| |
| |||||||
Log-Analyse und Auswertung: GVU-Trojaner mit WebcamWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.07.2012, 17:06
| #1 |
| |  GVU-Trojaner mit Webcam Hallo zusammen, habe mir den allseits-bekannten GVU-Trojaner in einem Fußball-Video (!!!) eingefangen. Pc funktioniert wieder einwandfrei, Malewarebytes hat eine infizierte Datei gefunden, die ich sofort gelöscht hab (da in TEMP-Ordner). Betriebssystem ist Windows 7 64bit. Log-Datei von Malewarebytes ist angehängt. Vielen Dank Schonmal!  |
|
04.07.2012, 19:10
| #2 |
| /// Malware-holic   | GVU-Trojaner mit Webcam Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
04.07.2012, 19:27
| #3 |
| | GVU-Trojaner mit Webcam Hallo, danke für die schnelle Antwort!
__________________Hier die Log-Dateien: otl.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.07.2012 20:14:05 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Thomas\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,23 Gb Available Physical Memory | 77,99% Memory free 15,96 Gb Paging File | 13,68 Gb Available in Paging File | 85,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,69 Gb Total Space | 24,32 Gb Free Space | 21,77% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 10,74 Gb Free Space | 4,61% Space Free | Partition Type: NTFS Computer Name: THOMAS-PC | User Name: Thomas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.04 20:12:31 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe PRC - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.04.30 22:48:35 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.04.17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.03.30 04:18:51 | 003,537,920 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Program Files (x86)\Hardcopy\hardcopy.exe PRC - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2012.01.19 11:06:50 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe PRC - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.12.05 14:34:56 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe PRC - [2011.09.01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe PRC - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.11.05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe ========== Modules (No Company Name) ========== MOD - [2012.06.15 08:28:21 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll MOD - [2012.06.14 08:19:15 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012.06.14 08:19:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.14 08:18:57 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.11 08:33:22 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll MOD - [2012.05.11 08:30:39 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.11 08:30:38 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll MOD - [2012.05.11 08:30:15 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.11 08:30:12 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.11 08:30:10 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.11 08:30:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.11 08:30:07 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.04.17 15:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll MOD - [2012.04.17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe MOD - [2012.04.17 15:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll MOD - [2012.04.17 15:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll MOD - [2012.04.17 15:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll MOD - [2012.04.17 15:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll MOD - [2012.04.17 15:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll MOD - [2012.04.17 15:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll MOD - [2012.04.17 15:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll MOD - [2012.03.21 14:10:22 | 002,941,440 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDllS.dll MOD - [2012.03.09 09:46:20 | 000,110,080 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDLL2_36_Win32.dll MOD - [2012.02.20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.01.19 11:06:50 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe MOD - [2012.01.07 10:54:16 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hardcopy_04.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.04 17:58:06 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2011.05.24 23:03:38 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.06.17 10:26:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.04.30 22:48:35 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.04.04 21:08:12 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.05 14:34:56 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011.09.01 03:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0) SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.01.18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C310(UVC) DRV:64bit: - [2012.01.18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2011.10.24 18:39:54 | 000,066,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt) DRV:64bit: - [2011.08.01 15:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.05.25 00:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.05.24 22:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.03.30 14:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.08 13:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011.02.08 13:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010.06.23 17:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.03.23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.03.19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.10.07 14:48:28 | 000,024,560 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLBStor.sys -- (CLBStor) DRV:64bit: - [2009.10.07 14:48:26 | 000,376,304 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\CLBUDF.sys -- (CLBUDF) DRV:64bit: - [2009.07.14 16:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.04.10 12:58:52 | 000,014,720 | ---- | M] (ROCCAT Development, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ValoFltr.sys -- (ValFltr) DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV - [2011.10.15 14:40:27 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Users\Thomas\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys -- (WinRing0_1_2_0) DRV - [2010.01.19 16:10:38 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/10/17 14:17:58] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD}) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CD C4 8B 88 F7 89 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 10:26:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.20 12:51:34 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 10:26:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.20 12:51:34 | 000,000,000 | ---D | M] [2011.12.26 18:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions [2011.12.26 18:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.05.02 19:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\evgnoy8d.default\extensions [2012.06.15 08:16:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.15 08:16:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.06.17 10:26:20 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.01.07 23:58:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.07 23:58:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.07 23:58:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.07 23:58:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.07 23:58:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.07 23:58:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk = C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.7.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{088E31CA-7CEA-497B-9BC2-A354B4EB49F4}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13B5FBCC-D6F6-4C0E-B291-C89DF70748B7}: NameServer = 192.168.111.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A565CC81-69B4-44AB-965B-D6DFE1DCDE06}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf) O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0dbf91d2-f8a7-11e0-a68f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0dbf91d2-f8a7-11e0-a68f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\BD-COMBO.exe O33 - MountPoints2\{5a3282c0-f693-11e0-8d04-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5a3282c0-f693-11e0-8d04-806e6f6e6963}\Shell\AutoRun\command - "" = G:\SETUP.EXE O33 - MountPoints2\{5a3282c0-f693-11e0-8d04-806e6f6e6963}\Shell\configure\command - "" = G:\SETUP.EXE O33 - MountPoints2\{5a3282c0-f693-11e0-8d04-806e6f6e6963}\Shell\install\command - "" = G:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: BDRegion - hkey= - key= - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: EADM - hkey= - key= - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) MsConfig:64bit - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) MsConfig:64bit - StartUpReg: InstantBurn - hkey= - key= - C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe (CyberLink Corporation.) MsConfig:64bit - StartUpReg: IntelliPoint - hkey= - key= - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: LaCie EDBrowser Startup - hkey= - key= - C:\Program Files (x86)\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe (LaCie SA) MsConfig:64bit - StartUpReg: LaCie Ethernet Agent Startup - hkey= - key= - C:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exe (LaCie SA) MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) MsConfig:64bit - StartUpReg: Name of App - hkey= - key= - C:\Program Files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe ( ) MsConfig:64bit - StartUpReg: RemoteControl9 - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) MsConfig:64bit - StartUpReg: RGSC - hkey= - key= - File not found MsConfig:64bit - StartUpReg: RoccatValo - hkey= - key= - C:\Program Files (x86)\ROCCAT\Valo Keyboard\ValoMonitor.EXE (ROCCAT) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - D:\Spiele\Valve\Steam\steam.exe (Valve Corporation) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) MsConfig:64bit - StartUpReg: UpdatePPShortCut - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig:64bit - StartUpReg: UpdatePSTShortCut - hkey= - key= - C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.07.04 20:12:29 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe [2012.07.04 17:20:56 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes [2012.07.04 17:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.04 17:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.04 17:20:48 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.04 17:20:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.04 17:05:58 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E858A700048FE400244E3CB4EB2331 [2012.07.04 17:05:55 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Iczyb [2012.07.04 17:05:55 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Doofwa [2012.06.19 13:21:22 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2012.06.19 13:20:58 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\Htc [2012.06.19 13:20:46 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\HTC [2012.06.19 13:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync [2012.06.19 13:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC [2012.06.19 13:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications [2012.06.19 13:20:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC [2012.06.17 18:13:58 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\Buch [2012.06.17 10:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.06.17 10:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.06.17 10:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.06.17 10:39:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.06.15 08:20:30 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\Macromedia [2012.06.12 15:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.06.12 15:29:49 | 000,000,000 | ---D | C] -- C:\glassfish3 [2012.06.12 15:25:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eclipse [2012.06.05 17:01:42 | 000,000,000 | --SD | C] -- C:\Users\Thomas\Documents\Meine Shapes [2011.10.17 14:08:19 | 001,531,392 | ---- | C] (Toshiba Samsung Storage Technology Corporation) -- C:\Users\Thomas\AppData\Roaming\tsdnwin.dll [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.04 20:15:19 | 001,628,660 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.04 20:15:19 | 000,702,486 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.04 20:15:19 | 000,657,198 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.04 20:15:19 | 000,150,182 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.04 20:15:19 | 000,122,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.04 20:12:31 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe [2012.07.04 20:10:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.04 20:10:31 | 2133,852,159 | -HS- | M] () -- C:\hiberfil.sys [2012.07.04 17:58:43 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.04 17:58:43 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.04 17:50:58 | 000,000,020 | ---- | M] () -- C:\Users\Thomas\defogger_reenable [2012.07.04 17:22:38 | 000,001,344 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012.07.04 17:09:12 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad [2012.06.17 11:49:23 | 000,052,396 | ---- | M] () -- C:\Users\Thomas\Desktop\TicketMachine - Quittung.pdf [2012.06.17 11:48:40 | 000,204,651 | ---- | M] () -- C:\Users\Thomas\Desktop\Tickets-Kaltenberger-Ritterturnier.pdf [2012.06.14 08:18:34 | 000,433,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.04 17:50:58 | 000,000,020 | ---- | C] () -- C:\Users\Thomas\defogger_reenable [2012.07.04 17:05:46 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad [2012.06.17 11:49:23 | 000,052,396 | ---- | C] () -- C:\Users\Thomas\Desktop\TicketMachine - Quittung.pdf [2012.06.17 11:48:39 | 000,204,651 | ---- | C] () -- C:\Users\Thomas\Desktop\Tickets-Kaltenberger-Ritterturnier.pdf [2012.04.20 13:30:09 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.01.19 22:20:16 | 000,007,605 | ---- | C] () -- C:\Users\Thomas\AppData\Local\Resmon.ResmonCfg [2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2012.01.15 20:21:54 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\HWLMSET2PS.dll [2012.01.11 15:26:48 | 000,002,048 | -HS- | C] () -- C:\Users\Thomas\AppData\Local\{f823a6bb-9ce9-8270-7ddb-420c01e30a24}\@ [2011.11.17 14:01:24 | 001,064,960 | ---- | C] () -- C:\Windows\SysWow64\h5krnl32.dll [2011.11.17 14:01:24 | 000,188,928 | ---- | C] () -- C:\Windows\SysWow64\h5icon32.dll [2011.11.17 14:01:24 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\h5menu32.dll [2011.11.17 14:01:24 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\h5rtf32.dll [2011.11.17 14:01:24 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\h5tool32.dll [2011.10.26 17:02:49 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.10.26 17:02:49 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.10.17 16:17:36 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2011.10.17 14:06:15 | 000,000,447 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\SamsungLiveUpdateConfig.ini [2011.10.14 20:21:17 | 001,605,618 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.10.14 00:51:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.22 19:08:56 | 003,902,976 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll [2011.08.22 21:07:48 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.08.22 21:07:02 | 000,158,208 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll [2011.08.22 21:07:00 | 000,259,584 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll [2011.08.22 21:06:30 | 