| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner unter win 7Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.07.2012, 11:49
| #1 |
 |  GVU Trojaner unter win 7 Hallo, (schönen Dank schonmal im Vorraus  hab mir leider den GVU trojaner eingefangen . Typischen symptome , keine Systemwiederher. möglich , Avas hat nach starten mit einer alten xp Platte den Troji geblockt so kann ich wieder auf meinem Rechner zugreifen. HTML-Code: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.26.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Ted :: TEDS_PC [Administrator] 26.07.2012 11:46:12 mbam-log-2012-07-26 (11-46-12).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 203551 Laufzeit: 2 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Ted\AppData\Roaming\msconfig.dat (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) HTML-Code: OTL logfile created on: 26.07.2012 12:28:05 - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Ted\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 41,70% Memory free 8,00 Gb Paging File | 5,63 Gb Available in Paging File | 70,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 172,69 Gb Total Space | 72,75 Gb Free Space | 42,12% Space Free | Partition Type: NTFS Drive D: | 292,97 Gb Total Space | 277,54 Gb Free Space | 94,73% Space Free | Partition Type: NTFS Drive E: | 232,88 Gb Total Space | 138,82 Gb Free Space | 59,61% Space Free | Partition Type: NTFS Drive G: | 3,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: TEDS_PC | User Name: Ted | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012.07.26 12:26:41 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ted\Downloads\OTL.exe PRC - [2012.07.18 17:36:56 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe PRC - [2012.07.18 17:35:33 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.07.03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.03.07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.11.03 10:29:04 | 004,657,048 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe PRC - [2011.02.15 13:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe PRC - [2011.02.07 06:14:24 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012.07.26 11:58:30 | 000,192,512 | ---- | M] () -- C:\Users\Ted\AppData\Local\Temp\sfamcc00001.dll MOD - [2012.07.26 11:58:30 | 000,172,032 | ---- | M] () -- C:\Users\Ted\AppData\Local\Temp\sfareca00001.dll MOD - [2012.07.18 17:36:56 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll MOD - [2012.07.18 17:35:32 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.02.09 21:05:16 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2011.02.15 13:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe MOD - [2011.02.15 13:20:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll MOD - [2011.02.15 13:20:02 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll MOD - [2011.02.15 13:19:44 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll MOD - [2011.02.15 13:19:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll MOD - [2011.02.15 13:19:20 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll MOD - [2011.02.07 06:14:24 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe MOD - [2011.02.07 06:14:22 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTMUI.dll MOD - [2011.02.07 06:14:18 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll MOD - [2011.02.07 06:14:16 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTUI.dll MOD - [2011.02.07 06:14:14 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTFC.dll MOD - [2010.07.27 06:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll MOD - [2010.07.27 06:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTTSH.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.07.18 17:35:33 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2009.08.10 17:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV - [2009.08.10 17:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012.03.07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:[b]64bit:[/b] - [2012.03.07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:[b]64bit:[/b] - [2012.03.07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:[b]64bit:[/b] - [2012.03.07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:[b]64bit:[/b] - [2012.03.07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:[b]64bit:[/b] - [2012.03.07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:[b]64bit:[/b] - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:[b]64bit:[/b] - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2010.07.28 05:01:42 | 001,918,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:[b]64bit:[/b] - [2009.10.21 05:30:32 | 001,270,784 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:[b]64bit:[/b] - [2009.07.30 11:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:[b]64bit:[/b] - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:[b]64bit:[/b] - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:[b]64bit:[/b] - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009.05.14 03:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2010.05.27 02:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 EC C8 DC 51 F1 CC 01 [binary data] IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "www.google.de" FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.06.29 23:45:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.26 12:28:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.22 13:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ted\AppData\Roaming\mozilla\Extensions [2012.07.04 23:50:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ted\AppData\Roaming\mozilla\Firefox\Profiles\hptqz0np.default\extensions [2012.06.07 22:59:49 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ted\AppData\Roaming\mozilla\Firefox\Profiles\hptqz0np.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.06.29 19:41:38 | 000,000,168 | ---- | M] () -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\hptqz0np.default\searchplugins\icqplugin.gif [2012.07.22 22:45:48 | 000,001,056 | ---- | M] () -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\hptqz0np.default\searchplugins\icqplugin.xml [2012.02.22 13:10:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.29 23:45:07 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.07.18 17:35:33 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.19 04:58:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.19 04:58:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.19 04:58:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.19 04:58:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.19 04:58:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.19 04:58:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - Extension: YouTube = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google Mail = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:[b]64bit:[/b] - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ted\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ted\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75C0382A-25AA-41C7-8311-D7BAA7B453BA}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0241155-722B-40A4-87B0-F0CAA4F68DF3}: DhcpNameServer = 192.168.2.1 O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.06.10 15:16:34 | 002,070,624 | R--- | M] () - G:\Autorun.bba -- [ CDFS ] O32 - AutoRun File - [2007.08.12 11:48:35 | 000,648,440 | R--- | M] (Blue Byte GmbH) - G:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2007.08.15 21:47:33 | 000,000,102 | R--- | M] () - G:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{58e0532e-5d40-11e1-a402-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{58e0532e-5d40-11e1-a402-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2007.08.12 11:48:35 | 000,648,440 | R--- | M] (Blue Byte GmbH) O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012.07.18 17:36:56 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.07.18 17:36:56 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.06.30 00:12:08 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Local\Macromedia [2012.06.29 23:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7M [2012.06.29 23:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7M [2012.06.29 23:48:26 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.29 23:48:26 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.29 23:48:26 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.29 23:48:12 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.29 23:48:12 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.29 23:10:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2012.06.29 19:54:06 | 000,000,000 | ---D | C] -- C:\Users\Ted\Documents\ICQ [2012.06.29 19:42:01 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Roaming\ICQ Search [2012.06.29 19:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ [2012.06.29 19:41:22 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Roaming\ICQ [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012.07.26 11:45:45 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.26 11:42:57 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.26 11:42:57 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.26 11:38:13 | 000,762,636 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.26 11:38:13 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.26 11:38:13 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.26 11:38:13 | 000,004,086 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.26 11:38:13 | 000,003,894 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.26 11:32:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.26 11:32:00 | 3220,615,168 | -HS- | M] () -- C:\hiberfil.sys [2012.07.26 11:30:22 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad [2012.07.26 11:30:08 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.07.26 11:30:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.07.18 17:36:56 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.07.18 17:36:56 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.07.04 09:37:42 | 000,000,024 | ---- | M] () -- C:\Users\Ted\Documents\aionmemo_d17e7c 7.dat [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.30 00:20:35 | 000,094,944 | ---- | M] () -- C:\Users\Ted\Desktop\[000731]_1.jpg [2012.06.29 23:52:33 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7M.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012.07.16 10:44:12 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad [2012.07.06 14:14:16 | 001,065,432 | ---- | C] () -- C:\Users\Ted\Desktop\Dokument test.rtf [2012.06.29 23:52:33 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7M.lnk [2012.06.29 23:45:18 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.06.29 20:15:35 | 000,094,944 | ---- | C] () -- C:\Users\Ted\Desktop\[000731]_1.jpg [2012.03.06 23:24:00 | 000,000,017 | ---- | C] () -- C:\Users\Ted\AppData\Local\resmon.resmoncfg [2012.02.22 14:30:54 | 000,029,347 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.02.22 12:58:47 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.02.22 12:58:45 | 000,022,996 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe < End of report > HTML-Code: OTL Extras logfile created on: 26.07.2012 12:28:05 - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Ted\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 41,70% Memory free 8,00 Gb Paging File | 5,63 Gb Available in Paging File | 70,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 172,69 Gb Total Space | 72,75 Gb Free Space | 42,12% Space Free | Partition Type: NTFS Drive D: | 292,97 Gb Total Space | 277,54 Gb Free Space | 94,73% Space Free | Partition Type: NTFS Drive E: | 232,88 Gb Total Space | 138,82 Gb Free Space | 59,61% Space Free | Partition Type: NTFS Drive G: | 3,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: TEDS_PC | User Name: Ted | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- Reg Error: Key error. File not found .