Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Gvu Trojaner mit webcam

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.07.2012, 12:07   #1
Chrisooo
 
Gvu Trojaner mit webcam - Standard

Gvu Trojaner mit webcam



Hallo ich habe mir jetzt schon einige sachen durchgelesen aber bei mir war das etwas anders. Bei mir hat sich auch dieser Bildschirm einfach geöffnet mit GVU usw dann habe ich den laptop sofort aus gemacht und wieder gestatet er ist ganz normal hochgefahren und ich konnte mich auch normal anmelden mein Viren Programm hat dann den file fastor_ot.exe in Qurantäne gestzt wo ich es dann rausgelöscht habe nun kam nur am Anfang des systemstart die fehlermeldung von rundll32 das er den trojaner nicht ausführen kann denn link habe ich aus dem systemstart gelöscht und auch aus dem papierkorb. Der pc funktioniert eigentlich einwandfrei auch der taskmanger lässt sich öffnen. Wie soll ich jetzt vorgehen damit ich mir sicher sein kann dass alles weg ist.
Vielen Dannk für die Hilfe im voraus

lg chrisooo

Habe jetzt einen Quick Scan mit Malwarebytes Antimalware gemacht hat aber nichts gefunden hier der log:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.07.15.07

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Christian :: CHRISTIAN-PC [Administrator]

Schutz: Aktiviert

15.07.2012 12:27:24
mbam-log-2012-07-15 (12-27-24).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 234151
Laufzeit: 4 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Hier noch der vollständige Scan

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.15.07

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Christian :: CHRISTIAN-PC [Administrator]

Schutz: Aktiviert

15.07.2012 13:21:37
mbam-log-2012-07-15 (13-21-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 447169
Laufzeit: 1 Stunde(n), 23 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\EA GAMES\MOHAA\Ereg MOHAAB\go_ez.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

werden jetzt mal einen Scan mit OTL machen Poste dann die Logs hier.

Hier die OTL logs:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.07.2012 15:29:56 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\*******\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 56,16% Memory free
7,73 Gb Paging File | 5,77 Gb Available in Paging File | 74,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 224,87 Gb Total Space | 135,25 Gb Free Space | 60,14% Space Free | Partition Type: NTFS
Drive D: | 225,17 Gb Total Space | 81,10 Gb Free Space | 36,02% Space Free | Partition Type: NTFS
Drive E: | 6,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: User-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Christian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe (Panda Security, S.L.)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe (Panda Security, S.L.)
PRC - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe (Panda Security, S.L.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe (Panda Security, S.L.)
PRC - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\AVENGINE.EXE (Panda Security, S.L.)
PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2012\WebProxy.exe (Panda Security, S.L.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Firewall\PSHOST.EXE (Panda Security International)
PRC - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe (Panda Security, S.L.)
PRC - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe (Panda Security S.L.)
PRC - C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
MOD - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\MiniCrypto.dll ()
MOD - C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\libxml2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (TPSrv) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\TPSrvWow.exe (Panda Security, S.L.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (PAVFNSVR) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe (Panda Security, S.L.)
SRV - (PskSvcRetail) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe (Panda Security, S.L.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (PAVSRV) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe (Panda Security, S.L.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (PSHost) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Firewall\PSHOST.EXE (Panda Security International)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (Panda Software Controller) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe (Panda Security, S.L.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PSIMSVC) -- C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe (Panda Security S.L.)
SRV - (PavPrSrv) -- C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Prot6Flt) -- C:\Windows\SysNative\drivers\prot6flt.sys (Panda Security, S.L.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (APPFLT) -- C:\Windows\SysNative\drivers\APPFLT64.SYS (Panda Security, S.L.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (IDSFLT) -- C:\Windows\SysNative\drivers\idsflt64.sys (Panda Security, S.L.)
DRV:64bit: - (NETIMFLT01060044) -- C:\Windows\SysNative\drivers\n64i1644.sys (Panda Security, S.L.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (AmFSM) -- C:\Windows\SysNative\drivers\amm6460.sys (Panda Security, S.L.)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (ShldFlt) -- C:\Windows\SysNative\drivers\ShldFlt.sys (Panda Security, S.L.)
DRV:64bit: - (WNMFLT) -- C:\Windows\SysNative\drivers\wnmflt64.sys (Panda Security, S.L.)
DRV:64bit: - (NETFLTDI) -- C:\Windows\SysNative\drivers\NETTDI64.SYS (Panda Security, S.L.)
DRV:64bit: - (DSAFLT) -- C:\Windows\SysNative\drivers\dsaflt64.sys (Panda Security, S.L.)
DRV:64bit: - (FNETMON) -- C:\Windows\SysNative\drivers\fnetm64.sys (Panda Security, S.L.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {E86F2EB7-81E0-46C2-8B2F-D32A301EC0E7}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{E86F2EB7-81E0-46C2-8B2F-D32A301EC0E7}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (ICQ Sparberater) - {5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe (Microsoft)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe (Microsoft)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Inicio.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7AC2531-F5BB-45EF-A06B-95915CEFAC7F}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) - c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\avldr: DllName - (avldr64.dll) - C:\Windows\SysNative\avldr64.dll (On-Access Anti-Malware Scanner Sync)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.08.24 07:53:21 | 008,958,304 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2011.09.07 03:00:07 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ]
O32 - AutoRun File - [2011.09.07 02:08:12 | 000,032,783 | R--- | M] () - E:\Autorun.ico -- [ UDF ]
O32 - AutoRun File - [2011.09.07 03:00:07 | 000,000,132 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{18160f9c-0ddc-11e0-b576-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{18160f9c-0ddc-11e0-b576-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.08.24 07:53:21 | 008,958,304 | R--- | M] (Electronic Arts)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.08.24 07:53:21 | 008,958,304 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.15 15:17:09 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2012.07.15 13:34:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012.07.15 13:32:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.07.15 12:23:51 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2012.07.15 12:23:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.15 12:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.15 12:23:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.15 12:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.14 20:41:25 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\ElevatedDiagnostics
[2012.07.11 17:32:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.11 17:32:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.11 17:32:25 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.11 17:32:20 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.11 17:32:18 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.06.19 16:58:11 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.19 16:58:11 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.19 16:58:11 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.19 16:57:49 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.19 16:57:49 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.19 16:57:49 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.19 16:57:34 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.19 16:57:34 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.15 16:52:45 | 000,030,720 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\prot6flt.sys
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.15 15:17:19 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2012.07.15 15:09:21 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.15 15:09:21 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.15 15:09:21 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.15 15:09:21 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.15 15:09:21 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.15 15:08:43 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.15 15:08:43 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.15 15:07:32 | 000,359,336 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFCONT.DAT.bck
[2012.07.15 15:07:32 | 000,359,336 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFCONT.DAT
[2012.07.15 15:06:19 | 000,303,044 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.rls.bck
[2012.07.15 15:06:19 | 000,303,044 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.rls
[2012.07.15 15:06:19 | 000,001,132 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFLTR.CFG.bck
[2012.07.15 15:06:19 | 000,001,132 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFLTR.CFG
[2012.07.15 15:06:19 | 000,000,252 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\IdsFlt.cfg.bck
[2012.07.15 15:06:19 | 000,000,252 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\IdsFlt.cfg
[2012.07.15 15:06:19 | 000,000,128 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetLoc.wlt.bck
[2012.07.15 15:06:19 | 000,000,128 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetLoc.wlt
[2012.07.15 15:06:19 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetFlt.cfg.bck
[2012.07.15 15:06:19 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetFlt.cfg
[2012.07.15 15:06:19 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\WnmFlt.cfg.bck
[2012.07.15 15:06:19 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\WnmFlt.cfg
[2012.07.15 15:06:19 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.cfg.bck
[2012.07.15 15:06:19 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.cfg
[2012.07.15 15:02:28 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAR.wlt.bck
[2012.07.15 15:02:28 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAR.wlt
[2012.07.15 15:02:26 | 000,000,136 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAdapt.cfg.bck
[2012.07.15 15:02:26 | 000,000,136 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAdapt.cfg
[2012.07.15 15:02:04 | 000,030,720 | ---- | M] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\prot6flt.sys
[2012.07.15 15:01:47 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.15 15:01:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.15 15:01:25 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.15 13:49:29 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2012.07.15 13:49:28 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2012.07.15 12:23:36 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.14 19:06:00 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.14 17:17:29 | 000,008,627 | ---- | M] () -- C:\Windows\SysWow64\PAV_FOG.OPC
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.24 22:21:10 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Medal of Honor Allied Assault(tm) Breakthrough.lnk
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.15 12:23:36 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.14 19:05:36 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
[2012.06.24 22:21:10 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\Medal of Honor Allied Assault(tm) Breakthrough.lnk
[2012.05.12 17:50:01 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2012.04.24 20:23:30 | 000,000,019 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\urhtps.dat
[2012.01.11 19:15:09 | 000,000,714 | ---- | C] () -- C:\Windows\wininit.ini
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.02.15 21:17:09 | 000,007,605 | ---- | C] () -- C:\Users\Christian\AppData\Local\resmon.resmoncfg
[2011.01.08 17:57:42 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.01.08 17:57:41 | 002,793,768 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.01.08 17:57:41 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.01.06 21:01:30 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.12.22 16:47:11 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.12.22 16:47:11 | 000,191,688 | ---- | C] () -- C:\Windows\flicker.dll
[2010.12.22 16:47:11 | 000,051,712 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe
[2010.12.22 16:47:11 | 000,011,976 | ---- | C] () -- C:\Windows\setpwlin.exe
[2010.12.22 16:47:11 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2010.12.22 16:47:11 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2010.10.14 15:06:09 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.10.14 14:54:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2011.01.12 19:32:55 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\gnupg
[2012.07.13 00:16:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ICQ
[2012.04.11 23:51:55 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\kock
[2011.01.18 21:17:39 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Leadertech
[2012.05.13 16:21:25 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Origin
[2011.11.07 18:58:00 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Panda Security
[2012.04.14 17:24:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\UAs
[2012.04.14 17:24:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\xmldm
[2012.07.02 17:25:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2