001,524,224 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll [2011.08.22 21:06:30 | 000,211,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll [2011.08.22 21:06:30 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll [2011.08.22 21:06:28 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll [2011.08.22 21:06:28 | 000,113,664 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll [2011.08.22 21:06:26 | 000,145,920 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll [2011.08.22 21:06:26 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll [2011.05.30 15:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.05.23 09:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.03 13:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll [2011.03.03 13:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll [2011.03.03 13:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll [2011.03.03 13:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll [2011.03.03 13:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe [2011.03.03 13:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll [2011.03.03 13:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll [2011.03.03 13:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll [2011.03.03 13:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe [2011.03.03 13:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll [2011.03.03 13:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe [2011.03.03 13:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll [2011.03.03 13:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll [2010.08.18 21:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini ========== LOP Check ========== [2012.01.29 16:05:27 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.10.14 22:27:37 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DAEMON Tools Lite [2012.07.04 17:06:01 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Doofwa [2012.07.04 20:11:20 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Dropbox [2012.01.22 13:26:51 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\FreePDF [2012.06.19 13:20:59 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\HTC [2012.06.19 13:21:22 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2012.07.04 17:05:55 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Iczyb [2011.10.16 21:16:51 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\LaCie [2011.12.26 18:36:08 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Leadertech [2012.02.08 00:14:50 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mp3DirectCut [2011.10.26 16:22:10 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Origin [2012.04.18 22:18:45 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\PunkBuster [2011.10.17 16:22:19 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Red Alert 3 [2012.06.20 16:13:09 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\SAP [2012.04.20 12:53:57 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Sparx Systems [2011.12.23 21:39:27 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\streamripper [2012.01.15 20:25:58 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TeamViewer [2012.01.03 14:45:55 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TomTom [2011.12.08 17:12:00 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TS3Client [2012.02.16 21:55:43 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\WDC [2012.05.04 19:57:20 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.10.15 15:21:54 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.10.14 00:05:19 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.06.12 15:31:49 | 000,000,000 | ---D | M] -- C:\glassfish3 [2011.10.14 00:45:35 | 000,000,000 | ---D | M] -- C:\Intel [2012.07.04 18:11:16 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.06.17 10:39:31 | 000,000,000 | R--D | M] -- C:\Program Files [2012.07.04 17:20:48 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.07.04 17:20:49 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.10.14 00:05:19 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.07.04 20:15:26 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.04.20 12:43:17 | 000,000,000 | ---D | M] -- C:\Taskleiste [2011.10.15 15:21:50 | 000,000,000 | R--D | M] -- C:\Users [2012.07.04 18:11:17 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe < MD5 for: IASTOR.SYS > [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 05:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 05:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 05:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 05:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 05:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 05:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 04:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 04:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 05:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 05:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2012.07.04 17:50:58 | 000,000,020 | ---- | M] () -- C:\Users\Thomas\defogger_reenable [2012.07.04 20:17:01 | 004,456,448 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat [2012.07.04 20:17:01 | 000,262,144 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat.LOG1 [2011.10.14 00:05:22 | 000,000,000 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat.LOG2 [2011.10.14 00:07:16 | 000,065,536 | -HS- | M] () -- C:\Users\Thomas\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011.10.14 00:07:16 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011.10.14 00:07:16 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.07.04 17:45:18 | 000,065,536 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat{8c519064-c5ea-11e1-abfe-002522ce0da1}.TM.blf [2012.07.04 17:45:18 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat{8c519064-c5ea-11e1-abfe-002522ce0da1}.TMContainer00000000000000000001.regtrans-ms [2012.07.04 17:45:18 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat{8c519064-c5ea-11e1-abfe-002522ce0da1}.TMContainer00000000000000000002.regtrans-ms [2011.10.14 00:05:22 | 000,000,020 | -HS- | M] () -- C:\Users\Thomas\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.07.2012 20:14:05 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Thomas\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 6,23 Gb Available Physical Memory | 77,99% Memory free
15,96 Gb Paging File | 13,68 Gb Available in Paging File | 85,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 24,32 Gb Free Space | 21,77% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 10,74 Gb Free Space | 4,61% Space Free | Partition Type: NTFS
Computer Name: THOMAS-PC | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CBD55B4-3CD6-4E65-A262-67FA73BCB7B5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{119EE193-F963-4704-BD6D-AA9A43D0ECB1}" = lport=139 | protocol=6 | dir=in | app=system |
"{14CF6324-FB89-4656-AC72-ED83D78CCB50}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{202FFE1E-8FAF-4A7B-B2CD-14498CE56981}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{28BF0C22-91CE-42AC-BC7C-AE3A9954C0E9}" = rport=137 | protocol=17 | dir=out | app=system |
"{2FCEF182-E388-42A8-A5DA-E5096F5DF611}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{351074DC-EEEC-4C23-9460-B92EAABE8A42}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{38DDB2F7-7562-4048-AB42-053FB409FC39}" = lport=445 | protocol=6 | dir=in | app=system |
"{3D0B037E-A159-42F8-A9BD-EB3B7DC5DDF2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{402BF573-088D-458A-A34A-1890F54BC64B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{54724B11-D423-4BEB-95B0-020C063AD970}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{67BA9049-AB41-4C84-916E-AD641FECC082}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{68796D20-8BA3-42AB-922B-98F97C1EA762}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{728FA9FD-3348-4531-BA13-05C0F9090971}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7C6073C3-1A52-47AB-B03E-C96FE616F7BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{96541E23-434F-4BB7-8C0F-03BBC78D31C5}" = rport=138 | protocol=17 | dir=out | app=system |
"{A5D0E42D-F501-4246-AD87-3DB5D91823E7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A9B8AFBD-8C94-4BE6-82A7-8B5A97728A4A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AB1BD635-A0AC-4CDF-980A-653040286690}" = rport=445 | protocol=6 | dir=out | app=system |
"{BDE9E253-22A6-4168-A7C0-1D559D932E9E}" = lport=137 | protocol=17 | dir=in | app=system |
"{C7B14868-B220-46D0-8E60-B7780CA14FE2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C8A5BB41-4785-4472-9166-FF76490A7866}" = lport=138 | protocol=17 | dir=in | app=system |
"{CD13D333-6DE3-4D9C-9BD3-78DD600EB1F4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CD2F1C26-E156-41AA-96CF-8CB2318AB9B4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F2A1FECD-6C8F-4433-9238-01A04EC18447}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F8EB1505-898C-4C63-84C1-89AE35F35053}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D36B7D-1BF4-4759-B65F-3836EEDBAA86}" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe |
"{02EFD8F1-E251-464C-AD36-563E868DF3A6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{080C124D-5640-40F6-81EE-31618A9D31C4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{087473C5-A83D-45BA-B20A-174171A6CE9F}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe |
"{08A6B61A-698F-49AC-B3C7-06E82EB0E244}" = protocol=6 | dir=in | app=d:\spiele\valve\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{08E4F32E-B9DB-443E-949A-F5CB5D175339}" = protocol=6 | dir=in | app=c:\program files (x86)\blizzard\diablo iii\diablo iii.exe |
"{0989812E-73F5-4E5C-A3BE-6B69E24DA8DA}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\alarmstufe rot 3\data\ra3_1.12.game |
"{09B5BAEC-CCA3-4506-91B7-E9B0B28FA212}" = protocol=17 | dir=in | app=c:\program files (x86)\lacie\ethernet agent\lacie ethernet agent.exe |
"{0FBBDC99-DE98-4FDF-BC88-AFE2E2F0B190}" = protocol=17 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\acrmp.exe |
"{1726497C-07AD-406A-8506-19B5D8ABE6D1}" = protocol=17 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{1BC5EC96-78ED-497E-8EAC-05CD539434B5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2A4B879F-CDDB-44B8-BD1B-D6142BDBB405}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2B3504E5-8F64-44ED-B7BF-8050D98D0DA1}" = protocol=17 | dir=in | app=d:\spiele\valve\steam\steamapps\common\microsoft flight\flight.exe |
"{338E1150-CC69-4AFF-88B4-51DA5401267A}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\alarmstufe rot 3\data\ra3_1.12.game |
"{3851A715-FA3A-41CF-97D6-89D0D68A1F92}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe |
"{39D90F96-0BEE-4A67-BA4B-94FE987884F3}" = protocol=6 | dir=in | app=d:\spiele\valve\steam\steamapps\common\microsoft flight\flight.exe |
"{3B602FC1-A393-4121-BE03-78CE3F63CCE9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{3B8D494E-E418-4437-9B0F-C10C3DB0E74C}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{424ED136-F22E-42D5-808C-8CB765E4531E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe |
"{43687748-4ADD-4179-9FF5-6461BC47483A}" = protocol=6 | dir=out | app=system |
"{43FC1E28-F100-4948-B24F-5D9B8BCF9CDD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{465EA3D1-CBAB-4A90-9B91-231BF9F156D5}" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe |
"{47DE87EF-58A5-4CE1-9913-A801D2DD71F2}" = protocol=6 | dir=in | app=d:\spiele\valve\steam\steam.exe |
"{48D01060-DDE1-48C0-BBB6-C54FE75F2EF8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4EB43713-31ED-4F38-984D-DE4E045A35FD}" = protocol=17 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\acrsp.exe |
"{4EFDADE4-4B78-4777-973E-B3CD04D2517E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4F850D70-00D2-426B-85B1-8923E84400DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{50B3F43F-C40A-45DE-A578-DCF7A179398A}" = protocol=6 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe |
"{50D7E9E0-DEBE-4066-97EF-687C15B886DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5353B4BD-3850-4F73-A584-E3A3CE6F7CDB}" = protocol=6 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{569926A2-BBFF-4AF0-8AEF-6A3FF16C1074}" = protocol=17 | dir=in | app=d:\spiele\valve\steam\steamapps\common\dungeon defenders demo\binaries\win32\dungeondefenders.exe |
"{6172DB2F-DC50-492F-8896-17EC2E18A3F3}" = protocol=17 | dir=in | app=c:\program files\lacie\network assistant\lacie network assistant.exe |
"{64A45F73-7BE5-41D7-ABAC-DEA2D41469B9}" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe |
"{6C342C16-E217-4AA0-8D0C-FE2626051503}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{6C9C8E46-6429-422F-9AC2-A5E89477DF64}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{7499ED4F-8B17-4BE6-8C64-43103F4A8E44}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{74C749DD-3F1F-4EB2-B42F-0450C9E09AE1}" = protocol=17 | dir=in | app=d:\spiele\valve\steam\steamapps\tom.kettner@web.de\counter-strike source\hl2.exe |
"{75A6E212-A3B6-4BDB-A246-4B0C67079B17}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{76063AAA-41E2-48A5-9378-D368FA8E7E0C}" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe |
"{7863E434-BBF3-43B0-A1B3-33D5A06BED04}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7876C0DE-FEFE-4A0B-AA36-B1A9F17E395B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7BC07AB6-893D-4FDA-8E8B-88367A1B4672}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E2DC00D-8B5E-4AF4-A1BB-4CB30FF949FF}" = protocol=17 | dir=in | app=d:\spiele\valve\steam\steam.exe |
"{7F38FFD8-E9A2-4C5A-8655-6365CE8F3918}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{81FA04F6-5340-4EA3-9408-9C26FA65B126}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{84A2DDEC-B8DD-4C33-93D7-633F66022DCB}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{85086AE1-8C81-41CC-988E-304BE4B16A2D}" = protocol=17 | dir=in | app=c:\program files (x86)\blizzard\diablo iii\diablo iii.exe |
"{85C5D113-8D24-43F8-A028-CD334CC857F1}" = protocol=17 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{89F5F954-43DF-4487-A6A5-51D7928B99AD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8D7765E3-15EA-4EEA-BF29-12540AD283BF}" = protocol=6 | dir=in | app=d:\spiele\valve\steam\steamapps\common\dungeon defenders demo\binaries\win32\dungeondefenders.exe |
"{90DB19F8-45BE-4D27-B995-EA157DE98CC6}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{916B7F6C-5CAC-41F5-A5E3-A94175B27C4B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9275BD58-A87B-4588-B5F6-EB05615FCA72}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{953365E1-C61B-4D5A-900E-BE4B17EC55EB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{961F241F-C32B-4160-8368-74006110D21A}" = protocol=6 | dir=in | app=d:\spiele\codemasters\dirt2\dirt2_game.exe |
"{96E3C169-E3A2-4E54-8E65-B83B4459A5AE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{98FB4666-46EE-4E64-9727-BC099E48423F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9A326176-68AB-49BC-80D2-69E282747346}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9FF1B43A-87E2-4E8E-9750-E13D5158709F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{A02A0B31-8CB1-4936-9445-34DFEF7DF2BC}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{A4C1477A-BF50-44F6-9C54-F35FF7FB91F4}" = protocol=17 | dir=in | app=d:\spiele\valve\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{A6AD6970-C4EC-4EB5-B60B-66CD8C3CF2CC}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{AB87CC6D-3F0E-44F7-A8B0-2616F285758E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B552337E-0CB9-4CFC-809C-7E158076462A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{B5FBD0E6-2D53-4047-B42C-A58512D76ECD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B77619C1-6910-496B-9067-9D63F06F50E0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B8EA2489-7A0B-491B-9C0B-D0D570D42214}" = protocol=6 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\acrmp.exe |