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08FF9467-0EBB-4D2E-8983-6A5DECB494A5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{10301845-8A96-42A2-980F-19E07A84AC99}" = lport=2869 | protocol=6 | dir=in | app=system | "{127672F7-32A1-4C53-9679-507E298FFD70}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{206250BB-5498-48FC-ADA5-E1D1113B69D0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2165F64C-6115-40A4-BB03-AD7D8F44C7B7}" = lport=139 | protocol=6 | dir=in | app=system | "{3D09F290-31C8-46A2-B47D-3883FF1607BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3E62C7ED-AC3E-40F6-B894-C2858E83649A}" = rport=139 | protocol=6 | dir=out | app=system | "{41071AD6-A990-4D12-8D07-F02F646CD4B3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{496C2D08-0DE5-4F68-A12E-C46ABEAD513D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4D8B7C57-7FFE-477B-8D11-90E322BE3FC4}" = rport=10243 | protocol=6 | dir=out | app=system | "{5206A194-2415-4D51-BABB-10FDBA6CEF69}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{54006AAE-9CE0-4DEA-918C-90E9D0EE3B80}" = lport=138 | protocol=17 | dir=in | app=system | "{62BA3F5B-235A-44B0-B491-7D2B295B8F37}" = lport=445 | protocol=6 | dir=in | app=system | "{65D0D109-B638-44E8-910A-F0B9CD76E77F}" = lport=137 | protocol=17 | dir=in | app=system | "{691DAB3E-CC40-49D9-AB85-439DE094FECD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{738E0A30-1A83-41E4-9D83-8F77F7AB8C4A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{83A82BD7-5C12-49D9-BCD6-2867031A1FA5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{8F2537D9-4BD5-417C-AEB4-496273EB5CAC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{93BEC8E1-48DC-425F-83DC-6F9CD427D7B2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{944F9D6E-E635-4D00-B6C7-CF18FAD160B6}" = rport=137 | protocol=17 | dir=out | app=system | "{A1AB3126-C3D6-4F8D-8167-6309636F8F6C}" = rport=445 | protocol=6 | dir=out | app=system | "{A459DBFF-4560-4750-A025-AE73B839ABB7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A9B00961-BF6B-4444-A2B7-107DFC5DCD54}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{AEC88ADA-0C05-40FD-8865-2754A6175C9E}" = rport=138 | protocol=17 | dir=out | app=system | "{B20C924F-E908-4486-AB8B-4ADFB9A3FA42}" = lport=10243 | protocol=6 | dir=in | app=system | "{B6E590A6-2AC2-406C-9EF0-485549003044}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C9A96205-A3D9-44FB-B7CD-48C7CC6F8B02}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{DF6F1C14-5EB4-4369-87B4-9B8998F903D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E00B1205-A2BA-4D57-A99B-ADF254DF712E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E0C692FD-F295-4046-8FB6-C1602052F56C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F2DBC930-0ECD-4782-A0C9-AD5E213641C4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06242426-24E7-4354-B009-066C1CDE4A56}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{0778A342-DC8B-45C9-AA4F-7ED89C5B50B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0886FF0E-26E4-4D04-B4CC-213F4265DA7F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{0CA1B0EA-7151-40F2-893A-CFBE2FBEC941}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{138EBF52-FA80-4018-8FF9-00FE82C8B7BA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "{261E403A-437A-47EE-92D3-69A673E953F8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{344C237E-C54A-4A10-8435-E96563B8DB5F}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{34DFA264-1FEE-4A7C-BB62-9318EF6CD03E}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{36A07CB5-3F99-46D3-8B65-017926D4B960}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "{3EA91836-C990-4B49-86F9-DB48843F5A0B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{461C9832-A5E0-4552-B20D-614E6764B7F0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{53A34F95-F75E-45CA-B4CE-B700BE6ED8A4}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{58075F32-2172-4241-B208-319DEDF961C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{68FACBA3-95E6-4D37-8366-3039B31344AB}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{78CDC20E-346E-4672-A802-63DEA9D4958D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{795B43FC-AA7A-467D-9D32-C3D5BFF57F30}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{7DEC4397-FF44-4301-8E30-4EA9B8BC40F6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{83DDF589-CBA9-4D7E-B4E5-3BF1C6D53287}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{9A9112E1-3266-4D98-9ED5-8154738523F5}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{A34D7389-5631-412F-998E-24AFCB212D55}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{A4DEDDB9-4B2B-4442-A982-BEE81B74BF14}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{A7FA2C5D-C305-4904-B7BF-B1F83669A736}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{B3643AED-750D-41ED-AF3D-26C9F46B0166}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{B87D1060-62C8-4303-9D69-938AEF1738A4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "{BCAF13A0-DDDE-4DF1-83AC-D132065CA338}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "{CEB90C81-A451-4F5F-BE54-818A15475282}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "{D51BF674-320B-4C29-A144-62E27B61EAF4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DCD0C259-C8A8-4578-9109-8564E1028C96}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{DEA7A762-0865-43C0-914D-167916492059}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E2F8B5B0-0BE1-436D-BCCD-D94D6CA24258}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E4EAA6E5-890D-4E1B-986A-F9C95531A47A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E608CD18-FE0C-4E07-B757-C12C894D8002}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F05C90D3-F406-4DCB-AE26-21097101DF51}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F3159932-F7F6-4CCB-B3ED-CBF47CFDDB4C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F422221D-6119-4B42-935F-ACE69B5DE58A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{FCF903C8-9525-4012-A4C1-785749D1CE91}" = protocol=6 | dir=out | app=system | "{FFF86582-F9C8-4F29-9819-32830DB238DB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "TCP Query User{089DD53D-C1F7-45E7-9E4D-FD74DCF6BEE8}C:\users\ted\downloads\starcraft_2_eu_en-gb.exe" = protocol=6 | dir=in | app=c:\users\ted\downloads\starcraft_2_eu_en-gb.exe | "TCP Query User{156ACBF3-0E6A-41BD-B36B-1F5C60A9531F}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe | "TCP Query User{1D6111F1-67C3-4ACC-B105-64905AB9836A}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "TCP Query User{56CA2C37-2357-4BF8-AFA2-5AF948124D99}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | "TCP Query User{6AD25C7A-9953-41CB-A063-7992419BF60F}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe | "TCP Query User{7275EE08-5CC5-4344-954F-3C6074218265}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | "TCP Query User{AD2B0C36-6B9D-4ED0-BED6-71A7D010B3B2}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe | "TCP Query User{CF4678AE-1E35-4387-947E-E6DDEB5B1275}C:\users\ted\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\ted\downloads\diablo-iii-8370-dede-installer-downloader.exe | "TCP Query User{F7E16595-E7A8-4877-B50A-B604A33F3966}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | "UDP Query User{0F9D1E18-98DE-4154-B481-D6549C7A101F}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | "UDP Query User{0FEB7987-6492-4CDF-B88A-BAC4CF9C523F}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe | "UDP Query User{2CC35462-C51F-4CF0-B407-66071FF0BE37}C:\users\ted\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\ted\downloads\diablo-iii-8370-dede-installer-downloader.exe | "UDP Query User{8489EDB3-836A-4C7F-B604-A1976A2DAED7}C:\users\ted\downloads\starcraft_2_eu_en-gb.exe" = protocol=17 | dir=in | app=c:\users\ted\downloads\starcraft_2_eu_en-gb.exe | "UDP Query User{B1251E4E-7B33-47B9-A5E0-431F65CA346C}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | "UDP Query User{B45FF184-1981-4DA8-91A3-AA79F7CC9521}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe | "UDP Query User{BBFD1BD5-57F6-4597-A41C-4DFAB1E0FC57}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | "UDP Query User{DDEE9E00-B25B-420A-B2A6-672C9C1C38EE}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe | "UDP Query User{E7A4C732-7CEB-437A-A342-56F8D11E5BB5}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit) "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 295.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 295.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "CCleaner" = CCleaner "NVIDIA Drivers" = NVIDIA Drivers "TeamSpeak 3 Client" = TeamSpeak 3 Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1E03C8BE-0848-430F-BECA-7D7709401626}" = TP-LINK Wireless Client Utility "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Afterburner" = MSI Afterburner 2.1.0 "avast" = avast! Free Antivirus "Diablo III" = Diablo III "EVE" = EVE Online (remove only) "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508 "hon" = Heroes of Newerth "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager "InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play "InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NCLauncher_GameForge" = NC Launcher (GameForge) "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Picasa 3" = Picasa 3 "SpeedFan" = SpeedFan (remove only) "StarCraft II" = StarCraft II "T4EPlayer" = T4E Player "VLC media player" = VLC media player 2.0.0 [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 24.07.2012 04:39:26 | Computer Name = Teds_PC | Source = WinMgmt | ID = 10 Description = Error - 24.07.2012 04:45:27 | Computer Name = Teds_PC | Source = Microsoft-Windows-CAPI2 | ID = 512 Description = Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer" nicht initialisiert werden. Details: Could not query the status of the EventSystem service. System Error: Der Computer wird heruntergefahren. . Error - 24.07.2012 04:47:34 | Computer Name = Teds_PC | Source = Application Hang | ID = 1002 Description = Programm svchost.exe, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 848 Startzeit: 01cd6978d7b5db40 Endzeit: 0 Anwendungspfad: C:\Windows\syswow64\svchost.exe Berichts-ID: 32354e21-d56c-11e1-a164-e0cb4ecfef19 Error - 24.07.2012 04:48:15 | Computer Name = Teds_PC | Source = WinMgmt | ID = 10 Description = Error - 24.07.2012 04:51:43 | Computer Name = Teds_PC | Source = WinMgmt | ID = 10 Description = Error - 24.07.2012 05:17:57 | Computer Name = Teds_PC | Source = WinMgmt | ID = 10 Description = Error - 24.07.2012 07:54:22 | Computer Name = Teds_PC | Source = WinMgmt | ID = 10 Description = Error - 24.07.2012 07:58:55 | Computer Name = Teds_PC | Source = WinMgmt | ID = 10 Description = Error - 26.07.2012 05:30:44 | Computer Name = Teds_PC | Source = WinMgmt | ID = 10 Description = Error - 26.07.2012 05:33:52 | Computer Name = Teds_PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 24.07.2012 04:44:34 | Computer Name = Teds_PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 24.07.2012 04:44:40 | Computer Name = Teds_PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 24.07.2012 04:44:40 | Computer Name = Teds_PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 24.07.2012 04:44:40 | Computer Name = Teds_PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 24.07.2012 04:44:40 | Computer Name = Teds_PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 24.07.2012 04:44:40 | Computer Name = Teds_PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 24.07.2012 04:44:40 | Computer Name = Teds_PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 24.07.2012 04:50:04 | Computer Name = Teds_PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?24.?07.?2012 um 10:48:21 unerwartet heruntergefahren. Error - 26.07.2012 05:30:35 | Computer Name = Teds_PC | Source = DCOM | ID = 10010 Description = Error - 26.07.2012 05:34:21 | Computer Name = Teds_PC | Source = nvstor64 | ID = 14548999 Description = Das Gerät wurde vom System entfernt. Gerät: \Device\RaidPort0 Modell: WDC WD360GD-00FLC0 Firmware-Version: 33.0 Seriennummer: WD-WMAKH1218587 Anschluss: 0 < End of report >  mfg Mattes |
|
26.07.2012, 12:26
| #2 |
| /// Malware-holic   | GVU Trojaner unter win 7 hi
__________________für eine weitere analyse benötige ich mal folgendes. c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte Trojaner-Board Upload Channel
__________________ |
|
26.07.2012, 12:54
| #3 |
| | GVU Trojaner unter win 7 Hallo,
__________________diesen Ordner finde ich bei mir nicht , leider finde Java nur unter C: Programme (x86) oder ich bin zu blond dazu ^^ |
|
26.07.2012, 12:55
| #4 |
| /// Malware-holic | GVU Trojaner unter win 7 hast du "name" durch deinen nutzernamen ersetzt?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.07.2012, 13:02
| #5 |
| | GVU Trojaner unter win 7 ja hab ich , C: Benutzer / Name ist TED als ordner hab ich da drin Desktop Diablo-III installer Downloads Eigene Bilder Eigene Dokumente Eigene Music Eigene Videos Favoriten Gespeicherte Spiele Kontakte Links SC 2 installer ja bin doch blond sry bekommste sofort |
|
26.07.2012, 13:04
| #6 |
| /// Malware-holic | GVU Trojaner unter win 7 blende mal versteckte dateien und ordner ein: Versteckte Ordner einblenden in Windows
__________________ --> GVU Trojaner unter win 7 |
|
26.07.2012, 13:16
| #7 |
| | GVU Trojaner unter win 7 ich hoffe es hat geklappt ...  |
|
26.07.2012, 15:15
| #8 | |
| /// Malware-holic | GVU Trojaner unter win 7 danke dir Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.07.2012, 16:23
| #9 |
| | GVU Trojaner unter win 7 Hallo, der Rechner ist nicht neu gestartet bzw hatte ich black screen musste nochmal neu booten . Combofix Logfile: Code:
ATTFilter ComboFix 12-07-27.02 - Ted 26.07.2012 17:05:20.1.6 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4095.2485 [GMT 2:00]
ausgeführt von:: c:\users\Ted\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ted\AppData\Local\Temp\sfamcc00001.dll
c:\users\Ted\AppData\Local\Temp\sfareca00001.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-26 bis 2012-07-26 ))))))))))))))))))))))))))))))
.