< End of report >
         
--- --- ---

und Extra: OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 15.07.2012 15:29:56 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\********\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 56,16% Memory free
7,73 Gb Paging File | 5,77 Gb Available in Paging File | 74,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 224,87 Gb Total Space | 135,25 Gb Free Space | 60,14% Space Free | Partition Type: NTFS
Drive D: | 225,17 Gb Total Space | 81,10 Gb Free Space | 36,02% Space Free | Partition Type: NTFS
Drive E: | 6,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: User | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
.jse [@ = JSEFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
.vbe [@ = VBEFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe  "%1" %*
.vbs [@ = VBSFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe  "%1" %*
.wsf [@ = WSFFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe  "%1" %*
.wsh [@ = WSHFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe  "%1" %*
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
.jse [@ = JSEFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
.vbe [@ = VBEFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe  "%1" %*
.vbs [@ = VBSFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe  "%1" %*
.wsf [@ = WSFFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe  "%1" %*
.wsh [@ = WSHFile] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe  "%1" %*
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
jsefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe  "%1" %*
vbsfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe  "%1" %*
wsffile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe  "%1" %*
wshfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe  "%1" %*
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
jsefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe  "%1" %*
vbsfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe  "%1" %*
wsffile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe  "%1" %*
wshfile [open] -- C:\PROGRA~2\PANDAS~1\PANDAA~1\PavScrip.exe  "%1" %*
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14B13C06-03D3-44D9-834D-EBE577F2D7FA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{23950EF3-C6FD-491B-B34D-A607446793F2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{28CD8638-158B-47F5-9BBB-D60786CAD55A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{418E0614-2546-415F-9ABF-DA63ED867CF7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5639E67D-043A-4DE0-B8EE-0EE444D8E078}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{599DBC14-899A-4302-8FED-75304EF08F7C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5B52D658-E40A-4CBB-989C-110C2E84C950}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5E472CCB-450A-4DB3-876D-6953291E43CE}" = rport=445 | protocol=6 | dir=out | app=system | 
"{668B3CE8-621F-4F03-B2D3-DA4C9B6E3CA6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6A885B28-6F11-460F-B3EA-AC9E183A1064}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{79F561AF-9036-42AD-B9A6-2576F3B67D1B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7A71AFC6-2BBE-4E06-8E7D-1098EDA525E8}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A0722194-6C87-4508-B7F0-ADFE85243636}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A25BA46E-2394-48B6-903D-B1DF42C7ECFA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A59F2B67-78CA-4605-8168-67E4774A908A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AA3DBC46-15EA-47C0-B97F-3397222D8B0E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AA6BA5B2-57A5-4037-83F4-8612EAF93876}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B1C41BE1-D753-403E-AD3F-F5F045CE4D78}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BEDFA6D4-D68D-45C3-B270-41CEA5452A22}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{D848D894-41B5-4B5A-98F5-4A8788334E30}" = lport=137 | protocol=17 | dir=in | app=system | 
"{ED8C2ECC-5F01-47A6-8407-6A738E277331}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F0B464B2-4741-4A5E-9E46-38660757E751}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FD5BBF46-A4D8-4700-9BD7-92F3D2168F7A}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010C0D03-CC62-44DD-8EDC-927585842A1D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{07E52735-28DD-4FAB-A36F-034BA0E72448}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{0B8268B5-0684-4E49-8729-1FD25771641A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0DF21496-B53B-4D9E-98D4-14936F53CFA8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0FF7DB57-9AED-4566-9C96-3EAB13DF41C1}" = protocol=6 | dir=out | app=system | 
"{2E7FA9A8-143E-4367-9898-DE2CE43933DA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{2FC4DD60-2860-4727-9183-3A6412528CA5}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | 
"{313D4455-F822-4345-8DDE-C4671063822C}" = protocol=6 | dir=in | app=e:\setup.exe | 
"{3611F864-CEC6-41CB-A195-420CA096A79E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{3861DEDA-F38D-4F65-ABEC-65C6E1B5A40C}" = protocol=17 | dir=in | app=d:\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe | 
"{3CBC5568-8760-4CF7-9984-CA827DBF1AB6}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{3F123A8F-D529-4752-9226-424232EF8029}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{402953C2-8A4C-4C96-94EA-99BE823F574E}" = protocol=17 | dir=in | app=c:\program files (x86)\sega\vancouver 2010\vancouver.exe | 
"{44818AD3-8EEF-45EA-97A5-4A1DEC983966}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{454CC71A-1E27-4391-9309-2640243FC98A}" = protocol=17 | dir=in | app=c:\program files (x86)\sega\beijing 2008\beijing.exe | 
"{47456820-E292-45CA-88AA-59E572FFB673}" = protocol=6 | dir=in | app=c:\program files (x86)\sega\vancouver 2010\vancouver.exe | 
"{47A3542B-975F-4E53-BA4D-DA9C32EEE70E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4C025ADC-A3D1-499B-BAAE-AD78E68D060D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4EC1F63C-C641-4B9B-9E8A-088FE5E150C4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{4ED3F5AD-529D-4976-B894-2556A51EBBE0}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\f1 2011\f1_2011.exe | 
"{55F3A055-700E-429F-A19B-0890E4139E72}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{57829BC9-CDAF-4DEF-8D33-C6AB71D1B137}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5A26B24E-722A-4C4B-849E-65D0E3B42FAE}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\f1 2011\f1_2011.exe | 
"{5A4EBAC7-B19C-47E6-ACA3-D7E7A0A5B90B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5C084B5F-F095-42A5-BAD3-5710C13E9B07}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\f1 2011\f1_2011.exe | 
"{5EA97168-492E-406C-8170-6F04B30D3DBF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{607EE90A-EE33-4DAC-B987-4104447FB6DA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{69FB89BE-556D-492E-A337-781E592859B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{731FDB8A-CBFA-49DD-AC36-AF9EA2947A46}" = protocol=6 | dir=in | app=c:\program files (x86)\sega\beijing 2008\beijing.exe | 
"{73F56A97-CE5E-44BD-81D7-3CD67480E890}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{76956DDE-7BBD-40F7-AF5F-9035CB2D0BE7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{77A8FE17-67CD-40E8-BA4D-1C08538E53CF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{84749039-0F02-4C9B-B0B6-FDF1937780D8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8DBC06A7-3DA4-402C-9601-D18711C2691B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{91D144BA-1F4D-466F-9C7A-B18E856512E0}" = protocol=6 | dir=in | app=c:\program files (x86)\disney interactive studios\split second\splitsecond.exe | 
"{920E050A-9871-4378-82A1-9F17FEFE8E81}" = protocol=6 | dir=in | app=d:\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe | 
"{941B1499-8746-41CB-A0EF-7057C8150BD9}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe | 
"{99CD20E2-CBD9-4C30-9228-32B758B7CE3C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{A33D7A55-5778-4DEE-8F89-DE178DB579C2}" = protocol=17 | dir=in | app=c:\program files (x86)\disney interactive studios\split second\splitsecond.exe | 
"{A58D47B2-5838-42D3-A777-ED0ED1075107}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{A5B0EB2F-BAD0-4343-AD2E-ECF58459CF4E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{A781A30B-096A-4845-9C8A-46E7EBC41603}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B414F930-0E3A-4B9B-B5F6-C70326F07A1D}" = protocol=6 | dir=in | app=d:\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe | 
"{C4E391A7-D049-48D0-85EB-F2B42A98A237}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{CADF98B9-03EB-4E7C-8125-D3374762775C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CCFA504E-5478-4E53-9426-25EA8336A8E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D27CC0B4-B8EE-4A43-9423-4A6C643E1026}" = protocol=17 | dir=in | app=d:\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe | 
"{DA5A3189-81F6-4B03-879D-4E22E681E3D8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E789E1FC-0D58-4F79-B010-22816E9345C4}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\f1 2011\f1_2011.exe | 
"{E83D5B92-A1F1-4A15-A0ED-1AAA7998A8FA}" = protocol=17 | dir=in | app=e:\setup.exe | 
"{E94232C5-1893-42CA-8BF1-7D2CE621B928}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{EF54295B-159A-4FF1-A2CD-13A3B07DF053}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{EF93E8C6-31F7-4C04-83B5-5F82D2BE1071}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F048331F-1FE7-4B6D-88B5-35E772275340}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{F764F956-DF20-486C-85C8-401F1DB488C8}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{F91CD423-637D-4D23-A361-F98B9DA85BEA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{41996910-9B77-4705-B3F3-43F2756932BC}C:\program files (x86)\panda security\panda antivirus pro 2012\apvxdwin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\panda security\panda antivirus pro 2012\apvxdwin.exe | 
"TCP Query User{4DD916BC-ABF3-4D96-BC7F-A6F631B730B4}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{12B81A30-6776-44A8-9FB2-60125926650A}C:\program files (x86)\panda security\panda antivirus pro 2012\apvxdwin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\panda security\panda antivirus pro 2012\apvxdwin.exe | 
"UDP Query User{BAEC7764-01ED-471D-907D-87BFBDBF7D1C}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{28526951-55EF-4901-A0CA-B9AC966D1DD1}" = Split/Second
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3538DD8F-A0CF-4CB9-8B38-0963CAA509EA}" = Panda Antivirus Pro 2012
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24}" = ICQ Sparberater
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}" = Medal of Honor Allied Assault(tm) Breakthrough
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B1D3568D-BC21-4C50-92A5-2396570DF1DE}_is1" = Panda Secure Vault 5
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C58BEC6C-D968-4FE3-8DD6-9FDC4278657B}" = Panda Antivirus Pro 2012
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.9 Game
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E55FB276-73C9-4776-AB53-BC028C0509ED}" = Panda Antivirus Pro 2012
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CrashTime" = Cobra 11 - Crash Time (remove only)
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"GFWL_{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011
"ICQToolbar" = ICQ Toolbar
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.06.2012 13:52:05 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 01.07.2012 17:24:34 | Computer Name = Christian-PC | Source = Windows Backup | ID = 4100
Description = 
 
Error - 03.07.2012 17:14:27 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 03.07.2012 17:14:32 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Codemasters\F1 2011\CustomActionOnFinishInst.exe". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Codemasters\F1 2011\CustomActionOnFinishInst.exe"
 in Zeile 1.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 04.07.2012 13:16:22 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 04.07.2012 13:16:24 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Codemasters\F1 2011\CustomActionOnFinishInst.exe". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Codemasters\F1 2011\CustomActionOnFinishInst.exe"
 in Zeile 1.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 04.07.2012 13:17:55 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 08.07.2012 06:37:43 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 08.07.2012 06:37:48 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Codemasters\F1 2011\CustomActionOnFinishInst.exe". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Codemasters\F1 2011\CustomActionOnFinishInst.exe"
 in Zeile 1.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 08.07.2012 06:39:17 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
[ Media Center Events ]
Error - 27.02.2011 14:35:23 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 19:35:22 - Fehler beim Herstellen der Internetverbindung.  19:35:22 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 27.02.2011 15:35:28 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 20:35:28 - Fehler beim Herstellen der Internetverbindung.  20:35:28 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 27.02.2011 15:35:34 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 20:35:33 - Fehler beim Herstellen der Internetverbindung.  20:35:33 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 27.02.2011 16:35:39 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 21:35:39 - Fehler beim Herstellen der Internetverbindung.  21:35:39 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 27.02.2011 16:35:45 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 21:35:44 - Fehler beim Herstellen der Internetverbindung.  21:35:44 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.02.2011 15:48:23 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 20:48:23 - Fehler beim Herstellen der Internetverbindung.  20:48:23 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.02.2011 15:48:39 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 20:48:28 - Fehler beim Herstellen der Internetverbindung.  20:48:28 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 08.03.2011 14:44:54 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 19:44:53 - Fehler beim Herstellen der Internetverbindung.  19:44:53 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 08.03.2011 14:45:01 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 19:44:59 - Fehler beim Herstellen der Internetverbindung.  19:44:59 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 08.03.2011 15:47:14 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 20:47:13 - Fehler beim Herstellen der Internetverbindung.  20:47:13 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 14.07.2012 14:31:03 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Panda TPSrv" wurde unerwartet beendet. Dies ist bereits 1 
Mal passiert.
 