"{C135EAB5-9C58-4CD4-A12E-EFCF9EAC1A35}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{C2DF523A-1193-45B7-9CD7-AB472145745E}" = protocol=6 | dir=in | app=d:\spiele\ubisoft\assassin's creed revelations\acrsp.exe |
"{C4BCCF61-A452-4942-BFC5-440098AA76AD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C91BCA0D-965A-46E3-AF53-8B1DB708B2B8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CB4DBA3E-066E-4220-B5EE-58913B7B5671}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CE594667-3F8D-4A61-964A-EA0FDEFCBD09}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{D0CEDE4F-7DEC-47A2-A773-EE5B1F47E168}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D2D0AC07-B0BC-4B05-AF11-9B20B33BEAF6}" = protocol=6 | dir=in | app=c:\program files\lacie\network assistant\lacie network assistant.exe |
"{D55EB6EB-6766-4178-AA0A-A68C8A721E1A}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe |
"{DD4FD456-D53F-4370-80AC-7EE317E3A0FF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E54FE20C-B3BA-4479-956F-34A894EE72A5}" = protocol=6 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\gtaiv.exe |
"{EAF80BE1-FB67-4B1A-B786-B83E79DD0781}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EB0743EE-A71E-4AF0-A37F-6A74C08CAD8F}" = protocol=17 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\gtaiv.exe |
"{F5C263DD-265D-4C27-B649-034B40328401}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F8B65FF6-7AC9-416E-BB57-74AA3F7AA1BE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{FADFBDCB-3AD4-4508-843B-F12157E1A641}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FC44CEC5-9254-4A02-B321-BE189E7097A4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FCEF061B-45CB-4828-BEB7-3C8BDCE4E6FB}" = protocol=17 | dir=in | app=d:\spiele\codemasters\dirt2\dirt2_game.exe |
"{FD48C85D-ECDA-4670-B052-5ECCAAF04AA6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{FD6BEE5C-0CF4-410C-B1F6-DA0C113734E3}" = protocol=6 | dir=in | app=d:\spiele\valve\steam\steamapps\tom.kettner@web.de\counter-strike source\hl2.exe |
"{FE0C5B36-7C68-42CD-9E2A-D718CA47575F}" = protocol=6 | dir=in | app=c:\program files (x86)\lacie\ethernet agent\lacie ethernet agent.exe |
"TCP Query User{15BC0B7B-8D9A-4621-B6EC-AA56B9F6DA43}C:\program files\lacie\network assistant\lacie network assistant.exe" = protocol=6 | dir=in | app=c:\program files\lacie\network assistant\lacie network assistant.exe |
"TCP Query User{2486ACAB-2407-451E-A406-396D3237FB5A}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{29505BFC-9DC3-4211-9DD6-0D622812FA4D}D:\spiele\valve\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=d:\spiele\valve\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{36FA4706-A95C-473B-811B-4C07C37B2DE0}D:\spiele\electronic arts\alarmstufe rot 3\data\ra3_1.12.game" = protocol=6 | dir=in | app=d:\spiele\electronic arts\alarmstufe rot 3\data\ra3_1.12.game |
"TCP Query User{4BCF0609-AC6A-4079-ABDD-2E6E1E361563}D:\spiele\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{553296F8-7BCE-4FD4-A536-37A444A8AAE4}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{6787D372-F589-4FBF-B04E-E4BC1C71CC38}C:\program files (x86)\lacie\ethernet agent\lacie ethernet agent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lacie\ethernet agent\lacie ethernet agent.exe |
"TCP Query User{8FC09335-265B-4E53-8432-C8C95330CB32}C:\users\thomas\downloads\ipconfigurator.exe" = protocol=6 | dir=in | app=c:\users\thomas\downloads\ipconfigurator.exe |
"TCP Query User{91583485-0808-4D75-A26B-0C813419B235}D:\spiele\valve\steam\steamapps\tom.kettner@web.de\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\valve\steam\steamapps\tom.kettner@web.de\counter-strike source\hl2.exe |
"TCP Query User{936AC66A-486B-42C9-9916-B9CCADE34DB5}D:\spiele\codemasters\dirt2\dirt2_game.exe" = protocol=6 | dir=in | app=d:\spiele\codemasters\dirt2\dirt2_game.exe |
"TCP Query User{9F78EC71-DC80-483F-81D8-0CA79B34304B}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{AFBA7E60-48A2-4632-869A-786B127FE92E}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{B1D745AC-8ACE-467E-AD68-75CA2414B7AD}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{B8052110-9B65-447D-AAEE-DC443AF6A495}D:\spiele\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=d:\spiele\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"TCP Query User{BECFC466-E9BD-41DD-A9BC-AD2D3B6F2A20}D:\spiele\valve\steam\steam.exe" = protocol=6 | dir=in | app=d:\spiele\valve\steam\steam.exe |
"TCP Query User{E17A7581-E539-435B-9441-1E98858F2EBF}D:\spiele\valve\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=d:\spiele\valve\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe |
"TCP Query User{F5F31851-A481-41B0-B371-8F80ACB65F60}C:\users\thomas\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\thomas\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"UDP Query User{2AF66DB7-82FE-4016-B338-AF7A99C762AF}D:\spiele\valve\steam\steam.exe" = protocol=17 | dir=in | app=d:\spiele\valve\steam\steam.exe |
"UDP Query User{2E1AB371-D624-4040-899E-123507CF9546}C:\program files (x86)\lacie\ethernet agent\lacie ethernet agent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lacie\ethernet agent\lacie ethernet agent.exe |
"UDP Query User{301C4A0B-1E52-44B4-AA94-7B0DB7AB389D}D:\spiele\electronic arts\alarmstufe rot 3\data\ra3_1.12.game" = protocol=17 | dir=in | app=d:\spiele\electronic arts\alarmstufe rot 3\data\ra3_1.12.game |
"UDP Query User{4381048E-70D6-44E5-A8B6-FE19F6F2BF51}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{4F766595-A737-40A4-90DA-813682C3EEB8}C:\program files\lacie\network assistant\lacie network assistant.exe" = protocol=17 | dir=in | app=c:\program files\lacie\network assistant\lacie network assistant.exe |
"UDP Query User{519ECB58-EC66-4D13-8221-4B059C52CF16}C:\users\thomas\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\thomas\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"UDP Query User{560F259F-4DB4-43D0-A4A1-15316028F60E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{811641F6-4B89-428B-8A8B-1C5E66E822D4}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{92BAA70F-5C88-4292-B26F-3A10D66D06E7}C:\users\thomas\downloads\ipconfigurator.exe" = protocol=17 | dir=in | app=c:\users\thomas\downloads\ipconfigurator.exe |
"UDP Query User{B2BC91E5-BC39-4C39-AC88-C067DC796D21}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{C0ED859C-5156-449B-94A4-DB32E63BEDE5}D:\spiele\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\spiele\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{C5F748E6-ADFF-4527-ADDA-2B38478317D2}D:\spiele\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=d:\spiele\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"UDP Query User{D713B357-6524-4E68-8D46-C72C4CDE18FD}D:\spiele\valve\steam\steamapps\tom.kettner@web.de\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\valve\steam\steamapps\tom.kettner@web.de\counter-strike source\hl2.exe |
"UDP Query User{DA1CCD1C-796E-47B9-A5B2-4F6EC06DBE28}D:\spiele\valve\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=d:\spiele\valve\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{EC3E49E8-2F9F-4A32-88A4-29285CE2DF89}D:\spiele\valve\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=d:\spiele\valve\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe |
"UDP Query User{F0F66008-FB57-4703-9AE7-01026EF7360E}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{F733F87C-8667-4D4E-A2A2-F4946E69451E}D:\spiele\codemasters\dirt2\dirt2_game.exe" = protocol=17 | dir=in | app=d:\spiele\codemasters\dirt2\dirt2_game.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{3FD3FC64-DA16-318E-DFD5-57466FF5FEB5}" = ATI Catalyst Install Manager
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7CAFBA1E-D090-3F1F-662D-9828FD4D8E4D}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{86E42509-8029-7678-F522-0636D80CD277}" = ATI AVIVO64 Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BA94B525-1469-4E00-AFE4-50ADEB8B3993}_is1" = LaCie Network Assistant 1.5.2.59
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GPL Ghostscript 9.04" = GPL Ghostscript
"Logitech Gaming Software" = Logitech Gaming Software 8.20
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B7F7645-F948-98D7-18F7-1C69D7B6ACDB}" = CCC Help Portuguese
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = Die Sims™ 3 Design-Garten-Accessoires
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{168BEE42-1F65-1AFF-CD77-3DB5A9F91B5E}" = CCC Help Danish
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn
"{1B7710D4-9D75-D5E5-4B6D-40F471E70398}" = HydraVision
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2278744E-73C3-38C4-6991-3E1601785913}" = CCC Help Greek
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.03
"{3454886D-4AB3-BF96-D378-B7F6DCA0A281}" = CCC Help Finnish
"{364B2826-EEB6-A31B-F25B-5CBB78273414}" = CCC Help English
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{434D0820-3AA6-493A-80B9-301000028501}" = DiRT2
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{45A3B1FC-11B6-4292-B1E3-4A0B8DDE5394}" = Xtra Controller Ex
"{45D397FE-86B1-4234-16AC-9E7DD89A3207}" = CCC Help Norwegian
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4898D29E-A858-DB50-C7D4-8554066A8DAA}" = CCC Help Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C78E7B2-AE8C-492E-8A97-BA6A641C616B}" = Enterprise Architect 9.3 - 30 Day Trial Edition
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{50B93225-3F76-F555-27A2-A1EAEC83C527}" = Catalyst Control Center InstallProxy
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{57AC79C8-157E-403A-A8D0-DD74EF71BAE2}" = Catalyst Control Center - Branding
"{59AAB74E-9A5B-D39E-E65D-6CD48DA8055F}" = CCC Help Korean
"{5CED4E8D-4508-D84A-2945-285B13852E0B}" = CCC Help French
"{61B563AC-F31E-A727-CBEA-F9648B803948}" = CCC Help Italian
"{633E917B-F74E-56D6-B8CF-3A443C260615}" = CCC Help Japanese
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B8364EA-9B85-EF54-6DEC-FC3CE9C55123}" = CCC Help Spanish
"{6C51CF89-2452-B69F-94B3-6BF3FF3A03B1}" = CCC Help Hungarian
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786EBD1C-CAC0-8900-D77B-5777C5F74395}" = CCC Help Swedish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = Die Sims™ 3 Stadt-Accessoires
"{7E4BB999-4B59-1009-429B-963B6252E6DD}" = CCC Help Turkish
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{8334930A-9405-467B-9498-1EBC1878A09D}" = Catalyst Control Center
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CC928F6-93A2-D49D-E253-532C2FF053A1}" = Catalyst Control Center Profiles Desktop
"{8CFF08EF-CDF7-C328-AD6B-10BD2E1D1D73}" = CCC Help German
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PRJPRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PRJPRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PRJPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PRJPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}_PRJPRO_{C8D442F2-CF33-486E-8079-A704A2E80A39}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PRJPROR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.VISIOR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0080-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C5BBDA1-F311-476B-1863-C0A3073CAC86}" = CCC Help Polish
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo
"{A47A9101-6EB5-4314-BDA1-297880FBB908}" = Microsoft redistributable runtime DLLs VS2008 SP1(x86)
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{AF9CA86D-83FA-C143-F9C8-EAB535B8B78C}" = Catalyst Control Center Localization All
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BA94B525-1469-4E00-AFE4-50ADEB8B3993}_is1" = LaCie Ethernet Agent 1.0
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CA6F93FB-A2DE-6CE1-57FC-8139684C07E7}" = CCC Help Chinese Traditional
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{D1BA65A8-0F0E-4ACA-9B4D-2A080C561D35}" = ROCCAT Valo Keyboard Driver
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{DC9856AC-2AB5-4551-AED2-9AF92D11A04E}" = Pandasoft Video Converter
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E30EE048-574F-5FD3-DA01-1126946E21C1}" = CCC Help Dutch
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{E6F043EB-FEF5-4C34-95AF-99B3EB68F7D9}" = Xtra Controller Ex
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2F7E361-D336-1338-A453-AB03B4818927}" = CCC Help Czech
"{F4BF6E6A-5F71-B52B-D738-B0A5C3456FED}" = CCC Help Chinese Standard
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FDF1D75A-1F72-6C4F-1103-DC6BF5218AE6}" = CCC Help Russian
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Battlelog Web Plugins" = Battlelog Web Plugins
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"Direct MP3 Joiner_is1" = Direct MP3 Joiner version 3.0.2.9
"ESN Sonar-0.70.4" = ESN Sonar
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"FreePDF_XP" = FreePDF (Remove only)
"Hardcopy(C__Program Files (x86)_Hardcopy)" = Hardcopy (C:\Program Files (x86)\Hardcopy)
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"OpenAL" = OpenAL
"Origin" = Origin
"PRJPRO" = Microsoft Office Project Professional 2007
"PunkBusterSvc" = PunkBuster Services
"SAPBI" = SAP Business Explorer
"SAPGUI710" = SAP GUI for Windows 7.20
"Steam App 201680" = Dungeon Defenders Demo
"Steam App 203850" = Microsoft Flight
"Steam App 300" = Day of Defeat: Source
"Steam App 65800" = Dungeon Defenders
"Streamripper" = Streamripper (Remove only)
"TomTom HOME" = TomTom HOME 2.8.3.2458
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 3.4.0
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.07.2012 04:39:48 | Computer Name = Thomas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1997
Error - 04.07.2012 11:06:24 | Computer Name = Thomas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 04.07.2012 11:06:24 | Computer Name = Thomas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 999
Error - 04.07.2012 11:06:24 | Computer Name = Thomas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 999
Error - 04.07.2012 11:06:25 | Computer Name = Thomas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 04.07.2012 11:06:25 | Computer Name = Thomas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1997
Error - 04.07.2012 11:06:25 | Computer Name = Thomas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1997
Error - 04.07.2012 11:06:26 | Computer Name = Thomas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 04.07.2012 11:06:26 | Computer Name = Thomas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2996
Error - 04.07.2012 11:06:26 | Computer Name = Thomas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2996
[ System Events ]
Error - 03.07.2012 13:12:35 | Computer Name = Thomas-PC | Source = WMPNetworkSvc | ID = 866333
Description =
Error - 03.07.2012 14:57:31 | Computer Name = Thomas-PC | Source = DCOM | ID = 10010
Description =
Error - 04.07.2012 08:37:35 | Computer Name = Thomas-PC | Source = WMPNetworkSvc | ID = 866333
Description =
Error - 04.07.2012 11:08:00 | Computer Name = Thomas-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?07.?2012 um 17:06:19 unerwartet heruntergefahren.
Error - 04.07.2012 11:08:16 | Computer Name = Thomas-PC | Source = DCOM | ID = 10010
Description =
Error - 04.07.2012 11:09:31 | Computer Name = Thomas-PC | Source = DCOM | ID = 10010
Description =
Error - 04.07.2012 11:11:42 | Computer Name = Thomas-PC | Source = Microsoft Antimalware | ID = 2004
Description = Beim Laden der Signaturen wurde von %%860 ein Fehler festgestellt.
Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen. Versuchte
Signaturen: %%824 Fehlercode: 0x80070002 Fehlerbeschreibung: Das System kann die
angegebene Datei nicht finden. Signaturversion: 1.129.759.0;1.129.759.0 Modulversion:
1.1.8502.0
Error - 04.07.2012 11:45:17 | Computer Name = Thomas-PC | Source = DCOM | ID = 10010
Description =
Error - 04.07.2012 11:51:15 | Computer Name = Thomas-PC | Source = DCOM | ID = 10010
Description =
Error - 04.07.2012 12:24:12 | Computer Name = Thomas-PC | Source = DCOM | ID = 10010
Description =
< End of report >
Weitere Schritte?  !!! |
|
06.07.2012, 10:42
| #4 |
| | GVU-Trojaner mit Webcam .................. push |
|
06.07.2012, 17:27
| #5 | |
| /// Malware-holic | GVU-Trojaner mit Webcam das pushen kannst du dir schenken, dadurch werden es hier auch nicht weniger hilfesuchene und mehr helfer und du kommst trotzdem nkicht schneller drann. wer sofortige hilfe will, muss in ein pc gescheft gehen und dafür zahlen. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.07.2012, 18:07
| #6 |
| | GVU-Trojaner mit Webcam Zunächst einmal danke für die Antwort. Mit dem Push wollte ich lediglich ein "in-Vergessen"-geraten verhindern, da ich die erste Antwort realtiv schnell erhalten habe.. Anbei das Log von ComboFix: [Code] Combofix Logfile: Code:
ATTFilter ComboFix 12-07-06.01 - Thomas 06.07.2012 18:57:11.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8175.6828 [GMT 2:00]
ausgeführt von:: c:\users\Thomas\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\tmpAAA0.tmp
c:\windows\SysWow64\tmpAAA1.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-06 bis 2012-07-06 ))))))))))))))))))))))))))))))
.
.
2012-07-06 09:41 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-06 07:23 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54A68D53-11D5-471D-B3E0-22E5EC43830C}\mpengine.dll
2012-07-04 15:20 . 2012-07-04 15:20 -------- d-----w- c:\users\Thomas\AppData\Roaming\Malwarebytes
2012-07-04 15:20 . 2012-07-04 15:20 -------- d-----w- c:\programdata\Malwarebytes
2012-07-04 15:20 . 2012-07-04 15:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-04 15:20 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-04 15:15 . 2012-02-10 23:44 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1661CF2B-20EB-4650-9083-5F6C25EE4A97}\gapaengine.dll
2012-07-04 15:15 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-04 15:05 . 2012-07-04 16:11 -------- d-----w- c:\programdata\B7E858A700048FE400244E3CB4EB2331
2012-07-04 15:05 . 2012-07-04 15:06 -------- d-----w- c:\users\Thomas\AppData\Roaming\Doofwa
2012-07-04 15:05 . 2012-07-04 15:05 -------- d-----w- c:\users\Thomas\AppData\Roaming\Iczyb
2012-06-23 10:27 . 2012-06-23 10:27 -------- d-----w- c:\users\Melanie\AppData\Local\Macromedia
2012-06-23 10:27 . 2012-07-06 04:50 -------- d-----w- c:\users\Melanie\AppData\Local\Htc
2012-06-23 10:27 . 2012-06-23 10:27 -------- d-----w- c:\users\Melanie\AppData\Roaming\HTC
2012-06-22 16:36 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 16:36 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 16:36 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 16:36 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 16:36 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 16:36 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 16:36 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 16:36 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 16:36 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 11:20 . 2012-07-06 07:15 -------- d-----w- c:\users\Thomas\AppData\Local\Htc
2012-06-19 11:20 . 2012-06-19 11:20 -------- d-----w- c:\users\Thomas\AppData\Roaming\HTC
2012-06-19 11:20 . 2012-06-19 11:20 -------- d-----w- c:\program files (x86)\Spirent Communications
2012-06-19 11:20 . 2012-06-19 11:20 -------- d-----w- c:\program files (x86)\HTC
2012-06-17 08:39 . 2012-06-17 08:39 -------- d-----w- c:\program files\iPod
2012-06-17 08:39 . 2012-06-17 08:39 -------- d-----w- c:\program files\iTunes
2012-06-17 08:39 . 2012-06-17 08:39 -------- d-----w- c:\program files (x86)\iTunes
2012-06-15 06:20 . 2012-06-15 06:20 -------- d-----w- c:\users\Thomas\AppData\Local\Macromedia
2012-06-13 11:04 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 11:04 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 11:04 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 11:04 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-12 13:33 . 2012-06-12 13:33 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-12 13:33 . 2012-06-12 13:33 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-12 13:33 . 2012-06-12 13:33 -------- d-----w- c:\program files\Java
2012-06-12 13:29 . 2012-06-12 13:31 -------- d-----w- C:\glassfish3
2012-06-12 13:25 . 2012-06-18 19:28 -------- d-----w- c:\program files (x86)\eclipse
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-30 15:29 . 2012-04-02 07:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-30 15:29 . 2011-10-14 19:39 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-14 18:53 . 2011-10-27 10:31 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-14 18:53 . 2011-10-26 15:02 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-12 14:47 . 2011-10-26 15:02 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-30 20:48 . 2011-10-26 15:02 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-04-20 10:34 . 2012-04-20 10:34 8192 ----a-r- c:\users\Thomas\AppData\Roaming\Microsoft\Installer\{4C78E7B2-AE8C-492E-8A97-BA6A641C616B}\Icon3DF154B95.exe
2012-04-20 10:34 . 2012-04-20 10:34 55296 ----a-r- c:\users\Thomas\AppData\Roaming\Microsoft\Installer\{4C78E7B2-AE8C-492E-8A97-BA6A641C616B}\IconCC98E8B3.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Microsoft Outlook 2010.lnk - c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe [2011-10-14 303456]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hardcopy.LNK - c:\program files (x86)\Hardcopy\hardcopy.exe [2012-5-20 3537920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 ALSysIO;ALSysIO;c:\users\Thomas\AppData\Local\Temp\ALSysIO64.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 ValFltr;ROCCAT Valo Keyboard;c:\windows\system32\drivers\ValoFltr.sys [2009-04-10 14720]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys [2009-10-07 24560]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/10/17 14:17];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2010-01-19 14:10 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-24 204288]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-05-30 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-12-05 92592]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Thomas\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys [2011-10-15 14544]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-05-24 9359872]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-05-24 309760]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 52584]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-07-14 22408]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2011-10-24 66328]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 09:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.254 192.168.0.1
TCP: Interfaces\{13B5FBCC-D6F6-4C0E-B291-C89DF70748B7}: NameServer = 192.168.111.1
FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\evgnoy8d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3171237338-2043165809-2479679844-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F593F8FF-B05C-BC5E-3CD3-B3AD82C32923}*]
@Allowed: (Read) (RestrictedCode)
"oahfgedffejoinekceaapihflhenln"=hex:64,61,6b,64,6a,68,69,6c,00,fc
"oadelgipdohjcfllfbhchlbdbohpef"=hex:69,61,62,64,6f,6f,64,68,63,6a,69,6d,63,68,
65,6e,6d,67,00,00
"nandjbbhhdogfhnjkcnhpionbggk"=hex:6a,61,6b,64,6d,68,6b,64,70,6a,64,66,6b,64,
70,69,6f,68,61,68,00,ff
.
[HKEY_USERS\S-1-5-21-3171237338-2043165809-2479679844-1000\Software\SecuROM\License information*]
"datasecu"=hex:a8,fd,a0,65,e8,73,f8,8b,99,2b,bf,d2,04,43,2e,d3,b8,d4,8b,c9,59,
7d,d6,e3,71,af,56,80,1c,90,84,d3,b9,0b,53,ee,aa,05,d1,02,e3,f4,18,f2,ed,62,\
"rkeysecu"=hex:07,0a,af,60,5b,75,7c,15,2d,72,68,e1,56,86,bb,7f
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Hardcopy\hcdll2_ex_Win32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-06 19:02:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-06 17:02
.
Vor Suchlauf: 9 Verzeichnis(se), 25.994.108.928 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 26.624.720.896 Bytes frei
.
- - End Of File - - C0299CDEAD9FA7C9D165C423B0463F57
Vielen Dank! |
|
09.07.2012, 19:36
| #7 |
| /// Malware-holic | GVU-Trojaner mit Webcam poste bitte alle bisher erstellten Malwarebytes logs, mit funden.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.07.2012, 19:40
| #8 |
| | GVU-Trojaner mit Webcam Danke für die Antwort, ich hatte nur einen Fund, das war zu Beginn. Den habe ich dann auch gelöscht. Wie kann ich die Funde sehen? anbei die erste Logdatei: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.04.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Thomas :: THOMAS-PC [Administrator] Schutz: Aktiviert 04.07.2012 17:22:01 mbam-log-2012-07-04 (17-22-01).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 490953 Laufzeit: 22 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Thomas\AppData\Local\Temp\~!#F83E.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
09.07.2012, 19:42
| #9 |
| /// Malware-holic | GVU-Trojaner mit Webcam download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.07.2012, 19:47
| #10 |
| | GVU-Trojaner mit Webcam Hallo, anbei der Log: Code:
ATTFilter 20:45:55.0521 5456 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
20:45:55.0586 5456 ============================================================
20:45:55.0586 5456 Current date / time: 2012/07/09 20:45:55.0586
20:45:55.0586 5456 SystemInfo:
20:45:55.0586 5456
20:45:55.0586 5456 OS Version: 6.1.7601 ServicePack: 1.0
20:45:55.0586 5456 Product type: Workstation
20:45:55.0586 5456 ComputerName: THOMAS-PC
20:45:55.0587 5456 UserName: Thomas
20:45:55.0587 5456 Windows directory: C:\Windows
20:45:55.0587 5456 System windows directory: C:\Windows
20:45:55.0587 5456 Running under WOW64
20:45:55.0587 5456 Processor architecture: Intel x64
20:45:55.0587 5456 Number of processors: 4
20:45:55.0587 5456 Page size: 0x1000
20:45:55.0587 5456 Boot type: Normal boot
20:45:55.0587 5456 ============================================================
20:46:01.0215 5456 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:46:01.0215 5456 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:46:01.0215 5456 Drive \Device\Harddisk2\DR2 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:46:01.0325 5456 ============================================================
20:46:01.0325 5456 \Device\Harddisk0\DR0:
20:46:01.0326 5456 MBR partitions:
20:46:01.0326 5456 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:46:01.0326 5456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
20:46:01.0326 5456 \Device\Harddisk1\DR1:
20:46:01.0326 5456 MBR partitions:
20:46:01.0326 5456 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
20:46:01.0326 5456 \Device\Harddisk2\DR2:
20:46:01.0327 5456 MBR partitions:
20:46:01.0327 5456 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
20:46:01.0327 5456 ============================================================
20:46:01.0328 5456 C: <-> \Device\Harddisk0\DR0\Partition1
20:46:01.0346 5456 D: <-> \Device\Harddisk1\DR1\Partition0
20:46:01.0371 5456 E: <-> \Device\Harddisk2\DR2\Partition0
20:46:01.0371 5456 ============================================================
20:46:01.0371 5456 Initialize success
20:46:01.0371 5456 ============================================================
20:46:30.0510 6672 ============================================================
20:46:30.0510 6672 Scan started
20:46:30.0510 6672 Mode: Manual; SigCheck; TDLFS;
20:46:30.0510 6672 ============================================================
20:46:30.0610 6672 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:46:30.0643 6672 1394ohci - ok
20:46:30.0654 6672 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:46:30.0665 6672 ACPI - ok
20:46:30.0667 6672 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:46:30.0687 6672 AcpiPmi - ok
20:46:30.0697 6672 AdobeActiveFileMonitor10.0 (c245e08ec469a52a622efdc9787a0dcc) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
20:46:30.0705 6672 AdobeActiveFileMonitor10.0 - ok
20:46:30.0711 6672 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:46:30.0716 6672 AdobeARMservice - ok
20:46:30.0729 6672 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:46:30.0741 6672 adp94xx - ok
20:46:30.0752 6672 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:46:30.0763 6672 adpahci - ok
20:46:30.0770 6672 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:46:30.0778 6672 adpu320 - ok
20:46:30.0783 6672 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:46:30.0835 6672 AeLookupSvc - ok
20:46:30.0849 6672 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:46:30.0861 6672 AFD - ok
20:46:30.0865 6672 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:46:30.0871 6672 agp440 - ok
20:46:30.0876 6672 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:46:30.0886 6672 ALG - ok
20:46:30.0889 6672 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:46:30.0895 6672 aliide - ok
20:46:30.0900 6672 ALSysIO - ok
20:46:30.0909 6672 AMD External Events Utility (514089cb4a7df38dc4dd936ade4114d3) C:\Windows\system32\atiesrxx.exe
20:46:30.0924 6672 AMD External Events Utility - ok
20:46:30.0927 6672 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:46:30.0933 6672 amdide - ok
20:46:30.0936 6672 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:46:30.0945 6672 AmdK8 - ok
20:46:31.0191 6672 amdkmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
20:46:31.0297 6672 amdkmdag - ok
20:46:31.0331 6672 amdkmdap (9deb889d152f9c9dba98be8986084535) C:\Windows\system32\DRIVERS\atikmpag.sys
20:46:31.0341 6672 amdkmdap - ok
20:46:31.0345 6672 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:46:31.0353 6672 AmdPPM - ok
20:46:31.0358 6672 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:46:31.0366 6672 amdsata - ok
20:46:31.0373 6672 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:46:31.0381 6672 amdsbs - ok
20:46:31.0384 6672 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:46:31.0390 6672 amdxata - ok
