| |
| |||||||
Log-Analyse und Auswertung: Sirefef-AHF/Maleware-Gen nach Facebooknachricht.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
12.09.2012, 20:39
| #16 |
 |  Sirefef-AHF/Maleware-Gen nach Facebooknachricht. hier die log datei OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.09.2012 21:21:17 - Run 4 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Lucas\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,04 Gb Available Physical Memory | 75,56% Memory free 15,99 Gb Paging File | 13,96 Gb Available in Paging File | 87,29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 921,75 Gb Total Space | 613,42 Gb Free Space | 66,55% Space Free | Partition Type: NTFS Computer Name: LUCAS-PC | User Name: Lucas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Lucas\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe () PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe (UASSOFT.COM) ========== Modules (No Company Name) ========== MOD - \\?\globalroot\systemroot\syswow64\mswsock.DLL () ========== Services (SafeList) ========== SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (SystemStore) -- C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe () SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (KMWDSERVICE) -- C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe (UASSOFT.COM) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices) DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.) DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.) DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.) DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.) DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (AODDriver4.0) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3184936613-344643640-2133257759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKU\S-1-5-21-3184936613-344643640-2133257759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-3184936613-344643640-2133257759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.de/ IE - HKU\S-1-5-21-3184936613-344643640-2133257759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3184936613-344643640-2133257759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3184936613-344643640-2133257759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2D 68 A6 13 28 79 CC 01 [binary data] IE - HKU\S-1-5-21-3184936613-344643640-2133257759-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-3184936613-344643640-2133257759-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-3184936613-344643640-2133257759-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3184936613-344643640-2133257759-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3184936613-344643640-2133257759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3184936613-344643640-2133257759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.27 08:53:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.16 21:27:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.16 21:27:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucas\AppData\Roaming\mozilla\Extensions [2012.09.03 22:40:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucas\AppData\Roaming\mozilla\Firefox\Profiles\e45f6zac.default\extensions [2012.08.21 21:15:05 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Lucas\AppData\Roaming\mozilla\Firefox\Profiles\e45f6zac.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2012.07.05 15:28:38 | 000,002,474 | ---- | M] () -- C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\e45f6zac.default\searchplugins\Web Search.xml [2012.04.22 10:41:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.08.27 08:53:59 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2011.07.08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3184936613-344643640-2133257759-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKU\S-1-5-21-3184936613-344643640-2133257759-1000..\Run: [HydraVisionMDEngine] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe (AMD) O4 - HKU\S-1-5-21-3184936613-344643640-2133257759-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32F4ECE4-70E3-41EA-907E-B11433093E35}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80DC9DDA-8681-4E74-A685-EC32A81BADA8}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{b9094b5c-a33d-11e1-9e16-b5ac550d2696}\Shell - "" = AutoRun O33 - MountPoints2\{b9094b5c-a33d-11e1-9e16-b5ac550d2696}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe O33 - MountPoints2\{e9f641cb-758a-11e1-9d58-f46d04f0bd19}\Shell - "" = AutoRun O33 - MountPoints2\{e9f641cb-758a-11e1-9d58-f46d04f0bd19}\Shell\AutoRun\command - "" = F:\PdfCatalog.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpFolder: C:^Users^Lucas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Product Registration.lnk - - File not found MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: C: - hkey= - key= - Reg Error: Value error. File not found MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: KMCONFIG - hkey= - key= - File not found MsConfig:64bit - StartUpReg: MurGee.com Auto Keyboard - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Start WingMan Profiler - hkey= - key= - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) MsConfig:64bit - StartUpReg: Turbo Key - hkey= - key= - C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe (ASUSTeK Computer Inc.) MsConfig:64bit - State: "bootini" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: BFE - Service SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: MPSSvc - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: BFE - Service SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MPSSvc - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L) Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.09.12 14:35:22 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\{55B8DEAB-7082-4C64-B99F-ADF576A28051} [2012.09.08 13:52:59 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\{E52A845B-85B9-438B-9902-85438BE1AF63} [2012.09.05 21:10:08 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\{7F289EE4-C1A6-49A2-B94C-DC58A2A40EE7} [2012.09.05 21:09:40 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\{025CC301-B561-47D4-9B77-78424ABFD972} [2012.09.03 18:32:44 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\{0AE709C4-8ADC-4437-B2C5-0EBDB2D24F6C} [2012.09.01 16:27:43 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012.09.01 16:14:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.09.01 14:23:46 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\Malwarebytes [2012.09.01 14:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.01 14:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.01 14:23:37 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.01 14:23:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.30 15:23:04 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\{E809E9C8-4164-4196-B93D-1C00371DC6B2} [2012.08.30 12:00:07 | 000,000,000 | ---D | C] -- C:\Users\Lucas\Desktop\Video Files [2012.08.30 11:58:37 | 000,070,144 | ---- | C] (NirSoft) -- C:\Users\Lucas\Desktop\VideoCacheView.exe [2012.08.30 10:14:24 | 000,000,000 | ---D | C] -- C:\Users\Lucas\Desktop\Neuer Ordner [2012.08.30 09:34:10 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Lucas\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.30 09:11:21 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe [2012.08.27 09:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.08.27 09:13:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.08.27 09:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2012.08.25 13:33:06 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\{E33510A5-86B0-450E-8437-775B6FE0721C} [2012.08.24 20:51:25 | 000,000,000 | RHSD | C] -- C:\Users\Lucas\M-10-5845-8588-3464 [2012.08.24 08:14:25 | 000,000,000 | RHSD | C] -- C:\Users\Lucas\M-10-7960-8588-3464 [2012.08.23 14:33:30 | 000,000,000 | ---D | C] -- C:\Users\Lucas\Desktop\we love sommer12 [2012.08.22 14:50:59 | 025,633,928 | ---- | C] (Razer USA Ltd. ) -- C:\Users\Lucas\Desktop\Razer_Imperator_Driver_v2.02.exe [2012.08.22 14:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer [2012.08.22 14:41:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer [2012.08.22 14:38:24 | 025,375,528 | ---- | C] (Razer USA Ltd. ) -- C:\Users\Lucas\Desktop\Imperator_Driver_v1.02.exe [2012.08.21 21:14:46 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\{9D44ECCB-1FD9-452C-8085-6A8845410304} [2012.08.21 20:57:33 | 000,000,000 | RHSD | C] -- C:\Users\Lucas\M-0-5778-6436-2457 [2012.08.20 20:30:50 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\{11701F05-1CB5-4902-9F46-DB6AA02ECD33} [2012.08.19 21:51:14 | 000,000,000 | RHSD | C] -- C:\Users\Lucas\M-10-6897-8685-3464 [2012.08.14 21:11:57 | 000,000,000 | ---D | C] -- C:\Users\Lucas\Documents\TubeBox [5 C:\Windows\Installer\{4b4ca271-0f3c-c8a3-a686-04c709bef670}\U\*.tmp files -> C:\Windows\Installer\{4b4ca271-0f3c-c8a3-a686-04c709bef670}\U\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.12 20:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.12 13:37:10 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.12 13:37:10 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.12 13:29:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.12 13:29:16 | 2145,951,743 | -HS- | M] () -- C:\hiberfil.sys [2012.09.10 10:03:46 | 000,000,056 | ---- | M] () -- C:\Users\Lucas\AppData\Roaming\mbam.context.scan [2012.09.10 09:59:07 | 004,883,399 | ---- | M] () -- C:\Users\Lucas\Desktop\MW3MU.rar [2012.09.07 15:53:14 | 000,001,211 | ---- | M] () -- C:\Users\Lucas\Desktop\VideoCacheView.cfg [2012.09.03 17:23:16 | 000,511,265 | ---- | M] () -- C:\Users\Lucas\Desktop\adwcleaner.exe [2012.09.01 14:23:38 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.30 10:13:01 | 000,085,087 | ---- | M] () -- C:\Users\Lucas\Desktop\videocacheview_2-35.zip [2012.08.30 10:11:33 | 000,061,607 | ---- | M] () -- C:\Users\Lucas\Desktop\Desktops102.zip [2012.08.30 09:34:48 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Lucas\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.30 09:11:21 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe [2012.08.27 08:54:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.08.25 11:05:29 | 000,000,000 | -H-- | M] () -- C:\Users\Lucas\AppData\Roaming\winbros.sys [2012.08.24 08:14:32 | 000,000,000 | -H-- | M] () -- C:\Users\Lucas\AppData\Roaming\winbras.sys [2012.08.24 08:14:31 | 000,000,000 | -H-- | M] () -- C:\Users\Lucas\AppData\Roaming\ztddttud.sys [2012.08.22 21:17:54 | 000,085,464 | ---- | M] () -- C:\Users\Lucas\Desktop\Minecraft.jar [2012.08.22 21:00:05 | 001,642,226 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.22 21:00:05 | 000,711,674 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.22 21:00:05 | 000,656,702 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.22 21:00:05 | 000,152,688 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.22 21:00:05 | 000,125,184 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.22 14:59:30 | 000,300,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.22 14:59:20 | 452,866,102 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.08.22 14:53:43 | 000,002,070 | ---- | M] () -- C:\Users\Lucas\Desktop\Konfig. der Razer Imperator.lnk [2012.08.22 14:52:39 | 025,633,928 | ---- | M] (Razer USA Ltd. ) -- C:\Users\Lucas\Desktop\Razer_Imperator_Driver_v2.02.exe [2012.08.22 14:40:06 | 025,375,528 | ---- | M] (Razer USA Ltd. ) -- C:\Users\Lucas\Desktop\Imperator_Driver_v1.02.exe [2012.08.21 11:13:13 | 000,969,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012.08.21 11:13:13 | 000,359,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012.08.21 11:13:13 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012.08.21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.08.21 11:13:12 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2012.08.21 11:13:11 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.08.21 11:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012.08.18 12:18:27 | 000,004,823 | ---- | M] () -- C:\Users\Lucas\Desktop\config.mw3esp [2012.08.18 12:16:27 | 000,453,266 | ---- | M] () -- C:\Users\Lucas\Desktop\MW3 .NET External ESP v2.13 by master131_mpgh.net.rar [2012.08.18 11:43:04 | 000,465,920 | ---- | M] () -- C:\Users\Lucas\Desktop\Launcher.exe ========== Files Created - No Company Name ========== [2012.09.12 21:20:17 | 000,077,824 | ---- | C] () -- C:\Windows\Installer\{4b4ca271-0f3c-c8a3-a686-04c709bef670}\U\80000064.@ [2012.09.12 21:20:08 | 000,090,624 | ---- | C] () -- C:\Windows\Installer\{4b4ca271-0f3c-c8a3-a686-04c709bef670}\U\80000032.@ [2012.09.12 21:19:50 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{4b4ca271-0f3c-c8a3-a686-04c709bef670}\U\80000000.@ [2012.09.12 21:19:47 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{4b4ca271-0f3c-c8a3-a686-04c709bef670}\U\00000004.@ [2012.09.12 21:19:47 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{4b4ca271-0f3c-c8a3-a686-04c709bef670}\U\000000cb.@ [2012.09.10 10:03:46 | 000,000,056 | ---- | C] () -- C:\Users\Lucas\AppData\Roaming\mbam.context.scan [2012.09.06 21:16:19 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{4b4ca271-0f3c-c8a3-a686-04c709bef670}\U\00000008.@ [2012.09.03 17:23:16 | 000,511,265 | ---- | C] () -- C:\Users\Lucas\Desktop\adwcleaner.exe [2012.09.01 14:23:38 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.30 12:00:54 | 000,001,211 | ---- | C] () -- C:\Users\Lucas\Desktop\VideoCacheView.cfg [2012.08.30 10:13:01 | 000,085,087 | ---- | C] () -- C:\Users\Lucas\Desktop\videocacheview_2-35.zip [2012.08.30 10:11:33 | 000,061,607 | ---- | C] () -- C:\Users\Lucas\Desktop\Desktops102.zip [2012.08.25 11:05:29 | 000,000,000 | -H-- | C] () -- C:\Users\Lucas\AppData\Roaming\winbros.sys [2012.08.24 08:14:31 | 000,000,000 | -H-- | C] () -- C:\Users\Lucas\AppData\Roaming\ztddttud.sys [2012.08.22 14:57:02 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{4b4ca271-0f3c-c8a3-a686-04c709bef670}\L\00000004.