 18:38:54.0614 5188 L1C - ok 18:38:54.0654 5188 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 18:38:54.0724 5188 LanmanServer - ok 18:38:54.0764 5188 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 18:38:54.0824 5188 LanmanWorkstation - ok 18:38:54.0894 5188 [ 93B73DED2BC688F140C6AE2FBAD45789 ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe 18:38:54.0924 5188 Live Updater Service - ok 18:38:54.0984 5188 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 18:38:55.0044 5188 lltdio - ok 18:38:55.0094 5188 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 18:38:55.0144 5188 lltdsvc - ok 18:38:55.0164 5188 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 18:38:55.0214 5188 lmhosts - ok 18:38:55.0274 5188 [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 18:38:55.0294 5188 LMS - ok 18:38:55.0324 5188 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 18:38:55.0344 5188 LSI_FC - ok 18:38:55.0364 5188 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 18:38:55.0374 5188 LSI_SAS - ok 18:38:55.0394 5188 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 18:38:55.0404 5188 LSI_SAS2 - ok 18:38:55.0424 5188 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 18:38:55.0434 5188 LSI_SCSI - ok 18:38:55.0464 5188 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 18:38:55.0524 5188 luafv - ok 18:38:55.0544 5188 lxea_device - ok 18:38:55.0594 5188 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 18:38:55.0604 5188 MBAMProtector - ok 18:38:55.0684 5188 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 18:38:55.0694 5188 MBAMScheduler - ok 18:38:55.0764 5188 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 18:38:55.0774 5188 MBAMService - ok 18:38:55.0804 5188 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 18:38:55.0854 5188 Mcx2Svc - ok 18:38:55.0894 5188 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 18:38:55.0904 5188 megasas - ok 18:38:55.0934 5188 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 18:38:55.0964 5188 MegaSR - ok 18:38:56.0004 5188 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 18:38:56.0004 5188 MEIx64 - ok 18:38:56.0034 5188 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 18:38:56.0064 5188 MMCSS - ok 18:38:56.0094 5188 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 18:38:56.0154 5188 Modem - ok 18:38:56.0194 5188 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 18:38:56.0244 5188 monitor - ok 18:38:56.0294 5188 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 18:38:56.0324 5188 mouclass - ok 18:38:56.0334 5188 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 18:38:56.0384 5188 mouhid - ok 18:38:56.0414 5188 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 18:38:56.0444 5188 mountmgr - ok 18:38:56.0534 5188 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 18:38:56.0544 5188 MozillaMaintenance - ok 18:38:56.0564 5188 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 18:38:56.0594 5188 mpio - ok 18:38:56.0624 5188 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 18:38:56.0664 5188 mpsdrv - ok 18:38:56.0694 5188 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 18:38:56.0754 5188 MpsSvc - ok 18:38:56.0784 5188 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 18:38:56.0814 5188 MRxDAV - ok 18:38:56.0854 5188 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 18:38:56.0924 5188 mrxsmb - ok 18:38:56.0934 5188 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:38:56.0944 5188 mrxsmb10 - ok 18:38:56.0964 5188 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:38:56.0974 5188 mrxsmb20 - ok 18:38:56.0994 5188 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 18:38:57.0004 5188 msahci - ok 18:38:57.0024 5188 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 18:38:57.0034 5188 msdsm - ok 18:38:57.0054 5188 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 18:38:57.0074 5188 MSDTC - ok 18:38:57.0114 5188 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 18:38:57.0154 5188 Msfs - ok 18:38:57.0174 5188 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 18:38:57.0234 5188 mshidkmdf - ok 18:38:57.0254 5188 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 18:38:57.0264 5188 msisadrv - ok 18:38:57.0304 5188 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 18:38:57.0354 5188 MSiSCSI - ok 18:38:57.0364 5188 msiserver - ok 18:38:57.0404 5188 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 18:38:57.0454 5188 MSKSSRV - ok 18:38:57.0484 5188 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 18:38:57.0534 5188 MSPCLOCK - ok 18:38:57.0544 5188 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 18:38:57.0584 5188 MSPQM - ok 18:38:57.0604 5188 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 18:38:57.0624 5188 MsRPC - ok 