20:46:31.0394 6672 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:46:31.0453 6672 AppID - ok
20:46:31.0457 6672 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:46:31.0478 6672 AppIDSvc - ok
20:46:31.0483 6672 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:46:31.0503 6672 Appinfo - ok
20:46:31.0511 6672 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:46:31.0517 6672 Apple Mobile Device - ok
20:46:31.0524 6672 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:46:31.0533 6672 AppMgmt - ok
20:46:31.0537 6672 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:46:31.0544 6672 arc - ok
20:46:31.0549 6672 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:46:31.0557 6672 arcsas - ok
20:46:31.0568 6672 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:46:31.0574 6672 aspnet_state - ok
20:46:31.0577 6672 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:46:31.0599 6672 AsyncMac - ok
20:46:31.0602 6672 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:46:31.0608 6672 atapi - ok
20:46:31.0613 6672 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
20:46:31.0622 6672 AtiHDAudioService - ok
20:46:31.0643 6672 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:46:31.0669 6672 AudioEndpointBuilder - ok
20:46:31.0674 6672 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:46:31.0698 6672 AudioSrv - ok
20:46:31.0704 6672 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:46:31.0724 6672 AxInstSV - ok
20:46:31.0739 6672 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:46:31.0751 6672 b06bdrv - ok
20:46:31.0762 6672 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:46:31.0772 6672 b57nd60a - ok
20:46:31.0778 6672 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:46:31.0786 6672 BDESVC - ok
20:46:31.0788 6672 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:46:31.0809 6672 Beep - ok
20:46:31.0831 6672 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:46:31.0859 6672 BFE - ok
20:46:31.0883 6672 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
20:46:31.0913 6672 BITS - ok
20:46:31.0920 6672 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:46:31.0927 6672 blbdrive - ok
20:46:31.0942 6672 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:46:31.0951 6672 Bonjour Service - ok
20:46:31.0957 6672 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:46:31.0965 6672 bowser - ok
20:46:31.0968 6672 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:46:31.0983 6672 BrFiltLo - ok
20:46:31.0986 6672 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:46:31.0995 6672 BrFiltUp - ok
20:46:31.0999 6672 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:46:32.0022 6672 BridgeMP - ok
20:46:32.0029 6672 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:46:32.0051 6672 Browser - ok
20:46:32.0060 6672 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:46:32.0073 6672 Brserid - ok
20:46:32.0076 6672 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:46:32.0084 6672 BrSerWdm - ok
20:46:32.0087 6672 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:46:32.0095 6672 BrUsbMdm - ok
20:46:32.0097 6672 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:46:32.0104 6672 BrUsbSer - ok
20:46:32.0108 6672 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:46:32.0117 6672 BTHMODEM - ok
20:46:32.0122 6672 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:46:32.0143 6672 bthserv - ok
20:46:32.0145 6672 catchme - ok
20:46:32.0150 6672 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:46:32.0172 6672 cdfs - ok
20:46:32.0178 6672 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:46:32.0186 6672 cdrom - ok
20:46:32.0191 6672 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:46:32.0214 6672 CertPropSvc - ok
20:46:32.0218 6672 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:46:32.0227 6672 circlass - ok
20:46:32.0231 6672 CLBStor (125327df629324fad78d9a95ccd0f425) C:\Windows\system32\DRIVERS\CLBStor.sys
20:46:32.0236 6672 CLBStor - ok
20:46:32.0245 6672 CLBUDF (9c0cd75fea24e7e0e835eee7f14406f7) C:\Windows\system32\drivers\CLBUDF.sys
20:46:32.0253 6672 CLBUDF - ok
20:46:32.0264 6672 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:46:32.0274 6672 CLFS - ok
20:46:32.0281 6672 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:46:32.0287 6672 clr_optimization_v2.0.50727_32 - ok
20:46:32.0293 6672 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:46:32.0299 6672 clr_optimization_v2.0.50727_64 - ok
20:46:32.0308 6672 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:46:32.0314 6672 clr_optimization_v4.0.30319_32 - ok
20:46:32.0324 6672 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:46:32.0330 6672 clr_optimization_v4.0.30319_64 - ok
20:46:32.0336 6672 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:46:32.0342 6672 CmBatt - ok
20:46:32.0345 6672 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:46:32.0351 6672 cmdide - ok
20:46:32.0363 6672 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:46:32.0378 6672 CNG - ok
20:46:32.0380 6672 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:46:32.0386 6672 Compbatt - ok
20:46:32.0389 6672 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:46:32.0398 6672 CompositeBus - ok
20:46:32.0400 6672 COMSysApp - ok
20:46:32.0403 6672 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:46:32.0409 6672 crcdisk - ok
20:46:32.0416 6672 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:46:32.0425 6672 CryptSvc - ok
20:46:32.0440 6672 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:46:32.0453 6672 CSC - ok
20:46:32.0472 6672 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
20:46:32.0485 6672 CscService - ok
20:46:32.0488 6672 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
20:46:32.0493 6672 CVirtA - ok
20:46:32.0530 6672 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
20:46:32.0631 6672 CVPND - ok
20:46:32.0662 6672 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
20:46:32.0680 6672 CVPNDRVA - ok
20:46:32.0684 6672 dc3d (a5d3d53178394cc7a8a26bb532575b59) C:\Windows\system32\DRIVERS\dc3d.sys
20:46:32.0689 6672 dc3d - ok
20:46:32.0706 6672 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:46:32.0732 6672 DcomLaunch - ok
20:46:32.0742 6672 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:46:32.0767 6672 defragsvc - ok
20:46:32.0772 6672 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:46:32.0794 6672 DfsC - ok
20:46:32.0805 6672 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:46:32.0829 6672 Dhcp - ok
20:46:32.0833 6672 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:46:32.0854 6672 discache - ok
20:46:32.0858 6672 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:46:32.0864 6672 Disk - ok
20:46:32.0870 6672 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
20:46:32.0875 6672 DNE - ok
20:46:32.0883 6672 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:46:32.0892 6672 Dnscache - ok
20:46:32.0901 6672 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:46:32.0925 6672 dot3svc - ok
20:46:32.0931 6672 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:46:32.0953 6672 DPS - ok
20:46:32.0956 6672 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:46:32.0964 6672 drmkaud - ok
20:46:32.0991 6672 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:46:33.0006 6672 DXGKrnl - ok
20:46:33.0011 6672 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:46:33.0033 6672 EapHost - ok
20:46:33.0100 6672 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:46:33.0134 6672 ebdrv - ok
20:46:33.0157 6672 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:46:33.0165 6672 EFS - ok
20:46:33.0182 6672 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:46:33.0199 6672 ehRecvr - ok
20:46:33.0204 6672 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:46:33.0214 6672 ehSched - ok
20:46:33.0232 6672 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:46:33.0245 6672 elxstor - ok
20:46:33.0247 6672 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:46:33.0255 6672 ErrDev - ok
20:46:33.0259 6672 EtronHub3 (df2f6c1e55f6e81cfc7f688380d85816) C:\Windows\system32\Drivers\EtronHub3.sys
20:46:33.0265 6672 EtronHub3 - ok
20:46:33.0268 6672 EtronXHCI (e093abfb67a4b9d94f80611a7d0a8bb9) C:\Windows\system32\Drivers\EtronXHCI.sys
20:46:33.0274 6672 EtronXHCI - ok
20:46:33.0289 6672 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:46:33.0315 6672 EventSystem - ok
20:46:33.0322 6672 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:46:33.0345 6672 exfat - ok
20:46:33.0351 6672 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:46:33.0375 6672 fastfat - ok
20:46:33.0395 6672 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:46:33.0410 6672 Fax - ok
20:46:33.0413 6672 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:46:33.0420 6672 fdc - ok
20:46:33.0423 6672 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:46:33.0445 6672 fdPHost - ok
20:46:33.0448 6672 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:46:33.0470 6672 FDResPub - ok
20:46:33.0474 6672 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:46:33.0481 6672 FileInfo - ok
20:46:33.0483 6672 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:46:33.0505 6672 Filetrace - ok
20:46:33.0508 6672 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:46:33.0515 6672 flpydisk - ok
20:46:33.0524 6672 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:46:33.0533 6672 FltMgr - ok
20:46:33.0564 6672 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:46:33.0583 6672 FontCache - ok
20:46:33.0587 6672 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:46:33.0592 6672 FontCache3.0.0.0 - ok
20:46:33.0598 6672 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:46:33.0605 6672 FsDepends - ok
20:46:33.0607 6672 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:46:33.0613 6672 Fs_Rec - ok
20:46:33.0622 6672 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:46:33.0632 6672 fvevol - ok
20:46:33.0636 6672 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:46:33.0643 6672 gagp30kx - ok
20:46:33.0647 6672 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:46:33.0651 6672 GEARAspiWDM - ok
20:46:33.0674 6672 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:46:33.0704 6672 gpsvc - ok
20:46:33.0707 6672 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:46:33.0714 6672 hcw85cir - ok
20:46:33.0726 6672 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:46:33.0739 6672 HdAudAddService - ok
20:46:33.0745 6672 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:46:33.0755 6672 HDAudBus - ok
20:46:33.0758 6672 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:46:33.0765 6672 HidBatt - ok
20:46:33.0769 6672 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:46:33.0779 6672 HidBth - ok
20:46:33.0783 6672 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:46:33.0792 6672 HidIr - ok
20:46:33.0795 6672 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:46:33.0817 6672 hidserv - ok
20:46:33.0820 6672 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
20:46:33.0826 6672 HidUsb - ok
20:46:33.0831 6672 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:46:33.0854 6672 hkmsvc - ok
20:46:33.0863 6672 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:46:33.0872 6672 HomeGroupListener - ok
20:46:33.0881 6672 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:46:33.0890 6672 HomeGroupProvider - ok
20:46:33.0894 6672 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:46:33.0900 6672 HpSAMD - ok
20:46:33.0904 6672 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
20:46:33.0911 6672 HTCAND64 - ok
20:46:33.0915 6672 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
20:46:33.0921 6672 htcnprot - ok
20:46:33.0941 6672 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:46:33.0969 6672 HTTP - ok
20:46:33.0971 6672 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:46:33.0977 6672 hwpolicy - ok
20:46:33.0983 6672 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:46:33.0991 6672 i8042prt - ok
20:46:34.0003 6672 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
20:46:34.0012 6672 iaStor - ok
20:46:34.0018 6672 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:46:34.0023 6672 IAStorDataMgrSvc - ok
20:46:34.0033 6672 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:46:34.0043 6672 iaStorV - ok
20:46:34.0047 6672 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:46:34.0050 6672 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:46:34.0051 6672 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:46:34.0078 6672 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:46:34.0096 6672 idsvc - ok
20:46:34.0122 6672 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:46:34.0128 6672 iirsp - ok
20:46:34.0147 6672 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:46:34.0176 6672 IKEEXT - ok
20:46:34.0244 6672 IntcAzAudAddService (e8017f1662d9142f45ceab694d013c00) C:\Windows\system32\drivers\RTKVHD64.sys
20:46:34.0273 6672 IntcAzAudAddService - ok
20:46:34.0299 6672 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:46:34.0306 6672 intelide - ok
20:46:34.0309 6672 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:46:34.0317 6672 intelppm - ok
20:46:34.0321 6672 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:46:34.0343 6672 IPBusEnum - ok
20:46:34.0348 6672 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:46:34.0369 6672 IpFilterDriver - ok
20:46:34.0384 6672 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:46:34.0410 6672 iphlpsvc - ok
20:46:34.0414 6672 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:46:34.0423 6672 IPMIDRV - ok
20:46:34.0428 6672 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:46:34.0452 6672 IPNAT - ok
20:46:34.0476 6672 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
20:46:34.0491 6672 iPod Service - ok
20:46:34.0494 6672 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:46:34.0511 6672 IRENUM - ok
20:46:34.0515 6672 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:46:34.0521 6672 isapnp - ok
20:46:34.0529 6672 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:46:34.0539 6672 iScsiPrt - ok
20:46:34.0543 6672 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:46:34.0549 6672 kbdclass - ok
20:46:34.0552 6672 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:46:34.0560 6672 kbdhid - ok
20:46:34.0563 6672 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:46:34.0569 6672 KeyIso - ok