@ [2012.08.22 14:53:43 | 000,002,070 | ---- | C] () -- C:\Users\Lucas\Desktop\Konfig. der Razer Imperator.lnk [2012.08.21 11:25:20 | 000,000,000 | -H-- | C] () -- C:\Users\Lucas\AppData\Roaming\winbras.sys [2012.08.18 12:16:27 | 000,453,266 | ---- | C] () -- C:\Users\Lucas\Desktop\MW3 .NET External ESP v2.13 by master131_mpgh.net.rar [2012.08.16 15:01:43 | 004,883,399 | ---- | C] () -- C:\Users\Lucas\Desktop\MW3MU.rar [2012.04.21 13:14:08 | 000,164,352 | -HS- | C] () -- C:\Windows\SysWow64\SC.dll [2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.02.09 18:24:18 | 000,000,218 | ---- | C] () -- C:\Users\Lucas\.recently-used.xbel [2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.01.11 15:18:08 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{4b4ca271-0f3c-c8a3-a686-04c709bef670}\@ [2012.01.11 15:18:08 | 000,002,048 | -HS- | C] () -- C:\Users\Lucas\AppData\Local\{4b4ca271-0f3c-c8a3-a686-04c709bef670}\@ [2011.12.25 15:55:51 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.12.25 12:37:28 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2011.12.08 18:14:44 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2011.12.08 18:14:44 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2011.12.08 18:14:42 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2011.12.08 18:14:42 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2011.12.08 18:05:47 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.10.11 20:16:51 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2011.09.30 14:37:50 | 000,007,596 | ---- | C] () -- C:\Users\Lucas\AppData\Local\resmon.resmoncfg [2011.09.22 17:47:13 | 000,017,408 | ---- | C] () -- C:\Users\Lucas\AppData\Local\WebpageIcons.db [2011.09.22 17:41:44 | 001,619,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.20 14:13:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2012.09.07 12:04:00 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\.minecraft [2011.10.12 17:23:31 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Atari [2012.04.03 20:17:45 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Audacity [2012.01.25 16:58:45 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Day 1 Studios [2011.11.11 21:18:27 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\DVDVideoSoft [2011.12.16 21:44:52 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\FireShot [2012.02.09 18:24:26 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\foobar2000 [2011.12.25 12:23:36 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Fraunhofer [2012.05.09 18:45:52 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Freemium [2011.10.27 15:28:48 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\gtk-2.0 [2011.10.27 16:53:22 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\inkscape [2012.04.17 15:10:51 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Jens Lorek [2011.10.11 20:16:38 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Leadertech [2011.10.20 17:36:18 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\LibreOffice [2012.07.14 14:43:40 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\MW2 FoV Changer [2012.05.04 17:43:20 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\MW3 FoV Changer [2012.07.30 18:45:06 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Neuer Ordner [2011.12.11 19:54:43 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Publish Providers [2012.08.18 23:34:11 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\SoftGrid Client [2011.12.12 17:05:15 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Sony [2012.01.23 20:27:10 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TeamViewer [2011.09.22 17:42:32 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TP [2012.02.01 17:59:45 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TS3Client [2011.10.05 14:36:05 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Windows Live Writer [2012.09.02 09:18:48 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.09.07 12:04:00 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\.minecraft [2012.01.09 21:28:21 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Adobe [2012.01.14 11:59:44 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Apple Computer [2011.10.12 17:23:31 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Atari [2011.09.22 15:57:33 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\ATI [2012.04.03 20:17:45 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Audacity [2012.01.25 16:58:45 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Day 1 Studios [2011.11.08 18:58:12 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\DivX [2011.11.11 21:18:27 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\DVDVideoSoft [2011.12.16 21:44:52 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\FireShot [2012.02.09 18:24:26 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\foobar2000 [2011.12.25 12:23:36 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Fraunhofer [2012.05.09 18:45:52 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Freemium [2011.10.27 15:28:48 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\gtk-2.0 [2011.09.22 15:01:39 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\HpUpdate [2011.09.22 14:44:25 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Identities [2011.10.27 16:53:22 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\inkscape [2012.04.17 15:10:51 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Jens Lorek [2011.10.11 20:16:38 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Leadertech [2011.10.20 17:36:18 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\LibreOffice [2011.09.22 16:28:43 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Macromedia [2012.09.01 14:23:46 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Malwarebytes [2011.04.12 09:54:43 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Media Center Programs [2012.08.19 21:51:17 | 000,000,000 | --SD | M] -- C:\Users\Lucas\AppData\Roaming\Microsoft [2011.12.16 21:27:23 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Mozilla [2012.07.14 14:43:40 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\MW2 FoV Changer [2012.05.04 17:43:20 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\MW3 FoV Changer [2012.07.30 18:45:06 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Neuer Ordner [2011.12.11 19:54:43 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Publish Providers [2011.09.22 19:08:20 | 000,000,000 | RH-D | M] -- C:\Users\Lucas\AppData\Roaming\SecuROM [2012.09.12 17:58:38 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Skype [2012.08.18 23:34:11 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\SoftGrid Client [2011.12.12 17:05:15 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Sony [2012.01.23 20:27:10 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TeamViewer [2011.09.22 17:42:32 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TP [2012.02.01 17:59:45 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TS3Client [2012.09.07 15:52:12 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\vlc [2011.12.27 14:37:53 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Winamp [2011.10.05 14:36:05 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Windows Live Writer [2011.11.01 22:35:05 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.03.01 15:26:14 | 000,270,848 | ---- | M] (Teckda) -- C:\Users\Lucas\AppData\Roaming\.minecraft\Minecraft Cracked.exe [2010.10.21 03:00:02 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Lucas\AppData\Roaming\.minecraft\Minecraft Updater.exe [2012.04.04 21:43:52 | 000,270,142 | ---- | M] () -- C:\Users\Lucas\AppData\Roaming\.minecraft\Minecraft.exe [2012.02.22 16:22:58 | 000,300,564 | ---- | M] () -- C:\Users\Lucas\AppData\Roaming\.minecraft\Uninstall.exe [2011.10.01 17:16:58 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Lucas\AppData\Roaming\Microsoft\Installer\{917E73C2-C7DA-4C12-9774-A6A2730BCAAB}\ARPPRODUCTICON.exe [2011.10.01 17:16:58 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Lucas\AppData\Roaming\Microsoft\Installer\{917E73C2-C7DA-4C12-9774-A6A2730BCAAB}\NewShortcut1_5AF90193CBA147C0B255378E5E8C61DE.exe [2011.10.01 17:16:58 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Lucas\AppData\Roaming\Microsoft\Installer\{917E73C2-C7DA-4C12-9774-A6A2730BCAAB}\NewShortcut2_5AF90193CBA147C0B255378E5E8C61DE.exe [2011.10.01 17:16:58 | 000,001,078 | R--- | M] () -- C:\Users\Lucas\AppData\Roaming\Microsoft\Installer\{917E73C2-C7DA-4C12-9774-A6A2730BCAAB}\NewShortcut5_5AF90193CBA147C0B255378E5E8C61DE.exe [2011.10.01 17:16:58 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Lucas\AppData\Roaming\Microsoft\Installer\{917E73C2-C7DA-4C12-9774-A6A2730BCAAB}\NewShortcut8_917E73C2C7DA4C129774A6A2730BCAAB.exe [2012.07.11 23:54:06 | 000,060,824 | ---- | M] (getfireshot.com) -- C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\e45f6zac.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\crashreporter.exe [2012.07.11 23:54:04 | 000,145,816 | ---- | M] (getfireshot.com) -- C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\e45f6zac.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-container.exe [2012.07.11 23:53:44 | 000,074,648 | ---- | M] (getfireshot.com) -- C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\e45f6zac.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-deploy.exe [2011.03.01 15:26:14 | 000,270,848 | ---- | M] (Teckda) -- C:\Users\Lucas\AppData\Roaming\Neuer Ordner\.minecraft\Minecraft Cracked.exe [2010.10.21 03:00:02 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Lucas\AppData\Roaming\Neuer Ordner\.minecraft\Minecraft Updater.exe [2012.04.04 21:43:52 | 000,270,142 | ---- | M] () -- C:\Users\Lucas\AppData\Roaming\Neuer Ordner\.minecraft\Minecraft.exe [2012.02.22 16:22:58 | 000,300,564 | ---- | M] () -- C:\Users\Lucas\AppData\Roaming\Neuer Ordner\.minecraft\Uninstall.exe [2012.04.04 22:00:44 | 000,026,112 | ---- | M] () -- C:\Users\Lucas\AppData\Roaming\Neuer Ordner\.minecraft\mods\Shaders-Windows\Shaders\INSTALLER.exe < %SYSTEMDRIVE%\*.exe > [2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.08.19 17:50:52 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.08.19 17:50:52 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.08.19 17:50:52 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.08.19 17:50:52 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.08.19 17:50:52 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.08.19 17:50:52 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.08.19 17:50:52 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.08.19 17:50:52 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
|
13.09.2012, 14:08
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Sirefef-AHF/Maleware-Gen nach Facebooknachricht.Code:
ATTFilter OTL by OldTimer - Version 3.2.59.1
__________________ |
|
13.09.2012, 14:38
| #18 |
| | Sirefef-AHF/Maleware-Gen nach Facebooknachricht. entschuldigung.... hier das neue log OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 13.09.2012 15:19:07 - Run 5 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Lucas\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,40 Gb Available Physical Memory | 79,97% Memory free 15,99 Gb Paging File | 14,13 Gb Available in Paging File | 88,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 921,75 Gb Total Space | 612,30 Gb Free Space | 66,43% Space Free | Partition Type: NTFS Computer Name: LUCAS-PC | User Name: Lucas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Lucas\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe () PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe (UASSOFT.COM) ========== Modules (No Company Name) ========== MOD - \\?\globalroot\systemroot\syswow64\mswsock.DLL () ========== Services (SafeList) ========== SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (SystemStore) -- C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe () SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (KMWDSERVICE) -- C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe (UASSOFT.COM) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices) DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.) DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.) DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.) DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.) DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (AODDriver4.0) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3184936613-344643640-2133257759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKU\S-1-5-21-3184936613-344643640-2133257759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-3184936613-344643640-2133257759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.de/ IE - HKU\S-1-5-21-3184936613-344643640-2133257759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3184936613-344643640-2133257759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3184936613-344643640-2133257759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2D 68 A6 13 28 79 CC 01 [binary data] IE - HKU\S-1-5-21-3184936613-344643640-2133257759-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-3184936613-344643640-2133257759-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-3184936613-344643640-2133257759-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3184936613-344643640-2133257759-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3184936613-344643640-2133257759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3184936613-344643640-2133257759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.98.12 FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.27 08:53:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.16 21:27:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.16 21:27:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucas\AppData\Roaming\mozilla\Extensions [2012.09.03 22:40:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucas\AppData\Roaming\mozilla\Firefox\Profiles\e45f6zac.default\extensions [2012.08.21 21:15:05 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Lucas\AppData\Roaming\mozilla\Firefox\Profiles\e45f6zac.