18:38:57.0654 5188 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 18:38:57.0664 5188 mssmbios - ok 18:38:57.0694 5188 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 18:38:57.0744 5188 MSTEE - ok 18:38:57.0764 5188 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 18:38:57.0804 5188 MTConfig - ok 18:38:57.0824 5188 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 18:38:57.0834 5188 Mup - ok 18:38:57.0854 5188 [ C009123B206C56854F4E88596035231D ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys 18:38:57.0874 5188 mwlPSDFilter - ok 18:38:57.0894 5188 [ BF3739EEB9F008B1DEBAC115089A53F8 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys 18:38:57.0904 5188 mwlPSDNServ - ok 18:38:57.0924 5188 [ 38DD143D95E7A01B86F219DDA9C28779 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys 18:38:57.0934 5188 mwlPSDVDisk - ok 18:38:57.0974 5188 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 18:38:58.0014 5188 napagent - ok 18:38:58.0084 5188 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 18:38:58.0124 5188 NativeWifiP - ok 18:38:58.0174 5188 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 18:38:58.0214 5188 NDIS - ok 18:38:58.0244 5188 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 18:38:58.0264 5188 NdisCap - ok 18:38:58.0294 5188 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 18:38:58.0324 5188 NdisTapi - ok 18:38:58.0344 5188 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 18:38:58.0404 5188 Ndisuio - ok 18:38:58.0434 5188 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 18:38:58.0494 5188 NdisWan - ok 18:38:58.0514 5188 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 18:38:58.0574 5188 NDProxy - ok 18:38:58.0614 5188 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 18:38:58.0664 5188 NetBIOS - ok 18:38:58.0674 5188 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 18:38:58.0724 5188 NetBT - ok 18:38:58.0744 5188 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 18:38:58.0774 5188 Netlogon - ok 18:38:58.0814 5188 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 18:38:58.0864 5188 Netman - ok 18:38:58.0884 5188 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 18:38:58.0944 5188 netprofm - ok 18:38:58.0984 5188 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:38:58.0984 5188 NetTcpPortSharing - ok 18:38:59.0024 5188 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 18:38:59.0044 5188 nfrd960 - ok 18:38:59.0074 5188 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 18:38:59.0114 5188 NlaSvc - ok 18:38:59.0234 5188 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe 18:38:59.0284 5188 NOBU - ok 18:38:59.0304 5188 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 18:38:59.0344 5188 Npfs - ok 18:38:59.0374 5188 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 18:38:59.0404 5188 nsi - ok 18:38:59.0424 5188 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 18:38:59.0484 5188 nsiproxy - ok 18:38:59.0544 5188 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 18:38:59.0584 5188 Ntfs - ok 18:38:59.0624 5188 [ 1873214666F6F0A883742DF91FBC48C9 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe 18:38:59.0634 5188 NTI IScheduleSvc - ok 18:38:59.0674 5188 [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys 18:38:59.0694 5188 NTIDrvr - ok 18:38:59.0704 5188 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 18:38:59.0754 5188 Null - ok 18:38:59.0794 5188 [ 10204955027011E08A9DC27737A48A54 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 18:38:59.0824 5188 NVHDA - ok 18:38:59.0874 5188 [ 15605CC0B7B237D61DC8FA8D343D8359 ] nvkflt C:\Windows\system32\DRIVERS\nvkflt.sys 18:38:59.0884 5188 nvkflt - ok 18:39:00.0104 5188 [ 45DA83C70A95E35AF2BD0E9A7E7C2E85 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 18:39:00.0434 5188 nvlddmkm - ok 18:39:00.0484 5188 [ BF74A50ABA7F3396B33FEF9CD039601E ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys 18:39:00.0494 5188 nvpciflt - ok 18:39:00.0524 5188 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 18:39:00.0534 5188 nvraid - ok 18:39:00.0554 5188 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 18:39:00.0564 5188 nvstor - ok 18:39:00.0634 5188 [ 2F8DD53A00131F9DCDC8FFFD6BB67DB0 ] nvsvc C:\Windows\system32\nvvsvc.exe 18:39:00.0674 5188 nvsvc - ok 18:39:00.0764 5188 [ C97CC4B1A00E94494093C08A39BC33FC ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 18:39:00.0824 5188 nvUpdatusService - ok 18:39:00.0844 5188 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 18:39:00.0864 5188 nv_agp - ok 18:39:00.0864 5188 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 18:39:00.0894 5188 ohci1394 - ok 18:39:00.0934 5188 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 18:39:01.0004 5188 p2pimsvc - ok 18:39:01.0044 5188 