.
2012-07-26 12:09 . 2012-07-26 12:09 -------- d-----w- c:\program files\WinRAR
2012-07-18 15:36 . 2012-07-18 15:36 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-18 15:36 . 2012-07-18 15:36 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-29 22:12 . 2012-06-29 22:12 -------- d-----w- c:\users\Ted\AppData\Local\Macromedia
2012-06-29 21:52 . 2012-06-29 21:52 -------- d-----w- c:\program files (x86)\ICQ7M
2012-06-29 21:48 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-29 21:48 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-29 21:48 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-29 21:48 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-29 21:48 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-29 21:48 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-29 21:48 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-29 21:48 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-29 21:48 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-29 21:10 . 2012-06-29 21:10 -------- d-----w- c:\windows\system32\appmgmt
2012-06-29 17:42 . 2012-06-29 17:42 -------- d-----w- c:\users\Ted\AppData\Roaming\ICQ Search
2012-06-29 17:41 . 2012-06-29 17:41 -------- d-----w- c:\programdata\ICQ
2012-06-29 17:41 . 2012-07-24 19:41 -------- d-----w- c:\users\Ted\AppData\Roaming\ICQ
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 11:46 . 2012-04-03 20:08 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 01:47 . 2012-06-15 01:38 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B08B24A-E2F0-4CE3-A694-30AE24CA8ACE}\offreg.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-28 2763776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-07-28 1918976]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 69976]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-10-21 1270784]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to MP3 Converter - c:\users\Ted\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\hptqz0np.default\
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
c:\program files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-26 17:19:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-26 15:19
.
Vor Suchlauf: 7 Verzeichnis(se), 78.201.233.408 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 77.922.897.920 Bytes frei
.
- - End Of File - - 12B192E252F389A1B2DE8692D466EE04
hab nochmal OTL drüberlaufenlassen OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.07.2012 17:25:21 - Run 2 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Ted\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,49% Memory free 8,00 Gb Paging File | 6,54 Gb Available in Paging File | 81,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 172,69 Gb Total Space | 72,96 Gb Free Space | 42,25% Space Free | Partition Type: NTFS Drive D: | 292,97 Gb Total Space | 277,54 Gb Free Space | 94,73% Space Free | Partition Type: NTFS Drive E: | 232,88 Gb Total Space | 138,82 Gb Free Space | 59,61% Space Free | Partition Type: NTFS Drive G: | 3,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: TEDS_PC | User Name: Ted | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.26 12:26:41 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ted\Downloads\OTL.exe PRC - [2012.07.18 17:35:33 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.03.07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.11.03 10:29:04 | 004,657,048 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe PRC - [2011.02.15 13:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe PRC - [2011.02.07 06:14:24 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe ========== Modules (No Company Name) ========== MOD - [2012.07.26 17:23:05 | 000,192,512 | ---- | M] () -- C:\Users\Ted\AppData\Local\Temp\sfamcc00001.dll MOD - [2012.07.26 17:23:05 | 000,172,032 | ---- | M] () -- C:\Users\Ted\AppData\Local\Temp\sfareca00001.dll MOD - [2012.07.18 17:35:32 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.02.09 21:05:16 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2011.02.15 13:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe MOD - [2011.02.15 13:20:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll MOD - [2011.02.15 13:20:02 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll MOD - [2011.02.15 13:19:44 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll MOD - [2011.02.15 13:19:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll MOD - [2011.02.15 13:19:20 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll MOD - [2011.02.07 06:14:24 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe MOD - [2011.02.07 06:14:22 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTMUI.dll MOD - [2011.02.07 06:14:18 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll MOD - [2011.02.07 06:14:16 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTUI.dll MOD - [2011.02.07 06:14:14 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTFC.dll MOD - [2010.07.27 06:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll MOD - [2010.07.27 06:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTTSH.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.07.18 17:35:33 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2009.08.10 17:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV - [2009.08.10 17:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.03.07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.03.07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.03.07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.03.07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.03.07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.07.28 05:01:42 | 001,918,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:64bit: - [2009.10.21 05:30:32 | 001,270,784 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009.07.30 11:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.14 03:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2010.05.27 02:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 EC C8 DC 51 F1 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.06.29 23:45:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.26 12:28:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.22 13:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ted\AppData\Roaming\mozilla\Extensions [2012.07.04 23:50:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ted\AppData\Roaming\mozilla\Firefox\Profiles\hptqz0np.default\extensions [2012.06.07 22:59:49 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ted\AppData\Roaming\mozilla\Firefox\Profiles\hptqz0np.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.06.29 19:41:38 | 000,000,168 | ---- | M] () -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\hptqz0np.default\searchplugins\icqplugin.gif [2012.07.22 22:45:48 | 000,001,056 | ---- | M] () -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\hptqz0np.default\searchplugins\icqplugin.xml [2012.02.22 13:10:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.29 23:45:07 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.07.18 17:35:33 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.19 04:58:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.19 04:58:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.19 04:58:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.19 04:58:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.19 04:58:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.19 04:58:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - Extension: YouTube = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google Mail = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2012.07.26 17:16:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ted\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ted\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75C0382A-25AA-41C7-8311-D7BAA7B453BA}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0241155-722B-40A4-87B0-F0CAA4F68DF3}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.06.10 15:16:34 | 002,070,624 | R--- | M] () - G:\Autorun.bba -- [ CDFS ] O32 - AutoRun File - [2007.08.12 11:48:35 | 000,648,440 | R--- | M] (Blue Byte GmbH) - G:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2007.08.15 21:47:33 | 000,000,102 | R--- | M] () - G:\Autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.26 17:16:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.07.26 17:08:49 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.07.26 17:04:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.07.26 17:04:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.07.26 17:04:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.07.26 17:04:08 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.07.26 17:03:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.07.26 14:09:21 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Roaming\WinRAR [2012.07.26 14:09:21 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.07.26 14:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.07.26 14:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012.07.18 17:36:56 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.07.18 17:36:56 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.06.30 00:12:08 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Local\Macromedia [2012.06.29 23:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7M [2012.06.29 23:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7M [2012.06.29 23:48:26 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.29 23:48:26 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.29 23:48:26 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.29 23:48:19 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.29 23:48:19 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.29 23:48:19 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.29 23:48:12 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.29 23:48:12 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.29 23:10:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2012.06.29 19:54:06 | 000,000,000 | ---D | C] -- C:\Users\Ted\Documents\ICQ [2012.06.29 19:42:01 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Roaming\ICQ Search [2012.06.29 19:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ [2012.06.29 19:41:22 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Roaming\ICQ ========== Files - Modified Within 30 Days ========== [2012.07.26 17:22:33 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.26 17:22:33 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.26 17:19:33 | 000,762,636 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.26 