Error - 14.07.2012 14:34:42 | Computer Name = Christian-PC | Source = bowser | ID = 8003
Description = 
 
Error - 14.07.2012 19:46:34 | Computer Name = Christian-PC | Source = bowser | ID = 8003
Description = 
 
Error - 15.07.2012 06:26:01 | Computer Name = Christian-PC | Source = bowser | ID = 8003
Description = 
 
Error - 15.07.2012 06:29:41 | Computer Name = Christian-PC | Source = bowser | ID = 8003
Description = 
 
Error - 15.07.2012 06:33:20 | Computer Name = Christian-PC | Source = bowser | ID = 8003
Description = 
 
Error - 15.07.2012 06:55:29 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Panda TPSrv" wurde unerwartet beendet. Dies ist bereits 1 
Mal passiert.
 
Error - 15.07.2012 07:01:24 | Computer Name = Christian-PC | Source = bowser | ID = 8003
Description = 
 
Error - 15.07.2012 07:31:34 | Computer Name = Christian-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80246007 fehlgeschlagen: Windows 7 Service Pack 1 für x64-basierte Systeme
 (KB976932)
 
Error - 15.07.2012 09:02:22 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Panda TPSrv" wurde unerwartet beendet. Dies ist bereits 1 
Mal passiert.
 
 
< End of report >
         
--- --- ---

wie soll ich nun weiter vorgehen ?
lg

Alt 15.07.2012, 16:39   #2
markusg
/// Malware-holic
 
Gvu Trojaner mit webcam - Standard

Gvu Trojaner mit webcam



Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________

__________________

Alt 15.07.2012, 21:02   #3
Chrisooo
 
Gvu Trojaner mit webcam - Standard

Gvu Trojaner mit webcam



So habe das gemacht hatte aber ein paar problemchen trotz das mein virus programm deaktiviert wa hat es angesprungen mit berrohender Zugriff auf usw und dann hat er hijacking versuche vom inet explorer gemeldet hatte dies dann teilweise abgelehnt und zugelassen ka was ich da hätte machen sollen naja und dann hat er ja den log erstellt gehabt und danach konnte ich nicht mehr auf inet explorer und mein virus programm zugreifen jetzt habe ich einen neustart gemacht und alles geht wieder. was wa dalos oder war das normal die fehlermeldung die sie gesagt hatten kam nicht. Hoffe sie können mir helfen.

Hier der log
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-14.01 - Christian 15.07.2012  20:03:10.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3959.2592 [GMT 2:00]
ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe
AV: Panda Antivirus Pro 2012 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
FW: Panda Personal Firewall 2012 *Enabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
SP: Panda Antivirus Pro 2012 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\FullRemove.exe
c:\windows\SysWow64\tmp26A3.tmp
c:\windows\SysWow64\tmp26A4.tmp
c:\windows\SysWow64\tmp66E0.tmp
c:\windows\SysWow64\tmp6710.tmp
c:\windows\SysWow64\tmpB6D0.tmp
c:\windows\SysWow64\tmpB6D1.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-15 bis 2012-07-15  ))))))))))))))))))))))))))))))
.
.
2012-07-15 18:10 . 2012-07-15 18:10	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-15 18:10 . 2012-07-15 18:10	--------	d-----w-	c:\users\Anke\AppData\Local\temp
2012-07-15 17:29 . 2010-09-09 14:23	78920	----a-w-	c:\windows\system32\drivers\idsflt64.sys
2012-07-15 17:29 . 2009-09-25 12:54	74760	----a-w-	c:\windows\system32\drivers\wnmflt64.sys
2012-07-15 17:29 . 2009-09-25 12:54	82952	----a-w-	c:\windows\system32\drivers\dsaflt64.sys
2012-07-15 17:28 . 2011-01-31 14:41	129096	----a-w-	c:\windows\system32\drivers\APPFLT64.SYS
2012-07-15 17:28 . 2009-09-25 12:54	170504	----a-w-	c:\windows\system32\drivers\NETTDI64.SYS
2012-07-15 17:28 . 2009-09-25 12:54	31752	----a-w-	c:\windows\system32\drivers\fnetm64.sys
2012-07-15 17:15 . 2012-07-15 17:15	--------	d-----w-	c:\users\Christian\AppData\Local\Panda Security
2012-07-15 17:13 . 2007-03-15 17:38	46640	----a-w-	c:\windows\system32\pavcpl64.cpl
2012-07-15 17:13 . 2003-10-22 16:23	446464	----a-w-	c:\windows\SysWow64\HHActiveX.dll
2012-07-15 17:13 . 2010-06-21 15:02	202048	----a-w-	c:\windows\SysWow64\TpUtilWow.dll
2012-07-15 17:13 . 2010-06-21 15:01	87872	----a-w-	c:\windows\SysWow64\PavLspHookWow.dll
2012-07-15 17:13 . 2010-06-21 15:01	66880	----a-w-	c:\windows\SysWow64\PavIpcWow.dll
2012-07-15 17:13 . 2009-08-10 11:46	25344	----a-w-	c:\windows\SysWow64\sysHelper32.dll
2012-07-15 17:12 . 2010-06-21 15:02	323392	----a-w-	c:\windows\system32\TpUtil64.dll
2012-07-15 17:12 . 2010-06-21 15:01	839488	----a-w-	c:\windows\system32\PavSHook64.dll
2012-07-15 17:12 . 2010-06-21 15:01	546624	----a-w-	c:\windows\SysWow64\PavSHookWow.dll
2012-07-15 17:12 . 2010-06-21 15:01	114496	----a-w-	c:\windows\system32\PavLspHook64.dll
2012-07-15 17:12 . 2010-06-21 15:01	90944	----a-w-	c:\windows\system32\PavIpc64.dll
2012-07-15 17:12 . 2009-08-10 11:46	25344	----a-w-	c:\windows\system32\sysHelper64.dll
2012-07-15 17:12 . 2010-09-01 09:09	216648	----a-w-	c:\windows\system32\drivers\n64i1644.sys
2012-07-15 17:12 . 2012-07-15 17:12	--------	d-----w-	c:\windows\SysWow64\PAV
2012-07-15 17:12 . 2010-05-21 11:50	65608	----a-w-	c:\windows\system32\drivers\amm6460.sys
2012-07-15 17:12 . 2010-03-24 10:56	64768	----a-w-	c:\windows\system32\avldr64.dll
2012-07-15 17:12 . 2012-07-15 17:14	--------	d-----w-	c:\program files (x86)\Panda Security
2012-07-15 17:12 . 2012-07-15 17:12	--------	d-----w-	c:\users\Christian\AppData\Roaming\Panda Security
2012-07-15 17:11 . 2012-07-15 17:11	--------	d-----w-	c:\program files (x86)\Common Files\Panda Security
2012-07-15 17:11 . 2009-10-27 10:07	48136	----a-w-	c:\windows\system32\drivers\ShldFlt.sys
2012-07-15 11:34 . 2012-07-15 11:34	--------	d-----w-	c:\windows\system32\SPReview
2012-07-15 11:32 . 2012-07-15 11:32	--------	d-----w-	c:\windows\system32\EventProviders
2012-07-15 10:23 . 2012-07-15 10:23	--------	d-----w-	c:\users\Christian\AppData\Roaming\Malwarebytes
2012-07-15 10:23 . 2012-07-15 10:23	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-15 10:23 . 2012-07-15 10:23	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-15 10:23 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-14 18:41 . 2012-07-14 18:42	--------	d-----w-	c:\users\Christian\AppData\Local\ElevatedDiagnostics
2012-07-14 09:44 . 2012-05-31 04:04	9013136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{4ADF614D-DC0B-4EBE-89C1-E39B7910A750}\mpengine.dll
2012-07-11 23:04 . 2012-06-12 03:08	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-06-19 14:58 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-19 14:58 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-19 14:58 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-19 14:58 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-19 14:57 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-19 14:57 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-19 14:57 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-19 14:57 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-19 14:57 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-15 11:49 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2012-07-15 11:49 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2012-05-15 04:01 . 2012-06-13 15:06	1188864	----a-w-	c:\windows\system32\wininet.dll
2012-05-15 03:03 . 2012-06-13 15:06	981504	----a-w-	c:\windows\SysWow64\wininet.dll
2012-05-04 11:06 . 2012-06-13 15:05	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 15:05	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 15:05	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 15:05	209920	----a-w-	c:\windows\system32\profsvc.dll
2012-04-29 18:02 . 2012-04-29 18:02	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-3\markup.dll
2012-04-29 18:02 . 2011-01-08 23:00	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-04-29 18:01 . 2011-01-12 17:09	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-04-28 03:55 . 2012-06-13 15:05	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 15:05	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 15:05	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 15:05	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 15:05	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 15:05	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 15:05	1462272	----a-w-	c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 15:05	1158656	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 15:05	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 15:05	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-04-20 03:45 . 2012-06-13 15:06	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2012-04-20 03:16 . 2012-06-13 15:06	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24}]
2011-06-30 12:27	50240	----a-w-	c:\program files (x86)\icq\Internet Explorer\icq.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40	120176	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-04-05 17356424]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-08-01 124480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\OOTag.exe" [2010-02-23 13856]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"APVXDWIN"="c:\program files (x86)\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE" [2011-04-13 1000768]
"SCANINICIO"="c:\program files (x86)\Panda Security\Panda Antivirus Pro 2012\Inicio.exe" [2011-02-02 70464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-10 1255736]
S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot64.sys [2010-06-22 30792]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S1 ShldFlt;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShldFlt.sys [2009-10-27 48136]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm6460.sys [2010-05-21 65608]
S2 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT64.SYS [2011-01-31 129096]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT64.SYS [2009-09-25 82952]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetm64.SYS [2009-09-25 31752]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
S2 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT64.SYS [2010-09-09 78920]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETTDI64.SYS [2009-09-25 12:54 170504]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 PskSvcRetail;Panda PSK service;c:\program files (x86)\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe [2010-08-16 28992]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S2 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT64.SYS [2009-09-25 74760]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\DRIVERS\n64i1644.sys [2010-09-01 216648]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [x]
S3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42	137584	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\ootag.exe" [2010-02-23 13856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
.
.
------- Dateityp-Verknüpfung -------
.
JSEFile=c:\progra~2\PANDAS~1\PANDAA~1\PavScrip.exe "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-FUSSBALL MANAGER 12 - c:\program files (x86)\EA SPORTS\FUSSBALL MANAGER 12\eauninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9e,b2,67,3d,24,77,10,49,a4,50,e1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9e,b2,67,3d,24,77,10,49,a4,50,e1,\
.
[HKEY_USERS\S-1-5-21-2475846246-2324027737-1937470568-1000\Software\SecuROM\License information*]
"datasecu"=hex:00,b0,e8,33,0a,3a,0f,bf,30,88,6b,ec,19,2f,35,34,77,7d,b8,95,52,
   0a,93,ff,e4,f4,22,25,6e,c8,b9,d4,ca,28,aa,8e,93,22,6a,cf,dd,f3,b6,c8,da,4e,\
"rkeysecu"=hex:df,0f,7a,fa,24,d5,a9,26,b6,1e,08,97,f8,d7,a2,bc
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Panda Security\Panda Antivirus Pro 2012\TPSrvWow.exe
c:\program files (x86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2012\WebProxy.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe
c:\program files (x86)\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe
c:\program files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
c:\program files (x86)\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe
c:\program files (x86)\Panda Security\Panda Antivirus Pro 2012\AVENGINE.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Panda Security\Panda Antivirus Pro 2012\Firewall\PSHOST.EXE
c:\program files (x86)\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-15  20:22:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-15 18:22
.
Vor Suchlauf: 10 Verzeichnis(se), 143.677.935.616 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 145.788.956.672 Bytes frei
.
- - End Of File - - 501F640D86495582E2F590B996639243
         