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2012.07.05 15:28:38 | 000,002,474 | ---- | M] () -- C:\Users\Lucas\AppData\Roaming\mozilla\firefox\profiles\e45f6zac.default\searchplugins\Web Search.xml [2012.04.22 10:41:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.08.27 08:53:59 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2011.07.08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3184936613-344643640-2133257759-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKU\S-1-5-21-3184936613-344643640-2133257759-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32F4ECE4-70E3-41EA-907E-B11433093E35}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80DC9DDA-8681-4E74-A685-EC32A81BADA8}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{b9094b5c-a33d-11e1-9e16-b5ac550d2696}\Shell - "" = AutoRun O33 - MountPoints2\{b9094b5c-a33d-11e1-9e16-b5ac550d2696}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe O33 - MountPoints2\{e9f641cb-758a-11e1-9d58-f46d04f0bd19}\Shell - "" = AutoRun O33 - MountPoints2\{e9f641cb-758a-11e1-9d58-f46d04f0bd19}\Shell\AutoRun\command - "" = F:\PdfCatalog.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpFolder: C:^Users^Lucas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Product Registration.lnk - - File not found MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: C: - hkey= - key= - Reg Error: Value error. File not found MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: KMCONFIG - hkey= - key= - File not found MsConfig:64bit - StartUpReg: MurGee.com Auto Keyboard - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Start WingMan Profiler - hkey= - key= - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) MsConfig:64bit - StartUpReg: Turbo Key - hkey= - key= - C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe (ASUSTeK Computer Inc.) MsConfig:64bit - State: "bootini" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: BFE - Service SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: MPSSvc - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: BFE - Service SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MPSSvc - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L) Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.09.13 15:11:07 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe [2012.09.12 14:35:22 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\{55B8DEAB-7082-4C64-B99F-ADF576A28051} [2012.09.08 13:52:59 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\{E52A845B-85B9-438B-9902-85438BE1AF63} [2012.09.05 21:10:08 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\{7F289EE4-C1A6-49A2-B94C-DC58A2A40EE7} [2012.09.05 21:09:40 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\{025CC301-B561-47D4-9B77-78424ABFD972} [2012.09.03 18:32:44 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\{0AE709C4-8ADC-4437-B2C5-0EBDB2D24F6C} [2012.09.01 16:27:43 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012.09.01 16:14:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.09.01 14:23:46 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Roaming\Malwarebytes [2012.09.01 14:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.01 14:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.01 14:23:37 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.01 14:23:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.30 15:23:04 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\{E809E9C8-4164-4196-B93D-1C00371DC6B2} [2012.08.30 12:00:07 | 000,000,000 | ---D | C] -- C:\Users\Lucas\Desktop\Video Files [2012.08.30 11:58:37 | 000,070,144 | ---- | C] (NirSoft) -- C:\Users\Lucas\Desktop\VideoCacheView.exe [2012.08.30 10:14:24 | 000,000,000 | ---D | C] -- C:\Users\Lucas\Desktop\Neuer Ordner [2012.08.30 09:34:10 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Lucas\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.27 09:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.08.27 09:13:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.08.27 09:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2012.08.25 13:33:06 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\{E33510A5-86B0-450E-8437-775B6FE0721C} [2012.08.24 20:51:25 | 000,000,000 | RHSD | C] -- C:\Users\Lucas\M-10-5845-8588-3464 [2012.08.24 08:14:25 | 000,000,000 | RHSD | C] -- C:\Users\Lucas\M-10-7960-8588-3464 [2012.08.23 14:33:30 | 000,000,000 | ---D | C] -- C:\Users\Lucas\Desktop\we love sommer12 [2012.08.22 14:50:59 | 025,633,928 | ---- | C] (Razer USA Ltd. ) -- C:\Users\Lucas\Desktop\Razer_Imperator_Driver_v2.02.exe [2012.08.22 14:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer [2012.08.22 14:41:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer [2012.08.22 14:38:24 | 025,375,528 | ---- | C] (Razer USA Ltd. ) -- C:\Users\Lucas\Desktop\Imperator_Driver_v1.02.exe [2012.08.21 21:14:46 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\{9D44ECCB-1FD9-452C-8085-6A8845410304} [2012.08.21 20:57:33 | 000,000,000 | RHSD | C] -- C:\Users\Lucas\M-0-5778-6436-2457 [2012.08.20 20:30:50 | 000,000,000 | ---D | C] -- C:\Users\Lucas\AppData\Local\{11701F05-1CB5-4902-9F46-DB6AA02ECD33} [2012.08.19 21:51:14 | 000,000,000 | RHSD | C] -- C:\Users\Lucas\M-10-6897-8685-3464 [2012.08.14 21:11:57 | 000,000,000 | ---D | C] -- C:\Users\Lucas\Documents\TubeBox [5 C:\Windows\Installer\{4b4ca271-0f3c-c8a3-a686-04c709bef670}\U\*.tmp files -> C:\Windows\Installer\{4b4ca271-0f3c-c8a3-a686-04c709bef670}\U\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.13 15:11:07 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe [2012.09.13 14:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.13 12:55:49 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.13 12:55:49 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.13 12:47:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.13 12:47:50 | 2145,951,743 | -HS- | M] () -- C:\hiberfil.sys [2012.09.10 10:03:46 | 000,000,056 | ---- | M] () -- C:\Users\Lucas\AppData\Roaming\mbam.context.scan [2012.09.10 09:59:07 | 004,883,399 | ---- | M] () -- C:\Users\Lucas\Desktop\MW3MU.rar [2012.09.07 15:53:14 | 000,001,211 | ---- | M] () -- C:\Users\Lucas\Desktop\VideoCacheView.cfg [2012.09.03 17:23:16 | 000,511,265 | ---- | M] () -- C:\Users\Lucas\Desktop\adwcleaner.exe [2012.09.01 14:23:38 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.30 10:13:01 | 000,085,087 | ---- | M] () -- C:\Users\Lucas\Desktop\videocacheview_2-35.zip [2012.08.30 10:11:33 | 000,061,607 | ---- | M] () -- C:\Users\Lucas\Desktop\Desktops102.zip [2012.08.30 09:34:48 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Lucas\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.27 08:54:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.08.25 11:05:29 | 000,000,000 | -H-- | M] () -- C:\Users\Lucas\AppData\Roaming\winbros.sys [2012.08.24 08:14:32 | 000,000,000 | -H-- | M] () -- C:\Users\Lucas\AppData\Roaming\winbras.sys [2012.08.24 08:14:31 | 000,000,000 | -H-- | M] () -- C:\Users\Lucas\AppData\Roaming\ztddttud.sys [2012.08.22 21:17:54 | 000,085,464 | ---- | M] () -- C:\Users\Lucas\Desktop\Minecraft.jar [2012.08.22 21:00:05 | 001,642,226 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.22 21:00:05 | 000,711,674 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.22 21:00:05 | 000,656,702 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.22 21:00:05 | 000,152,688 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.22 21:00:05 | 000,125,184 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.22 14:59:30 | 000,300,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.22 14:59:20 | 452,866,102 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.08.22 14:53:43 | 000,002,070 | ---- | M] () -- C:\Users\Lucas\Desktop\Konfig. der Razer Imperator.lnk [2012.08.22 14:52:39 | 025,633,928 | ---- | M] (Razer USA Ltd. ) -- C:\Users\Lucas\Desktop\Razer_Imperator_Driver_v2.02.exe [2012.08.22 14:40:06 | 025,375,528 | ---- | M] (Razer USA Ltd. ) -- C:\Users\Lucas\Desktop\Imperator_Driver_v1.02.exe [2012.08.21 11:13:13 | 000,969,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012.08.21 11:13:13 | 000,359,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012.08.21 11:13:13 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012.08.21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.08.21 11:13:12 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2012.08.21 11:13:11 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.08.21 11:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012.08.18 12:18:27 | 000,004,823 | ---- | M] () -- C:\Users\Lucas\Desktop\config.mw3esp [2012.08.18 12:16:27 | 000,453,266 | ---- | M] () -- C:\Users\Lucas\Desktop\MW3 .NET External ESP v2.13 by master131_mpgh.net.rar [2012.08.18 11:43:04 | 000,465,920 | ---- | M] () -- C:\Users\Lucas\Desktop\Launcher.exe ========== Files Created - No Company Name ========== [2012.09.13 15:19:01 | 000,090,624 | ---- | C] () -- C:\Windows\Installer\{4b4ca271-0f3c-c8a3-a686-04c709bef670}\U\80000032.@ [2012.09.13 15:19:00 | 000,077,824 | ---- | C] () -- C:\Windows\Installer\{4b4ca271-0f3c-c8a3-a686-04c709bef670}\U\80000064.@ [2012.09.12 21:19:47 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{4b4ca271-0f3c-c8a3-a686-04c709bef670}\U\00000004.@ [2012.09.12 21:19:47 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{4b4ca271-0f3c-c8a3-a686-04c709bef670}\U\000000cb.@ [2012.09.10 10:03:46 | 000,000,056 | ---- | C] () -- C:\Users\Lucas\AppData\Roaming\mbam.context.scan [2012.09.06 21:16:19 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{4b4ca271-0f3c-c8a3-a686-04c709bef670}\U\00000008.@ [2012.09.03 17:23:16 | 000,511,265 | ---- | C] () -- C:\Users\Lucas\Desktop\adwcleaner.exe [2012.09.01 14:23:38 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.30 12:00:54 | 000,001,211 | ---- | C] () -- C:\Users\Lucas\Desktop\VideoCacheView.cfg [2012.08.30 10:13:01 | 000,085,087 | ---- | C] () -- C:\Users\Lucas\Desktop\videocacheview_2-35.zip [2012.08.30 10:11:33 | 000,061,607 | ---- | C] () -- C:\Users\Lucas\Desktop\Desktops102.zip [2012.08.25 11:05:29 | 000,000,000 | -H-- | C] () -- C:\Users\Lucas\AppData\Roaming\winbros.sys [2012.08.24 08:14:31 | 000,000,000 | -H-- | C] () -- C:\Users\Lucas\AppData\Roaming\ztddttud.sys [2012.08.22 14:57:02 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{4b4ca271-0f3c-c8a3-a686-04c709bef670}\L\00000004.@ [2012.08.22 14:53:43 | 000,002,070 | ---- | C] () -- C:\Users\Lucas\Desktop\Konfig. der Razer Imperator.lnk [2012.08.21 11:25:20 | 000,000,000 | -H-- | C] () -- C:\Users\Lucas\AppData\Roaming\winbras.sys [2012.08.18 12:16:27 | 000,453,266 | ---- | C] () -- C:\Users\Lucas\Desktop\MW3 .NET External ESP v2.13 by master131_mpgh.net.rar [2012.08.16 15:01:43 | 004,883,399 | ---- | C] () -- C:\Users\Lucas\Desktop\MW3MU.rar [2012.04.21 13:14:08 | 000,164,352 | -HS- | C] () -- C:\Windows\SysWow64\SC.dll [2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.02.09 18:24:18 | 000,000,218 | ---- | C] () -- C:\Users\Lucas\.recently-used.xbel [2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.01.11 15:18:08 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{4b4ca271-0f3c-c8a3-a686-04c709bef670}\@ [2012.01.11 15:18:08 | 000,002,048 | -HS- | C] () -- C:\Users\Lucas\AppData\Local\{4b4ca271-0f3c-c8a3-a686-04c709bef670}\@ [2011.12.25 15:55:51 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.12.25 12:37:28 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2011.12.08 18:14:44 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2011.12.08 18:14:44 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2011.12.08 18:14:42 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2011.12.08 18:14:42 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2011.12.08 18:05:47 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.10.11 20:16:51 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2011.09.30 14:37:50 | 000,007,596 | ---- | C] () -- C:\Users\Lucas\AppData\Local\resmon.resmoncfg [2011.09.22 17:47:13 | 000,017,408 | ---- | C] () -- C:\Users\Lucas\AppData\Local\WebpageIcons.db [2011.09.22 17:41:44 | 001,619,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.20 14:13:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2012.09.07 12:04:00 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\.minecraft [2011.10.12 17:23:31 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Atari [2012.04.03 20:17:45 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Audacity [2012.01.25 16:58:45 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Day 1 Studios [2011.11.11 21:18:27 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\DVDVideoSoft [2011.12.16 21:44:52 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\FireShot [2012.02.09 18:24:26 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\foobar2000 [2011.12.25 12:23:36 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Fraunhofer [2012.05.09 18:45:52 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Freemium [2011.10.27 15:28:48 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\gtk-2.0 [2011.10.27 16:53:22 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\inkscape [2012.04.17 15:10:51 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Jens Lorek [2011.10.11 20:16:38 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Leadertech [2011.10.20 17:36:18 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\LibreOffice [2012.07.14 14:43:40 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\MW2 FoV Changer [2012.05.04 17:43:20 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\MW3 FoV Changer [2012.07.30 18:45:06 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Neuer Ordner [2011.12.11 19:54:43 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Publish Providers [2012.08.18 23:34:11 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\SoftGrid Client [2011.12.12 17:05:15 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Sony [2012.01.23 20:27:10 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TeamViewer [2011.09.22 17:42:32 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TP [2012.02.01 17:59:45 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TS3Client [2011.10.05 14:36:05 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Windows Live Writer [2012.09.02 09:18:48 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.09.07 12:04:00 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\.minecraft [2012.01.09 21:28:21 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Adobe [2012.01.14 11:59:44 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Apple Computer [2011.10.12 17:23:31 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Atari [2011.09.22 15:57:33 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\ATI [2012.04.03 20:17:45 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Audacity [2012.01.25 16:58:45 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Day 1 Studios [2011.11.08 18:58:12 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\DivX [2011.11.11 21:18:27 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\DVDVideoSoft [2011.12.16 21:44:52 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\FireShot [2012.02.09 18:24:26 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\foobar2000 [2011.12.25 12:23:36 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Fraunhofer [2012.05.09 18:45:52 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Freemium [2011.10.27 15:28:48 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\gtk-2.0 [2011.09.22 15:01:39 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\HpUpdate [2011.09.22 14:44:25 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Identities [2011.10.27 16:53:22 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\inkscape [2012.04.17 15:10:51 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Jens Lorek [2011.10.11 20:16:38 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Leadertech [2011.10.20 17:36:18 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\LibreOffice [2011.09.22 16:28:43 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Macromedia [2012.09.01 14:23:46 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Malwarebytes [2011.04.12 09:54:43 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Media Center Programs [2012.08.19 21:51:17 | 000,000,000 | --SD | M] -- C:\Users\Lucas\AppData\Roaming\Microsoft [2011.12.16 21:27:23 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Mozilla [2012.07.14 14:43:40 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\MW2 FoV Changer [2012.05.04 17:43:20 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\MW3 FoV Changer [2012.07.30 18:45:06 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Neuer Ordner [2011.12.11 19:54:43 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Publish Providers [2011.09.22 19:08:20 | 000,000,000 | RH-D | M] -- C:\Users\Lucas\AppData\Roaming\SecuROM [2012.09.13 12:57:46 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Skype [2012.08.18 23:34:11 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\SoftGrid Client [2011.12.12 17:05:15 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Sony [2012.01.23 20:27:10 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TeamViewer [2011.09.22 17:42:32 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TP [2012.02.01 17:59:45 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TS3Client [2012.09.07 15:52:12 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\vlc [2011.12.27 14:37:53 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Winamp [2011.10.05 14:36:05 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Windows Live Writer [2011.11.01 22:35:05 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.03.01 15:26:14 | 000,270,848 | ---- | M] (Teckda) -- C:\Users\Lucas\AppData\Roaming\.minecraft\Minecraft Cracked.exe [2010.10.21 03:00:02 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Lucas\AppData\Roaming\.minecraft\Minecraft Updater.exe [2012.04.04 21:43:52 | 000,270,142 | ---- | M] () -- C:\Users\Lucas\AppData\Roaming\.minecraft\Minecraft.exe [2012.02.22 16:22:58 | 000,300,564 | ---- | M] () -- C:\Users\Lucas\AppData\Roaming\.minecraft\Uninstall.exe [2011.10.01 17:16:58 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Lucas\AppData\Roaming\Microsoft\Installer\{917E73C2-C7DA-4C12-9774-A6A2730BCAAB}\ARPPRODUCTICON.exe [2011.10.01 17:16:58 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Lucas\AppData\Roaming\Microsoft\Installer\{917E73C2-C7DA-4C12-9774-A6A2730BCAAB}\NewShortcut1_5AF90193CBA147C0B255378E5E8C61DE.exe [2011.10.01 17:16:58 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Lucas\AppData\Roaming\Microsoft\Installer\{917E73C2-C7DA-4C12-9774-A6A2730BCAAB}\NewShortcut2_5AF90193CBA147C0B255378E5E8C61DE.exe [2011.10.01 17:16:58 | 000,001,078 | R--- | M] () -- C:\Users\Lucas\AppData\Roaming\Microsoft\Installer\{917E73C2-C7DA-4C12-9774-A6A2730BCAAB}\NewShortcut5_5AF90193CBA147C0B255378E5E8C61DE.exe [2011.10.01 17:16:58 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Lucas\AppData\Roaming\Microsoft\Installer\{917E73C2-C7DA-4C12-9774-A6A2730BCAAB}\NewShortcut8_917E73C2C7DA4C129774A6A2730BCAAB.exe [2012.07.11 23:54:06 | 000,060,824 | ---- | M] (getfireshot.com) -- C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\e45f6zac.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\crashreporter.exe [2012.07.11 23:54:04 | 000,145,816 | ---- | M] (getfireshot.com) -- C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\e45f6zac.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-container.exe [2012.07.11 23:53:44 | 000,074,648 | ---- | M] (getfireshot.com) -- C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\e45f6zac.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-deploy.exe [2011.03.01 15:26:14 | 000,270,848 | ---- | M] (Teckda) -- C:\Users\Lucas\AppData\Roaming\Neuer Ordner\.minecraft\Minecraft Cracked.exe [2010.10.21 03:00:02 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Lucas\AppData\Roaming\Neuer Ordner\.minecraft\Minecraft Updater.exe [2012.04.04 21:43:52 | 000,270,142 | ---- | M] () -- C:\Users\Lucas\AppData\Roaming\Neuer Ordner\.minecraft\Minecraft.exe [2012.02.22 16:22:58 | 000,300,564 | ---- | M] () -- C:\Users\Lucas\AppData\Roaming\Neuer Ordner\.minecraft\Uninstall.exe [2012.04.04 22:00:44 | 000,026,112 | ---- | M] () -- C:\Users\Lucas\AppData\Roaming\Neuer Ordner\.minecraft\mods\Shaders-Windows\Shaders\INSTALLER.exe < %SYSTEMDRIVE%\*.exe > [2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.08.19 17:50:52 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.08.19 17:50:52 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.08.19 17:50:52 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.08.19 17:50:52 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.08.19 17:50:52 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.08.19 17:50:52 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.08.19 17:50:52 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.08.19 17:50:52 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
|
13.09.2012, 21:00
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sirefef-AHF/Maleware-Gen nach Facebooknachricht. Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - user.js - File not found
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b9094b5c-a33d-11e1-9e16-b5ac550d2696}\Shell - "" = AutoRun
O33 - MountPoints2\{b9094b5c-a33d-11e1-9e16-b5ac550d2696}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O33 - MountPoints2\{e9f641cb-758a-11e1-9d58-f46d04f0bd19}\Shell - "" = AutoRun
O33 - MountPoints2\{e9f641cb-758a-11e1-9d58-f46d04f0bd19}\Shell\AutoRun\command - "" = F:\PdfCatalog.exe
:Files
C:\Users\Lucas\AppData\Local\{*
C:\Users\Lucas\M-*
C:\Users\Lucas\AppData\Roaming\win*
C:\Users\Lucas\AppData\Roaming\ztd*
C:\Windows\Installer\{4b4ca271-0f3c-c8a3-a686-04c709bef670}
C:\Users\Lucas\AppData\Local\{4b4ca271-0f3c-c8a3-a686-04c709bef670}
C:\Program Files (x86)\BabylonToolbar
C:\Users\Lucas\Desktop\alles²\SoftonicDownloader_fuer_fl-studio.exe
C:\Users\Lucas\Desktop\alles²\Festplatte\von werner\conviction\SKIDROW
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.09.2012, 12:58
| #20 |
| | Sirefef-AHF/Maleware-Gen nach Facebooknachricht. so! gefixt habe ich nun und OTL hat mir eine ewig lange liste "ausgespuckt" ist das normal? Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9094b5c-a33d-11e1-9e16-b5ac550d2696}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9094b5c-a33d-11e1-9e16-b5ac550d2696}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9094b5c-a33d-11e1-9e16-b5ac550d2696}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9094b5c-a33d-11e1-9e16-b5ac550d2696}\ not found.
File F:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9f641cb-758a-11e1-9d58-f46d04f0bd19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9f641cb-758a-11e1-9d58-f46d04f0bd19}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9f641cb-758a-11e1-9d58-f46d04f0bd19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9f641cb-758a-11e1-9d58-f46d04f0bd19}\ not found.
File F:\PdfCatalog.exe not found.
========== FILES ==========
C:\Users\Lucas\AppData\Local\{01AE1E1F-D305-4B08-9610-9C6F12877985} folder moved successfully.
C:\Users\Lucas\AppData\Local\{025CC301-B561-47D4-9B77-78424ABFD972} folder moved successfully.
C:\Users\Lucas\AppData\Local\{03A0CF6D-3D97-4563-9D4C-B3FE541C88E1} folder moved successfully.
C:\Users\Lucas\AppData\Local\{04E7DB95-9F39-47E7-90B7-24D275089C34} folder moved successfully.
C:\Users\Lucas\AppData\Local\{0507F70F-05D5-446A-A82F-FC5AD3507598} folder moved successfully.
C:\Users\Lucas\AppData\Local\{0A483F93-F18D-4C2C-B8EF-50A779992799} folder moved successfully.
C:\Users\Lucas\AppData\Local\{0AE709C4-8ADC-4437-B2C5-0EBDB2D24F6C} folder moved successfully.
C:\Users\Lucas\AppData\Local\{0DEBF82C-1B89-40F2-A932-950C1C251E9D} folder moved successfully.
C:\Users\Lucas\AppData\Local\{0F6BAD53-EE89-4A2A-8DD6-743DBA108BB8} folder moved successfully.
C:\Users\Lucas\AppData\Local\{0FBF6F61-8132-458C-8886-7D6D55A6B77B} folder moved successfully.
C:\Users\Lucas\AppData\Local\{0FCB4AEA-FA0D-40EB-9FED-A59FB3C4D499} folder moved successfully.
C:\Users\Lucas\AppData\Local\{1139CD08-E8E1-4D37-AF9F-ED8DCF3994CB} folder moved successfully.
C:\Users\Lucas\AppData\Local\{113DCB63-1686-41EA-B6E1-C42FBA59B745} folder moved successfully.
C:\Users\Lucas\AppData\Local\{11701F05-1CB5-4902-9F46-DB6AA02ECD33} folder moved successfully.
C:\Users\Lucas\AppData\Local\{16702662-43E5-4553-9B37-DA1D04082AA5} folder moved successfully.
C:\Users\Lucas\AppData\Local\{18F46D78-124B-4677-B1BF-FEF35C78B691} folder moved successfully.
C:\Users\Lucas\AppData\Local\{1C2A773E-A510-4D3F-98F8-EC88137044A7} folder moved successfully.
C:\Users\Lucas\AppData\Local\{20B7BC3E-5FF0-4170-BEEC-EC1C70BC067B} folder moved successfully.
C:\Users\Lucas\AppData\Local\{264F9D23-6181-4A5B-99E6-80D49A462B28} folder moved successfully.
C:\Users\Lucas\AppData\Local\{269F724E-7DC4-4AAD-B0AD-E0DE8CDF6EAA} folder moved successfully.
C:\Users\Lucas\AppData\Local\{2A7B101C-FB55-48B1-AA24-48316E49612F} folder moved successfully.
C:\Users\Lucas\AppData\Local\{30CF01D3-1641-4671-B22C-190697281D22} folder moved successfully.
C:\Users\Lucas\AppData\Local\{315928D2-114B-43B4-A7CA-0DCE068CB27B} folder moved successfully.
C:\Users\Lucas\AppData\Local\{33BD926D-C2A9-49B2-A1D8-3C18A7BDFBDE} folder moved successfully.
C:\Users\Lucas\AppData\Local\{36F5C17A-6109-42C9-8B46-58E607B3D139} folder moved successfully.
C:\Users\Lucas\AppData\Local\{38BA8321-7D1B-4CB9-9001-5E86B09E1F9B} folder moved successfully.
C:\Users\Lucas\AppData\Local\{3BBBFF79-10CF-4890-A201-B5FE48B9D41D} folder moved successfully.
C:\Users\Lucas\AppData\Local\{3EFA3E32-522B-413C-8F84-133FB5B839BD} folder moved successfully.
C:\Users\Lucas\AppData\Local\{3F973A18-8579-457F-A1BC-FACDEACA5F39} folder moved successfully.
C:\Users\Lucas\AppData\Local\{426919D7-48F0-4A21-AC43-B253660545B6} folder moved successfully.
C:\Users\Lucas\AppData\Local\{445AF7D7-150A-4B5E-8683-97D4073A44B6} folder moved successfully.
C:\Users\Lucas\AppData\Local\{4b4ca271-0f3c-c8a3-a686-04c709bef670}\U folder moved successfully.
C:\Users\Lucas\AppData\Local\{4b4ca271-0f3c-c8a3-a686-04c709bef670}\L folder moved successfully.
C:\Users\Lucas\AppData\Local\{4b4ca271-0f3c-c8a3-a686-04c709bef670} folder moved successfully.
C:\Users\Lucas\AppData\Local\{4C5BA6D2-E800-4035-9032-8AA6773A15C5} folder moved successfully.
C:\Users\Lucas\AppData\Local\{4FB5C6F1-082F-4C9D-B04F-2CCB593D0656} folder moved successfully.
C:\Users\Lucas\AppData\Local\{5132559A-BA11-4F9C-9A2D-87BB21610D4B} folder moved successfully.
C:\Users\Lucas\AppData\Local\{543EDD9D-5581-4D4A-A801-BC0CD14B6BEE} folder moved successfully.
C:\Users\Lucas\AppData\Local\{55310275-9EFF-4527-AB46-6AEECCC4A18D} folder moved successfully.
C:\Users\Lucas\AppData\Local\{55B8DEAB-7082-4C64-B99F-ADF576A28051} folder moved successfully.
C:\Users\Lucas\AppData\Local\{58915F0D-2061-4E19-94D6-713FF9BBE9E9} folder moved successfully.
C:\Users\Lucas\AppData\Local\{58B18127-3E0A-4FA5-B482-14933E534F7B} folder moved successfully.
C:\Users\Lucas\AppData\Local\{5C8536DE-0CCB-4E42-8752-0108B5CD213E} folder moved successfully.
C:\Users\Lucas\AppData\Local\{5DA440EE-D7C6-4444-AEB8-B013D7D441B2} folder moved successfully.
C:\Users\Lucas\AppData\Local\{652EB5E8-9152-44DB-9467-69381DA460C8} folder moved successfully.
C:\Users\Lucas\AppData\Local\{657A0472-C74F-42D2-B3ED-65BC08496F72} folder moved successfully.
C:\Users\Lucas\AppData\Local\{661C82C2-1AA8-4DF8-BBD0-B6ECBAB4C754} folder moved successfully.
C:\Users\Lucas\AppData\Local\{6BE8E619-09AE-4F9B-BDEF-9D2745A98AD7} folder moved successfully.
C:\Users\Lucas\AppData\Local\{6C653FA4-7E12-4035-BD17-5746AB4A19A4} folder moved successfully.
C:\Users\Lucas\AppData\Local\{6DA2943C-D70F-40F2-A5ED-366E1A097B1E} folder moved successfully.
C:\Users\Lucas\AppData\Local\{6E4871A2-B242-4A6F-BA97-DBBD086C24BF} folder moved successfully.
C:\Users\Lucas\AppData\Local\{72718B06-9CD7-48E1-8B56-C187EE3658C8} folder moved successfully.
C:\Users\Lucas\AppData\Local\{72F1EC8B-A98B-420A-A399-1E84080AB9A0} folder moved successfully.
C:\Users\Lucas\AppData\Local\{7BCB4CE4-BD2B-434C-BFDF-05B5768B95DA} folder moved successfully.
C:\Users\Lucas\AppData\Local\{7D06A825-EB55-4B5C-9975-8090FE7B2B71} folder moved successfully.
C:\Users\Lucas\AppData\Local\{7EB6C9E8-7246-4CDB-B173-1C69C958CFFB} folder moved successfully.
C:\Users\Lucas\AppData\Local\{7F289EE4-C1A6-49A2-B94C-DC58A2A40EE7} folder moved successfully.
C:\Users\Lucas\AppData\Local\{84C14F51-3412-4724-BFDA-52F6A0D511FA} folder moved successfully.
C:\Users\Lucas\AppData\Local\{899E0F0A-559D-4D34-89DC-9B8D78FBBC2D} folder moved successfully.
C:\Users\Lucas\AppData\Local\{8B9D9444-34D0-4EB7-B4BF-FE3943E5F2C4} folder moved successfully.
C:\Users\Lucas\AppData\Local\{8BD7B747-0DF2-49DD-92C3-F8A333F2765A} folder moved successfully.