20:46:34.0573 6672 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:46:34.0580 6672 KSecDD - ok
20:46:34.0586 6672 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:46:34.0593 6672 KSecPkg - ok
20:46:34.0596 6672 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:46:34.0617 6672 ksthunk - ok
20:46:34.0629 6672 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:46:34.0655 6672 KtmRm - ok
20:46:34.0664 6672 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
20:46:34.0687 6672 LanmanServer - ok
20:46:34.0693 6672 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:46:34.0716 6672 LanmanWorkstation - ok
20:46:34.0720 6672 LGBusEnum (db164eb571fd118d277d939510b0f562) C:\Windows\system32\drivers\LGBusEnum.sys
20:46:34.0725 6672 LGBusEnum - ok
20:46:34.0729 6672 LGSHidFilt (1af3a5a9bc310c88f2efcebd08d381ab) C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
20:46:34.0735 6672 LGSHidFilt - ok
20:46:34.0738 6672 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
20:46:34.0742 6672 LGVirHid - ok
20:46:34.0748 6672 LightScribeService (3503f257b3203f824b1567238ebe17e2) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:46:34.0751 6672 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:46:34.0751 6672 LightScribeService - detected UnsignedFile.Multi.Generic (1)
20:46:34.0755 6672 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:46:34.0777 6672 lltdio - ok
20:46:34.0787 6672 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:46:34.0811 6672 lltdsvc - ok
20:46:34.0814 6672 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:46:34.0836 6672 lmhosts - ok
20:46:34.0842 6672 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:46:34.0850 6672 LSI_FC - ok
20:46:34.0855 6672 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:46:34.0862 6672 LSI_SAS - ok
20:46:34.0866 6672 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:46:34.0873 6672 LSI_SAS2 - ok
20:46:34.0878 6672 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:46:34.0885 6672 LSI_SCSI - ok
20:46:34.0891 6672 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:46:34.0913 6672 luafv - ok
20:46:34.0923 6672 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
20:46:34.0933 6672 LVRS64 - ok
20:46:35.0033 6672 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
20:46:35.0084 6672 LVUVC64 - ok
20:46:35.0112 6672 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
20:46:35.0118 6672 MBAMProtector - ok
20:46:35.0136 6672 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:46:35.0148 6672 MBAMService - ok
20:46:35.0153 6672 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:46:35.0162 6672 Mcx2Svc - ok
20:46:35.0165 6672 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:46:35.0171 6672 megasas - ok
20:46:35.0181 6672 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:46:35.0191 6672 MegaSR - ok
20:46:35.0195 6672 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
20:46:35.0200 6672 MEIx64 - ok
20:46:35.0205 6672 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:46:35.0228 6672 MMCSS - ok
20:46:35.0231 6672 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:46:35.0253 6672 Modem - ok
20:46:35.0256 6672 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:46:35.0265 6672 monitor - ok
20:46:35.0268 6672 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:46:35.0274 6672 mouclass - ok
20:46:35.0277 6672 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:46:35.0285 6672 mouhid - ok
20:46:35.0290 6672 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:46:35.0296 6672 mountmgr - ok
20:46:35.0303 6672 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:46:35.0309 6672 MozillaMaintenance - ok
20:46:35.0316 6672 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
20:46:35.0324 6672 MpFilter - ok
20:46:35.0330 6672 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:46:35.0338 6672 mpio - ok
20:46:35.0342 6672 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:46:35.0364 6672 mpsdrv - ok
20:46:35.0390 6672 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:46:35.0419 6672 MpsSvc - ok
20:46:35.0425 6672 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:46:35.0436 6672 MRxDAV - ok
20:46:35.0442 6672 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:46:35.0451 6672 mrxsmb - ok
20:46:35.0460 6672 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:46:35.0469 6672 mrxsmb10 - ok
20:46:35.0473 6672 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:46:35.0480 6672 mrxsmb20 - ok
20:46:35.0483 6672 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:46:35.0489 6672 msahci - ok
20:46:35.0494 6672 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:46:35.0502 6672 msdsm - ok
20:46:35.0508 6672 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:46:35.0517 6672 MSDTC - ok
20:46:35.0522 6672 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:46:35.0543 6672 Msfs - ok
20:46:35.0546 6672 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:46:35.0567 6672 mshidkmdf - ok
20:46:35.0569 6672 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:46:35.0575 6672 msisadrv - ok
20:46:35.0581 6672 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:46:35.0604 6672 MSiSCSI - ok
20:46:35.0606 6672 msiserver - ok
20:46:35.0609 6672 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:46:35.0630 6672 MSKSSRV - ok
20:46:35.0635 6672 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
20:46:35.0641 6672 MsMpSvc - ok
20:46:35.0643 6672 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:46:35.0664 6672 MSPCLOCK - ok
20:46:35.0666 6672 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:46:35.0688 6672 MSPQM - ok
20:46:35.0701 6672 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:46:35.0711 6672 MsRPC - ok
20:46:35.0716 6672 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:46:35.0721 6672 mssmbios - ok
20:46:35.0724 6672 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:46:35.0745 6672 MSTEE - ok
20:46:35.0747 6672 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:46:35.0754 6672 MTConfig - ok
20:46:35.0757 6672 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:46:35.0763 6672 Mup - ok
20:46:35.0777 6672 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:46:35.0803 6672 napagent - ok
20:46:35.0814 6672 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:46:35.0826 6672 NativeWifiP - ok
20:46:35.0854 6672 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:46:35.0871 6672 NDIS - ok
20:46:35.0875 6672 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:46:35.0896 6672 NdisCap - ok
20:46:35.0899 6672 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:46:35.0920 6672 NdisTapi - ok
20:46:35.0924 6672 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:46:35.0945 6672 Ndisuio - ok
20:46:35.0952 6672 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:46:35.0974 6672 NdisWan - ok
20:46:35.0978 6672 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:46:35.0999 6672 NDProxy - ok
20:46:36.0002 6672 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:46:36.0023 6672 NetBIOS - ok
20:46:36.0032 6672 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:46:36.0055 6672 NetBT - ok
20:46:36.0059 6672 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:46:36.0066 6672 Netlogon - ok
20:46:36.0077 6672 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:46:36.0102 6672 Netman - ok
20:46:36.0112 6672 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:46:36.0118 6672 NetMsmqActivator - ok
20:46:36.0120 6672 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:46:36.0125 6672 NetPipeActivator - ok
20:46:36.0141 6672 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:46:36.0167 6672 netprofm - ok
20:46:36.0195 6672 netr28ux (618c55b392238b9467f9113e13525c49) C:\Windows\system32\DRIVERS\netr28ux.sys
20:46:36.0211 6672 netr28ux - ok
20:46:36.0221 6672 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:46:36.0227 6672 NetTcpActivator - ok
20:46:36.0229 6672 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:46:36.0234 6672 NetTcpPortSharing - ok
20:46:36.0239 6672 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:46:36.0246 6672 nfrd960 - ok
20:46:36.0250 6672 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:46:36.0256 6672 NisDrv - ok
20:46:36.0266 6672 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
20:46:36.0275 6672 NisSrv - ok
20:46:36.0287 6672 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:46:36.0311 6672 NlaSvc - ok
20:46:36.0314 6672 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:46:36.0336 6672 Npfs - ok
20:46:36.0339 6672 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:46:36.0360 6672 nsi - ok
20:46:36.0363 6672 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:46:36.0384 6672 nsiproxy - ok
20:46:36.0434 6672 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:46:36.0461 6672 Ntfs - ok
20:46:36.0487 6672 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:46:36.0507 6672 Null - ok
20:46:36.0514 6672 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:46:36.0521 6672 nvraid - ok
20:46:36.0527 6672 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:46:36.0535 6672 nvstor - ok
20:46:36.0541 6672 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:46:36.0548 6672 nv_agp - ok
20:46:36.0564 6672 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:46:36.0574 6672 odserv - ok
20:46:36.0578 6672 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:46:36.0586 6672 ohci1394 - ok
20:46:36.0592 6672 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:46:36.0598 6672 ose - ok
20:46:36.0707 6672 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:46:36.0767 6672 osppsvc - ok
20:46:36.0799 6672 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:46:36.0810 6672 p2pimsvc - ok
20:46:36.0825 6672 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:46:36.0837 6672 p2psvc - ok
20:46:36.0845 6672 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:46:36.0853 6672 Parport - ok
20:46:36.0857 6672 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:46:36.0863 6672 partmgr - ok
20:46:36.0870 6672 PassThru Service (afada8b97be3c9398dc6c770409c3544) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
20:46:36.0908 6672 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
20:46:36.0908 6672 PassThru Service - detected UnsignedFile.Multi.Generic (1)
20:46:36.0916 6672 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:46:36.0929 6672 PcaSvc - ok
20:46:36.0937 6672 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:46:36.0946 6672 pci - ok
20:46:36.0948 6672 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:46:36.0955 6672 pciide - ok
20:46:36.0961 6672 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:46:36.0970 6672 pcmcia - ok
20:46:36.0973 6672 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:46:36.0979 6672 pcw - ok
20:46:36.0998 6672 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:46:37.0026 6672 PEAUTH - ok
20:46:37.0057 6672 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:46:37.0077 6672 PeerDistSvc - ok
20:46:37.0098 6672 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:46:37.0106 6672 PerfHost - ok
20:46:37.0162 6672 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:46:37.0196 6672 pla - ok
20:46:37.0211 6672 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:46:37.0223 6672 PlugPlay - ok
20:46:37.0225 6672 PnkBstrA - ok
20:46:37.0229 6672 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:46:37.0237 6672 PNRPAutoReg - ok
20:46:37.0248 6672 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:46:37.0257 6672 PNRPsvc - ok
20:46:37.0264 6672 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
20:46:37.0269 6672 Point64 - ok
20:46:37.0285 6672 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:46:37.0312 6672 PolicyAgent - ok
20:46:37.0320 6672 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:46:37.0343 6672 Power - ok
20:46:37.0349 6672 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:46:37.0370 6672 PptpMiniport - ok
20:46:37.0375 6672 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:46:37.0382 6672 Processor - ok
20:46:37.0389 6672 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:46:37.0398 6672 ProfSvc - ok
20:46:37.0401 6672 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:46:37.0407 6672 ProtectedStorage - ok
20:46:37.0413 6672 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:46:37.0436 6672 Psched - ok
20:46:37.0440 6672 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:46:37.0445 6672 PxHlpa64 - ok
20:46:37.0483 6672 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:46:37.0509 6672 ql2300 - ok
20:46:37.0537 6672 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:46:37.0545 6672 ql40xx - ok
20:46:37.0553 6672 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:46:37.0566 6672 QWAVE - ok
20:46:37.0570 6672 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:46:37.0580 6672 QWAVEdrv - ok
20:46:37.0582 6672 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:46:37.0604 6672 RasAcd - ok
20:46:37.0608 6672 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:46:37.0629 6672 RasAgileVpn - ok
20:46:37.0634 6672 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:46:37.0657 6672 RasAuto - ok
20:46:37.0663 6672 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:46:37.0685 6672 Rasl2tp - ok
20:46:37.0695 6672 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:46:37.0719 6672 RasMan - ok
20:46:37.0724 6672 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:46:37.0747 6672 RasPppoe - ok
20:46:37.0751 6672 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:46:37.0773 6672 RasSstp - ok
20:46:37.0784 6672 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:46:37.0808 6672 rdbss - ok
20:46:37.0810 6672 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:46:37.0819 6672 rdpbus - ok
20:46:37.0822 6672 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:46:37.0843 6672 RDPCDD - ok
20:46:37.0850 6672 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:46:37.0858 6672 RDPDR - ok
20:46:37.0861 6672 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:46:37.0883 6672 RDPENCDD - ok
20:46:37.0886 6672 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:46:37.0907 6672 RDPREFMP - ok
20:46:37.0913 6672 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:46:37.0922 6672 RDPWD - ok