--- --- ---
__________________

Alt 17.07.2012, 23:16   #4
markusg
/// Malware-holic
 
Gvu Trojaner mit webcam - Standard

Gvu Trojaner mit webcam



gehts auch in ganzen sätzen, was wurde wo gefunden bzw was für aktionen ausgeführt, gucke im bericht des programms
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.07.2012, 12:43   #5
Chrisooo
 
Gvu Trojaner mit webcam - Standard

Gvu Trojaner mit webcam



Danke erstmal

Also ich habe mein Virus programm und deren Firewall deaktiviert und habe Combofx laufen lassen und wären dessen kamen Fehlermeldungen von meinem Virusprogramm wie z.b Gefählicher Zugriff auf ihr System und Später Hijackingversuche mit Internet Explorer wo drinnen stand ob Einstellungen geändert werden sollen. Leider kann ich kein Bericht senden von meinem Virus Programm weil als ich nicht mehr darauf zugreifen könnte nachdem Combofix fertig war habe ich es neu installiert und dann denn Computer neu gestartet und dann ging alles wieder auch der Zugriff aufs Internet. Können Sie den mit dem Combofix Log trotzdem was anfangen trotz der Probleme?

lg chrisooo


Alt 19.07.2012, 19:53   #6
markusg
/// Malware-holic
 
Gvu Trojaner mit webcam - Standard

Gvu Trojaner mit webcam



hi
es stand doch da, dass es probleme geben kann, die nach neustart behoben sind :-)
ok schaun wir mal weiter:
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
--> Gvu Trojaner mit webcam

Alt 20.07.2012, 15:25   #7
Chrisooo
 
Gvu Trojaner mit webcam - Standard

Gvu Trojaner mit webcam



Ok hab das so gemacht hat aber nix gefunden

hier der log:

15:13:10.0948 1364 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
15:13:12.0024 1364 ============================================================
15:13:12.0024 1364 Current date / time: 2012/07/20 15:13:12.0024
15:13:12.0024 1364 SystemInfo:
15:13:12.0024 1364
15:13:12.0024 1364 OS Version: 6.1.7601 ServicePack: 1.0
15:13:12.0024 1364 Product type: Workstation
15:13:12.0024 1364 ComputerName: User-PC
15:13:12.0024 1364 UserName: User
15:13:12.0024 1364 Windows directory: C:\Windows
15:13:12.0024 1364 System windows directory: C:\Windows
15:13:12.0024 1364 Running under WOW64
15:13:12.0024 1364 Processor architecture: Intel x64
15:13:12.0024 1364 Number of processors: 4
15:13:12.0024 1364 Page size: 0x1000
15:13:12.0024 1364 Boot type: Normal boot
15:13:12.0024 1364 ============================================================
15:13:12.0898 1364 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:13:12.0898 1364 ============================================================
15:13:12.0898 1364 \Device\Harddisk0\DR0:
15:13:12.0898 1364 MBR partitions:
15:13:12.0898 1364 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F40800, BlocksNum 0x32000
15:13:12.0898 1364 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F72800, BlocksNum 0x1C1BE800
15:13:12.0898 1364 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E131000, BlocksNum 0x1C254800
15:13:12.0898 1364 ============================================================
15:13:12.0929 1364 C: <-> \Device\Harddisk0\DR0\Partition1
15:13:12.0960 1364 D: <-> \Device\Harddisk0\DR0\Partition2
15:13:12.0960 1364 ============================================================
15:13:12.0960 1364 Initialize success
15:13:12.0960 1364 ============================================================
15:14:46.0732 6872 ============================================================
15:14:46.0732 6872 Scan started
15:14:46.0732 6872 Mode: Manual; SigCheck; TDLFS;
15:14:46.0732 6872 ============================================================
15:14:47.0824 6872 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:14:47.0949 6872 1394ohci - ok
15:14:47.0995 6872 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:14:48.0027 6872 ACPI - ok
15:14:48.0042 6872 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:14:48.0120 6872 AcpiPmi - ok
15:14:48.0229 6872 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:14:48.0245 6872 AdobeFlashPlayerUpdateSvc - ok
15:14:48.0307 6872 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:14:48.0339 6872 adp94xx - ok
15:14:48.0370 6872 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:14:48.0401 6872 adpahci - ok
15:14:48.0417 6872 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:14:48.0448 6872 adpu320 - ok
15:14:48.0463 6872 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:14:48.0588 6872 AeLookupSvc - ok
15:14:48.0651 6872 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:14:49.0041 6872 AFD - ok
15:14:49.0087 6872 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:14:49.0103 6872 agp440 - ok
15:14:49.0134 6872 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:14:49.0181 6872 ALG - ok
15:14:49.0212 6872 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:14:49.0228 6872 aliide - ok
15:14:49.0243 6872 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:14:49.0259 6872 amdide - ok
15:14:49.0290 6872 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:14:49.0337 6872 AmdK8 - ok
15:14:49.0353 6872 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:14:49.0415 6872 AmdPPM - ok
15:14:49.0462 6872 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:14:49.0477 6872 amdsata - ok
15:14:49.0509 6872 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:14:49.0961 6872 amdsbs - ok
15:14:49.0992 6872 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:14:50.0008 6872 amdxata - ok
15:14:50.0070 6872 AmFSM (71336e77f98a65efaaeb950902611d3f) C:\Windows\system32\DRIVERS\amm6460.sys
15:14:50.0101 6872 AmFSM - ok
15:14:50.0148 6872 APPFLT (b1a935537be5c168c223946572e2edd1) C:\Windows\system32\Drivers\APPFLT64.SYS
15:14:50.0164 6872 APPFLT - ok
15:14:50.0211 6872 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:14:50.0289 6872 AppID - ok
15:14:50.0304 6872 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:14:50.0382 6872 AppIDSvc - ok
15:14:50.0413 6872 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:14:50.0476 6872 Appinfo - ok
15:14:50.0523 6872 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:14:50.0538 6872 arc - ok
15:14:50.0554 6872 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:14:50.0569 6872 arcsas - ok
15:14:50.0585 6872 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:14:50.0647 6872 AsyncMac - ok
15:14:50.0694 6872 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:14:50.0710 6872 atapi - ok
15:14:50.0835 6872 athr (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys
15:14:50.0913 6872 athr - ok
15:14:51.0193 6872 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\drivers\atikmdag.sys
15:14:51.0490 6872 atikmdag - ok
15:14:51.0615 6872 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:14:51.0693 6872 AudioEndpointBuilder - ok
15:14:51.0708 6872 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:14:51.0755 6872 AudioSrv - ok
15:14:51.0802 6872 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:14:51.0864 6872 AxInstSV - ok
15:14:51.0927 6872 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:14:52.0254 6872 b06bdrv - ok
15:14:52.0301 6872 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:14:52.0332 6872 b57nd60a - ok
15:14:52.0379 6872 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:14:52.0410 6872 BDESVC - ok
15:14:52.0426 6872 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:14:52.0488 6872 Beep - ok
15:14:52.0566 6872 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:14:52.0629 6872 BFE - ok
15:14:52.0738 6872 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
15:14:52.0785 6872 BITS - ok
15:14:52.0847 6872 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:14:52.0878 6872 blbdrive - ok
15:14:52.0909 6872 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:14:52.0956 6872 bowser - ok
15:14:52.0987 6872 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:14:53.0019 6872 BrFiltLo - ok
15:14:53.0034 6872 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:14:53.0065 6872 BrFiltUp - ok
15:14:53.0112 6872 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:14:53.0159 6872 BridgeMP - ok
15:14:53.0206 6872 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:14:53.0253 6872 Browser - ok
15:14:53.0268 6872 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:14:53.0331 6872 Brserid - ok
15:14:53.0362 6872 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:14:53.0409 6872 BrSerWdm - ok
15:14:53.0424 6872 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:14:53.0471 6872 BrUsbMdm - ok
15:14:53.0471 6872 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:14:53.0502 6872 BrUsbSer - ok
15:14:53.0518 6872 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:14:53.0549 6872 BTHMODEM - ok
15:14:53.0580 6872 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:14:53.0643 6872 bthserv - ok
15:14:53.0674 6872 catchme - ok
15:14:53.0705 6872 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:14:53.0767 6872 cdfs - ok
15:14:53.0814 6872 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:14:53.0845 6872 cdrom - ok
15:14:53.0892 6872 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:14:53.0955 6872 CertPropSvc - ok
15:14:53.0986 6872 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:14:54.0033 6872 circlass - ok
15:14:54.0079 6872 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:14:54.0111 6872 CLFS - ok
15:14:54.0157 6872 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:14:54.0173 6872 clr_optimization_v2.0.50727_32 - ok
15:14:54.0189 6872 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:14:54.0204 6872 clr_optimization_v2.0.50727_64 - ok
15:14:54.0267 6872 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:14:55.0125 6872 clr_optimization_v4.0.30319_32 - ok
15:14:55.0156 6872 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:14:55.0171 6872 clr_optimization_v4.0.30319_64 - ok
15:14:55.0203 6872 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:14:55.0249 6872 CmBatt - ok
15:14:55.0281 6872 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:14:55.0296 6872 cmdide - ok
15:14:55.0343 6872 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
15:14:55.0374 6872 CNG - ok
15:14:55.0421 6872 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:14:55.0437 6872 Compbatt - ok
15:14:55.0483 6872 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:14:55.0515 6872 CompositeBus - ok
15:14:55.0530 6872 COMSysApp - ok
15:14:55.0546 6872 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:14:55.0561 6872 crcdisk - ok
15:14:55.0608 6872 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
15:14:55.0655 6872 CryptSvc - ok
15:14:55.0717 6872 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:14:55.0780 6872 DcomLaunch - ok
15:14:55.0811 6872 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:14:55.0873 6872 defragsvc - ok
15:14:55.0920 6872 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:14:55.0983 6872 DfsC - ok
15:14:56.0029 6872 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:14:56.0076 6872 Dhcp - ok
15:14:56.0092 6872 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:14:56.0139 6872 discache - ok
15:14:56.0170 6872 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:14:56.0185 6872 Disk - ok
15:14:56.0201 6872 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:14:56.0248 6872 Dnscache - ok
15:14:56.0279 6872 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:14:56.0326 6872 dot3svc - ok
15:14:56.0357 6872 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:14:56.0404 6872 DPS - ok
15:14:56.0435 6872 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:14:56.0466 6872 drmkaud - ok
15:14:56.0513 6872 DSAFLT (64648b677d5005749f2fe412254512b7) C:\Windows\system32\Drivers\DSAFLT64.SYS
15:14:56.0529 6872 DSAFLT - ok
15:14:56.0591 6872 DsiWMIService (9cf46fdf163e06b83d03ff929ef2296c) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
15:14:56.0622 6872 DsiWMIService - ok
15:14:56.0700 6872 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:14:56.0731 6872 DXGKrnl - ok
15:14:56.0763 6872 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:14:56.0809 6872 EapHost - ok
15:14:56.0950 6872 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:14:57.0028 6872 ebdrv - ok
15:14:57.0121 6872 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:14:57.0137 6872 EFS - ok
15:14:57.0215 6872 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:14:57.0262 6872 ehRecvr - ok
15:14:57.0277 6872 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:14:57.0309 6872 ehSched - ok
15:14:57.0387 6872 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:14:57.0402 6872 elxstor - ok
15:14:57.0511 6872 ePowerSvc (3ea2c4f68a782839d97b3c83595575b6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
15:14:57.0823 6872 ePowerSvc - ok
15:14:57.0917 6872 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:14:57.0948 6872 ErrDev - ok
15:14:57.0995 6872 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:14:58.0042 6872 EventSystem - ok
15:14:58.0073 6872 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:14:58.0120 6872 exfat - ok
15:14:58.0135 6872 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:14:58.0198 6872 fastfat - ok
15:14:58.0276 6872 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:14:58.0338 6872 Fax - ok
15:14:58.0369 6872 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:14:58.0416 6872 fdc - ok
15:14:58.0432 6872 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:14:58.0479 6872 fdPHost - ok
15:14:58.0494 6872 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:14:58.0557 6872 FDResPub - ok
15:14:58.0572 6872 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:14:58.0588 6872 FileInfo - ok
15:14:58.0588 6872 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:14:58.0650 6872 Filetrace - ok
15:14:58.0744 6872 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:14:58.0775 6872 FLEXnet Licensing Service - ok
15:14:58.0791 6872 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:14:58.0837 6872 flpydisk - ok
15:14:58.0884 6872 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:14:58.0915 6872 FltMgr - ok
15:14:58.0947 6872 FNETMON (50c6c310a98108a94e985fd46b4e150c) C:\Windows\system32\Drivers\fnetm64.SYS
15:14:58.0962 6872 FNETMON - ok
15:14:59.0025 6872 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:14:59.0071 6872 FontCache - ok
15:14:59.0134 6872 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:14:59.0149 6872 FontCache3.0.0.0 - ok
15:14:59.0165 6872 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:14:59.0196 6872 FsDepends - ok
15:14:59.0227 6872 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:14:59.0243 6872 Fs_Rec - ok
15:14:59.0290 6872 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:14:59.0321 6872 fvevol - ok
15:14:59.0337 6872 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:14:59.0352 6872 gagp30kx - ok
15:14:59.0415 6872 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:14:59.0477 6872 gpsvc - ok
15:14:59.0508 6872 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
15:14:59.0524 6872 GREGService - ok
15:14:59.0555 6872 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:14:59.0602 6872 hcw85cir - ok
15:14:59.0664 6872 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:14:59.0695 6872 HdAudAddService - ok
15:14:59.0711 6872 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:14:59.0758 6872 HDAudBus - ok
15:14:59.0789 6872 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
15:14:59.0805 6872 HECIx64 - ok
15:14:59.0836 6872 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:14:59.0851 6872 HidBatt - ok
15:14:59.0867 6872 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:14:59.0898 6872 HidBth - ok
15:14:59.0914 6872 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:14:59.0945 6872 HidIr - ok
15:14:59.0976 6872 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:15:00.0039 6872 hidserv - ok
15:15:00.0101 6872 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
15:15:00.0132 6872 HidUsb - ok
15:15:00.0163 6872 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:15:00.0226 6872 hkmsvc - ok
15:15:00.0273 6872 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:15:00.0335 6872 HomeGroupListener - ok
15:15:00.0382 6872 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:15:00.0413 6872 HomeGroupProvider - ok
15:15:00.0444 6872 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:15:00.0460 6872 HpSAMD - ok
15:15:00.0522 6872 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:15:00.0865 6872 HTTP - ok
15:15:00.0897 6872 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:15:00.0912 6872 hwpolicy - ok
15:15:00.0975 6872 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:15:00.0990 6872 i8042prt - ok
15:15:01.0021 6872 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
15:15:01.0037 6872 iaStor - ok
15:15:01.0162 6872 IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:15:01.0177 6872 IAStorDataMgrSvc - ok
15:15:01.0224 6872 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:15:01.0521 6872 iaStorV - ok
15:15:01.0583 6872 ICQ Service (7a95a3ad931b97fec5067e40636ce37f) C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
15:15:01.0614 6872 ICQ Service - ok
15:15:01.0661 6872 IDSFLT (e3fc339dac4ddf4a12188313dc4da94f) C:\Windows\system32\Drivers\IDSFLT64.SYS
15:15:01.0911 6872 IDSFLT - ok
15:15:02.0004 6872 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:15:02.0035 6872 idsvc - ok
15:15:02.0051 6872 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:15:02.0332 6872 iirsp - ok