17:19:33 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.26 17:19:33 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.26 17:19:33 | 000,004,086 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.26 17:19:33 | 000,003,894 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.26 17:16:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.07.26 17:15:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.26 17:15:02 | 3220,615,168 | -HS- | M] () -- C:\hiberfil.sys [2012.07.26 14:10:35 | 000,661,396 | ---- | M] () -- C:\Users\Ted\Desktop\cache.rar [2012.07.26 11:45:45 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.26 11:30:22 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad [2012.07.26 11:30:08 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.07.26 11:30:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.07.18 17:36:56 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.07.18 17:36:56 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.07.04 09:37:42 | 000,000,024 | ---- | M] () -- C:\Users\Ted\Documents\aionmemo_d17e7c 7.dat [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.30 00:20:35 | 000,094,944 | ---- | M] () -- C:\Users\Ted\Desktop\[000731]_1.jpg [2012.06.29 23:52:33 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7M.lnk ========== Files Created - No Company Name ========== [2012.07.26 17:04:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.07.26 17:04:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.07.26 17:04:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.07.26 17:04:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.07.26 17:04:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.07.26 14:10:35 | 000,661,396 | ---- | C] () -- C:\Users\Ted\Desktop\cache.rar [2012.07.16 10:44:12 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad [2012.07.06 14:14:16 | 001,065,432 | ---- | C] () -- C:\Users\Ted\Desktop\Dokument test.rtf [2012.06.29 23:52:33 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7M.lnk [2012.06.29 23:45:18 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.06.29 20:15:35 | 000,094,944 | ---- | C] () -- C:\Users\Ted\Desktop\[000731]_1.jpg [2012.03.06 23:24:00 | 000,000,017 | ---- | C] () -- C:\Users\Ted\AppData\Local\resmon.resmoncfg [2012.02.22 14:30:54 | 000,029,347 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.02.22 12:58:47 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.02.22 12:58:45 | 000,022,996 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe < End of report > und noch ein ein vollstandiger scan Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.26.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Ted :: TEDS_PC [Administrator] 26.07.2012 17:32:48 mbam-log-2012-07-26 (17-32-48).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 308649 Laufzeit: 23 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) hab ich noch was vergessen ?   Geändert von littleTED (26.07.2012 um 17:01 Uhr) |
|
26.07.2012, 19:05
| #10 |
| /// Malware-holic | GVU Trojaner unter win 7 hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.07.2012, 19:10
| #11 |
| | GVU Trojaner unter win 7 ergebniss HTML-Code: 20:07:14.0038 0848 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 20:07:14.0105 0848 ============================================================ 20:07:14.0106 0848 Current date / time: 2012/07/26 20:07:14.0105 20:07:14.0106 0848 SystemInfo: 20:07:14.0106 0848 20:07:14.0106 0848 OS Version: 6.1.7601 ServicePack: 1.0 20:07:14.0106 0848 Product type: Workstation 20:07:14.0106 0848 ComputerName: TEDS_PC 20:07:14.0106 0848 UserName: Ted 20:07:14.0106 0848 Windows directory: C:\Windows 20:07:14.0106 0848 System windows directory: C:\Windows 20:07:14.0106 0848 Running under WOW64 20:07:14.0106 0848 Processor architecture: Intel x64 20:07:14.0106 0848 Number of processors: 6 20:07:14.0106 0848 Page size: 0x1000 20:07:14.0106 0848 Boot type: Normal boot 20:07:14.0106 0848 ============================================================ 20:07:15.0249 0848 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:07:15.0264 0848 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x7E2CB, SectorsPerTrack: 0xE, TracksPerCylinder: 0x87, Type 'K0', Flags 0x00000040 20:07:15.0268 0848 ============================================================ 20:07:15.0268 0848 \Device\Harddisk0\DR0: 20:07:15.0268 0848 MBR partitions: 20:07:15.0268 0848 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800 20:07:15.0268 0848 \Device\Harddisk1\DR1: 20:07:15.0268 0848 MBR partitions: 20:07:15.0268 0848 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 20:07:15.0268 0848 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x15963800 20:07:15.0268 0848 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x15996000, BlocksNum 0x249EF000 20:07:15.0268 0848 ============================================================ 20:07:15.0287 0848 C: <-> \Device\Harddisk1\DR1\Partition1 20:07:15.0379 0848 D: <-> \Device\Harddisk1\DR1\Partition2 20:07:15.0414 0848 E: <-> \Device\Harddisk0\DR0\Partition0 20:07:15.0414 0848 ============================================================ 20:07:15.0414 0848 Initialize success 20:07:15.0414 0848 ============================================================ 20:07:53.0403 0852 ============================================================ 20:07:53.0403 0852 Scan started 20:07:53.0403 0852 Mode: Manual; SigCheck; TDLFS; 20:07:53.0403 0852 ============================================================ 20:07:54.0317 0852 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 20:07:54.0441 0852 1394ohci - ok 20:07:54.0485 0852 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 20:07:54.0499 0852 ACPI - ok 20:07:54.0507 0852 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 20:07:54.0565 0852 AcpiPmi - ok 20:07:54.0654 0852 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 20:07:54.0662 0852 AdobeARMservice - ok 20:07:54.0709 0852 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 20:07:54.0725 0852 adp94xx - ok 20:07:54.0755 0852 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 20:07:54.0769 0852 adpahci - ok 20:07:54.0807 0852 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 20:07:54.0818 0852 adpu320 - ok 20:07:54.0841 0852 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 20:07:54.0984 0852 AeLookupSvc - ok 20:07:55.0068 0852 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 20:07:55.0126 0852 AFD - ok 20:07:55.0141 0852 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 20:07:55.0150 0852 agp440 - ok 20:07:55.0175 0852 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 20:07:55.0216 0852 ALG - ok 20:07:55.0247 0852 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 20:07:55.0256 0852 aliide - ok 20:07:55.0271 0852 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 20:07:55.0280 0852 amdide - ok 20:07:55.0291 0852 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 20:07:55.0315 0852 AmdK8 - ok 20:07:55.0339 0852 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 20:07:55.0360 0852 AmdPPM - ok 20:07:55.0395 0852 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys 20:07:55.0405 0852 amdsata - ok 20:07:55.0430 0852 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 20:07:55.0441 0852 amdsbs - ok 20:07:55.0454 0852 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys 20:07:55.0463 0852 amdxata - ok 20:07:55.0484 0852 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 20:07:55.0605 0852 AppID - ok 20:07:55.0633 0852 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 20:07:55.0679 0852 AppIDSvc - ok 20:07:55.0702 0852 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 20:07:55.0749 0852 Appinfo - ok 20:07:55.0808 0852 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll 20:07:55.0874 0852 AppMgmt - ok 20:07:55.0903 0852 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 20:07:55.0914 0852 arc - ok 20:07:55.0926 0852 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 20:07:55.0936 0852 arcsas - ok 20:07:55.0981 0852 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys 20:07:56.0003 0852 aswFsBlk - ok 20:07:56.0075 0852 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys 20:07:56.0085 0852 aswMonFlt - ok 20:07:56.0138 0852 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys 20:07:56.0147 0852 aswRdr - ok 20:07:56.0189 0852 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys 20:07:56.0215 0852 aswSnx - ok 20:07:56.0239 0852 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys 20:07:56.0252 0852 aswSP - ok 20:07:56.0268 0852 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys 20:07:56.0277 0852 aswTdi - ok 20:07:56.0293 0852 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 20:07:56.0337 0852 AsyncMac - ok 20:07:56.0376 0852 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 20:07:56.0385 0852 atapi - ok 20:07:56.0513 0852 athur (417b9bab376e8e50f6770196656fd348) C:\Windows\system32\DRIVERS\athurx.sys 20:07:56.0588 0852 athur - ok 20:07:56.0737 0852 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 20:07:56.0799 0852 AudioEndpointBuilder - ok 20:07:56.0804 0852 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 20:07:56.0833 0852 AudioSrv - ok 20:07:56.0914 0852 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe 20:07:56.0923 0852 avast! Antivirus - ok 20:07:56.0969 0852 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 20:07:57.0031 0852 AxInstSV - ok 20:07:57.0100 0852 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 20:07:57.0153 0852 b06bdrv - ok 20:07:57.0184 0852 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 20:07:57.0220 0852 b57nd60a - ok 20:07:57.0246 0852 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 20:07:57.0309 0852 BDESVC - ok 20:07:57.0360 0852 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 20:07:57.0408 0852 Beep - ok 20:07:57.0472 0852 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 20:07:57.0550 0852 BFE - ok 20:07:57.0612 0852 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll 20:07:57.0715 0852 BITS - ok 20:07:57.0767 0852 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 20:07:57.0777 0852 blbdrive - ok 20:07:57.0805 0852 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 20:07:57.0838 0852 bowser - ok 20:07:57.0876 0852 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 20:07:57.0902 0852 BrFiltLo - ok 20:07:57.0919 0852 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 20:07:57.0954 0852 BrFiltUp - ok 20:07:57.0989 0852 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 20:07:58.0030 0852 BridgeMP - ok 20:07:58.0078 0852 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 