C:\Users\Lucas\AppData\Local\{926C45BD-859D-4A5C-8D63-D9006FB40E61} folder moved successfully.
C:\Users\Lucas\AppData\Local\{937FA4DE-75FF-4935-9437-3C9AF18966BA} folder moved successfully.
C:\Users\Lucas\AppData\Local\{96EF63A7-A82F-436C-97E7-91DF776BB367} folder moved successfully.
C:\Users\Lucas\AppData\Local\{98AB2A16-E475-48CA-A5B6-EB455C16A3DA} folder moved successfully.
C:\Users\Lucas\AppData\Local\{98D10C29-1114-43D6-9429-3C318737DADE} folder moved successfully.
C:\Users\Lucas\AppData\Local\{9BB581FE-7DB3-40C8-8D72-3C75E5AC8B1E} folder moved successfully.
C:\Users\Lucas\AppData\Local\{9CC124AF-4041-430A-ADD8-1457BA25A2FF} folder moved successfully.
C:\Users\Lucas\AppData\Local\{9D44ECCB-1FD9-452C-8085-6A8845410304} folder moved successfully.
C:\Users\Lucas\AppData\Local\{9D4E54DE-3BEE-4D16-9F93-89B177D0C50A} folder moved successfully.
C:\Users\Lucas\AppData\Local\{A1732832-42F4-4C76-810A-F80F5B87A60E} folder moved successfully.
C:\Users\Lucas\AppData\Local\{A4176BCC-01D9-429B-97D6-A7018732CCE4} folder moved successfully.
C:\Users\Lucas\AppData\Local\{AC2E8AE8-FFAF-4BE2-B536-DF6F1F62120A} folder moved successfully.
C:\Users\Lucas\AppData\Local\{AD4007D8-62EE-47AA-992B-B0722C66641F} folder moved successfully.
C:\Users\Lucas\AppData\Local\{B2C7C4C1-0BE1-4F7D-9482-3D66547FFB54} folder moved successfully.
C:\Users\Lucas\AppData\Local\{B34AA924-896F-4143-BD86-45617E28EA7B} folder moved successfully.
C:\Users\Lucas\AppData\Local\{BB4D1112-6F60-41D0-AE4F-021624A17307} folder moved successfully.
C:\Users\Lucas\AppData\Local\{BB7B1F1E-3771-4C40-87BC-20419A029CA4} folder moved successfully.
C:\Users\Lucas\AppData\Local\{BC8360BF-2E93-49C3-AD5C-C4FBD21943F1} folder moved successfully.
C:\Users\Lucas\AppData\Local\{BC9A9D81-4CD0-4A70-99D8-F5E14D7A0F9A} folder moved successfully.
C:\Users\Lucas\AppData\Local\{BE139C49-2C0C-49BD-B625-39EAEA2B0961} folder moved successfully.
C:\Users\Lucas\AppData\Local\{BFDA9F1B-7967-4B04-9FD4-7E63A608E7A8} folder moved successfully.
C:\Users\Lucas\AppData\Local\{C5344F89-8F07-4442-8C42-D4D264DE433A} folder moved successfully.
C:\Users\Lucas\AppData\Local\{CA8F38D0-C685-4A8E-B629-99CA56C91744} folder moved successfully.
C:\Users\Lucas\AppData\Local\{CCB0FD55-D8AE-45FC-874D-C505AD10672E} folder moved successfully.
C:\Users\Lucas\AppData\Local\{CDB160C0-586E-47A9-93B5-7FB9D1AADCA5} folder moved successfully.
C:\Users\Lucas\AppData\Local\{CDC18563-6E1B-4D54-A37A-039995939EC4} folder moved successfully.
C:\Users\Lucas\AppData\Local\{D62D7EA8-2DC8-4CBF-8B7A-8EAE25D2DE8F} folder moved successfully.
C:\Users\Lucas\AppData\Local\{D980C71D-167B-4907-BD0E-6AB1A7EEE2E6} folder moved successfully.
C:\Users\Lucas\AppData\Local\{E317D09C-423C-4ECD-8DBA-FDBBA5490D5A} folder moved successfully.
C:\Users\Lucas\AppData\Local\{E33510A5-86B0-450E-8437-775B6FE0721C} folder moved successfully.
C:\Users\Lucas\AppData\Local\{E369ED80-4590-4055-8FA9-C59AFC125361} folder moved successfully.
C:\Users\Lucas\AppData\Local\{E38FF0DD-A843-4ABB-9555-957A59A2C426} folder moved successfully.
C:\Users\Lucas\AppData\Local\{E49DA8D1-3E29-4C5D-9BDD-2EC85FD7934E} folder moved successfully.
C:\Users\Lucas\AppData\Local\{E52A845B-85B9-438B-9902-85438BE1AF63} folder moved successfully.
C:\Users\Lucas\AppData\Local\{E5C72BBE-4BCE-4C58-9A3E-8C18D18DFC50} folder moved successfully.
C:\Users\Lucas\AppData\Local\{E6C305BE-C9B2-448E-BA60-AB1896417BE8} folder moved successfully.
C:\Users\Lucas\AppData\Local\{E809E9C8-4164-4196-B93D-1C00371DC6B2} folder moved successfully.
C:\Users\Lucas\AppData\Local\{EF114EBE-B18A-4D2F-A25E-0F7D0B95274F} folder moved successfully.
C:\Users\Lucas\AppData\Local\{F3522D38-BA02-4E7D-A56E-7AA08BC91264} folder moved successfully.
C:\Users\Lucas\AppData\Local\{F58B0DA6-A4A8-495D-B93C-D38C51CB1FA0} folder moved successfully.
C:\Users\Lucas\AppData\Local\{F6C0EEE4-1C08-44E7-80F5-CCC2422973BE} folder moved successfully.
C:\Users\Lucas\AppData\Local\{FC935923-25A0-439A-8AE2-81A96A1719ED} folder moved successfully.
C:\Users\Lucas\M-0-5778-6436-2457 folder moved successfully.
C:\Users\Lucas\M-10-5845-8588-3464 folder moved successfully.
C:\Users\Lucas\M-10-6897-8685-3464 folder moved successfully.
C:\Users\Lucas\M-10-7960-8588-3464 folder moved successfully.
C:\Users\Lucas\AppData\Roaming\Winamp\Plugins\omBrowser\cache\icons folder moved successfully.
C:\Users\Lucas\AppData\Roaming\Winamp\Plugins\omBrowser\cache folder moved successfully.
C:\Users\Lucas\AppData\Roaming\Winamp\Plugins\omBrowser folder moved successfully.
C:\Users\Lucas\AppData\Roaming\Winamp\Plugins\ml\omServices folder moved successfully.
C:\Users\Lucas\AppData\Roaming\Winamp\Plugins\ml\cache folder moved successfully.
C:\Users\Lucas\AppData\Roaming\Winamp\Plugins\ml folder moved successfully.
C:\Users\Lucas\AppData\Roaming\Winamp\Plugins\Gracenote folder moved successfully.
C:\Users\Lucas\AppData\Roaming\Winamp\Plugins folder moved successfully.
C:\Users\Lucas\AppData\Roaming\Winamp folder moved successfully.
C:\Users\Lucas\AppData\Roaming\winbras.sys moved successfully.
C:\Users\Lucas\AppData\Roaming\winbros.sys moved successfully.
C:\Users\Lucas\AppData\Roaming\Windows Live Writer\LinkGlossary folder moved successfully.
C:\Users\Lucas\AppData\Roaming\Windows Live Writer folder moved successfully.
C:\Users\Lucas\AppData\Roaming\windrvconfig.txt moved successfully.
C:\Users\Lucas\AppData\Roaming\WinRAR folder moved successfully.
C:\Users\Lucas\AppData\Roaming\ztddttud.sys moved successfully.
C:\Windows\Installer\{4b4ca271-0f3c-c8a3-a686-04c709bef670}\U folder moved successfully.
C:\Windows\Installer\{4b4ca271-0f3c-c8a3-a686-04c709bef670}\L folder moved successfully.
C:\Windows\Installer\{4b4ca271-0f3c-c8a3-a686-04c709bef670} folder moved successfully.
File\Folder C:\Users\Lucas\AppData\Local\{4b4ca271-0f3c-c8a3-a686-04c709bef670} not found.
File\Folder C:\Program Files (x86)\BabylonToolbar not found.
C:\Users\Lucas\Desktop\alles²\SoftonicDownloader_fuer_fl-studio.exe moved successfully.
C:\Users\Lucas\Desktop\alles²\Festplatte\von werner\conviction\SKIDROW\src\system folder moved successfully.
C:\Users\Lucas\Desktop\alles²\Festplatte\von werner\conviction\SKIDROW\src folder moved successfully.
C:\Users\Lucas\Desktop\alles²\Festplatte\von werner\conviction\SKIDROW folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Lucas\Desktop\cmd.bat deleted successfully.
C:\Users\Lucas\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Gast
User: HomeGroupUser$
User: Lucas
->Temp folder emptied: 4701939362 bytes
->Temporary Internet Files folder emptied: 9848805267 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 72378788 bytes
->Flash cache emptied: 3392 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 502076586 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 14687569996 bytes
Total Files Cleaned = 28.432,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.61.4 log created on 09142012_135005
Files\Folders moved on Reboot...
C:\Users\Lucas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
14.09.2012, 19:41
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sirefef-AHF/Maleware-Gen nach Facebooknachricht. Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> Sirefef-AHF/Maleware-Gen nach Facebooknachricht. |
|
14.09.2012, 21:25
| #22 |
| | Sirefef-AHF/Maleware-Gen nach Facebooknachricht. OKAY! Code:
ATTFilter
22:22:49.0870 3456 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
22:22:51.0102 3456 ============================================================
22:22:51.0102 3456 Current date / time: 2012/09/14 22:22:51.0102
22:22:51.0102 3456 SystemInfo:
22:22:51.0102 3456
22:22:51.0102 3456 OS Version: 6.1.7601 ServicePack: 1.0
22:22:51.0102 3456 Product type: Workstation
22:22:51.0102 3456 ComputerName: LUCAS-PC
22:22:51.0102 3456 UserName: Lucas
22:22:51.0102 3456 Windows directory: C:\Windows
22:22:51.0102 3456 System windows directory: C:\Windows
22:22:51.0102 3456 Running under WOW64
22:22:51.0102 3456 Processor architecture: Intel x64
22:22:51.0102 3456 Number of processors: 6
22:22:51.0102 3456 Page size: 0x1000
22:22:51.0102 3456 Boot type: Normal boot
22:22:51.0102 3456 ============================================================
22:22:53.0633 3456 BG loaded
22:22:55.0453 3456 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:22:55.0473 3456 ============================================================
22:22:55.0473 3456 \Device\Harddisk0\DR0:
22:22:55.0473 3456 MBR partitions:
22:22:55.0473 3456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x7337D800
22:22:55.0473 3456 ============================================================
22:22:55.0523 3456 C: <-> \Device\Harddisk0\DR0\Partition1
22:22:55.0523 3456 ============================================================
22:22:55.0523 3456 Initialize success
22:22:55.0523 3456 ============================================================
22:23:51.0510 4296 ============================================================
22:23:51.0510 4296 Scan started
22:23:51.0510 4296 Mode: Manual; SigCheck; TDLFS;
22:23:51.0510 4296 ============================================================
22:23:54.0147 4296 ================ Scan system memory ========================
22:23:54.0147 4296 System memory - ok
22:23:54.0147 4296 ================ Scan services =============================
22:23:54.0537 4296 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:23:54.0630 4296 1394ohci - ok
22:23:54.0646 4296 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:23:54.0662 4296 ACPI - ok
22:23:54.0693 4296 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:23:54.0740 4296 AcpiPmi - ok
22:23:54.0896 4296 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:23:54.0896 4296 AdobeARMservice - ok
22:23:55.0020 4296 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:23:55.0036 4296 AdobeFlashPlayerUpdateSvc - ok
22:23:55.0098 4296 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:23:55.0114 4296 adp94xx - ok
22:23:55.0145 4296 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:23:55.0161 4296 adpahci - ok
22:23:55.0176 4296 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:23:55.0192 4296 adpu320 - ok
22:23:55.0223 4296 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:23:55.0254 4296 AeLookupSvc - ok
22:23:55.0286 4296 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:23:55.0301 4296 AFD - ok
22:23:55.0348 4296 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:23:55.0364 4296 agp440 - ok
22:23:55.0395 4296 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:23:55.0426 4296 ALG - ok
22:23:55.0457 4296 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:23:55.0473 4296 aliide - ok
22:23:55.0535 4296 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:23:55.0566 4296 AMD External Events Utility - ok
22:23:55.0644 4296 AMD FUEL Service - ok
22:23:55.0676 4296 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:23:55.0691 4296 amdide - ok
22:23:55.0707 4296 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
22:23:55.0722 4296 amdiox64 - ok
22:23:55.0738 4296 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:23:55.0754 4296 AmdK8 - ok
22:23:56.0003 4296 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:23:56.0128 4296 amdkmdag - ok
22:23:56.0175 4296 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
22:23:56.0206 4296 amdkmdap - ok
22:23:56.0237 4296 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
22:23:56.0284 4296 AmdPPM - ok
22:23:56.0315 4296 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:23:56.0331 4296 amdsata - ok
22:23:56.0378 4296 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
22:23:56.0378 4296 amdsbs - ok
22:23:56.0393 4296 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:23:56.0409 4296 amdxata - ok
22:23:56.0440 4296 [ 80A508D0C7A21BC13C01D4C671541203 ] amd_sata C:\Windows\system32\drivers\amd_sata.sys
22:23:56.0440 4296 amd_sata - ok
22:23:56.0456 4296 [ 2BE940F3A632A1A301B22B096BF221F1 ] amd_xata C:\Windows\system32\drivers\amd_xata.sys
22:23:56.0471 4296 amd_xata - ok
22:23:56.0518 4296 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.0 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
22:23:56.0518 4296 AODDriver4.0 - ok
22:23:56.0549 4296 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
22:23:56.0565 4296 AODDriver4.01 - ok
22:23:56.0612 4296 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
22:23:56.0612 4296 AODDriver4.1 - ok
22:23:56.0643 4296 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:23:56.0721 4296 AppID - ok
22:23:56.0736 4296 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:23:56.0814 4296 AppIDSvc - ok
22:23:56.0846 4296 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:23:56.0892 4296 Appinfo - ok
22:23:56.0970 4296 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:23:56.0986 4296 Apple Mobile Device - ok
22:23:57.0017 4296 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
22:23:57.0033 4296 arc - ok
22:23:57.0080 4296 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:23:57.0095 4296 arcsas - ok
22:23:57.0189 4296 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
22:23:57.0189 4296 AsIO - ok
22:23:57.0298 4296 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:23:57.0345 4296 aspnet_state - ok
22:23:57.0438 4296 [ 798A87B2D7AD73B16B7CD968C5D1F18F ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
22:23:57.0470 4296 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - warning
22:23:57.0470 4296 AsSysCtrlService - detected UnsignedFile.Multi.Generic (1)
22:23:57.0501 4296 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
22:23:57.0516 4296 aswFsBlk - ok
22:23:57.0563 4296 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
22:23:57.0579 4296 aswMonFlt - ok
22:23:57.0641 4296 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
22:23:57.0641 4296 aswRdr - ok
22:23:57.0688 4296 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
22:23:57.0704 4296 aswSnx - ok
22:23:57.0719 4296 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
22:23:57.0735 4296 aswSP - ok
22:23:57.0750 4296 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
22:23:57.0766 4296 aswTdi - ok
22:23:57.0828 4296 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:23:57.0938 4296 AsyncMac - ok
22:23:57.0953 4296 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:23:57.0984 4296 atapi - ok
22:23:58.0109 4296 [ 820630334B7866F6F3A5ACDECB02DBEB ] athr C:\Windows\system32\DRIVERS\athrx.sys
22:23:58.0156 4296 athr - ok
22:23:58.0234 4296 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
22:23:58.0234 4296 AtiHDAudioService - ok
22:23:58.0343 4296 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:23:58.0421 4296 AudioEndpointBuilder - ok
22:23:58.0437 4296 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:23:58.0484 4296 AudioSrv - ok