20:46:37.0930 6672 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:46:37.0939 6672 rdyboost - ok
20:46:37.0943 6672 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:46:37.0966 6672 RemoteAccess - ok
20:46:37.0973 6672 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:46:37.0995 6672 RemoteRegistry - ok
20:46:37.0999 6672 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:46:38.0021 6672 RpcEptMapper - ok
20:46:38.0024 6672 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:46:38.0031 6672 RpcLocator - ok
20:46:38.0049 6672 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:46:38.0073 6672 RpcSs - ok
20:46:38.0078 6672 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:46:38.0101 6672 rspndr - ok
20:46:38.0112 6672 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:46:38.0120 6672 RTL8167 - ok
20:46:38.0122 6672 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:46:38.0129 6672 s3cap - ok
20:46:38.0132 6672 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:46:38.0138 6672 SamSs - ok
20:46:38.0143 6672 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:46:38.0150 6672 sbp2port - ok
20:46:38.0156 6672 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:46:38.0179 6672 SCardSvr - ok
20:46:38.0182 6672 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:46:38.0203 6672 scfilter - ok
20:46:38.0235 6672 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:46:38.0267 6672 Schedule - ok
20:46:38.0272 6672 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:46:38.0293 6672 SCPolicySvc - ok
20:46:38.0300 6672 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:46:38.0310 6672 SDRSVC - ok
20:46:38.0317 6672 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:46:38.0338 6672 secdrv - ok
20:46:38.0342 6672 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:46:38.0363 6672 seclogon - ok
20:46:38.0368 6672 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:46:38.0391 6672 SENS - ok
20:46:38.0394 6672 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:46:38.0402 6672 SensrSvc - ok
20:46:38.0405 6672 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:46:38.0413 6672 Serenum - ok
20:46:38.0417 6672 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:46:38.0424 6672 Serial - ok
20:46:38.0427 6672 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:46:38.0434 6672 sermouse - ok
20:46:38.0442 6672 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:46:38.0464 6672 SessionEnv - ok
20:46:38.0467 6672 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:46:38.0476 6672 sffdisk - ok
20:46:38.0478 6672 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:46:38.0487 6672 sffp_mmc - ok
20:46:38.0489 6672 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:46:38.0498 6672 sffp_sd - ok
20:46:38.0501 6672 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:46:38.0508 6672 sfloppy - ok
20:46:38.0519 6672 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:46:38.0544 6672 SharedAccess - ok
20:46:38.0557 6672 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:46:38.0582 6672 ShellHWDetection - ok
20:46:38.0586 6672 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:46:38.0593 6672 SiSRaid2 - ok
20:46:38.0596 6672 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:46:38.0603 6672 SiSRaid4 - ok
20:46:38.0672 6672 Skype C2C Service (4ca43b85f22c7739311788b651a779cb) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:46:38.0711 6672 Skype C2C Service - ok
20:46:38.0720 6672 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:46:38.0726 6672 SkypeUpdate - ok
20:46:38.0754 6672 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:46:38.0777 6672 Smb - ok
20:46:38.0782 6672 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:46:38.0790 6672 SNMPTRAP - ok
20:46:38.0793 6672 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:46:38.0799 6672 spldr - ok
20:46:38.0817 6672 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:46:38.0844 6672 Spooler - ok
20:46:38.0946 6672 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:46:39.0002 6672 sppsvc - ok
20:46:39.0027 6672 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:46:39.0049 6672 sppuinotify - ok
20:46:39.0052 6672 sptd - ok
20:46:39.0071 6672 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:46:39.0083 6672 srv - ok
20:46:39.0094 6672 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:46:39.0105 6672 srv2 - ok
20:46:39.0112 6672 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:46:39.0121 6672 srvnet - ok
20:46:39.0129 6672 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:46:39.0153 6672 SSDPSRV - ok
20:46:39.0157 6672 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:46:39.0180 6672 SstpSvc - ok
20:46:39.0184 6672 Steam Client Service - ok
20:46:39.0188 6672 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:46:39.0194 6672 stexstor - ok
20:46:39.0209 6672 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:46:39.0225 6672 stisvc - ok
20:46:39.0229 6672 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:46:39.0235 6672 storflt - ok
20:46:39.0238 6672 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
20:46:39.0245 6672 StorSvc - ok
20:46:39.0248 6672 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:46:39.0254 6672 storvsc - ok
20:46:39.0256 6672 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:46:39.0262 6672 swenum - ok
20:46:39.0278 6672 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:46:39.0306 6672 swprv - ok
20:46:39.0350 6672 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:46:39.0377 6672 SysMain - ok
20:46:39.0400 6672 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:46:39.0411 6672 TabletInputService - ok
20:46:39.0423 6672 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:46:39.0449 6672 TapiSrv - ok
20:46:39.0453 6672 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:46:39.0476 6672 TBS - ok
20:46:39.0521 6672 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:46:39.0548 6672 Tcpip - ok
20:46:39.0610 6672 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:46:39.0633 6672 TCPIP6 - ok
20:46:39.0657 6672 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:46:39.0678 6672 tcpipreg - ok
20:46:39.0682 6672 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:46:39.0689 6672 TDPIPE - ok
20:46:39.0691 6672 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:46:39.0698 6672 TDTCP - ok
20:46:39.0704 6672 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:46:39.0725 6672 tdx - ok
20:46:39.0730 6672 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:46:39.0736 6672 TermDD - ok
20:46:39.0753 6672 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:46:39.0779 6672 TermService - ok
20:46:39.0783 6672 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:46:39.0794 6672 Themes - ok
20:46:39.0799 6672 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:46:39.0820 6672 THREADORDER - ok
20:46:39.0827 6672 TomTomHOMEService (f3d82327f5f57973e177438a22501c77) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
20:46:39.0832 6672 TomTomHOMEService - ok
20:46:39.0838 6672 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:46:39.0860 6672 TrkWks - ok
20:46:39.0869 6672 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:46:39.0890 6672 TrustedInstaller - ok
20:46:39.0897 6672 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:46:39.0917 6672 tssecsrv - ok
20:46:39.0921 6672 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:46:39.0928 6672 TsUsbFlt - ok
20:46:39.0934 6672 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:46:39.0957 6672 tunnel - ok
20:46:39.0960 6672 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:46:39.0967 6672 uagp35 - ok
20:46:39.0979 6672 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:46:40.0003 6672 udfs - ok
20:46:40.0009 6672 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:46:40.0017 6672 UI0Detect - ok
20:46:40.0021 6672 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:46:40.0027 6672 uliagpkx - ok
20:46:40.0031 6672 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:46:40.0039 6672 umbus - ok
20:46:40.0041 6672 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:46:40.0048 6672 UmPass - ok
20:46:40.0056 6672 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
20:46:40.0064 6672 UmRdpService - ok
20:46:40.0078 6672 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
20:46:40.0088 6672 UMVPFSrv - ok
20:46:40.0101 6672 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:46:40.0127 6672 upnphost - ok
20:46:40.0131 6672 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
20:46:40.0137 6672 USBAAPL64 - ok
20:46:40.0141 6672 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:46:40.0150 6672 usbaudio - ok
20:46:40.0155 6672 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:46:40.0162 6672 usbccgp - ok
20:46:40.0167 6672 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:46:40.0176 6672 usbcir - ok
20:46:40.0179 6672 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:46:40.0186 6672 usbehci - ok
20:46:40.0196 6672 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:46:40.0206 6672 usbhub - ok
20:46:40.0209 6672 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:46:40.0215 6672 usbohci - ok
20:46:40.0218 6672 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:46:40.0227 6672 usbprint - ok
20:46:40.0232 6672 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:46:40.0239 6672 USBSTOR - ok
20:46:40.0242 6672 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:46:40.0249 6672 usbuhci - ok
20:46:40.0252 6672 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:46:40.0274 6672 UxSms - ok
20:46:40.0277 6672 ValFltr (a85b07af8b98e8c5c7711bf37910a88d) C:\Windows\system32\drivers\ValoFltr.sys
20:46:40.0283 6672 ValFltr - ok
20:46:40.0286 6672 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:46:40.0292 6672 VaultSvc - ok
20:46:40.0295 6672 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:46:40.0301 6672 vdrvroot - ok
20:46:40.0316 6672 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:46:40.0341 6672 vds - ok
20:46:40.0345 6672 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:46:40.0353 6672 vga - ok
20:46:40.0356 6672 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:46:40.0377 6672 VgaSave - ok
20:46:40.0385 6672 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:46:40.0393 6672 vhdmp - ok
20:46:40.0396 6672 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:46:40.0402 6672 viaide - ok
20:46:40.0409 6672 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:46:40.0417 6672 vmbus - ok
20:46:40.0420 6672 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:46:40.0427 6672 VMBusHID - ok
20:46:40.0431 6672 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:46:40.0437 6672 volmgr - ok
20:46:40.0450 6672 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:46:40.0460 6672 volmgrx - ok
20:46:40.0471 6672 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:46:40.0481 6672 volsnap - ok
20:46:40.0487 6672 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:46:40.0495 6672 vsmraid - ok
20:46:40.0536 6672 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:46:40.0572 6672 VSS - ok
20:46:40.0597 6672 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:46:40.0605 6672 vwifibus - ok
20:46:40.0609 6672 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:46:40.0619 6672 vwififlt - ok
20:46:40.0633 6672 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:46:40.0658 6672 W32Time - ok
20:46:40.0663 6672 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:46:40.0671 6672 WacomPen - ok
20:46:40.0677 6672 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:46:40.0698 6672 WANARP - ok
20:46:40.0700 6672 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:46:40.0721 6672 Wanarpv6 - ok
20:46:40.0762 6672 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:46:40.0785 6672 wbengine - ok
20:46:40.0811 6672 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:46:40.0823 6672 WbioSrvc - ok
20:46:40.0834 6672 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:46:40.0848 6672 wcncsvc - ok
20:46:40.0852 6672 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:46:40.0860 6672 WcsPlugInService - ok
20:46:40.0866 6672 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:46:40.0873 6672 Wd - ok
20:46:40.0892 6672 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:46:40.0929 6672 Wdf01000 - ok
20:46:40.0935 6672 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:46:40.0960 6672 WdiServiceHost - ok
20:46:40.0962 6672 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:46:40.0973 6672 WdiSystemHost - ok
20:46:40.0982 6672 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:46:40.0995 6672 WebClient - ok
20:46:41.0005 6672 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:46:41.0030 6672 Wecsvc - ok
20:46:41.0035 6672 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:46:41.0057 6672 wercplsupport - ok
20:46:41.0062 6672 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:46:41.0084 6672 WerSvc - ok
20:46:41.0091 6672 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:46:41.0112 6672 WfpLwf - ok
20:46:41.0114 6672 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:46:41.0121 6672 WIMMount - ok
20:46:41.0124 6672 WinDefend - ok
20:46:41.0128 6672 WinHttpAutoProxySvc - ok
20:46:41.0141 6672 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:46:41.0164 6672 Winmgmt - ok
20:46:41.0170 6672 WinRing0_1_2_0 (0c0195c48b6b8582fa6f6373032118da) C:\Users\Thomas\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys
20:46:41.0182 6672 WinRing0_1_2_0 - ok
20:46:41.0227 6672 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:46:41.0265 6672 WinRM - ok
20:46:41.0294 6672 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:46:41.0303 6672 WinUsb - ok
20:46:41.0329 6672 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:46:41.0349 6672 Wlansvc - ok
20:46:41.0354 6672 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:46:41.0359 6672 wlcrasvc - ok
20:46:41.0418 6672 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:46:41.0451 6672 wlidsvc - ok
20:46:41.0476 6672 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:46:41.0483 6672 WmiAcpi - ok
20:46:41.0496 6672 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:46:41.0506 6672 wmiApSrv - ok
20:46:41.0510 6672 WMPNetworkSvc - ok
20:46:41.0513 6672 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:46:41.0522 6672 WPCSvc - ok