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 18:39:01.0064 5188 p2psvc - ok 18:39:01.0094 5188 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 18:39:01.0124 5188 Parport - ok 18:39:01.0144 5188 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 18:39:01.0164 5188 partmgr - ok 18:39:01.0164 5188 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 18:39:01.0204 5188 PcaSvc - ok 18:39:01.0224 5188 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 18:39:01.0234 5188 pci - ok 18:39:01.0254 5188 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 18:39:01.0264 5188 pciide - ok 18:39:01.0284 5188 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 18:39:01.0304 5188 pcmcia - ok 18:39:01.0314 5188 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 18:39:01.0324 5188 pcw - ok 18:39:01.0354 5188 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 18:39:01.0434 5188 PEAUTH - ok 18:39:01.0494 5188 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 18:39:01.0534 5188 PerfHost - ok 18:39:01.0594 5188 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 18:39:01.0694 5188 pla - ok 18:39:01.0744 5188 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 18:39:01.0834 5188 PlugPlay - ok 18:39:01.0864 5188 PnkBstrA - ok 18:39:01.0874 5188 PnkBstrB - ok 18:39:01.0904 5188 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 18:39:01.0934 5188 PNRPAutoReg - ok 18:39:01.0974 5188 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 18:39:01.0994 5188 PNRPsvc - ok 18:39:02.0024 5188 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 18:39:02.0074 5188 PolicyAgent - ok 18:39:02.0124 5188 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 18:39:02.0194 5188 Power - ok 18:39:02.0224 5188 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 18:39:02.0294 5188 PptpMiniport - ok 18:39:02.0314 5188 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 18:39:02.0344 5188 Processor - ok 18:39:02.0384 5188 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 18:39:02.0414 5188 ProfSvc - ok 18:39:02.0434 5188 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 18:39:02.0444 5188 ProtectedStorage - ok 18:39:02.0484 5188 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 18:39:02.0534 5188 Psched - ok 18:39:02.0584 5188 [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe 18:39:02.0594 5188 PSI_SVC_2 - ok 18:39:02.0644 5188 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 18:39:02.0674 5188 ql2300 - ok 18:39:02.0714 5188 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 18:39:02.0724 5188 ql40xx - ok 18:39:02.0744 5188 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 18:39:02.0774 5188 QWAVE - ok 18:39:02.0784 5188 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 18:39:02.0824 5188 QWAVEdrv - ok 18:39:02.0844 5188 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 18:39:02.0894 5188 RasAcd - ok 18:39:02.0944 5188 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 18:39:02.0984 5188 RasAgileVpn - ok 18:39:03.0004 5188 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 18:39:03.0064 5188 RasAuto - ok 18:39:03.0094 5188 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 18:39:03.0164 5188 Rasl2tp - ok 18:39:03.0204 5188 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 18:39:03.0264 5188 RasMan - ok 18:39:03.0294 5188 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 18:39:03.0374 5188 RasPppoe - ok 18:39:03.0404 5188 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 18:39:03.0454 5188 RasSstp - ok 18:39:03.0494 5188 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 18:39:03.0544 5188 rdbss - ok 18:39:03.0574 5188 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 18:39:03.0614 5188 rdpbus - ok 18:39:03.0634 5188 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 18:39:03.0674 5188 RDPCDD - ok 18:39:03.0714 5188 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 18:39:03.0764 5188 RDPENCDD - ok 18:39:03.0774 5188 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 18:39:03.0804 5188 RDPREFMP - ok 18:39:03.0834 5188 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 18:39:03.0884 5188 RDPWD - ok 18:39:03.0914 5188 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 18:39:03.0924 5188 rdyboost - ok 18:39:03.0954 5188 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 18:39:04.0024 5188 RemoteAccess - ok 18:39:04.0064 5188 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 18:39:04.0114 5188 RemoteRegistry - ok 18:39:04.0184 5188 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 18:39:04.0254 5188 RFCOMM - ok 18:39:04.0274 5188 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 18:39:04.0334 5188 RpcEptMapper - ok 18:39:04.0364 5188 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 18:39:04.0404 5188 