20:07:58.0104 0852 Browser - ok 20:07:58.0136 0852 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 20:07:58.0186 0852 Brserid - ok 20:07:58.0196 0852 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 20:07:58.0223 0852 BrSerWdm - ok 20:07:58.0238 0852 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 20:07:58.0250 0852 BrUsbMdm - ok 20:07:58.0264 0852 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 20:07:58.0288 0852 BrUsbSer - ok 20:07:58.0304 0852 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 20:07:58.0317 0852 BTHMODEM - ok 20:07:58.0343 0852 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 20:07:58.0369 0852 bthserv - ok 20:07:58.0387 0852 catchme - ok 20:07:58.0416 0852 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 20:07:58.0460 0852 cdfs - ok 20:07:58.0509 0852 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 20:07:58.0520 0852 cdrom - ok 20:07:58.0558 0852 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 20:07:58.0584 0852 CertPropSvc - ok 20:07:58.0601 0852 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 20:07:58.0613 0852 circlass - ok 20:07:58.0665 0852 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 20:07:58.0679 0852 CLFS - ok 20:07:58.0745 0852 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:07:58.0754 0852 clr_optimization_v2.0.50727_32 - ok 20:07:58.0790 0852 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 20:07:58.0799 0852 clr_optimization_v2.0.50727_64 - ok 20:07:58.0836 0852 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys 20:07:58.0865 0852 CmBatt - ok 20:07:58.0880 0852 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 20:07:58.0889 0852 cmdide - ok 20:07:58.0945 0852 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 20:07:58.0985 0852 CNG - ok 20:07:58.0998 0852 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 20:07:59.0007 0852 Compbatt - ok 20:07:59.0035 0852 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys 20:07:59.0067 0852 CompositeBus - ok 20:07:59.0084 0852 COMSysApp - ok 20:07:59.0099 0852 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 20:07:59.0108 0852 crcdisk - ok 20:07:59.0150 0852 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 20:07:59.0204 0852 CryptSvc - ok 20:07:59.0251 0852 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 20:07:59.0332 0852 CSC - ok 20:07:59.0367 0852 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll 20:07:59.0441 0852 CscService - ok 20:07:59.0494 0852 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 20:07:59.0530 0852 DcomLaunch - ok 20:07:59.0557 0852 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 20:07:59.0588 0852 defragsvc - ok 20:07:59.0622 0852 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 20:07:59.0661 0852 DfsC - ok 20:07:59.0705 0852 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 20:07:59.0758 0852 Dhcp - ok 20:07:59.0786 0852 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 20:07:59.0846 0852 discache - ok 20:07:59.0908 0852 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 20:07:59.0918 0852 Disk - ok 20:07:59.0958 0852 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys 20:07:59.0982 0852 dmvsc - ok 20:08:00.0008 0852 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 20:08:00.0049 0852 Dnscache - ok 20:08:00.0069 0852 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 20:08:00.0111 0852 dot3svc - ok 20:08:00.0119 0852 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 20:08:00.0159 0852 DPS - ok 20:08:00.0198 0852 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 20:08:00.0226 0852 drmkaud - ok 20:08:00.0280 0852 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 20:08:00.0315 0852 DXGKrnl - ok 20:08:00.0338 0852 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 20:08:00.0378 0852 EapHost - ok 20:08:00.0511 0852 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 20:08:00.0596 0852 ebdrv - ok 20:08:00.0721 0852 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 20:08:00.0741 0852 EFS - ok 20:08:00.0805 0852 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 20:08:00.0878 0852 ehRecvr - ok 20:08:00.0901 0852 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 20:08:00.0939 0852 ehSched - ok 20:08:01.0012 0852 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 20:08:01.0031 0852 elxstor - ok 20:08:01.0045 0852 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 20:08:01.0071 0852 ErrDev - ok 20:08:01.0126 0852 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 20:08:01.0173 0852 EventSystem - ok 20:08:01.0213 0852 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 20:08:01.0242 0852 exfat - ok 20:08:01.0268 0852 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 20:08:01.0307 0852 fastfat - ok 20:08:01.0365 0852 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 20:08:01.0421 0852 Fax - ok 20:08:01.0431 0852 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 20:08:01.0467 0852 fdc - ok 20:08:01.0504 0852 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 20:08:01.0543 0852 fdPHost - ok 20:08:01.0564 0852 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 20:08:01.0606 0852 FDResPub - ok 20:08:01.0629 0852 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 20:08:01.0639 0852 FileInfo - ok 20:08:01.0661 0852 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 20:08:01.0715 0852 Filetrace - ok 20:08:01.0733 0852 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 20:08:01.0743 0852 flpydisk - ok 20:08:01.0767 0852 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 20:08:01.0780 0852 FltMgr - ok 20:08:01.0827 0852 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll 20:08:01.0894 0852 FontCache - ok 20:08:01.0956 0852 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:08:01.0965 0852 FontCache3.0.0.0 - ok 20:08:02.0093 0852 ForceWare Intelligent Application Manager (IAM) (52b58a46beefb238c580b69fd051cb5b) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe 20:08:02.0121 0852 ForceWare Intelligent Application Manager (IAM) - ok 20:08:02.0173 0852 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 20:08:02.0182 0852 FsDepends - ok 20:08:02.0216 0852 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 20:08:02.0225 0852 Fs_Rec - ok 20:08:02.0281 0852 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 20:08:02.0295 0852 fvevol - ok 20:08:02.0329 0852 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 20:08:02.0339 0852 gagp30kx - ok 20:08:02.0382 0852 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 20:08:02.0440 0852 gpsvc - ok 20:08:02.0506 0852 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 20:08:02.0516 0852 gusvc - ok 20:08:02.0538 0852 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 20:08:02.0607 0852 hcw85cir - ok 20:08:02.0669 0852 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 20:08:02.0699 0852 HdAudAddService - ok 20:08:02.0725 0852 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 20:08:02.0761 0852 HDAudBus - ok 20:08:02.0785 0852 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 20:08:02.0813 0852 HidBatt - ok 20:08:02.0854 0852 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 20:08:02.0878 0852 HidBth - ok 20:08:02.0936 0852 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 20:08:02.0947 0852 HidIr - ok 20:08:02.0968 0852 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 20:08:03.0008 0852 hidserv - ok 20:08:03.0037 0852 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 20:08:03.0047 0852 HidUsb - ok 20:08:03.0073 0852 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 20:08:03.0116 0852 hkmsvc - ok 20:08:03.0139 0852 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 20:08:03.0164 0852 HomeGroupListener - ok 20:08:03.0196 0852 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 20:08:03.0230 0852 HomeGroupProvider - ok 20:08:03.0263 0852 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 20:08:03.0273 0852 HpSAMD - ok 20:08:03.0313 0852 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 20:08:03.0370 0852 HTTP - ok 20:08:03.0390 0852 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 20:08:03.0399 0852 hwpolicy - ok 20:08:03.0442 0852 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 20:08:03.0452 0852 i8042prt - ok 20:08:03.0478 0852 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys 20:08:03.0492 0852 iaStorV - ok 20:08:03.0570 0852 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 20:08:03.0594 0852 idsvc - ok 20:08:03.0612 0852 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 20:08:03.0621 0852 iirsp - ok 20:08:03.0670 0852 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 20:08:03.0726 0852 IKEEXT - ok 20:08:03.0744 0852 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 20:08:03.0753 0852 intelide - ok 20:08:03.0790 0852 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys 20:08:03.0816 0852 intelppm - ok 20:08:03.0837 0852 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 20:08:03.0877 0852 IPBusEnum - ok 20:08:03.0899 0852 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:08:03.0924 0852 IpFilterDriver - ok 20:08:03.0988 0852 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 20:08:04.0049 0852 iphlpsvc - ok 20:08:04.0073 0852 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 20:08:04.0084 0852 IPMIDRV - ok 20:08:04.0091 0852 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 20:08:04.0140 0852 IPNAT - ok 20:08:04.0169 0852 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 20:08:04.0204 0852 IRENUM - ok 20:08:04.0223 0852 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 20:08:04.0232 0852 isapnp - ok 20:08:04.0259 0852 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 20:08:04.0272 0852 iScsiPrt - ok 20:08:04.0294 0852 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 20:08:04.0303 0852 kbdclass - ok 20:08:04.0329 0852 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 20:08:04.0359 0852 kbdhid - ok 20:08:04.0393 0852 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:08:04.0404 0852 KeyIso - ok 20:08:04.0440 0852 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 20:08:04.0449 0852 KSecDD - ok 20:08:04.0469 0852 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 20:08:04.0480 0852 KSecPkg - ok 20:08:04.0493 0852 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 20:08:04.0538 0852 ksthunk - ok 20:08:04.0590 0852 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 20:08:04.0632 0852 KtmRm - ok 20:08:04.0680 0852 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 20:08:04.0724 0852 LanmanServer - ok 20:08:04.0759 0852 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 20:08:04.0812 0852 