22:23:58.0562 4296 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:23:58.0577 4296 avast! Antivirus - ok
22:23:58.0640 4296 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:23:58.0686 4296 AxInstSV - ok
22:23:58.0749 4296 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
22:23:58.0796 4296 b06bdrv - ok
22:23:58.0827 4296 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:23:58.0874 4296 b57nd60a - ok
22:23:58.0905 4296 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:23:58.0920 4296 BDESVC - ok
22:23:58.0936 4296 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:23:58.0983 4296 Beep - ok
22:23:59.0030 4296 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
22:23:59.0061 4296 blbdrive - ok
22:23:59.0123 4296 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:23:59.0139 4296 Bonjour Service - ok
22:23:59.0154 4296 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:23:59.0186 4296 bowser - ok
22:23:59.0217 4296 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
22:23:59.0279 4296 BrFiltLo - ok
22:23:59.0310 4296 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
22:23:59.0310 4296 BrFiltUp - ok
22:23:59.0357 4296 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:23:59.0357 4296 Browser - ok
22:23:59.0388 4296 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:23:59.0451 4296 Brserid - ok
22:23:59.0466 4296 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:23:59.0498 4296 BrSerWdm - ok
22:23:59.0544 4296 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:23:59.0576 4296 BrUsbMdm - ok
22:23:59.0591 4296 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:23:59.0622 4296 BrUsbSer - ok
22:23:59.0638 4296 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:23:59.0669 4296 BTHMODEM - ok
22:23:59.0700 4296 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:23:59.0732 4296 bthserv - ok
22:23:59.0778 4296 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:23:59.0810 4296 cdfs - ok
22:23:59.0856 4296 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:23:59.0888 4296 cdrom - ok
22:23:59.0919 4296 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:23:59.0950 4296 CertPropSvc - ok
22:23:59.0966 4296 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
22:23:59.0981 4296 circlass - ok
22:24:00.0028 4296 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:24:00.0044 4296 CLFS - ok
22:24:00.0153 4296 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:24:00.0184 4296 clr_optimization_v2.0.50727_32 - ok
22:24:00.0215 4296 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:24:00.0231 4296 clr_optimization_v2.0.50727_64 - ok
22:24:00.0278 4296 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:24:00.0356 4296 clr_optimization_v4.0.30319_32 - ok
22:24:00.0371 4296 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:24:00.0402 4296 clr_optimization_v4.0.30319_64 - ok
22:24:00.0449 4296 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
22:24:00.0465 4296 CmBatt - ok
22:24:00.0520 4296 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:24:00.0546 4296 cmdide - ok
22:24:00.0586 4296 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:24:00.0617 4296 CNG - ok
22:24:00.0633 4296 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
22:24:00.0664 4296 Compbatt - ok
22:24:00.0711 4296 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:24:00.0742 4296 CompositeBus - ok
22:24:00.0757 4296 COMSysApp - ok
22:24:01.0054 4296 cpuz130 - ok
22:24:01.0085 4296 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:24:01.0132 4296 crcdisk - ok
22:24:01.0194 4296 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:24:01.0241 4296 CryptSvc - ok
22:24:01.0366 4296 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:24:01.0381 4296 cvhsvc - ok
22:24:01.0413 4296 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:24:01.0459 4296 DcomLaunch - ok
22:24:01.0491 4296 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:24:01.0522 4296 defragsvc - ok
22:24:01.0553 4296 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:24:01.0584 4296 DfsC - ok
22:24:01.0615 4296 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:24:01.0662 4296 Dhcp - ok
22:24:01.0693 4296 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:24:01.0725 4296 discache - ok
22:24:01.0756 4296 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
22:24:01.0771 4296 Disk - ok
22:24:01.0803 4296 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:24:01.0818 4296 Dnscache - ok
22:24:01.0834 4296 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:24:01.0865 4296 dot3svc - ok
22:24:01.0881 4296 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:24:01.0912 4296 DPS - ok
22:24:01.0943 4296 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:24:01.0959 4296 drmkaud - ok
22:24:01.0990 4296 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:24:02.0005 4296 DXGKrnl - ok
22:24:02.0037 4296 EagleX64 - ok
22:24:02.0068 4296 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:24:02.0099 4296 EapHost - ok
22:24:02.0161 4296 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
22:24:02.0224 4296 ebdrv - ok
22:24:02.0239 4296 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:24:02.0302 4296 EFS - ok
22:24:02.0333 4296 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:24:02.0364 4296 ehRecvr - ok
22:24:02.0427 4296 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:24:02.0458 4296 ehSched - ok
22:24:02.0473 4296 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:24:02.0489 4296 elxstor - ok
22:24:02.0505 4296 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:24:02.0536 4296 ErrDev - ok
22:24:02.0567 4296 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:24:02.0598 4296 EventSystem - ok
22:24:02.0629 4296 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:24:02.0645 4296 exfat - ok
22:24:02.0661 4296 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:24:02.0692 4296 fastfat - ok
22:24:02.0723 4296 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:24:02.0754 4296 Fax - ok
22:24:02.0770 4296 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
22:24:02.0785 4296 fdc - ok
22:24:02.0817 4296 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:24:02.0848 4296 fdPHost - ok
22:24:02.0863 4296 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:24:02.0895 4296 FDResPub - ok
22:24:02.0910 4296 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:24:02.0910 4296 FileInfo - ok
22:24:02.0926 4296 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:24:02.0957 4296 Filetrace - ok
22:24:02.0973 4296 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
22:24:02.0973 4296 flpydisk - ok
22:24:03.0004 4296 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:24:03.0019 4296 FltMgr - ok
22:24:03.0051 4296 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:24:03.0066 4296 FontCache - ok
22:24:03.0113 4296 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:24:03.0129 4296 FontCache3.0.0.0 - ok
22:24:03.0129 4296 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:24:03.0144 4296 FsDepends - ok
22:24:03.0160 4296 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:24:03.0175 4296 Fs_Rec - ok
22:24:03.0175 4296 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:24:03.0191 4296 fvevol - ok
22:24:03.0207 4296 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:24:03.0222 4296 gagp30kx - ok
22:24:03.0253 4296 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:24:03.0269 4296 GEARAspiWDM - ok
22:24:03.0300 4296 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:24:03.0316 4296 gpsvc - ok
22:24:03.0331 4296 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:24:03.0347 4296 hcw85cir - ok
22:24:03.0363 4296 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:24:03.0409 4296 HdAudAddService - ok
22:24:03.0441 4296 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:24:03.0456 4296 HDAudBus - ok
22:24:03.0487 4296 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
22:24:03.0503 4296 HidBatt - ok
22:24:03.0503 4296 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:24:03.0519 4296 HidBth - ok
22:24:03.0534 4296 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
22:24:03.0550 4296 HidIr - ok
22:24:03.0565 4296 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:24:03.0597 4296 hidserv - ok
22:24:03.0628 4296 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:24:03.0643 4296 HidUsb - ok
22:24:03.0659 4296 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:24:03.0690 4296 hkmsvc - ok
22:24:03.0706 4296 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:24:03.0737 4296 HomeGroupListener - ok
22:24:03.0737 4296 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:24:03.0768 4296 HomeGroupProvider - ok
22:24:03.0784 4296 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:24:03.0799 4296 HpSAMD - ok
22:24:03.0831 4296 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:24:03.0862 4296 HTTP - ok
22:24:03.0877 4296 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:24:03.0877 4296 hwpolicy - ok
22:24:03.0893 4296 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:24:03.0909 4296 i8042prt - ok
22:24:03.0924 4296 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:24:03.0940 4296 iaStorV - ok
22:24:03.0971 4296 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:24:04.0002 4296 idsvc - ok
22:24:04.0018 4296 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:24:04.0018 4296 iirsp - ok
22:24:04.0049 4296 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:24:04.0111 4296 IKEEXT - ok
22:24:04.0127 4296 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:24:04.0143 4296 intelide - ok
22:24:04.0158 4296 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
22:24:04.0174 4296 intelppm - ok
22:24:04.0205 4296 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:24:04.0252 4296 IPBusEnum - ok
22:24:04.0267 4296 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:24:04.0314 4296 IpFilterDriver - ok
22:24:04.0330 4296 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:24:04.0345 4296 IPMIDRV - ok
22:24:04.0377 4296 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:24:04.0408 4296 IPNAT - ok
22:24:04.0439 4296 [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:24:04.0455 4296 iPod Service - ok
22:24:04.0486 4296 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:24:04.0501 4296 IRENUM - ok
22:24:04.0517 4296 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:24:04.0533 4296 isapnp - ok
22:24:04.0533 4296 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:24:04.0548 4296 iScsiPrt - ok
22:24:04.0564 4296 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:24:04.0564 4296 kbdclass - ok
22:24:04.0579 4296 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:24:04.0595 4296 kbdhid - ok
22:24:04.0611 4296 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:24:04.0611 4296 KeyIso - ok
22:24:04.0642 4296 [ 07071C1E3CD8F0F9114AAC8B072CA1E5 ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
22:24:04.0657 4296 KMWDFILTER - ok
22:24:04.0689 4296 [ 3D6CB0DB6FE125F622C02DC0249DDE9F ] KMWDSERVICE C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe
22:24:04.0704 4296 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - warning
22:24:04.0704 4296 KMWDSERVICE - detected UnsignedFile.Multi.Generic (1)
22:24:04.0735 4296 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:24:04.0751 4296 KSecDD - ok
22:24:04.0767 4296 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:24:04.0782 4296 KSecPkg - ok
22:24:04.0798 4296 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:24:04.0829 4296 ksthunk - ok
22:24:04.0860 4296 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:24:04.0907 4296 KtmRm - ok
22:24:04.0923 4296 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:24:04.0969 4296 LanmanServer - ok
22:24:04.0985 4296 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:24:05.0016 4296 LanmanWorkstation - ok
22:24:05.0032 4296 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:24:05.0063 4296 lltdio - ok
22:24:05.0079 4296 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:24:05.0110 4296 lltdsvc - ok
22:24:05.0125 4296 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:24:05.0157 4296 lmhosts - ok
22:24:05.0172 4296 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:24:05.0188 4296 LSI_FC - ok
22:24:05.0203 4296 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:24:05.0219 4296 LSI_SAS - ok
22:24:05.0219 4296 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
22:24:05.0235 4296 LSI_SAS2 - ok
22:24:05.0250 4296 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:24:05.0266 4296 LSI_SCSI - ok
22:24:05.0281 4296 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:24:05.0313 4296 luafv - ok
22:24:05.0328 4296 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:24:05.0344 4296 Mcx2Svc - ok
22:24:05.0359 4296 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
22:24:05.0375 4296 megasas - ok
22:24:05.0375 4296 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
22:24:05.0391 4296 MegaSR - ok
22:24:05.0422 4296 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:24:05.0453 4296 MMCSS - ok
22:24:05.0469 4296 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:24:05.0500 4296 Modem - ok
22:24:05.0515 4296 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:24:05.0531 4296 monitor - ok
22:24:05.0547 4296 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:24:05.0562 4296 mouclass - ok
22:24:05.0562 4296 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:24:05.0578 4296 mouhid - ok
22:24:05.0609 4296 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:24:05.0625 4296 mountmgr - ok
22:24:05.0640 4296 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:24:05.0656 4296 mpio - ok
22:24:05.0671 4296 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:24:05.0687 4296 mpsdrv - ok
22:24:05.0703 4296 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:24:05.0718 4296 MRxDAV - ok
22:24:05.0734 4296 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:24:05.0749 4296 mrxsmb - ok
22:24:05.0765 4296 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:24:05.0796 4296 mrxsmb10 - ok
22:24:05.0812 4296 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:24:05.0827 4296 mrxsmb20 - ok
22:24:05.0843 4296 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:24:05.0859 4296 msahci - ok
22:24:05.0874 4296 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:24:05.0890 4296 msdsm - ok
22:24:05.0905 4296 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:24:05.0937 4296 MSDTC - ok
22:24:05.0952 4296 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:24:05.0983 4296 Msfs - ok
22:24:05.0999 4296 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:24:06.0015 4296 mshidkmdf - ok
22:24:06.0030 4296 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:24:06.0046 4296 msisadrv - ok