15:15:02.0410 6872 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:15:02.0472 6872 IKEEXT - ok
15:15:02.0503 6872 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
15:15:02.0535 6872 Impcd - ok
15:15:02.0659 6872 IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
15:15:02.0737 6872 IntcAzAudAddService - ok
15:15:02.0862 6872 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:15:02.0878 6872 intelide - ok
15:15:02.0909 6872 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:15:02.0925 6872 intelppm - ok
15:15:02.0956 6872 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:15:03.0003 6872 IPBusEnum - ok
15:15:03.0034 6872 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:15:03.0408 6872 IpFilterDriver - ok
15:15:03.0471 6872 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:15:03.0533 6872 iphlpsvc - ok
15:15:03.0564 6872 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:15:03.0611 6872 IPMIDRV - ok
15:15:03.0642 6872 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:15:03.0970 6872 IPNAT - ok
15:15:04.0001 6872 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:15:04.0079 6872 IRENUM - ok
15:15:04.0110 6872 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:15:04.0126 6872 isapnp - ok
15:15:04.0141 6872 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:15:04.0173 6872 iScsiPrt - ok
15:15:04.0235 6872 k57nd60a (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys
15:15:04.0251 6872 k57nd60a - ok
15:15:04.0266 6872 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:15:04.0282 6872 kbdclass - ok
15:15:04.0329 6872 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:15:04.0344 6872 kbdhid - ok
15:15:04.0375 6872 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:15:04.0391 6872 KeyIso - ok
15:15:04.0422 6872 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
15:15:04.0438 6872 KSecDD - ok
15:15:04.0469 6872 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
15:15:04.0485 6872 KSecPkg - ok
15:15:04.0516 6872 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:15:04.0563 6872 ksthunk - ok
15:15:04.0594 6872 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:15:04.0656 6872 KtmRm - ok
15:15:04.0719 6872 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:15:04.0765 6872 LanmanServer - ok
15:15:04.0797 6872 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:15:04.0859 6872 LanmanWorkstation - ok
15:15:04.0890 6872 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:15:04.0937 6872 lltdio - ok
15:15:04.0953 6872 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:15:05.0015 6872 lltdsvc - ok
15:15:05.0031 6872 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:15:05.0077 6872 lmhosts - ok
15:15:05.0171 6872 LMS (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:15:05.0187 6872 LMS - ok
15:15:05.0233 6872 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:15:05.0249 6872 LSI_FC - ok
15:15:05.0265 6872 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:15:05.0280 6872 LSI_SAS - ok
15:15:05.0280 6872 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:15:05.0311 6872 LSI_SAS2 - ok
15:15:05.0327 6872 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:15:05.0343 6872 LSI_SCSI - ok
15:15:05.0374 6872 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:15:05.0436 6872 luafv - ok
15:15:05.0499 6872 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
15:15:05.0514 6872 MBAMProtector - ok
15:15:05.0577 6872 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:15:05.0608 6872 MBAMService - ok
15:15:05.0639 6872 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:15:05.0670 6872 Mcx2Svc - ok
15:15:05.0686 6872 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:15:05.0701 6872 megasas - ok
15:15:05.0733 6872 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:15:05.0998 6872 MegaSR - ok
15:15:06.0045 6872 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:15:06.0107 6872 MMCSS - ok
15:15:06.0138 6872 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:15:06.0185 6872 Modem - ok
15:15:06.0216 6872 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:15:06.0247 6872 monitor - ok
15:15:06.0294 6872 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:15:06.0325 6872 mouclass - ok
15:15:06.0341 6872 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:15:06.0372 6872 mouhid - ok
15:15:06.0419 6872 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:15:06.0435 6872 mountmgr - ok
15:15:06.0466 6872 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:15:06.0481 6872 mpio - ok
15:15:06.0497 6872 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:15:06.0544 6872 mpsdrv - ok
15:15:06.0606 6872 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:15:06.0684 6872 MpsSvc - ok
15:15:06.0731 6872 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:15:06.0762 6872 MRxDAV - ok
15:15:06.0778 6872 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:15:06.0840 6872 mrxsmb - ok
15:15:06.0887 6872 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:15:06.0918 6872 mrxsmb10 - ok
15:15:06.0949 6872 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:15:06.0981 6872 mrxsmb20 - ok
15:15:07.0027 6872 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:15:07.0043 6872 msahci - ok
15:15:07.0074 6872 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:15:07.0090 6872 msdsm - ok
15:15:07.0121 6872 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:15:07.0152 6872 MSDTC - ok
15:15:07.0199 6872 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:15:07.0230 6872 Msfs - ok
15:15:07.0246 6872 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:15:07.0293 6872 mshidkmdf - ok
15:15:07.0324 6872 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:15:07.0339 6872 msisadrv - ok
15:15:07.0386 6872 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:15:07.0449 6872 MSiSCSI - ok
15:15:07.0464 6872 msiserver - ok
15:15:07.0495 6872 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:15:07.0542 6872 MSKSSRV - ok
15:15:07.0558 6872 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:15:07.0620 6872 MSPCLOCK - ok
15:15:07.0636 6872 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:15:07.0698 6872 MSPQM - ok
15:15:07.0745 6872 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:15:07.0776 6872 MsRPC - ok
15:15:07.0807 6872 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:15:07.0807 6872 mssmbios - ok
15:15:07.0839 6872 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:15:07.0885 6872 MSTEE - ok
15:15:07.0885 6872 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:15:07.0917 6872 MTConfig - ok
15:15:07.0948 6872 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:15:07.0963 6872 Mup - ok
15:15:07.0979 6872 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
15:15:07.0995 6872 mwlPSDFilter - ok
15:15:08.0010 6872 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
15:15:08.0026 6872 mwlPSDNServ - ok
15:15:08.0041 6872 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
15:15:08.0057 6872 mwlPSDVDisk - ok
15:15:08.0119 6872 MWLService (3e5e20817259f7328c8f3be5421f35b9) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
15:15:08.0151 6872 MWLService - ok
15:15:08.0197 6872 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:15:08.0244 6872 napagent - ok
15:15:08.0291 6872 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:15:08.0322 6872 NativeWifiP - ok
15:15:08.0400 6872 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:15:08.0431 6872 NDIS - ok
15:15:08.0463 6872 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:15:08.0509 6872 NdisCap - ok
15:15:08.0541 6872 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:15:08.0587 6872 NdisTapi - ok
15:15:08.0619 6872 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:15:08.0681 6872 Ndisuio - ok
15:15:08.0712 6872 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:15:08.0775 6872 NdisWan - ok
15:15:08.0806 6872 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:15:08.0853 6872 NDProxy - ok
15:15:08.0899 6872 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:15:08.0962 6872 NetBIOS - ok
15:15:09.0009 6872 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:15:09.0071 6872 NetBT - ok
15:15:09.0102 6872 NETFLTDI (ba99a34a9b5eb737ce54bc0a7c596609) C:\Windows\system32\Drivers\NETTDI64.SYS
15:15:09.0367 6872 NETFLTDI - ok
15:15:09.0414 6872 NETIMFLT01060044 (fd0bfed656d9b26c22e439cc0ef5c771) C:\Windows\system32\DRIVERS\n64i1644.sys
15:15:09.0430 6872 NETIMFLT01060044 - ok
15:15:09.0461 6872 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:15:09.0477 6872 Netlogon - ok
15:15:09.0523 6872 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:15:09.0570 6872 Netman - ok
15:15:09.0601 6872 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:15:09.0664 6872 netprofm - ok
15:15:09.0726 6872 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:15:09.0742 6872 NetTcpPortSharing - ok
15:15:09.0945 6872 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
15:15:10.0506 6872 netw5v64 - ok
15:15:10.0647 6872 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:15:10.0662 6872 nfrd960 - ok
15:15:10.0725 6872 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:15:10.0771 6872 NlaSvc - ok
15:15:10.0771 6872 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:15:10.0818 6872 Npfs - ok
15:15:10.0834 6872 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:15:10.0896 6872 nsi - ok
15:15:10.0912 6872 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:15:10.0959 6872 nsiproxy - ok
15:15:11.0037 6872 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:15:11.0364 6872 Ntfs - ok
15:15:11.0427 6872 NTI IScheduleSvc (9a308fcdcca98a15b6f62d36a272160e) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
15:15:11.0692 6872 NTI IScheduleSvc - ok
15:15:11.0801 6872 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
15:15:11.0817 6872 NTIDrvr - ok
15:15:11.0832 6872 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:15:11.0863 6872 Null - ok
15:15:11.0926 6872 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
15:15:11.0941 6872 NVHDA - ok
15:15:12.0441 6872 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:15:13.0330 6872 nvlddmkm - ok
15:15:13.0455 6872 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:15:13.0470 6872 nvraid - ok
15:15:13.0486 6872 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:15:13.0517 6872 nvstor - ok
15:15:13.0595 6872 nvsvc (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe
15:15:13.0626 6872 nvsvc - ok
15:15:13.0642 6872 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:15:13.0673 6872 nv_agp - ok
15:15:13.0689 6872 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:15:13.0735 6872 ohci1394 - ok
15:15:13.0767 6872 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:15:13.0813 6872 p2pimsvc - ok
15:15:13.0829 6872 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:15:13.0845 6872 p2psvc - ok
15:15:13.0954 6872 Panda Software Controller (78b7642b0c51f24f0835c0226540d58b) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe
15:15:13.0969 6872 Panda Software Controller - ok
15:15:14.0001 6872 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:15:14.0016 6872 Parport - ok
15:15:14.0063 6872 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:15:14.0079 6872 partmgr - ok
15:15:14.0141 6872 pavboot (337a81b3ff34f9851d245d42a725fc22) C:\Windows\system32\Drivers\pavboot64.sys
15:15:14.0157 6872 pavboot - ok
15:15:14.0188 6872 PAVFNSVR (ae848c1613c8738bb83adab4f0845e84) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe
15:15:14.0203 6872 PAVFNSVR - ok
15:15:14.0281 6872 PavPrSrv (2ae3f6b23448443bbef5de207159213b) C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
15:15:14.0297 6872 PavPrSrv - ok
15:15:14.0344 6872 PAVSRV (97005413310966001fb6f4a5c503149c) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe
15:15:14.0609 6872 PAVSRV - ok
15:15:14.0625 6872 PavTPK.sys - ok
15:15:14.0656 6872 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:15:14.0687 6872 PcaSvc - ok
15:15:14.0734 6872 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:15:14.0750 6872 pci - ok
15:15:14.0765 6872 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:15:14.0781 6872 pciide - ok
15:15:14.0812 6872 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:15:14.0843 6872 pcmcia - ok
15:15:14.0859 6872 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:15:14.0874 6872 pcw - ok
15:15:14.0906 6872 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:15:14.0968 6872 PEAUTH - ok
15:15:15.0030 6872 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:15:15.0062 6872 PerfHost - ok
15:15:15.0140 6872 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:15:15.0233 6872 pla - ok
15:15:15.0311 6872 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:15:15.0342 6872 PlugPlay - ok
15:15:15.0374 6872 PnkBstrA - ok
15:15:15.0405 6872 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:15:15.0436 6872 PNRPAutoReg - ok
15:15:15.0467 6872 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:15:15.0483 6872 PNRPsvc - ok
15:15:15.0530 6872 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:15:15.0592 6872 PolicyAgent - ok
15:15:15.0623 6872 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:15:15.0670 6872 Power - ok
15:15:15.0748 6872 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:15:15.0795 6872 PptpMiniport - ok
15:15:15.0826 6872 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:15:15.0857 6872 Processor - ok
15:15:15.0904 6872 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
15:15:15.0920 6872 ProfSvc - ok
15:15:15.0935 6872 Prot6Flt - ok
15:15:15.0966 6872 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:15:15.0982 6872 ProtectedStorage - ok
15:15:16.0029 6872 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:15:16.0091 6872 Psched - ok
15:15:16.0247 6872 PSHost (532053e8e3bb8fa7166ab4e7685fddcc) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Firewall\PSHOST.EXE
15:15:16.0263 6872 PSHost - ok
15:15:16.0325 6872 PSIMSVC (196c450f2779d0b462c444da4906ea7f) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe
15:15:16.0590 6872 PSIMSVC - ok
15:15:16.0637 6872 PskSvcRetail (341457b79b3fc31a80c346c767045879) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe
15:15:16.0653 6872 PskSvcRetail - ok
15:15:16.0731 6872 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:15:17.0121 6872 ql2300 - ok
15:15:17.0230 6872 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:15:17.0511 6872 ql40xx - ok
15:15:17.0542 6872 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:15:17.0589 6872 QWAVE - ok
15:15:17.0604 6872 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:15:17.0651 6872 QWAVEdrv - ok
15:15:17.0667 6872 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:15:17.0729 6872 RasAcd - ok
15:15:17.0760 6872 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:15:17.0807 6872 RasAgileVpn - ok
15:15:17.0838 6872 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:15:17.0885 6872 RasAuto - ok
15:15:17.0916 6872 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:15:17.0979 6872 Rasl2tp - ok
15:15:18.0010 6872 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:15:18.0072 6872 RasMan - ok
15:15:18.0104 6872 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:15:18.0182 6872 RasPppoe - ok
15:15:18.0197 6872 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:15:18.0244 6872 RasSstp - ok
15:15:18.0306 6872 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:15:18.0353 6872 rdbss - ok
15:15:18.0369 6872 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:15:18.0400 6872 rdpbus - ok
15:15:18.0416 6872 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:15:18.0462 6872 RDPCDD - ok
15:15:18.0494 6872 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:15:18.0540 6872 RDPENCDD - ok
15:15:18.0556 6872 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:15:18.0603 6872 RDPREFMP - ok
15:15:18.0634 6872 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