LanmanWorkstation - ok 20:08:04.0858 0852 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 20:08:04.0905 0852 lltdio - ok 20:08:04.0936 0852 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 20:08:04.0987 0852 lltdsvc - ok 20:08:05.0019 0852 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 20:08:05.0057 0852 lmhosts - ok 20:08:05.0108 0852 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 20:08:05.0118 0852 LSI_FC - ok 20:08:05.0143 0852 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 20:08:05.0153 0852 LSI_SAS - ok 20:08:05.0166 0852 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 20:08:05.0176 0852 LSI_SAS2 - ok 20:08:05.0198 0852 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 20:08:05.0209 0852 LSI_SCSI - ok 20:08:05.0228 0852 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 20:08:05.0275 0852 luafv - ok 20:08:05.0307 0852 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 20:08:05.0320 0852 Mcx2Svc - ok 20:08:05.0339 0852 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 20:08:05.0348 0852 megasas - ok 20:08:05.0370 0852 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 20:08:05.0383 0852 MegaSR - ok 20:08:05.0402 0852 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 20:08:05.0429 0852 MMCSS - ok 20:08:05.0440 0852 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 20:08:05.0489 0852 Modem - ok 20:08:05.0517 0852 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 20:08:05.0551 0852 monitor - ok 20:08:05.0583 0852 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 20:08:05.0592 0852 mouclass - ok 20:08:05.0627 0852 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 20:08:05.0649 0852 mouhid - ok 20:08:05.0682 0852 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 20:08:05.0692 0852 mountmgr - ok 20:08:05.0807 0852 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 20:08:05.0817 0852 MozillaMaintenance - ok 20:08:05.0837 0852 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 20:08:05.0848 0852 mpio - ok 20:08:05.0859 0852 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 20:08:05.0885 0852 mpsdrv - ok 20:08:05.0931 0852 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 20:08:05.0972 0852 MpsSvc - ok 20:08:05.0993 0852 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 20:08:06.0028 0852 MRxDAV - ok 20:08:06.0066 0852 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 20:08:06.0109 0852 mrxsmb - ok 20:08:06.0136 0852 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:08:06.0149 0852 mrxsmb10 - ok 20:08:06.0163 0852 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:08:06.0174 0852 mrxsmb20 - ok 20:08:06.0186 0852 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 20:08:06.0195 0852 msahci - ok 20:08:06.0217 0852 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 20:08:06.0228 0852 msdsm - ok 20:08:06.0266 0852 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 20:08:06.0290 0852 MSDTC - ok 20:08:06.0310 0852 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 20:08:06.0354 0852 Msfs - ok 20:08:06.0374 0852 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 20:08:06.0412 0852 mshidkmdf - ok 20:08:06.0436 0852 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 20:08:06.0445 0852 msisadrv - ok 20:08:06.0493 0852 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 20:08:06.0534 0852 MSiSCSI - ok 20:08:06.0536 0852 msiserver - ok 20:08:06.0577 0852 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 20:08:06.0618 0852 MSKSSRV - ok 20:08:06.0632 0852 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 20:08:06.0673 0852 MSPCLOCK - ok 20:08:06.0691 0852 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 20:08:06.0717 0852 MSPQM - ok 20:08:06.0739 0852 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 20:08:06.0753 0852 MsRPC - ok 20:08:06.0767 0852 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 20:08:06.0776 0852 mssmbios - ok 20:08:06.0790 0852 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 20:08:06.0816 0852 MSTEE - ok 20:08:06.0827 0852 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 20:08:06.0837 0852 MTConfig - ok 20:08:06.0876 0852 MTsensor (2219a3d695405e7ba2186ba6b9ede14a) C:\Windows\system32\DRIVERS\ASACPI.sys 20:08:06.0884 0852 MTsensor - ok 20:08:06.0906 0852 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 20:08:06.0916 0852 Mup - ok 20:08:06.0962 0852 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 20:08:07.0015 0852 napagent - ok 20:08:07.0076 0852 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 20:08:07.0116 0852 NativeWifiP - ok 20:08:07.0170 0852 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 20:08:07.0196 0852 NDIS - ok 20:08:07.0220 0852 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 20:08:07.0246 0852 NdisCap - ok 20:08:07.0286 0852 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 20:08:07.0311 0852 NdisTapi - ok 20:08:07.0355 0852 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 20:08:07.0392 0852 Ndisuio - ok 20:08:07.0411 0852 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 20:08:07.0460 0852 NdisWan - ok 20:08:07.0482 0852 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 20:08:07.0506 0852 NDProxy - ok 20:08:07.0544 0852 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 20:08:07.0593 0852 NetBIOS - ok 20:08:07.0621 0852 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 20:08:07.0649 0852 NetBT - ok 20:08:07.0694 0852 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:08:07.0704 0852 Netlogon - ok 20:08:07.0766 0852 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 20:08:07.0819 0852 Netman - ok 20:08:07.0856 0852 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 20:08:07.0899 0852 netprofm - ok 20:08:07.0988 0852 netr28ux (618c55b392238b9467f9113e13525c49) C:\Windows\system32\DRIVERS\netr28ux.sys 20:08:08.0015 0852 netr28ux - ok 20:08:08.0101 0852 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:08:08.0110 0852 NetTcpPortSharing - ok 20:08:08.0154 0852 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 20:08:08.0164 0852 nfrd960 - ok 20:08:08.0208 0852 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 20:08:08.0257 0852 NlaSvc - ok 20:08:08.0277 0852 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 20:08:08.0302 0852 Npfs - ok 20:08:08.0316 0852 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 20:08:08.0361 0852 nsi - ok 20:08:08.0387 0852 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 20:08:08.0413 0852 nsiproxy - ok 20:08:08.0520 0852 nSvcIp (20e179a7fe78b37a02d30c4d34c870e7) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe 20:08:08.0531 0852 nSvcIp - ok 20:08:08.0599 0852 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys 20:08:08.0634 0852 Ntfs - ok 20:08:08.0736 0852 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 20:08:08.0773 0852 Null - ok 20:08:08.0820 0852 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys 20:08:08.0848 0852 NVENETFD - ok 20:08:08.0897 0852 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys 20:08:08.0909 0852 NVHDA - ok 20:08:09.0450 0852 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys 20:08:09.0698 0852 nvlddmkm - ok 20:08:09.0859 0852 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys 20:08:09.0872 0852 NVNET - ok 20:08:09.0935 0852 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys 20:08:09.0945 0852 nvraid - ok 20:08:09.0981 0852 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys 20:08:09.0992 0852 nvstor - ok 20:08:10.0033 0852 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys 20:08:10.0043 0852 nvstor64 - ok 20:08:10.0132 0852 nvsvc (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe 20:08:10.0157 0852 nvsvc - ok 20:08:10.0286 0852 nvUpdatusService (cd0bfaa6872cfe38c908d313ae17c350) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 20:08:10.0331 0852 nvUpdatusService - ok 20:08:10.0425 0852 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 20:08:10.0435 0852 nv_agp - ok 20:08:10.0447 0852 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 20:08:10.0469 0852 ohci1394 - ok 20:08:10.0516 0852 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 20:08:10.0580 0852 p2pimsvc - ok 20:08:10.0617 0852 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 20:08:10.0632 0852 p2psvc - ok 20:08:10.0645 0852 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 20:08:10.0670 0852 Parport - ok 20:08:10.0691 0852 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 20:08:10.0701 0852 partmgr - ok 20:08:10.0720 0852 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 20:08:10.0749 0852 PcaSvc - ok 20:08:10.0779 0852 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 20:08:10.0790 0852 pci - ok 20:08:10.0802 0852 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 20:08:10.0811 0852 pciide - ok 20:08:10.0833 0852 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 20:08:10.0845 0852 pcmcia - ok 20:08:10.0863 0852 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 20:08:10.0872 0852 pcw - ok 20:08:10.0914 0852 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 20:08:10.0981 0852 PEAUTH - ok 20:08:11.0067 0852 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll 20:08:11.0152 0852 PeerDistSvc - ok 20:08:11.0222 0852 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 20:08:11.0233 0852 PerfHost - ok 20:08:11.0364 0852 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 20:08:11.0430 0852 pla - ok 20:08:11.0492 0852 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 20:08:11.0551 0852 PlugPlay - ok 20:08:11.0564 0852 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 20:08:11.0596 0852 PNRPAutoReg - ok 20:08:11.0632 0852 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 20:08:11.0645 0852 PNRPsvc - ok 20:08:11.0695 0852 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 20:08:11.0748 0852 PolicyAgent - ok 20:08:11.0791 0852 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 20:08:11.0836 0852 Power - ok 20:08:11.0889 0852 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 20:08:11.0927 0852 PptpMiniport - ok 20:08:11.0946 0852 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 20:08:11.0970 0852 Processor - ok 20:08:12.0002 0852 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 20:08:12.0050 0852 ProfSvc - ok 20:08:12.0086 0852 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:08:12.0096 0852 ProtectedStorage - ok 20:08:12.0137 0852 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 20:08:12.0185 0852 Psched - ok 20:08:12.0481 0852 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 20:08:12.0512 0852 ql2300 - ok 20:08:12.0585 0852 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 