22:24:06.0061 4296 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:24:06.0093 4296 MSiSCSI - ok
22:24:06.0093 4296 msiserver - ok
22:24:06.0108 4296 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:24:06.0139 4296 MSKSSRV - ok
22:24:06.0139 4296 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:24:06.0171 4296 MSPCLOCK - ok
22:24:06.0186 4296 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:24:06.0217 4296 MSPQM - ok
22:24:06.0249 4296 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:24:06.0264 4296 MsRPC - ok
22:24:06.0280 4296 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:24:06.0280 4296 mssmbios - ok
22:24:06.0280 4296 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:24:06.0311 4296 MSTEE - ok
22:24:06.0327 4296 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
22:24:06.0342 4296 MTConfig - ok
22:24:06.0358 4296 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
22:24:06.0373 4296 MTsensor - ok
22:24:06.0373 4296 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:24:06.0389 4296 Mup - ok
22:24:06.0420 4296 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:24:06.0451 4296 napagent - ok
22:24:06.0483 4296 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:24:06.0498 4296 NativeWifiP - ok
22:24:06.0529 4296 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
22:24:06.0545 4296 NDIS - ok
22:24:06.0561 4296 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:24:06.0576 4296 NdisCap - ok
22:24:06.0607 4296 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:24:06.0623 4296 NdisTapi - ok
22:24:06.0639 4296 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:24:06.0654 4296 Ndisuio - ok
22:24:06.0670 4296 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:24:06.0701 4296 NdisWan - ok
22:24:06.0717 4296 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:24:06.0748 4296 NDProxy - ok
22:24:06.0763 4296 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:24:06.0795 4296 NetBIOS - ok
22:24:06.0810 4296 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:24:06.0826 4296 NetBT - ok
22:24:06.0841 4296 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:24:06.0841 4296 Netlogon - ok
22:24:06.0873 4296 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:24:06.0888 4296 Netman - ok
22:24:06.0919 4296 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:24:06.0935 4296 NetMsmqActivator - ok
22:24:06.0935 4296 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:24:06.0951 4296 NetPipeActivator - ok
22:24:06.0966 4296 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:24:06.0997 4296 netprofm - ok
22:24:06.0997 4296 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:24:07.0013 4296 NetTcpActivator - ok
22:24:07.0013 4296 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:24:07.0029 4296 NetTcpPortSharing - ok
22:24:07.0044 4296 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:24:07.0060 4296 nfrd960 - ok
22:24:07.0075 4296 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:24:07.0107 4296 NlaSvc - ok
22:24:07.0138 4296 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:24:07.0153 4296 Npfs - ok
22:24:07.0185 4296 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:24:07.0216 4296 nsi - ok
22:24:07.0231 4296 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:24:07.0263 4296 nsiproxy - ok
22:24:07.0309 4296 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:24:07.0325 4296 Ntfs - ok
22:24:07.0341 4296 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:24:07.0372 4296 Null - ok
22:24:07.0403 4296 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys
22:24:07.0419 4296 nusb3hub - ok
22:24:07.0434 4296 [ F6D625FF7B56BB6EA063F0D3A5BBC996 ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys
22:24:07.0434 4296 nusb3xhc - ok
22:24:07.0450 4296 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:24:07.0465 4296 nvraid - ok
22:24:07.0481 4296 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:24:07.0481 4296 nvstor - ok
22:24:07.0497 4296 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:24:07.0497 4296 nv_agp - ok
22:24:07.0528 4296 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:24:07.0543 4296 ohci1394 - ok
22:24:07.0559 4296 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:24:07.0575 4296 ose - ok
22:24:07.0668 4296 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:24:07.0746 4296 osppsvc - ok
22:24:07.0793 4296 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:24:07.0855 4296 p2pimsvc - ok
22:24:07.0887 4296 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:24:07.0902 4296 p2psvc - ok
22:24:07.0949 4296 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
22:24:07.0996 4296 Parport - ok
22:24:08.0074 4296 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:24:08.0089 4296 partmgr - ok
22:24:08.0152 4296 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:24:08.0183 4296 PcaSvc - ok
22:24:08.0230 4296 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:24:08.0230 4296 pci - ok
22:24:08.0245 4296 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:24:08.0277 4296 pciide - ok
22:24:08.0292 4296 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:24:08.0308 4296 pcmcia - ok
22:24:08.0355 4296 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:24:08.0370 4296 pcw - ok
22:24:08.0370 4296 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:24:08.0417 4296 PEAUTH - ok
22:24:08.0979 4296 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:24:08.0994 4296 PerfHost - ok
22:24:09.0057 4296 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:24:09.0103 4296 pla - ok
22:24:09.0166 4296 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:24:09.0197 4296 PlugPlay - ok
22:24:09.0213 4296 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:24:09.0244 4296 PNRPAutoReg - ok
22:24:09.0259 4296 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:24:09.0259 4296 PNRPsvc - ok
22:24:09.0275 4296 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:24:09.0322 4296 PolicyAgent - ok
22:24:09.0337 4296 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:24:09.0384 4296 Power - ok
22:24:09.0400 4296 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:24:09.0447 4296 PptpMiniport - ok
22:24:09.0447 4296 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
22:24:09.0478 4296 Processor - ok
22:24:09.0493 4296 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:24:09.0509 4296 ProfSvc - ok
22:24:09.0525 4296 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:24:09.0525 4296 ProtectedStorage - ok
22:24:09.0556 4296 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:24:09.0587 4296 Psched - ok
22:24:09.0618 4296 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:24:09.0649 4296 ql2300 - ok
22:24:09.0665 4296 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:24:09.0681 4296 ql40xx - ok
22:24:09.0696 4296 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:24:09.0712 4296 QWAVE - ok
22:24:09.0727 4296 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:24:09.0759 4296 QWAVEdrv - ok
22:24:09.0759 4296 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:24:09.0790 4296 RasAcd - ok
22:24:09.0821 4296 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:24:09.0837 4296 RasAgileVpn - ok
22:24:09.0852 4296 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:24:09.0883 4296 RasAuto - ok
22:24:09.0899 4296 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:24:09.0930 4296 Rasl2tp - ok
22:24:09.0961 4296 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:24:09.0993 4296 RasMan - ok
22:24:09.0993 4296 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:24:10.0024 4296 RasPppoe - ok
22:24:10.0039 4296 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:24:10.0071 4296 RasSstp - ok
22:24:10.0102 4296 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:24:10.0133 4296 rdbss - ok
22:24:10.0133 4296 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
22:24:10.0164 4296 rdpbus - ok
22:24:10.0164 4296 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:24:10.0195 4296 RDPCDD - ok
22:24:10.0211 4296 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:24:10.0242 4296 RDPENCDD - ok
22:24:10.0258 4296 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:24:10.0273 4296 RDPREFMP - ok
22:24:10.0305 4296 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:24:10.0320 4296 RDPWD - ok
22:24:10.0336 4296 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:24:10.0336 4296 rdyboost - ok
22:24:10.0367 4296 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:24:10.0383 4296 RemoteAccess - ok
22:24:10.0414 4296 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:24:10.0445 4296 RemoteRegistry - ok
22:24:10.0445 4296 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:24:10.0476 4296 RpcEptMapper - ok
22:24:10.0492 4296 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:24:10.0507 4296 RpcLocator - ok
22:24:10.0523 4296 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:24:10.0554 4296 RpcSs - ok
22:24:10.0570 4296 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:24:10.0601 4296 rspndr - ok
22:24:10.0632 4296 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:24:10.0648 4296 RTL8167 - ok
22:24:10.0648 4296 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:24:10.0663 4296 SamSs - ok
22:24:10.0679 4296 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:24:10.0695 4296 sbp2port - ok
22:24:10.0695 4296 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:24:10.0726 4296 SCardSvr - ok
22:24:10.0741 4296 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:24:10.0788 4296 scfilter - ok
22:24:10.0819 4296 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:24:10.0851 4296 Schedule - ok
22:24:10.0882 4296 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:24:10.0897 4296 SCPolicySvc - ok
22:24:10.0913 4296 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:24:10.0929 4296 SDRSVC - ok
22:24:10.0944 4296 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:24:10.0991 4296 secdrv - ok
22:24:10.0991 4296 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:24:11.0022 4296 seclogon - ok
22:24:11.0038 4296 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:24:11.0069 4296 SENS - ok
22:24:11.0085 4296 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:24:11.0100 4296 SensrSvc - ok
22:24:11.0116 4296 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
22:24:11.0131 4296 Serenum - ok
22:24:11.0147 4296 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
22:24:11.0163 4296 Serial - ok
22:24:11.0178 4296 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:24:11.0194 4296 sermouse - ok
22:24:11.0209 4296 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:24:11.0241 4296 SessionEnv - ok
22:24:11.0256 4296 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:24:11.0272 4296 sffdisk - ok
22:24:11.0272 4296 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:24:11.0303 4296 sffp_mmc - ok
22:24:11.0303 4296 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:24:11.0319 4296 sffp_sd - ok
22:24:11.0319 4296 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:24:11.0334 4296 sfloppy - ok
22:24:11.0381 4296 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
22:24:11.0397 4296 Sftfs - ok
22:24:11.0459 4296 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:24:11.0459 4296 sftlist - ok
22:24:11.0475 4296 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:24:11.0490 4296 Sftplay - ok
22:24:11.0490 4296 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:24:11.0506 4296 Sftredir - ok
22:24:11.0506 4296 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
22:24:11.0506 4296 Sftvol - ok
22:24:11.0521 4296 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:24:11.0537 4296 sftvsa - ok
22:24:11.0553 4296 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:24:11.0584 4296 ShellHWDetection - ok
22:24:11.0599 4296 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
22:24:11.0615 4296 SiSRaid2 - ok
22:24:11.0631 4296 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:24:11.0631 4296 SiSRaid4 - ok
22:24:11.0677 4296 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:24:11.0693 4296 SkypeUpdate - ok
22:24:11.0709 4296 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:24:11.0740 4296 Smb - ok
22:24:11.0787 4296 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:24:11.0802 4296 SNMPTRAP - ok
22:24:11.0818 4296 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:24:11.0833 4296 spldr - ok
22:24:11.0865 4296 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:24:11.0865 4296 Spooler - ok
22:24:11.0911 4296 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:24:11.0974 4296 sppsvc - ok
22:24:11.0989 4296 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:24:12.0021 4296 sppuinotify - ok
22:24:12.0036 4296 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:24:12.0067 4296 srv - ok
22:24:12.0083 4296 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:24:12.0099 4296 srv2 - ok
22:24:12.0114 4296 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:24:12.0114 4296 srvnet - ok
22:24:12.0130 4296 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:24:12.0161 4296 SSDPSRV - ok
22:24:12.0177 4296 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:24:12.0192 4296 SstpSvc - ok
22:24:12.0223 4296 Steam Client Service - ok
22:24:12.0239 4296 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
22:24:12.0255 4296 stexstor - ok
22:24:12.0270 4296 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
22:24:12.0286 4296 StillCam - ok
22:24:12.0317 4296 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:24:12.0348 4296 stisvc - ok
22:24:12.0364 4296 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:24:12.0364 4296 swenum - ok
22:24:12.0395 4296 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:24:12.0426 4296 swprv - ok
22:24:12.0473 4296 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:24:12.0504 4296 SysMain - ok
22:24:12.0551 4296 [ 1A78D70D7A02C920A18843426682899B ] SystemStore C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
22:24:12.0567 4296 SystemStore ( UnsignedFile.Multi.Generic ) - warning
22:24:12.0567 4296 SystemStore - detected UnsignedFile.Multi.Generic (1)
22:24:12.0582 4296 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:24:12.0598 4296 TabletInputService - ok
22:24:12.0613 4296 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:24:12.0645 4296 TapiSrv - ok
22:24:12.0645 4296 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:24:12.0676 4296 TBS - ok
22:24:12.0754 4296 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:24:12.0801 4296 Tcpip - ok
22:24:12.0832 4296 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:24:12.0863 4296 TCPIP6 - ok
22:24:12.0879 4296 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:24:12.0910 4296 tcpipreg - ok