RpcLocator - ok 18:39:04.0444 5188 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 18:39:04.0484 5188 RpcSs - ok 18:39:04.0524 5188 [ D5C3E1629A3F7F0857D27949252B94CE ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys 18:39:04.0544 5188 RSPCIESTOR - ok 18:39:04.0574 5188 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 18:39:04.0614 5188 rspndr - ok 18:39:04.0664 5188 [ 7CB9F0FDD730F4A4ECF6CDE15EA12E8A ] RS_Service C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe 18:39:04.0684 5188 RS_Service - ok 18:39:04.0694 5188 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 18:39:04.0704 5188 SamSs - ok 18:39:04.0724 5188 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 18:39:04.0734 5188 sbp2port - ok 18:39:04.0794 5188 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 18:39:04.0834 5188 SCardSvr - ok 18:39:04.0874 5188 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 18:39:04.0934 5188 scfilter - ok 18:39:04.0964 5188 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 18:39:05.0044 5188 Schedule - ok 18:39:05.0074 5188 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 18:39:05.0104 5188 SCPolicySvc - ok 18:39:05.0134 5188 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 18:39:05.0194 5188 SDRSVC - ok 18:39:05.0234 5188 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 18:39:05.0274 5188 secdrv - ok 18:39:05.0304 5188 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 18:39:05.0344 5188 seclogon - ok 18:39:05.0374 5188 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 18:39:05.0434 5188 SENS - ok 18:39:05.0474 5188 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 18:39:05.0524 5188 SensrSvc - ok 18:39:05.0544 5188 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 18:39:05.0574 5188 Serenum - ok 18:39:05.0614 5188 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 18:39:05.0644 5188 Serial - ok 18:39:05.0674 5188 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 18:39:05.0704 5188 sermouse - ok 18:39:05.0754 5188 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 18:39:05.0794 5188 SessionEnv - ok 18:39:05.0834 5188 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 18:39:05.0874 5188 sffdisk - ok 18:39:05.0874 5188 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 18:39:05.0904 5188 sffp_mmc - ok 18:39:05.0934 5188 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 18:39:05.0974 5188 sffp_sd - ok 18:39:05.0994 5188 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 18:39:06.0024 5188 sfloppy - ok 18:39:06.0064 5188 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 18:39:06.0124 5188 SharedAccess - ok 18:39:06.0174 5188 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 18:39:06.0234 5188 ShellHWDetection - ok 18:39:06.0274 5188 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 18:39:06.0294 5188 SiSRaid2 - ok 18:39:06.0314 5188 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 18:39:06.0334 5188 SiSRaid4 - ok 18:39:06.0424 5188 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 18:39:06.0434 5188 SkypeUpdate - ok 18:39:06.0464 5188 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 18:39:06.0544 5188 Smb - ok 18:39:06.0584 5188 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 18:39:06.0614 5188 SNMPTRAP - ok 18:39:06.0644 5188 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 18:39:06.0664 5188 spldr - ok 18:39:06.0694 5188 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 18:39:06.0734 5188 Spooler - ok 18:39:06.0794 5188 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 18:39:06.0884 5188 sppsvc - ok 18:39:06.0914 5188 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 18:39:06.0944 5188 sppuinotify - ok 18:39:06.0964 5188 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 18:39:07.0024 5188 srv - ok 18:39:07.0054 5188 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 18:39:07.0094 5188 srv2 - ok 18:39:07.0124 5188 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 18:39:07.0144 5188 srvnet - ok 18:39:07.0224 5188 [ 4C26CD40C0CE9B443E9D35401B2154BA ] SrvUpdater C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe 18:39:07.0254 5188 SrvUpdater ( UnsignedFile.Multi.Generic ) - warning 18:39:07.0254 5188 SrvUpdater - detected UnsignedFile.Multi.Generic (1) 18:39:07.0294 5188 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 18:39:07.0354 5188 SSDPSRV - ok 18:39:07.0374 5188 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 18:39:07.0424 5188 SstpSvc - ok 18:39:07.0484 5188 [ 10A745E5D91DF62E7F0E7AC6401632A9 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 18:39:07.0504 5188 Stereo Service - ok 18:39:07.0524 5188 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 18:39:07.0524 5188 stexstor - ok 18:39:07.0574 5188 