15:15:18.0665 6872 RDPWD - ok
15:15:18.0712 6872 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:15:18.0728 6872 rdyboost - ok
15:15:18.0759 6872 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:15:18.0806 6872 RemoteAccess - ok
15:15:18.0837 6872 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:15:18.0899 6872 RemoteRegistry - ok
15:15:18.0915 6872 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:15:18.0977 6872 RpcEptMapper - ok
15:15:19.0008 6872 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:15:19.0024 6872 RpcLocator - ok
15:15:19.0071 6872 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:15:19.0133 6872 RpcSs - ok
15:15:19.0149 6872 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:15:19.0227 6872 rspndr - ok
15:15:19.0274 6872 RSUSBSTOR (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\system32\Drivers\RtsUStor.sys
15:15:19.0289 6872 RSUSBSTOR - ok
15:15:19.0336 6872 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:15:19.0352 6872 SamSs - ok
15:15:19.0383 6872 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:15:19.0398 6872 sbp2port - ok
15:15:19.0430 6872 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:15:19.0492 6872 SCardSvr - ok
15:15:19.0539 6872 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:15:19.0586 6872 scfilter - ok
15:15:19.0679 6872 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:15:19.0742 6872 Schedule - ok
15:15:19.0773 6872 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:15:19.0820 6872 SCPolicySvc - ok
15:15:19.0866 6872 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
15:15:19.0898 6872 sdbus - ok
15:15:19.0944 6872 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:15:19.0960 6872 SDRSVC - ok
15:15:19.0976 6872 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:15:20.0038 6872 secdrv - ok
15:15:20.0085 6872 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:15:20.0147 6872 seclogon - ok
15:15:20.0178 6872 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:15:20.0225 6872 SENS - ok
15:15:20.0256 6872 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:15:20.0303 6872 SensrSvc - ok
15:15:20.0319 6872 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:15:20.0334 6872 Serenum - ok
15:15:20.0350 6872 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:15:20.0412 6872 Serial - ok
15:15:20.0444 6872 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:15:20.0475 6872 sermouse - ok
15:15:20.0522 6872 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:15:20.0568 6872 SessionEnv - ok
15:15:20.0600 6872 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:15:20.0646 6872 sffdisk - ok
15:15:20.0646 6872 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:15:20.0678 6872 sffp_mmc - ok
15:15:20.0693 6872 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:15:20.0724 6872 sffp_sd - ok
15:15:20.0740 6872 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:15:20.0787 6872 sfloppy - ok
15:15:20.0818 6872 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:15:20.0896 6872 SharedAccess - ok
15:15:20.0927 6872 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:15:20.0974 6872 ShellHWDetection - ok
15:15:21.0021 6872 ShldFlt (03639a3b26aa808bae79d89fdb4b151c) C:\Windows\system32\DRIVERS\ShldFlt.sys
15:15:21.0021 6872 ShldFlt - ok
15:15:21.0052 6872 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:15:21.0068 6872 SiSRaid2 - ok
15:15:21.0083 6872 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:15:21.0099 6872 SiSRaid4 - ok
15:15:21.0161 6872 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files (x86)\Skype\Updater\Updater.exe
15:15:24.0905 6872 SkypeUpdate - ok
15:15:24.0952 6872 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:15:24.0999 6872 Smb - ok
15:15:25.0030 6872 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:15:25.0061 6872 SNMPTRAP - ok
15:15:25.0092 6872 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:15:25.0108 6872 spldr - ok
15:15:25.0155 6872 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:15:25.0202 6872 Spooler - ok
15:15:25.0373 6872 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:15:25.0451 6872 sppsvc - ok
15:15:25.0529 6872 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:15:25.0576 6872 sppuinotify - ok
15:15:25.0638 6872 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:15:25.0966 6872 srv - ok
15:15:25.0997 6872 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:15:26.0044 6872 srv2 - ok
15:15:26.0060 6872 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:15:26.0091 6872 srvnet - ok
15:15:26.0122 6872 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:15:26.0184 6872 SSDPSRV - ok
15:15:26.0184 6872 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:15:26.0231 6872 SstpSvc - ok
15:15:26.0247 6872 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:15:26.0262 6872 stexstor - ok
15:15:26.0325 6872 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:15:26.0372 6872 stisvc - ok
15:15:26.0403 6872 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:15:26.0418 6872 swenum - ok
15:15:26.0450 6872 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:15:26.0512 6872 swprv - ok
15:15:26.0574 6872 SynTP (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys
15:15:26.0590 6872 SynTP - ok
15:15:26.0684 6872 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:15:26.0730 6872 SysMain - ok
15:15:26.0824 6872 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:15:26.0855 6872 TabletInputService - ok
15:15:26.0886 6872 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:15:26.0949 6872 TapiSrv - ok
15:15:26.0964 6872 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:15:27.0011 6872 TBS - ok
15:15:27.0136 6872 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:15:27.0464 6872 Tcpip - ok
15:15:27.0666 6872 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:15:27.0698 6872 TCPIP6 - ok
15:15:27.0807 6872 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:15:27.0869 6872 tcpipreg - ok
15:15:27.0916 6872 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:15:27.0947 6872 TDPIPE - ok
15:15:27.0978 6872 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:15:27.0994 6872 TDTCP - ok
15:15:28.0056 6872 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:15:28.0103 6872 tdx - ok
15:15:28.0134 6872 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:15:28.0150 6872 TermDD - ok
15:15:28.0197 6872 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:15:28.0275 6872 TermService - ok
15:15:28.0306 6872 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:15:28.0337 6872 Themes - ok
15:15:28.0368 6872 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:15:28.0415 6872 THREADORDER - ok
15:15:28.0509 6872 TPSrv (b88c4d29cee2bf7465fa4bf426a24e4e) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\TPSrvWow.exe
15:15:28.0524 6872 TPSrv - ok
15:15:28.0556 6872 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:15:28.0634 6872 TrkWks - ok
15:15:28.0680 6872 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:15:28.0727 6872 TrustedInstaller - ok
15:15:28.0790 6872 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:15:28.0868 6872 tssecsrv - ok
15:15:28.0914 6872 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:15:28.0961 6872 TsUsbFlt - ok
15:15:29.0008 6872 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:15:29.0304 6872 tunnel - ok
15:15:29.0336 6872 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
15:15:29.0351 6872 TurboB - ok
15:15:29.0398 6872 TurboBoost (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
15:15:29.0414 6872 TurboBoost - ok
15:15:29.0445 6872 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:15:29.0460 6872 uagp35 - ok
15:15:29.0460 6872 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
15:15:29.0476 6872 UBHelper - ok
15:15:29.0507 6872 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:15:29.0570 6872 udfs - ok
15:15:29.0616 6872 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:15:29.0632 6872 UI0Detect - ok
15:15:29.0663 6872 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:15:29.0679 6872 uliagpkx - ok
15:15:29.0710 6872 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:15:29.0741 6872 umbus - ok
15:15:29.0772 6872 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:15:29.0804 6872 UmPass - ok
15:15:29.0960 6872 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:15:30.0474 6872 UNS - ok
15:15:30.0552 6872 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
15:15:30.0864 6872 Updater Service - ok
15:15:30.0958 6872 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:15:31.0020 6872 upnphost - ok
15:15:31.0083 6872 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:15:31.0130 6872 usbccgp - ok
15:15:31.0192 6872 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:15:31.0223 6872 usbcir - ok
15:15:31.0239 6872 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:15:31.0254 6872 usbehci - ok
15:15:31.0286 6872 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:15:31.0317 6872 usbhub - ok
15:15:31.0332 6872 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:15:31.0348 6872 usbohci - ok
15:15:31.0379 6872 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:15:31.0395 6872 usbprint - ok
15:15:31.0442 6872 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
15:15:31.0488 6872 USBSTOR - ok
15:15:31.0504 6872 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:15:31.0535 6872 usbuhci - ok
15:15:31.0551 6872 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:15:31.0598 6872 usbvideo - ok
15:15:31.0629 6872 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:15:31.0691 6872 UxSms - ok
15:15:31.0722 6872 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:15:31.0738 6872 VaultSvc - ok
15:15:31.0769 6872 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:15:31.0785 6872 vdrvroot - ok
15:15:31.0847 6872 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:15:31.0910 6872 vds - ok
15:15:31.0925 6872 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:15:31.0956 6872 vga - ok
15:15:31.0956 6872 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:15:32.0019 6872 VgaSave - ok
15:15:32.0050 6872 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:15:32.0081 6872 vhdmp - ok
15:15:32.0097 6872 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:15:32.0112 6872 viaide - ok
15:15:32.0128 6872 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:15:32.0144 6872 volmgr - ok
15:15:32.0190 6872 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:15:32.0222 6872 volmgrx - ok
15:15:32.0237 6872 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:15:32.0253 6872 volsnap - ok
15:15:32.0284 6872 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:15:32.0315 6872 vsmraid - ok
15:15:32.0393 6872 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:15:32.0471 6872 VSS - ok
15:15:32.0580 6872 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:15:32.0612 6872 vwifibus - ok
15:15:32.0627 6872 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:15:32.0658 6872 vwififlt - ok
15:15:32.0674 6872 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:15:32.0721 6872 W32Time - ok
15:15:32.0736 6872 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:15:32.0752 6872 WacomPen - ok
15:15:32.0814 6872 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:15:32.0861 6872 WANARP - ok
15:15:32.0861 6872 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:15:32.0908 6872 Wanarpv6 - ok
15:15:33.0002 6872 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:15:33.0064 6872 WatAdminSvc - ok
15:15:33.0158 6872 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:15:33.0220 6872 wbengine - ok
15:15:33.0314 6872 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:15:33.0345 6872 WbioSrvc - ok
15:15:33.0376 6872 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:15:33.0407 6872 wcncsvc - ok
15:15:33.0423 6872 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:15:33.0470 6872 WcsPlugInService - ok
15:15:33.0516 6872 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:15:33.0532 6872 Wd - ok
15:15:33.0579 6872 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:15:33.0610 6872 Wdf01000 - ok
15:15:33.0626 6872 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:15:33.0704 6872 WdiServiceHost - ok
15:15:33.0719 6872 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:15:33.0735 6872 WdiSystemHost - ok
15:15:33.0782 6872 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:15:33.0828 6872 WebClient - ok
15:15:33.0860 6872 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:15:33.0922 6872 Wecsvc - ok
15:15:33.0953 6872 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:15:34.0000 6872 wercplsupport - ok
15:15:34.0016 6872 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:15:34.0078 6872 WerSvc - ok
15:15:34.0140 6872 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:15:34.0187 6872 WfpLwf - ok
15:15:34.0203 6872 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:15:34.0218 6872 WIMMount - ok
15:15:34.0250 6872 WinDefend - ok
15:15:34.0265 6872 WinHttpAutoProxySvc - ok
15:15:34.0328 6872 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:15:34.0374 6872 Winmgmt - ok
15:15:34.0499 6872 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:15:34.0593 6872 WinRM - ok
15:15:34.0733 6872 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:15:34.0780 6872 Wlansvc - ok
15:15:34.0936 6872 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:15:34.0983 6872 wlidsvc - ok
15:15:35.0123 6872 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:15:35.0139 6872 WmiAcpi - ok
15:15:35.0201 6872 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:15:35.0217 6872 wmiApSrv - ok
15:15:35.0264 6872 WMPNetworkSvc - ok
15:15:35.0279 6872 WNMFLT (c1b61612fccc6e750ad0a6e19c77ee85) C:\Windows\system32\Drivers\WNMFLT64.SYS
15:15:35.0295 6872 WNMFLT - ok
15:15:35.0310 6872 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:15:35.0342 6872 WPCSvc - ok
15:15:35.0373 6872 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:15:35.0404 6872 WPDBusEnum - ok
15:15:35.0435 6872 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:15:35.0482 6872 ws2ifsl - ok
15:15:35.0498 6872 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:15:35.0529 6872 wscsvc - ok
15:15:35.0544 6872 WSearch - ok
15:15:35.0669 6872 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:15:35.0732 6872 wuauserv - ok
15:15:35.0841 6872 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:15:35.0872 6872 WudfPf - ok
15:15:35.0919 6872 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:15:35.0981 6872 WUDFRd - ok
15:15:36.0012 6872 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:15:36.0059 6872 wudfsvc - ok
15:15:36.0090 6872 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:15:36.0122 6872 WwanSvc - ok
15:15:36.0184 6872 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
15:15:36.0231 6872 xnacc - ok
15:15:36.0278 6872 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
15:15:36.0293 6872 xusb21 - ok
15:15:36.0324 6872 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:15:36.0543 6872 \Device\Harddisk0\DR0 - ok
15:15:36.0543 6872 Boot (0x1200) (5d555203780dcde1ac94048688b1b82d) \Device\Harddisk0\DR0\Partition0
15:15:36.0543 6872 \Device\Harddisk0\DR0\Partition0 - ok
15:15:36.0590 6872 Boot (0x1200) (c2e1b76a56cf81fdc2b55c8c35616a4c) \Device\Harddisk0\DR0\Partition1
15:15:36.0590 6872 \Device\Harddisk0\DR0\Partition1 - ok
15:15:36.0605 6872 Boot (0x1200) (dd068a3408e510c8a1db6a1a8b61b063) \Device\Harddisk0\DR0\Partition2
15:15:36.0605 6872 \Device\Harddisk0\DR0\Partition2 - ok
15:15:36.0605 6872 ============================================================
15:15:36.0605 6872 Scan finished
15:15:36.0605 6872 ============================================================
15:15:36.0621 3108 Detected object count: 0
15:15:36.0621 3108 Actual detected object count: 0