20:08:12.0595 0852 ql40xx - ok 20:08:12.0623 0852 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 20:08:12.0640 0852 QWAVE - ok 20:08:12.0656 0852 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 20:08:12.0669 0852 QWAVEdrv - ok 20:08:12.0682 0852 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 20:08:12.0708 0852 RasAcd - ok 20:08:12.0762 0852 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 20:08:12.0810 0852 RasAgileVpn - ok 20:08:12.0830 0852 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 20:08:12.0873 0852 RasAuto - ok 20:08:12.0880 0852 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 20:08:12.0906 0852 Rasl2tp - ok 20:08:12.0929 0852 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 20:08:12.0959 0852 RasMan - ok 20:08:12.0973 0852 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 20:08:13.0023 0852 RasPppoe - ok 20:08:13.0054 0852 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 20:08:13.0080 0852 RasSstp - ok 20:08:13.0104 0852 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 20:08:13.0132 0852 rdbss - ok 20:08:13.0151 0852 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 20:08:13.0177 0852 rdpbus - ok 20:08:13.0207 0852 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 20:08:13.0232 0852 RDPCDD - ok 20:08:13.0272 0852 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 20:08:13.0294 0852 RDPDR - ok 20:08:13.0311 0852 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 20:08:13.0355 0852 RDPENCDD - ok 20:08:13.0360 0852 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 20:08:13.0385 0852 RDPREFMP - ok 20:08:13.0427 0852 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 20:08:13.0446 0852 RDPWD - ok 20:08:13.0472 0852 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 20:08:13.0483 0852 rdyboost - ok 20:08:13.0515 0852 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 20:08:13.0558 0852 RemoteAccess - ok 20:08:13.0595 0852 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 20:08:13.0637 0852 RemoteRegistry - ok 20:08:13.0662 0852 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 20:08:13.0702 0852 RpcEptMapper - ok 20:08:13.0719 0852 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 20:08:13.0742 0852 RpcLocator - ok 20:08:13.0787 0852 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 20:08:13.0816 0852 RpcSs - ok 20:08:13.0829 0852 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 20:08:13.0856 0852 rspndr - ok 20:08:13.0941 0852 RTCore64 (2e887e52e45bba3c47ccd0e75fc5266f) C:\Program Files (x86)\MSI Afterburner\RTCore64.sys 20:08:13.0950 0852 RTCore64 - ok 20:08:13.0978 0852 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys 20:08:14.0005 0852 s3cap - ok 20:08:14.0042 0852 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:08:14.0052 0852 SamSs - ok 20:08:14.0073 0852 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 20:08:14.0083 0852 sbp2port - ok 20:08:14.0101 0852 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 20:08:14.0130 0852 SCardSvr - ok 20:08:14.0148 0852 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 20:08:14.0189 0852 scfilter - ok 20:08:14.0246 0852 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 20:08:14.0293 0852 Schedule - ok 20:08:14.0326 0852 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 20:08:14.0351 0852 SCPolicySvc - ok 20:08:14.0372 0852 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 20:08:14.0426 0852 SDRSVC - ok 20:08:14.0476 0852 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 20:08:14.0523 0852 secdrv - ok 20:08:14.0539 0852 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 20:08:14.0566 0852 seclogon - ok 20:08:14.0582 0852 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 20:08:14.0622 0852 SENS - ok 20:08:14.0642 0852 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 20:08:14.0695 0852 SensrSvc - ok 20:08:14.0734 0852 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 20:08:14.0756 0852 Serenum - ok 20:08:14.0776 0852 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 20:08:14.0806 0852 Serial - ok 20:08:14.0844 0852 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 20:08:14.0864 0852 sermouse - ok 20:08:14.0896 0852 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 20:08:14.0942 0852 SessionEnv - ok 20:08:14.0961 0852 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 20:08:14.0973 0852 sffdisk - ok 20:08:14.0985 0852 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 20:08:15.0020 0852 sffp_mmc - ok 20:08:15.0044 0852 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 20:08:15.0075 0852 sffp_sd - ok 20:08:15.0098 0852 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 20:08:15.0108 0852 sfloppy - ok 20:08:15.0144 0852 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 20:08:15.0188 0852 SharedAccess - ok 20:08:15.0227 0852 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 20:08:15.0257 0852 ShellHWDetection - ok 20:08:15.0294 0852 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 20:08:15.0304 0852 SiSRaid2 - ok 20:08:15.0320 0852 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 20:08:15.0330 0852 SiSRaid4 - ok 20:08:15.0422 0852 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe 20:08:15.0431 0852 SkypeUpdate - ok 20:08:15.0471 0852 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 20:08:15.0517 0852 Smb - ok 20:08:15.0549 0852 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 20:08:15.0582 0852 SNMPTRAP - ok 20:08:15.0665 0852 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys 20:08:15.0676 0852 speedfan - ok 20:08:15.0684 0852 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 20:08:15.0693 0852 spldr - ok 20:08:15.0724 0852 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 20:08:15.0769 0852 Spooler - ok 20:08:15.0914 0852 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 20:08:16.0013 0852 sppsvc - ok 20:08:16.0105 0852 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 20:08:16.0132 0852 sppuinotify - ok 20:08:16.0177 0852 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 20:08:16.0227 0852 srv - ok 20:08:16.0253 0852 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 20:08:16.0287 0852 srv2 - ok 20:08:16.0308 0852 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 20:08:16.0319 0852 srvnet - ok 20:08:16.0359 0852 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 20:08:16.0388 0852 SSDPSRV - ok 20:08:16.0412 0852 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 20:08:16.0440 0852 SstpSvc - ok 20:08:16.0540 0852 Stereo Service (8544a200c40447e465f06e58687428bb) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 20:08:16.0555 0852 Stereo Service - ok 20:08:16.0592 0852 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 20:08:16.0601 0852 stexstor - ok 20:08:16.0666 0852 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 20:08:16.0722 0852 stisvc - ok 20:08:16.0754 0852 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys 20:08:16.0763 0852 storflt - ok 20:08:16.0792 0852 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll 20:08:16.0858 0852 StorSvc - ok 20:08:16.0894 0852 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys 20:08:16.0903 0852 storvsc - ok 20:08:16.0919 0852 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 20:08:16.0928 0852 swenum - ok 20:08:16.0962 0852 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 20:08:17.0008 0852 swprv - ok 20:08:17.0102 0852 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 20:08:17.0170 0852 SysMain - ok 20:08:17.0275 0852 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 20:08:17.0291 0852 TabletInputService - ok 20:08:17.0317 0852 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 20:08:17.0364 0852 TapiSrv - ok 20:08:17.0381 0852 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 20:08:17.0409 0852 TBS - ok 20:08:17.0562 0852 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 20:08:17.0600 0852 Tcpip - ok 20:08:17.0755 0852 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 20:08:17.0799 0852 TCPIP6 - ok 20:08:17.0849 0852 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 20:08:17.0890 0852 tcpipreg - ok 20:08:17.0908 0852 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 20:08:17.0937 0852 TDPIPE - ok 20:08:17.0975 0852 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 20:08:18.0003 0852 TDTCP - ok 20:08:18.0027 0852 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 20:08:18.0053 0852 tdx - ok 20:08:18.0100 0852 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys 20:08:18.0109 0852 TermDD - ok 20:08:18.0171 0852 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 20:08:18.0225 0852 TermService - ok 20:08:18.0247 0852 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 20:08:18.0262 0852 Themes - ok 20:08:18.0290 0852 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 20:08:18.0316 0852 THREADORDER - ok 20:08:18.0335 0852 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 20:08:18.0380 0852 TrkWks - ok 20:08:18.0431 0852 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 20:08:18.0458 0852 TrustedInstaller - ok 20:08:18.0472 0852 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 20:08:18.0514 0852 tssecsrv - ok 20:08:18.0544 0852 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 20:08:18.0562 0852 TsUsbFlt - ok 20:08:18.0580 0852 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 20:08:18.0590 0852 TsUsbGD - ok 20:08:18.0643 0852 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 20:08:18.0685 0852 tunnel - ok 20:08:18.0710 0852 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 20:08:18.0720 0852 uagp35 - ok 20:08:18.0744 0852 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 20:08:18.0795 0852 udfs - ok 20:08:18.0816 0852 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 20:08:18.0848 0852 UI0Detect - ok 20:08:18.0866 0852 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 20:08:18.0875 0852 uliagpkx - ok 20:08:18.0911 0852 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 20:08:18.0937 0852 umbus - ok 20:08:18.0975 0852 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 20:08:18.0999 0852 UmPass - ok 20:08:19.0039 0852 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll 20:08:19.0087 0852 UmRdpService - ok 20:08:19.0138 0852 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 20:08:19.0189 0852 upnphost - ok 20:08:19.0216 0852 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys 20:08:19.0228 0852 usbccgp - ok 20:08:19.0240 0852 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 20:08:19.0253 0852 usbcir - ok 20:08:19.0269 0852 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys 20:08:19.0299 