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 18:39:07.0624 5188 stisvc - ok 18:39:07.0664 5188 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 18:39:07.0674 5188 swenum - ok 18:39:07.0704 5188 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 18:39:07.0764 5188 swprv - ok 18:39:07.0834 5188 [ B49FA98AFAD439CD7E33164C3A19BB88 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 18:39:07.0874 5188 SynTP - ok 18:39:07.0924 5188 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 18:39:07.0984 5188 SysMain - ok 18:39:08.0004 5188 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 18:39:08.0054 5188 TabletInputService - ok 18:39:08.0104 5188 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 18:39:08.0134 5188 TapiSrv - ok 18:39:08.0154 5188 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 18:39:08.0214 5188 TBS - ok 18:39:08.0284 5188 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 18:39:08.0324 5188 Tcpip - ok 18:39:08.0354 5188 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 18:39:08.0394 5188 TCPIP6 - ok 18:39:08.0434 5188 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 18:39:08.0444 5188 tcpipreg - ok 18:39:08.0474 5188 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 18:39:08.0534 5188 TDPIPE - ok 18:39:08.0554 5188 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 18:39:08.0574 5188 TDTCP - ok 18:39:08.0594 5188 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 18:39:08.0614 5188 tdx - ok 18:39:08.0634 5188 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 18:39:08.0644 5188 TermDD - ok 18:39:08.0684 5188 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 18:39:08.0754 5188 TermService - ok 18:39:08.0774 5188 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 18:39:08.0784 5188 Themes - ok 18:39:08.0804 5188 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 18:39:08.0844 5188 THREADORDER - ok 18:39:08.0864 5188 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 18:39:08.0904 5188 TrkWks - ok 18:39:08.0954 5188 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 18:39:08.0994 5188 TrustedInstaller - ok 18:39:09.0014 5188 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 18:39:09.0094 5188 tssecsrv - ok 18:39:09.0134 5188 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 18:39:09.0204 5188 TsUsbFlt - ok 18:39:09.0234 5188 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 18:39:09.0264 5188 TsUsbGD - ok 18:39:09.0314 5188 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 18:39:09.0384 5188 tunnel - ok 18:39:09.0404 5188 [ 48743B69EA47C020A792D8649F753F44 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys 18:39:09.0414 5188 TurboB - ok 18:39:09.0484 5188 [ 759F59E3EA3802FF23F93DCDB6FE9171 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe 18:39:09.0494 5188 TurboBoost - ok 18:39:09.0524 5188 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 18:39:09.0544 5188 uagp35 - ok 18:39:09.0564 5188 [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper C:\Windows\system32\drivers\UBHelper.sys 18:39:09.0564 5188 UBHelper - ok 18:39:09.0584 5188 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 18:39:09.0654 5188 udfs - ok 18:39:09.0694 5188 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 18:39:09.0714 5188 UI0Detect - ok 18:39:09.0734 5188 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 18:39:09.0754 5188 uliagpkx - ok 18:39:09.0804 5188 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 18:39:09.0834 5188 umbus - ok 18:39:09.0874 5188 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 18:39:09.0914 5188 UmPass - ok 18:39:10.0044 5188 [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 18:39:10.0094 5188 UNS - ok 18:39:10.0124 5188 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 18:39:10.0174 5188 upnphost - ok 18:39:10.0214 5188 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 18:39:10.0234 5188 usbccgp - ok 18:39:10.0254 5188 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 18:39:10.0274 5188 usbcir - ok 18:39:10.0284 5188 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 18:39:10.0324 5188 usbehci - ok 18:39:10.0354 5188 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys 18:39:10.0394 5188 usbhub - ok 18:39:10.0424 5188 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 18:39:10.0454 5188 usbohci - ok 18:39:10.0474 5188 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 18:39:10.0524 5188 usbprint - ok 18:39:10.0554 5188 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 18:39:10.0584 5188 usbscan - ok 18:39:10.0614 5188 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:39:10.0674 5188 USBSTOR - ok 18:39:10.0694 5188 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 18:39:10.0724 5188 usbuhci - ok 18:39:10.0774 5188 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 