20:46:41.0528 6672 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:46:41.0538 6672 WPDBusEnum - ok
20:46:41.0542 6672 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:46:41.0562 6672 ws2ifsl - ok
20:46:41.0567 6672 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:46:41.0578 6672 wscsvc - ok
20:46:41.0580 6672 WSearch - ok
20:46:41.0636 6672 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:46:41.0669 6672 wuauserv - ok
20:46:41.0697 6672 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:46:41.0718 6672 WudfPf - ok
20:46:41.0725 6672 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:46:41.0746 6672 WUDFRd - ok
20:46:41.0751 6672 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:46:41.0772 6672 wudfsvc - ok
20:46:41.0780 6672 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:46:41.0792 6672 WwanSvc - ok
20:46:41.0807 6672 {B154377D-700F-42cc-9474-23858FBDF4BD} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
20:46:41.0813 6672 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
20:46:41.0815 6672 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:46:41.0891 6672 \Device\Harddisk0\DR0 - ok
20:46:41.0892 6672 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
20:46:41.0959 6672 \Device\Harddisk1\DR1 - ok
20:46:41.0961 6672 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
20:46:42.0031 6672 \Device\Harddisk2\DR2 - ok
20:46:42.0034 6672 Boot (0x1200) (b18bb20dd7b41fd020027a9a4c89bfe3) \Device\Harddisk0\DR0\Partition0
20:46:42.0034 6672 \Device\Harddisk0\DR0\Partition0 - ok
20:46:42.0036 6672 Boot (0x1200) (a64ce589bb42da13bb8a8c34e085c717) \Device\Harddisk0\DR0\Partition1
20:46:42.0037 6672 \Device\Harddisk0\DR0\Partition1 - ok
20:46:42.0038 6672 Boot (0x1200) (9915706bad589fa1cff7e4f2b69b6e22) \Device\Harddisk1\DR1\Partition0
20:46:42.0039 6672 \Device\Harddisk1\DR1\Partition0 - ok
20:46:42.0041 6672 Boot (0x1200) (0d18c41e63b88724a5383c947fad98f1) \Device\Harddisk2\DR2\Partition0
20:46:42.0042 6672 \Device\Harddisk2\DR2\Partition0 - ok
20:46:42.0042 6672 ============================================================
20:46:42.0042 6672 Scan finished
20:46:42.0042 6672 ============================================================
20:46:42.0047 7100 Detected object count: 3
20:46:42.0047 7100 Actual detected object count: 3
20:46:48.0794 7100 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:48.0795 7100 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:46:48.0795 7100 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:48.0795 7100 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:46:48.0796 7100 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:48.0796 7100 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
11.07.2012, 12:23
| #11 |
| /// Malware-holic | GVU-Trojaner mit Webcam hi lade den CCleaner standard: CCleaner Download - CCleaner 3.20.1750 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.07.2012, 12:39
| #12 |
| | GVU-Trojaner mit Webcam Hallo, anbei die Liste: Code:
ATTFilter Adobe AIR Adobe Systems Incorporated 19.06.2012 3.2.0.2070 ---> Notwendig Adobe Community Help Adobe Systems Incorporated. 28.11.2011 45049 ---> Notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 30.06.2012 6,00MB 11.3.300.262 ---> Notwendig Adobe Flash Player ActiveX Adobe Systems Incorporated 15.10.2011 9.0.124.0 ---> Notwendig Adobe Photoshop Elements 10 Adobe Systems Incorporated 28.11.2011 2,60GB 10.0 ---> Notwendig Adobe Reader X (10.1.3) - Deutsch Adobe Systems Incorporated 12.04.2012 149MB 37631 ---> Notwendig Apple Application Support Apple Inc. 17.06.2012 61,0MB 39815 ---> Notwendig Apple Mobile Device Support Apple Inc. 17.06.2012 24,9MB 5.2.0.6 ---> Unbekannt Apple Software Update Apple Inc. 19.03.2012 2,38MB 2.1.3.127 ---> Notwendig Assassin's Creed Revelations 1.03 Ubisoft 19.04.2012 40969 ---> Notwendig ATI Catalyst Install Manager ATI Technologies, Inc. 20.04.2012 22,4MB 3.0.829.0 ---> Notwendig Battlefield 3™ Electronic Arts 26.10.2011 1.0.0.0 ---> Notwendig Battlelog Web Plugins EA Digital Illusions CE AB 27.03.2012 1.118.0 ---> Notwendig Bonjour Apple Inc. 19.03.2012 2,00MB 3.0.0.10 ---> Notwendig CCleaner Piriform 22.06.2012 43891 ---> Notwendig Cisco Systems VPN Client 5.0.07.0290 10.11.2011 10,6MB ---> Notwendig Command & Conquer™ Alarmstufe Rot 3 Electronic Arts 15.10.2011 8,22GB 1.0.1.0 ---> Notwendig Core Temp 1.0 RC2 Alcpu 15.10.2011 2,30MB 1.0 ---> Notwendig CyberLink BD Advisor 2.0 17.10.2011 ---> Notwendig CyberLink Blu-ray Disc Suite CyberLink Corp. 17.10.2011 38,4MB 7.0.2407 ---> Notwendig CyberLink InstantBurn CyberLink Corp. 17.10.2011 5.0.6210 ---> Notwendig CyberLink LabelPrint CyberLink Corp. 17.10.2011 127MB 264193 ---> Notwendig CyberLink MediaShow CyberLink Corp. 17.10.2011 250MB 5.0.1423 ---> Notwendig CyberLink Power2Go CyberLink Corp. 17.10.2011 121MB 694698 ---> Notwendig CyberLink PowerBackup CyberLink Corp. 17.10.2011 1506018 ---> Notwendig CyberLink PowerDVD 9 CyberLink Corp. 17.10.2011 182MB 9.0.2519.50 ---> Notwendig CyberLink PowerProducer CyberLink Corp. 17.10.2011 175MB 5.0.2.2429 ---> Notwendig DAEMON Tools Lite DT Soft Ltd 14.10.2011 4.41.3.0173 ---> Notwendig Day of Defeat: Source Valve 15.10.2011 ---> Notwendig Diablo III Blizzard Entertainment 11.07.2012 1.0.3.10485 ---> Notwendig Die Sims™ 3 Electronic Arts 20.05.2012 1.33.2 ---> Notwendig Die Sims™ 3 Design-Garten-Accessoires Electronic Arts 15.10.2011 7.0.55 ---> Notwendig Die Sims™ 3 Einfach tierisch Electronic Arts 26.10.2011 10.0.96 ---> Notwendig Die Sims™ 3 Gib Gas-Accessoires Electronic Arts 15.10.2011 5.0.44 ---> Notwendig Die Sims™ 3 Late Night Electronic Arts 15.10.2011 6.0.81 ---> Notwendig Die Sims™ 3 Lebensfreude Electronic Arts 15.10.2011 8.0.152 ---> Notwendig Die Sims™ 3 Luxus-Accessoires Electronic Arts 15.10.2011 3.0.38 ---> Notwendig Die Sims™ 3 Reiseabenteuer Electronic Arts 15.10.2011 2.0.86 ---> Notwendig Die Sims™ 3 Stadt-Accessoires Electronic Arts 15.10.2011 9.0.73 ---> Notwendig Die Sims™ 3 Traumkarrieren Electronic Arts 20.05.2012 4.0.87 ---> Notwendig Direct MP3 Joiner version 3.0.2.9 Piston Software 08.02.2012 4,25MB 3.0.2.9 ---> Notwendig DiRT2 Codemasters 15.10.2011 1.00.0000 ---> Notwendig Dropbox Dropbox, Inc. 02.06.2012 39173 ---> Notwendig Dungeon Defenders 16.04.2012 ---> Notwendig Dungeon Defenders Demo 09.04.2012 ---> Notwendig Enterprise Architect 9.3 - 30 Day Trial Edition Sparx Systems 20.04.2012 174MB 9.3.931.22 ---> Notwendig ESN Sonar ESN Social Software AB 14.03.2012 0.70.4 ---> Notwendig Etron USB3.0 Host Controller Etron Technology 14.10.2011 5,12MB 0.96 ---> Notwendig Free M4a to MP3 Converter 7.0 ManiacTools.com 10.02.2012 3,95MB ---> Notwendig FreePDF (Remove only) 11.05.2012 ---> Notwendig FW LiveUpdate SAMSUNG 17.10.2011 2.0.6.2 ---> Notwendig GPL Ghostscript Artifex Software Inc. 17.10.2011 41008 ---> Notwendig Grand Theft Auto IV Rockstar Games 15.10.2011 1.00.0000 ---> Notwendig Half-Life(R) 2 Valve 15.10.2011 6,17GB 1.0.0.0 ---> Notwendig Hardcopy (C:\Program Files (x86)\Hardcopy) www.hardcopy.de 20.05.2012 40999 ---> Notwendig HTC BMP USB Driver HTC 19.06.2012 284KB 1.0.5375 ---> Notwendig HTC Driver Installer HTC Corporation 19.06.2012 2,09MB 3.0.0.021 ---> Notwendig HTC Sync HTC Corporation 19.06.2012 47,0MB 43864 ---> Notwendig Intel(R) Management Engine Components Intel Corporation 14.10.2011 7.0.0.1144 ---> Notwendig Intel(R) Rapid Storage Technology Intel Corporation 14.10.2011 10.1.0.1008 ---> Notwendig iTunes Apple Inc. 17.06.2012 182MB 10.6.3.25 ---> Notwendig Java(TM) 6 Update 26 Oracle 16.10.2011 94,9MB 6.0.260 ---> Notwendig Java(TM) 7 Oracle 16.10.2011 98,9MB 7.0.0 ---> Notwendig Java(TM) 7 Update 4 (64-bit) Oracle 12.06.2012 95,0MB 7.0.40 ---> Notwendig LaCie Ethernet Agent 1.0 LaCie SA 14.10.2011 1.0 ---> Notwendig LaCie Network Assistant 1.5.2.59 LaCie 16.10.2011 1.5.2.59 ---> Notwendig LightScribe System Software LightScribe 17.10.2011 24,0MB 1.18.11.1 ---> Notwendig Logitech GamePanel Software 3.03.133 Logitech Inc. 10.03.2012 53,8MB 3.03.133 ---> Notwendig Logitech Gaming Software 8.20 Logitech Inc. 26.12.2011 76,6MB 8.20.74 ---> Notwendig Logitech Webcam-Software Logitech Inc. 10.03.2012 11355 ---> Notwendig Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 04.07.2012 18,0MB 1.61.0.1400 ---> Notwendig Mass Effect™ 3 Demo Electronic Arts 18.02.2012 1.0.0.0 ---> Notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 14.10.2011 38,8MB 4.0.30319 ---> Notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 14.10.2011 2,93MB 4.0.30319 ---> Notwendig Microsoft .NET Framework 4 Extended Microsoft Corporation 06.05.2012 51,9MB 4.0.30319 ---> Notwendig Microsoft Flight 07.04.2012 ---> Notwendig Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 15.10.2011 31,3MB 3.5.88.0 ---> Notwendig Microsoft Games for Windows Marketplace Microsoft Corporation 15.10.2011 6,03MB 3.5.50.0 ---> Notwendig Microsoft IntelliPoint 8.2 Microsoft Corporation 14.10.2011 8.20.468.0 ---> Notwendig Microsoft Office Outlook Connector Microsoft Corporation 14.10.2011 3,38MB 14.0.6106.5001 ---> Notwendig Microsoft Office Professional 2010 Microsoft Corporation 26.04.2012 14.0.6029.1000 ---> Notwendig Microsoft Office Project Professional 2007 Microsoft Corporation 21.04.2012 12.0.6612.1000 ---> Notwendig Microsoft redistributable runtime DLLs VS2005 SP1(x86) SAP 17.11.2011 308KB 8.0.50727.4053 ---> Notwendig Microsoft redistributable runtime DLLs VS2008 SP1(x86) SAP AG 17.11.2011 4,62MB 9.0 ---> Notwendig Microsoft Security Essentials Microsoft Corporation 24.04.2012 4.0.1526.0 ---> Notwendig Microsoft Silverlight Microsoft Corporation 14.05.2012 50,6MB 5.1.10411.0 ---> Notwendig Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 14.10.2011 1,69MB 3.1.0000 ---> Notwendig Microsoft Visio Professional 2010 Microsoft Corporation 15.10.2011 14.0.6029.1000 ---> Notwendig Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 24.01.2012 260KB 8.0.50727.4053 ---> Notwendig Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 24.01.2012 250KB 8.0.50727.4053 ---> Notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.10.2011 300KB 8.0.56336 ---> Notwendig Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 15.01.2012 572KB 8.0.61000 ---> Notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 29.10.2011 788KB 9.0.30729 ---> Notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 30.10.2011 788KB 9.0.30729.6161 ---> Notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 16.10.2011 2,06MB 9.0.21022 ---> Notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 20.10.2011 234KB 9.0.30729 ---> Notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 17.10.2011 238KB 9.0.30729 ---> Notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 09.04.2012 222KB 9.0.30729.4148 ---> Notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.10.2011 600KB 9.0.30729.6161 ---> Notwendig Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 14.10.2011 13,7MB 10.0.30319 ---> Notwendig Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 15.10.2011 15,0MB 10.0.40219 ---> Notwendig Mozilla Firefox 13.0.1 (x86 de) Mozilla 17.06.2012 40,8MB 13.0.1 ---> Notwendig Mozilla Maintenance Service Mozilla 17.06.2012 309KB 13.0.1 ---> Notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 17.11.2011 1,28MB 4.20.9870.0 ---> Unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 18.11.2011 1,34MB 4.20.9876.0 ---> Unbekannt MSXML 4.0 SP3 Parser Microsoft Corporation 19.06.2012 1,47MB 4.30.2100.0 ---> Unbekannt MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 20.06.2012 1,53MB 4.30.2107.0 ---> Unbekannt NVIDIA PhysX NVIDIA Corporation 18.02.2012 78,9MB 9.10.0513 ---> Notwendig OpenAL 12.05.2012 ---> Notwendig Origin Electronic Arts, Inc. 22.03.2012 8.5.0.4554 ---> Notwendig Pandasoft Video Converter Pandasoft 06.05.2012 68,5MB 0.95.122.0 ---> Notwendig PDF-XChange Viewer Tracker Software Products Ltd. 29.11.2011 44,5MB 2.5.199.0 ---> Notwendig PunkBuster Services Even Balance, Inc. 18.04.2012 0.991 ---> Notwendig Rapture3D 2.3.22 Game Blue Ripple Sound 15.10.2011 ---> Unbekannt Realtek Ethernet Controller Driver For Windows 7 Realtek 14.10.2011 7.23.623.2010 ---> Notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 14.10.2011 6.0.1.6167 ---> Notwendig RedMon - Redirection Port Monitor 17.10.2011 ---> Unbekannt ROCCAT Valo Keyboard Driver 14.10.2011 ---> Notwendig SAP Business Explorer SAP AG 17.11.2011 44013 ---> Notwendig SAP GUI for Windows 7.20 SAP 17.11.2011 7.20 Compilation 3 ---> Notwendig Skype Click to Call Skype Technologies S.A. 15.06.2012 15,9MB 6.0.10201 ---> Notwendig Skype™ 5.9 Skype Technologies S.A. 15.06.2012 19,4MB 5.9.123 ---> Notwendig Steam(TM) Valve 15.10.2011 16,4MB 1.0.0.0 ---> Notwendig Streamripper (Remove only) 23.12.2011 ---> Notwendig TeamSpeak 3 Client TeamSpeak Systems GmbH 29.10.2011 ---> Notwendig TomTom HOME 2.8.3.2458 TomTom 03.01.2012 2.8.3.2458 ---> Notwendig TomTom HOME Visual Studio Merge Modules TomTom International B.V. 03.01.2012 1,88MB 1.0.2 ---> Notwendig Ubisoft Game Launcher UBISOFT 18.04.2012 1.0.0.0 ---> Notwendig VLC media player 1.1.11 VideoLAN 20.10.2011 40544 ---> Notwendig Winamp Nullsoft, Inc 23.12.2011 5623 ---> Notwendig Winamp Erkennungs-Plug-in Nullsoft, Inc 23.12.2011 75,0KB 1.0.0.1 ---> Notwendig Windows 7 Codec Pack 3.4.0 Windows 7 Codec Pack 17.10.2011 36619 ---> Notwendig Windows Live Essentials Microsoft Corporation 14.10.2011 15.4.3538.0513 ---> Notwendig Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 14.10.2011 5,57MB 15.4.5722.2 ---> Notwendig WinRAR 4.01 (64-Bit) win.rar GmbH 14.10.2011 36529 ---> Notwendig Xtra Controller Ex Hercules 15.01.2012 4.0.2.1 ---> Unbekannt Xtra Controller Ex Hercules 15.01.2012 4.0.2.1 ---> Unbekannt |
|
11.07.2012, 12:42
| #13 |
| /// Malware-holic | GVU-Trojaner mit Webcam deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Java: alle Download der kostenlosen Java-Software downloade java jre, instalieren. deinstaliere: öffne ccleaner, analysieren CCleaner starten. öffne otl, cleanup, pc neustarten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu GVU-Trojaner mit Webcam |
| betriebssystem, datei, funktionier, funktioniert, gefunde, gelöscht, gvu-trojaner, gvu-trojaner mit webcam, hallo zusammen, infizierte, infizierte datei, log-datei, malewarebytes, rootkit.0access, schonmal, sofort, temp-ordner, webcam, windows, windows 7, zusammen |
Linear-Darstellung