0852 usbehci - ok 20:08:19.0328 0852 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys 20:08:19.0348 0852 usbhub - ok 20:08:19.0370 0852 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 20:08:19.0381 0852 usbohci - ok 20:08:19.0390 0852 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys 20:08:19.0424 0852 usbprint - ok 20:08:19.0441 0852 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:08:19.0467 0852 USBSTOR - ok 20:08:19.0484 0852 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys 20:08:19.0494 0852 usbuhci - ok 20:08:19.0508 0852 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 20:08:19.0553 0852 UxSms - ok 20:08:19.0586 0852 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:08:19.0596 0852 VaultSvc - ok 20:08:19.0636 0852 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 20:08:19.0645 0852 vdrvroot - ok 20:08:19.0677 0852 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 20:08:19.0735 0852 vds - ok 20:08:19.0768 0852 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 20:08:19.0780 0852 vga - ok 20:08:19.0801 0852 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 20:08:19.0855 0852 VgaSave - ok 20:08:19.0883 0852 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 20:08:19.0895 0852 vhdmp - ok 20:08:19.0995 0852 VIAHdAudAddService (db88ca4f876c7dcaeec29bab9e31ffc1) C:\Windows\system32\drivers\viahduaa.sys 20:08:20.0057 0852 VIAHdAudAddService - ok 20:08:20.0077 0852 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 20:08:20.0086 0852 viaide - ok 20:08:20.0113 0852 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys 20:08:20.0125 0852 vmbus - ok 20:08:20.0144 0852 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 20:08:20.0167 0852 VMBusHID - ok 20:08:20.0189 0852 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 20:08:20.0199 0852 volmgr - ok 20:08:20.0228 0852 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 20:08:20.0242 0852 volmgrx - ok 20:08:20.0287 0852 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 20:08:20.0300 0852 volsnap - ok 20:08:20.0349 0852 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 20:08:20.0360 0852 vsmraid - ok 20:08:20.0446 0852 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 20:08:20.0511 0852 VSS - ok 20:08:20.0609 0852 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 20:08:20.0642 0852 vwifibus - ok 20:08:20.0673 0852 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 20:08:20.0703 0852 vwififlt - ok 20:08:20.0744 0852 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 20:08:20.0776 0852 W32Time - ok 20:08:20.0788 0852 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 20:08:20.0812 0852 WacomPen - ok 20:08:20.0848 0852 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 20:08:20.0889 0852 WANARP - ok 20:08:20.0892 0852 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 20:08:20.0917 0852 Wanarpv6 - ok 20:08:20.0993 0852 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 20:08:21.0069 0852 wbengine - ok 20:08:21.0128 0852 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 20:08:21.0145 0852 WbioSrvc - ok 20:08:21.0175 0852 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 20:08:21.0207 0852 wcncsvc - ok 20:08:21.0230 0852 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 20:08:21.0280 0852 WcsPlugInService - ok 20:08:21.0308 0852 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 20:08:21.0317 0852 Wd - ok 20:08:21.0355 0852 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 20:08:21.0385 0852 Wdf01000 - ok 20:08:21.0397 0852 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 20:08:21.0463 0852 WdiServiceHost - ok 20:08:21.0465 0852 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 20:08:21.0481 0852 WdiSystemHost - ok 20:08:21.0507 0852 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 20:08:21.0546 0852 WebClient - ok 20:08:21.0578 0852 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 20:08:21.0624 0852 Wecsvc - ok 20:08:21.0646 0852 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 20:08:21.0675 0852 wercplsupport - ok 20:08:21.0716 0852 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 20:08:21.0744 0852 WerSvc - ok 20:08:21.0783 0852 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 20:08:21.0809 0852 WfpLwf - ok 20:08:21.0827 0852 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 20:08:21.0836 0852 WIMMount - ok 20:08:21.0853 0852 WinDefend - ok 20:08:21.0857 0852 WinHttpAutoProxySvc - ok 20:08:21.0910 0852 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 20:08:21.0938 0852 Winmgmt - ok 20:08:22.0028 0852 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 20:08:22.0093 0852 WinRM - ok 20:08:22.0206 0852 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 20:08:22.0245 0852 Wlansvc - ok 20:08:22.0282 0852 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 20:08:22.0312 0852 WmiAcpi - ok 20:08:22.0338 0852 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 20:08:22.0367 0852 wmiApSrv - ok 20:08:22.0382 0852 WMPNetworkSvc - ok 20:08:22.0400 0852 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 20:08:22.0425 0852 WPCSvc - ok 20:08:22.0447 0852 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 20:08:22.0482 0852 WPDBusEnum - ok 20:08:22.0492 0852 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 20:08:22.0518 0852 ws2ifsl - ok 20:08:22.0539 0852 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 20:08:22.0574 0852 wscsvc - ok 20:08:22.0576 0852 WSearch - ok 20:08:22.0687 0852 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 20:08:22.0743 0852 wuauserv - ok 20:08:22.0851 0852 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 20:08:22.0888 0852 WudfPf - ok 20:08:22.0932 0852 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 20:08:22.0974 0852 WUDFRd - ok 20:08:22.0995 0852 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 20:08:23.0023 0852 wudfsvc - ok 20:08:23.0070 0852 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 20:08:23.0110 0852 WwanSvc - ok 20:08:23.0124 0852 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0 20:08:23.0194 0852 \Device\Harddisk0\DR0 - ok 20:08:23.0209 0852 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1 20:08:23.0444 0852 \Device\Harddisk1\DR1 - ok 20:08:23.0446 0852 Boot (0x1200) (c3d0598b57cfabfc4ad05681c4ff25b9) \Device\Harddisk0\DR0\Partition0 20:08:23.0448 0852 \Device\Harddisk0\DR0\Partition0 - ok 20:08:23.0450 0852 Boot (0x1200) (893b656c55016f6191da9fe036d346f2) \Device\Harddisk1\DR1\Partition0 20:08:23.0451 0852 \Device\Harddisk1\DR1\Partition0 - ok 20:08:23.0481 0852 Boot (0x1200) (b0d2b6faa2d50b9ceb0eb5f5b3891500) \Device\Harddisk1\DR1\Partition1 20:08:23.0482 0852 \Device\Harddisk1\DR1\Partition1 - ok 20:08:23.0507 0852 Boot (0x1200) (ba88f2d3ef38b1070efc19574cc1f72d) \Device\Harddisk1\DR1\Partition2 20:08:23.0508 0852 \Device\Harddisk1\DR1\Partition2 - ok 20:08:23.0509 0852 ============================================================ 20:08:23.0509 0852 Scan finished 20:08:23.0509 0852 ============================================================ 20:08:23.0517 2540 Detected object count: 0 20:08:23.0517 2540 Actual detected object count: 0 aber auf alle Fälle schonmal herzlichen dank für die Betreung ist echt ein klasse Forum das ihr hier habt .  |
|
27.07.2012, 22:32
| #12 |
| /// Malware-holic | GVU Trojaner unter win 7 kommt noch lade den CCleaner standard: CCleaner Download - CCleaner 3.21.1767 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.07.2012, 14:34
| #13 |
| | GVU Trojaner unter win 7 Hallo, Adobe Flash Player 11 Plugin Adobe Systems Incorporated 27.07.2012 6,00MB 11.3.300.268 Adobe Reader X (10.1.2) - Deutsch Adobe Systems Incorporated 21.02.2012 121,0MB 10.1.2 AION Free-To-Play Gameforge 29.02.2012 22,6MB 2.70.0000 avast! Free Antivirus AVAST Software 28.06.2012 7.0.1426.0 CCleaner Piriform 21.02.2012 3.15 Diablo III Blizzard Entertainment 10.07.2012 1.0.3.10485 EVE Online (remove only) CCP Games Ltd. 09.05.2012 Free YouTube to MP3 Converter version 3.11.22.508 DVDVideoSoft Ltd. 06.06.2012 87,6MB 3.11.22.508 Heroes of Newerth S2 Games 22.02.2012 2.3.0 ICQ7M ICQ 28.06.2012 7.8 Java(TM) 6 Update 31 Oracle 23.02.2012 74,5MB 6.0.310 Java(TM) 7 Update 3 (64-bit) Oracle 23.02.2012 93,7MB 7.0.30 Malwarebytes Anti-Malware Version 1.62.0.1300 Malwarebytes Corporation 25.07.2012 18,8MB 1.62.0.1300 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 21.02.2012 0,42MB 8.0.56336 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 02.03.2012 0,77MB 9.0.30729 irgendwelche updates ? Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 21.02.2012 0,23MB 9.0.30729 irgendwelche updates ? Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 21.02.2012 0,58MB 9.0.30729.4148 irgendwelche updates ? Mozilla Firefox 14.0.1 (x86 de) Mozilla 17.07.2012 36,3MB 14.0.1 Mozilla Maintenance Service Mozilla 17.07.2012 0,30MB 14.0.1 MSI Afterburner 2.1.0 MSI Co., LTD 21.02.2012 2.1.0 NC Launcher (GameForge) NCsoft 29.02.2012 NVIDIA 3D Vision Controller-Treiber 295.73 NVIDIA Corporation 21.02.2012 295.73 NVIDIA 3D Vision Treiber 295.73 NVIDIA Corporation 21.02.2012 295.73 NVIDIA Drivers NVIDIA Corporation 21.02.2012 1.7 NVIDIA ForceWare Network Access Manager NVIDIA Corporation 21.02.2012 39,0MB 1.00.7316 NVIDIA Grafiktreiber 295.73 NVIDIA Corporation 21.02.2012 295.73 NVIDIA HD-Audiotreiber 1.3.12.0 NVIDIA Corporation 21.02.2012 1.3.12.0 NVIDIA Update 1.7.11 NVIDIA Corporation 21.02.2012 1.7.11 Picasa 3 Google, Inc. 26.02.2012 3.8 Skype™ 5.9 Skype Technologies S.A. 30.05.2012 19,3MB 5.9.115 SpeedFan (remove only) 21.02.2012 StarCraft II Blizzard Entertainment 21.02.2012 1.4.3.21029 T4E Player Techno4ever 22.03.2012 TeamSpeak 3 Client TeamSpeak Systems GmbH 03.03.2012 TP-LINK Wireless Client Utility TP-LINK 03.04.2012 7.0 VIA Plattform-Geräte-Manager VIA Technologies, Inc. 21.02.2012 2,62MB 1.34 VLC media player 2.0.0 VideoLAN 21.02.2012 2.0.0 WinRAR 4.20 (64-bit) win.rar GmbH 25.07.2012 4.20.0 sehe auf anhieb kein Programm das stören würde  Geändert von littleTED (28.07.2012 um 14:44 Uhr) |
|
29.07.2012, 17:42
| #14 |
| | GVU Trojaner unter win 7 ??? gehts noch weiter  |
|
29.07.2012, 17:44
| #15 |
| /// Malware-holic | GVU Trojaner unter win 7 wieso fehlen die beschriftungen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu GVU Trojaner unter win 7 |
| adobe, antivirus, autorun, avast, battle.net, bho, converter, error, firefox, flash player, format, helper, install.exe, langs, logfile, mozilla, mp3, nvidia update, plug-in, registry, rundll, searchscopes, security, seriennummer, software, starten, svchost.exe, system error, teamspeak, temp, trojaner, udp, vdeck.exe |
Linear-Darstellung