18:39:10.0794 5188 usbvideo - ok 18:39:10.0824 5188 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 18:39:10.0904 5188 UxSms - ok 18:39:10.0934 5188 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 18:39:10.0954 5188 VaultSvc - ok 18:39:10.0974 5188 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 18:39:10.0994 5188 vdrvroot - ok 18:39:11.0014 5188 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 18:39:11.0094 5188 vds - ok 18:39:11.0154 5188 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 18:39:11.0174 5188 vga - ok 18:39:11.0214 5188 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 18:39:11.0284 5188 VgaSave - ok 18:39:11.0324 5188 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 18:39:11.0344 5188 vhdmp - ok 18:39:11.0354 5188 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 18:39:11.0364 5188 viaide - ok 18:39:11.0394 5188 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 18:39:11.0414 5188 volmgr - ok 18:39:11.0444 5188 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 18:39:11.0464 5188 volmgrx - ok 18:39:11.0494 5188 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 18:39:11.0504 5188 volsnap - ok 18:39:11.0534 5188 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 18:39:11.0554 5188 vsmraid - ok 18:39:11.0604 5188 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 18:39:11.0674 5188 VSS - ok 18:39:11.0684 5188 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 18:39:11.0724 5188 vwifibus - ok 18:39:11.0754 5188 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 18:39:11.0794 5188 vwififlt - ok 18:39:11.0834 5188 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 18:39:11.0864 5188 vwifimp - ok 18:39:11.0894 5188 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 18:39:11.0934 5188 W32Time - ok 18:39:11.0964 5188 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 18:39:12.0004 5188 WacomPen - ok 18:39:12.0054 5188 [ 4AA2CC5979AFF984227364F2C23B04F3 ] WajamUpdater C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe 18:39:12.0084 5188 WajamUpdater ( UnsignedFile.Multi.Generic ) - warning 18:39:12.0084 5188 WajamUpdater - detected UnsignedFile.Multi.Generic (1) 18:39:12.0124 5188 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 18:39:12.0194 5188 WANARP - ok 18:39:12.0194 5188 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 18:39:12.0244 5188 Wanarpv6 - ok 18:39:12.0314 5188 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 18:39:12.0394 5188 wbengine - ok 18:39:12.0414 5188 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 18:39:12.0444 5188 WbioSrvc - ok 18:39:12.0474 5188 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 18:39:12.0524 5188 wcncsvc - ok 18:39:12.0554 5188 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 18:39:12.0624 5188 WcsPlugInService - ok 18:39:12.0644 5188 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 18:39:12.0664 5188 Wd - ok 18:39:12.0704 5188 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 18:39:12.0744 5188 Wdf01000 - ok 18:39:12.0764 5188 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 18:39:12.0854 5188 WdiServiceHost - ok 18:39:12.0854 5188 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 18:39:12.0884 5188 WdiSystemHost - ok 18:39:12.0944 5188 [ D75398987C968DCBABC411E08029E387 ] Web Assistant Updater C:\Program Files\Web Assistant\ExtensionUpdaterService.exe 18:39:12.0964 5188 Web Assistant Updater - ok 18:39:12.0994 5188 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 18:39:13.0034 5188 WebClient - ok 18:39:13.0074 5188 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 18:39:13.0144 5188 Wecsvc - ok 18:39:13.0174 5188 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 18:39:13.0204 5188 wercplsupport - ok 18:39:13.0244 5188 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 18:39:13.0274 5188 WerSvc - ok 18:39:13.0314 5188 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 18:39:13.0354 5188 WfpLwf - ok 18:39:13.0374 5188 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 18:39:13.0384 5188 WIMMount - ok 18:39:13.0394 5188 WinHttpAutoProxySvc - ok 18:39:13.0454 5188 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 18:39:13.0504 5188 Winmgmt - ok 18:39:13.0564 5188 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 18:39:13.0644 5188 WinRM - ok 18:39:13.0694 5188 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 18:39:13.0744 5188 WinUsb - ok 18:39:13.0804 5188 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 18:39:13.0854 5188 Wlansvc - ok 18:39:13.0924 5188 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 18:39:13.0934 5188 wlcrasvc - ok 18:39:14.0014 5188 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 18:39:14.0074 5188 wlidsvc - ok 18:39:14.0114 5188 