Alt 25.07.2012, 21:31   #8
markusg
/// Malware-holic
 
Gvu Trojaner mit webcam - Standard

Gvu Trojaner mit webcam



hi ok
lade den CCleaner standard:
CCleaner Download - CCleaner 3.20.1750
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 31.07.2012, 11:52   #9
Chrisooo
 
Gvu Trojaner mit webcam - Standard

Gvu Trojaner mit webcam



Acer Backup Manager NewTech Infosystems 14.10.2010 27,5MB 2.0.0.68 notwendig
Acer Crystal Eye Webcam Suyin Optronics Corp 22.12.2010 5.3.30.1 notwendig
Acer ePower Management Acer Incorporated 22.12.2010 5.00.3005 notwendig
Acer eRecovery Management Acer Incorporated 14.10.2010 4.05.3013 notwendig
Acer GameZone Console Oberon Media, Inc. 14.10.2010 31,0MB 6.1.0.9 notwendig
Acer Registration Acer Incorporated 22.12.2010 1.03.3003 notwendig
Acer ScreenSaver Acer Incorporated 22.12.2010 1.1.0707.2010 notwendig
Acer Updater Acer Incorporated 14.10.2010 1.02.3001 notwendig
Acrobat.com Adobe Systems Incorporated 14.10.2010 1,60MB 1.6.65 notwendig
Adobe AIR Adobe Systems Inc. 14.10.2010 1.5.0.7220 notwendig
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 31.07.2012 6,00MB 11.3.300.268 notwendig
Adobe Reader 9.1 MUI Adobe Systems Incorporated 14.10.2010 650MB 9.1.0 notwendig
Broadcom Gigabit NetLink Controller Broadcom Corporation 22.12.2010 448KB 14.0.2.3 notwendig
CCleaner Piriform 24.07.2012 3.21
CyberLink PowerDVD 9 CyberLink Corp. 22.12.2010 114MB 9.0.3216.50 notwendig
Die Sims 2 06.07.2011 unnötig
eBay Worldwide OEM 22.12.2010 100KB 2.1.0901 unnötig
eSobi v2 esobi Inc. 14.10.2010 20,4MB 2.0.4.000274 notwendig
F1 2011 Codemasters 02.10.2011 1.0.0000.129 notwendig
Farm Frenzy 2 Oberon Media 22.12.2010 unnötig
FIFA 09 Electronic Arts 10.03.2011 5,50GB 1.0.1.1 notwendig
FIFA 12 Electronic Arts 13.05.2012 1.0.0.0 notwendig
FUSSBALL MANAGER 12 Electronic Arts 26.11.2011 6,56GB 1.0.0.0 notwendig
Galapago Oberon Media 22.12.2010 unnötig
Heroes of Hellas Oberon Media 22.12.2010 unnötig
ICQ7.5 ICQ 05.08.2011 7.5 notwendig
Identity Card Acer Incorporated 22.12.2010 1.00.3003
Intel(R) Management Engine Components Intel Corporation 23.12.2010 6.0.0.1179 notwendig
Intel(R) Rapid Storage Technology Intel Corporation 22.12.2010 9.6.2.1001 notwendig
Intel(R) Turbo Boost Technology Driver Intel Corporation 23.12.2010 01.02.00.1002 notwendig
Java(TM) 6 Update 33 Oracle 20.07.2012 95,6MB 6.0.330 notwendig
Launch Manager Acer Inc. 22.12.2010 4.0.14 notwendig
Malwarebytes Anti-Malware Version 1.62.0.1300 Malwarebytes Corporation 15.07.2012 18,7MB 1.62.0.1300
Medal of Honor Allied Assault 14.01.2012 notwendig
Merriam Websters Spell Jam Oberon Media 22.12.2010 unbekannt
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 09.01.2011 38,8MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 09.01.2011 2,93MB 4.0.30319
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 23.09.2011 31,3MB 3.5.88.0
Microsoft Games for Windows Marketplace Microsoft Corporation 23.09.2011 6,03MB 3.5.50.0
Microsoft Office 2010 Microsoft Corporation 22.12.2010 6,31MB 14.0.4763.1000
Microsoft Silverlight Microsoft Corporation 10.05.2012 100MB 4.1.10329.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 22.12.2010 1,72MB 3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 24.01.2012 252KB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 24.09.2011 300KB 8.0.56336
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 17.08.2011 1,41MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 14.10.2010 596KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 24.09.2011 600KB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 14.05.2012 13,8MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 14.05.2012 15,0MB 10.0.40219
Microsoft Programme alle notwendig

MyWinLocker Suite Egis Technology Inc. 14.10.2010 2,20MB 3.1.212.0 unbekannt
NTI Media Maker 9 NTI Corporation 22.12.2010 1,60GB 9.0.2.8939 unbekannt
NVIDIA Grafiktreiber 295.73 NVIDIA Corporation 07.03.2012 295.73 notwendig
NVIDIA HD-Audiotreiber 1.3.12.0 NVIDIA Corporation 07.03.2012 1.3.12.0 notwendig
NVIDIA PhysX-Systemsoftware 9.12.0209 NVIDIA Corporation 07.03.2012 9.12.0209 notwendig
OpenAL 23.09.2011 unbekannt
Origin Electronic Arts, Inc. 13.05.2012 8.5.2.23 notwendig
Panda Antivirus Pro 2012 Panda Security 15.07.2012 11.00.00 notwendig
Panda Secure Vault 5 AceBIT GmbH 15.07.2012 1,86MB notwendig
Poker Pop Oberon Media 22.12.2010 unnötig
PunkBuster Services Even Balance, Inc. 08.01.2011 0.986 notwendig
Rapture3D 2.4.9 Game Blue Ripple Sound 02.10.2011 unbekannt
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 22.12.2010 6.0.1.6141 notwendig
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 22.12.2010 6.1.7600.30122 notwendig
Rome - Total War - Gold Edition The Creative Assembly 28.01.2012 1.6 unnötig
SimCity 4 Deluxe 12.05.2012 unnötig
Skype™ 5.9 Skype Technologies S.A. 05.05.2012 19,3MB 5.9.114 notwendig
Spin & Win Oberon Media 22.12.2010 unnötig
Synaptics Pointing Device Driver Synaptics Incorporated 22.12.2010 14.0.19.0 notwendig
Welcome Center Acer Incorporated 22.12.2010 1.02.3004 notwendig
Windows Live Essentials Microsoft Corporation 22.12.2010 14.0.8117.0416 notwendig
Windows Live ID Sign-in Assistant Microsoft Corporation 23.09.2011 10,0MB 6.500.3165.0 notwendig
Windows Live Sync Microsoft Corporation 22.12.2010 2,79MB 14.0.8117.416 notwendig
Windows Live-Uploadtool Microsoft Corporation 22.12.2010 224KB 14.0.8014.1029 notwendig
Überwachungstool für die Intel® Turbo-Boost-Technik Intel 22.12.2010 1,13MB 1.0.186.6 notwendig

Alt 01.08.2012, 21:43   #10
markusg
/// Malware-holic
 
Gvu Trojaner mit webcam - Standard

Gvu Trojaner mit webcam



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Die Sims
eBay
Farm
Galapago
Heroes
Merriam
Poker
Rome
SimCity
Spin

öffne CCleaner analysieren starten.
öffne otl, bereinigen, pc startet neu testen wie er läuft
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.08.2012, 12:46   #11
Chrisooo
 
Gvu Trojaner mit webcam - Standard

Gvu Trojaner mit webcam



So habe das gemacht PC läuft gut

Wie soll ich nun weiter machen? Habe ja jetzt CCleaner analysiert, soll ich die analysierten Sachen nun cleanen?

Alt 11.08.2012, 18:23   #12
Chrisooo
 
Gvu Trojaner mit webcam - Standard

Gvu Trojaner mit webcam



Hallo ich wollte noch mal fragen wie ich nun weiter mache? Hat bisher noch keiner auf meine Frage geantwortet.

Danke im Voraus

Alt 21.08.2012, 18:19   #13
markusg
/// Malware-holic
 
Gvu Trojaner mit webcam - Standard

Gvu Trojaner mit webcam



ja auf analysieren, und starten bitte.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.08.2012, 18:46   #14
Chrisooo
 
Gvu Trojaner mit webcam - Standard

Gvu Trojaner mit webcam



ok habe die analysierten daten nun gecleant.

Antwort

Themen zu Gvu Trojaner mit webcam
alternate, anmelden, bildschirm, dll, einfach, fehlermeldung, file, funktioniert, heuristiks/extra, heuristiks/shuriken, install.exe, konnte, laptop, launch, link, locker, melde, melden, mywinlocker, pmmupdate.exe, programm, richtlinie, rundll, rundll32, sache, sachen, searchscopes, sofort, systems, systemstart, trojaner, usb 2.0, viren, vorgehen, webcam



Ähnliche Themen: Gvu Trojaner mit webcam


  1. GVU Trojaner hat Windows 7 gesperrt - Webcam - paysafecard oder ukash - Trojaner-Board
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (3)
  2. GVU - Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 23.12.2012 (23)
  3. GVU-Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (3)
  4. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (4)
  5. GVU Trojaner mit Webcam
    Log-Analyse und Auswertung - 11.11.2012 (3)
  6. GVU Trojaner mit Webcam
    Log-Analyse und Auswertung - 26.10.2012 (6)
  7. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 18.09.2012 (39)
  8. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (1)
  9. GVU-Trojaner mit Webcam
    Log-Analyse und Auswertung - 11.09.2012 (9)
  10. GVU Webcam Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.09.2012 (7)
  11. GVU-Trojaner mit Webcam
    Log-Analyse und Auswertung - 03.09.2012 (14)
  12. BSI Trojaner mit Webcam
    Log-Analyse und Auswertung - 21.08.2012 (16)
  13. GVU Trojaner + Webcam
    Log-Analyse und Auswertung - 16.08.2012 (8)
  14. GVU Trojaner mit webcam
    Log-Analyse und Auswertung - 13.08.2012 (24)
  15. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 31.07.2012 (11)
  16. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 22.06.2012 (2)
  17. Webcam trojaner?
    Mülltonne - 12.02.2008 (0)

Zum Thema Gvu Trojaner mit webcam - Hallo ich habe mir jetzt schon einige sachen durchgelesen aber bei mir war das etwas anders. Bei mir hat sich auch dieser Bildschirm einfach geöffnet mit GVU usw dann habe - Gvu Trojaner mit webcam...
Archiv
Du betrachtest: Gvu Trojaner mit webcam auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.