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 18:39:14.0164 5188 WmiAcpi - ok 18:39:14.0194 5188 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 18:39:14.0234 5188 wmiApSrv - ok 18:39:14.0284 5188 WMPNetworkSvc - ok 18:39:14.0324 5188 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 18:39:14.0354 5188 WPCSvc - ok 18:39:14.0384 5188 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 18:39:14.0424 5188 WPDBusEnum - ok 18:39:14.0454 5188 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 18:39:14.0484 5188 ws2ifsl - ok 18:39:14.0494 5188 WSearch - ok 18:39:14.0564 5188 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 18:39:14.0624 5188 wuauserv - ok 18:39:14.0664 5188 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 18:39:14.0714 5188 WudfPf - ok 18:39:14.0784 5188 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 18:39:14.0824 5188 WUDFRd - ok 18:39:14.0864 5188 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 18:39:14.0904 5188 wudfsvc - ok 18:39:14.0944 5188 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll 18:39:15.0004 5188 WwanSvc - ok 18:39:15.0094 5188 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe 18:39:15.0114 5188 YahooAUService - ok 18:39:15.0164 5188 ================ Scan global =============================== 18:39:15.0174 5188 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 18:39:15.0204 5188 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 18:39:15.0214 5188 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 18:39:15.0234 5188 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 18:39:15.0274 5188 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 18:39:15.0274 5188 [Global] - ok 18:39:15.0274 5188 ================ Scan MBR ================================== 18:39:15.0294 5188 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 18:39:16.0174 5188 \Device\Harddisk0\DR0 - ok 18:39:16.0174 5188 ================ Scan VBR ================================== 18:39:16.0204 5188 [ 679D715B23BA8C2EE4E89FE582278FB6 ] \Device\Harddisk0\DR0\Partition1 18:39:16.0204 5188 \Device\Harddisk0\DR0\Partition1 - ok 18:39:16.0224 5188 [ BCA9FF0C05C60EC7E70339753C2F0646 ] \Device\Harddisk0\DR0\Partition2 18:39:16.0224 5188 \Device\Harddisk0\DR0\Partition2 - ok 18:39:16.0224 5188 ============================================================ 18:39:16.0224 5188 Scan finished 18:39:16.0224 5188 ============================================================ 18:39:16.0244 10660 Detected object count: 6 18:39:16.0244 10660 Actual detected object count: 6 18:39:51.0144 10660 AtherosSvc ( UnsignedFile.Multi.Generic ) - skipped by user 18:39:51.0144 10660 AtherosSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:39:51.0144 10660 EPSON_EB_RPCV4_04 ( UnsignedFile.Multi.Generic ) - skipped by user 18:39:51.0144 10660 EPSON_EB_RPCV4_04 ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:39:51.0154 10660 EPSON_PM_RPCV4_04 ( UnsignedFile.Multi.Generic ) - skipped by user 18:39:51.0154 10660 EPSON_PM_RPCV4_04 ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:39:51.0154 10660 GREGService ( UnsignedFile.Multi.Generic ) - skipped by user 18:39:51.0154 10660 GREGService ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:39:51.0164 10660 SrvUpdater ( UnsignedFile.Multi.Generic ) - skipped by user 18:39:51.0164 10660 SrvUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:39:51.0164 10660 WajamUpdater ( UnsignedFile.Multi.Generic ) - skipped by user 18:39:51.0164 10660 WajamUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
20.05.2013, 19:21
| #12 |
| /// Malware-holic | GVU Trojaner Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.05.2013, 19:38
| #13 |
| | GVU Trojaner hi also hab die Combofix instaliert virenschutzprograme ausgeschaltet und laufengelasen kam keine fehlermeldung aber ich hab auch kein file erhalten... was nun?? |
|
20.05.2013, 19:42
| #14 |
| /// Malware-holic | GVU Trojaner so schnell kanns eigendlich nich fertig sein, machs noch mal und gucke mal wie weit es geht bitte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.05.2013, 20:53
| #15 |
| | GVU Trojaner so jetzt aber also habs noch mal laufen lassen es sind sehr oft folgende meldungen gekommen Freeware implementation of REG.EXE funktioniert nicht mehr Freeware implementation of SC.EXE funktioniert nicht mehr pev.3EXE funktioniert nicht mehr Handle viewer funktioniert nicht mehr |
|
| Themen zu GVU Trojaner |
| alles weg, bereits, fenster, funktioniert, gefunde, gvu trojaner, internet, langsam, laptop, malware, meldung, modus, nichts, pup.adware.agent, pup.adware.mediaget, pup.datamngr, pup.installbrain, pup.loadtubes, rogue.link, runtergeladen, scaner, sehr langsam, troja, trojan.zbot.fv, trojaner, vermute |
WARNUNG an die MITLESER: 
Linear-Darstellung