22:24:12.0941 4296 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:24:12.0957 4296 TDPIPE - ok
22:24:12.0988 4296 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:24:13.0003 4296 TDTCP - ok
22:24:13.0019 4296 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:24:13.0035 4296 tdx - ok
22:24:13.0050 4296 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:24:13.0066 4296 TermDD - ok
22:24:13.0097 4296 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:24:13.0144 4296 TermService - ok
22:24:13.0144 4296 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:24:13.0159 4296 Themes - ok
22:24:13.0175 4296 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:24:13.0191 4296 THREADORDER - ok
22:24:13.0206 4296 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:24:13.0237 4296 TrkWks - ok
22:24:13.0269 4296 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:24:13.0300 4296 TrustedInstaller - ok
22:24:13.0315 4296 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:24:13.0347 4296 tssecsrv - ok
22:24:13.0362 4296 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:24:13.0378 4296 TsUsbFlt - ok
22:24:13.0409 4296 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
22:24:13.0425 4296 TsUsbGD - ok
22:24:13.0440 4296 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:24:13.0471 4296 tunnel - ok
22:24:13.0503 4296 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:24:13.0503 4296 uagp35 - ok
22:24:13.0518 4296 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:24:13.0565 4296 udfs - ok
22:24:13.0581 4296 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:24:13.0596 4296 UI0Detect - ok
22:24:13.0612 4296 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:24:13.0627 4296 uliagpkx - ok
22:24:13.0643 4296 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:24:13.0659 4296 umbus - ok
22:24:13.0674 4296 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
22:24:13.0690 4296 UmPass - ok
22:24:13.0705 4296 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:24:13.0737 4296 upnphost - ok
22:24:13.0799 4296 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:24:13.0815 4296 usbaudio - ok
22:24:13.0830 4296 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:24:13.0861 4296 usbccgp - ok
22:24:13.0908 4296 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:24:13.0924 4296 usbcir - ok
22:24:13.0939 4296 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:24:13.0955 4296 usbehci - ok
22:24:13.0986 4296 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
22:24:14.0002 4296 usbhub - ok
22:24:14.0002 4296 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:24:14.0033 4296 usbohci - ok
22:24:14.0033 4296 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
22:24:14.0049 4296 usbprint - ok
22:24:14.0064 4296 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:24:14.0080 4296 USBSTOR - ok
22:24:14.0095 4296 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:24:14.0111 4296 usbuhci - ok
22:24:14.0111 4296 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:24:14.0142 4296 UxSms - ok
22:24:14.0158 4296 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:24:14.0158 4296 VaultSvc - ok
22:24:14.0173 4296 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:24:14.0173 4296 vdrvroot - ok
22:24:14.0205 4296 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:24:14.0236 4296 vds - ok
22:24:14.0251 4296 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:24:14.0267 4296 vga - ok
22:24:14.0267 4296 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:24:14.0298 4296 VgaSave - ok
22:24:14.0314 4296 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:24:14.0329 4296 vhdmp - ok
22:24:14.0329 4296 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:24:14.0345 4296 viaide - ok
22:24:14.0361 4296 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:24:14.0361 4296 volmgr - ok
22:24:14.0392 4296 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:24:14.0407 4296 volmgrx - ok
22:24:14.0423 4296 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:24:14.0439 4296 volsnap - ok
22:24:14.0470 4296 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:24:14.0470 4296 vsmraid - ok
22:24:14.0501 4296 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:24:14.0548 4296 VSS - ok
22:24:14.0563 4296 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:24:14.0579 4296 vwifibus - ok
22:24:14.0595 4296 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:24:14.0626 4296 vwififlt - ok
22:24:14.0641 4296 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:24:14.0657 4296 W32Time - ok
22:24:14.0673 4296 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:24:14.0688 4296 WacomPen - ok
22:24:14.0704 4296 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:24:14.0735 4296 WANARP - ok
22:24:14.0735 4296 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:24:14.0751 4296 Wanarpv6 - ok
22:24:14.0782 4296 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:24:14.0813 4296 wbengine - ok
22:24:14.0829 4296 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:24:14.0844 4296 WbioSrvc - ok
22:24:14.0860 4296 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:24:14.0891 4296 wcncsvc - ok
22:24:14.0907 4296 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:24:14.0922 4296 WcsPlugInService - ok
22:24:14.0938 4296 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
22:24:14.0953 4296 Wd - ok
22:24:14.0985 4296 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:24:15.0000 4296 Wdf01000 - ok
22:24:15.0000 4296 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:24:15.0016 4296 WdiServiceHost - ok
22:24:15.0031 4296 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:24:15.0047 4296 WdiSystemHost - ok
22:24:15.0063 4296 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:24:15.0094 4296 WebClient - ok
22:24:15.0094 4296 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:24:15.0141 4296 Wecsvc - ok
22:24:15.0156 4296 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:24:15.0187 4296 wercplsupport - ok
22:24:15.0203 4296 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:24:15.0234 4296 WerSvc - ok
22:24:15.0234 4296 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:24:15.0265 4296 WfpLwf - ok
22:24:15.0265 4296 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:24:15.0281 4296 WIMMount - ok
22:24:15.0281 4296 WinHttpAutoProxySvc - ok
22:24:15.0328 4296 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:24:15.0343 4296 Winmgmt - ok
22:24:15.0375 4296 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:24:15.0421 4296 WinRM - ok
22:24:15.0453 4296 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:24:15.0484 4296 Wlansvc - ok
22:24:15.0515 4296 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:24:15.0531 4296 wlcrasvc - ok
22:24:15.0593 4296 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:24:15.0609 4296 wlidsvc - ok
22:24:15.0640 4296 [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
22:24:15.0655 4296 WmBEnum - ok
22:24:15.0671 4296 [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
22:24:15.0671 4296 WmFilter - ok
22:24:15.0687 4296 [ AC4331AF118A720F13C9C5CABBFE27BD ] WmHidLo C:\Windows\system32\drivers\WmHidLo.sys
22:24:15.0702 4296 WmHidLo - ok
22:24:15.0718 4296 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:24:15.0733 4296 WmiAcpi - ok
22:24:15.0765 4296 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:24:15.0780 4296 wmiApSrv - ok
22:24:15.0811 4296 WMPNetworkSvc - ok
22:24:15.0827 4296 [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
22:24:15.0827 4296 WmVirHid - ok
22:24:15.0843 4296 [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
22:24:15.0843 4296 WmXlCore - ok
22:24:15.0874 4296 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:24:15.0889 4296 WPCSvc - ok
22:24:15.0905 4296 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:24:15.0921 4296 WPDBusEnum - ok
22:24:15.0936 4296 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:24:15.0967 4296 ws2ifsl - ok
22:24:15.0967 4296 WSearch - ok
22:24:15.0983 4296 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:24:16.0014 4296 WudfPf - ok
22:24:16.0014 4296 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:24:16.0045 4296 WUDFRd - ok
22:24:16.0061 4296 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:24:16.0077 4296 wudfsvc - ok
22:24:16.0092 4296 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:24:16.0123 4296 WwanSvc - ok
22:24:16.0123 4296 ================ Scan global ===============================
22:24:16.0139 4296 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:24:16.0170 4296 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:24:16.0170 4296 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:24:16.0170 4296 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:24:16.0201 4296 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:24:16.0217 4296 [Global] - ok
22:24:16.0217 4296 ================ Scan MBR ==================================
22:24:16.0217 4296 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:24:16.0482 4296 \Device\Harddisk0\DR0 - ok
22:24:16.0482 4296 ================ Scan VBR ==================================
22:24:16.0482 4296 [ 305FBE055B5F7B96040C0A27C6256C5A ] \Device\Harddisk0\DR0\Partition1
22:24:16.0482 4296 \Device\Harddisk0\DR0\Partition1 - ok
22:24:16.0482 4296 ============================================================
22:24:16.0482 4296 Scan finished
22:24:16.0482 4296 ============================================================
22:24:16.0498 3572 Detected object count: 3
22:24:16.0498 3572 Actual detected object count: 3
22:24:21.0412 3572 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - skipped by user
22:24:21.0412 3572 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:24:21.0412 3572 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - skipped by user
22:24:21.0412 3572 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:24:21.0412 3572 SystemStore ( UnsignedFile.Multi.Generic ) - skipped by user
22:24:21.0412 3572 SystemStore ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
15.09.2012, 12:37
| #23 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sirefef-AHF/Maleware-Gen nach Facebooknachricht. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.09.2012, 14:13
| #24 |
| | Sirefef-AHF/Maleware-Gen nach Facebooknachricht. hay... hört sich ja echt gefährlich an das programm o.O xD [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-09-14.03 - Lucas 15.09.2012 14:18:06.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8190.6397 [GMT 2:00]
ausgeführt von:: c:\users\Lucas\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Copyright (C) 1997-2008 Mark Russinovich
-------\Service_Fuel.Service.exe pid: 1128 48: c:\program files\ATI Technologies\ATI.ACE\Fuel\de\fuel.service.exe.mui
-------\Service_Handle v3.42
-------\Service_Sysinternals - www.sysinternals.com
-------\Service_WUDFHost.exe pid: 3552 48: c:\windows\System32\de-DE\WUDFHost.exe.mui
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-15 bis 2012-09-15 ))))))))))))))))))))))))))))))
.
.
2012-09-15 12:31 . 2012-09-15 12:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-14 20:20 . 2012-09-14 20:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-14 13:59 . 2012-09-15 11:09 -------- d-----w- c:\users\Lucas\AppData\Roaming\Windows Live Writer
2012-09-14 11:50 . 2012-09-14 11:50 -------- d-----w- C:\_OTL
2012-09-01 14:27 . 2012-09-01 14:27 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-09-01 14:14 . 2012-09-01 14:14 -------- d-----w- c:\program files (x86)\ESET
2012-09-01 12:23 . 2012-09-01 12:23 -------- d-----w- c:\users\Lucas\AppData\Roaming\Malwarebytes
2012-09-01 12:23 . 2012-09-01 12:23 -------- d-----w- c:\programdata\Malwarebytes
2012-09-01 12:23 . 2012-09-01 12:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-01 12:23 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-27 07:14 . 2012-08-27 07:14 -------- d-----w- c:\programdata\ATI
2012-08-27 07:13 . 2012-08-27 07:13 -------- d-----w- c:\program files (x86)\AMD APP
2012-08-22 12:41 . 2012-08-22 12:41 -------- d-----w- c:\program files (x86)\Razer
2012-08-17 09:01 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F0DB723-9E92-4771-8D50-C899A5A5B3EF}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-14 20:21 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-08-27 14:57 . 2012-04-04 06:52 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-27 14:57 . 2011-09-22 14:17 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-21 09:13 . 2011-09-22 14:20 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2011-09-22 14:20 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2011-09-22 14:20 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-02-24 09:10 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2011-09-22 14:20 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2011-09-22 14:20 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2011-09-22 14:20 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2011-09-22 14:20 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-21 09:12 . 2011-09-22 14:20 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-15 20:14 . 2011-09-25 17:23 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-28 04:09 . 2012-06-11 16:45 5538984 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-07-28 04:07 . 2012-07-28 04:07 10278912 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-07-28 03:43 . 2012-07-28 03:43 70144 ----a-w- c:\windows\system32\coinst_8.982.dll
2012-07-28 03:19 . 2012-07-28 03:19 24935424 ----a-w- c:\windows\system32\atio6axx.dll
2012-07-28 02:50 . 2012-07-28 02:50 20546560 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-07-28 02:15 . 2011-08-18 10:39 931328 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-07-28 02:13 . 2011-08-18 10:39 1100288 ----a-w- c:\windows\system32\aticfx64.dll
2012-07-28 02:10 . 2012-07-28 02:10 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-07-28 02:10 . 2012-07-28 02:10 534528 ----a-w- c:\windows\system32\atieclxx.exe
2012-07-28 02:09 . 2012-07-28 02:09 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-07-28 02:08 . 2012-07-28 02:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-07-28 02:08 . 2012-07-28 02:08 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-07-28 02:07 . 2012-07-28 02:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-07-28 02:07 . 2012-07-28 02:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-07-28 02:07 . 2011-12-06 03:06 6430208 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-07-28 01:51 . 2011-08-18 10:39 7052288 ----a-w- c:\windows\system32\atidxx64.dll
2012-07-28 01:41 . 2012-07-28 01:41 4266496 ----a-w- c:\windows\system32\atiumd6a.dll
2012-07-28 01:35 . 2012-07-28 01:35 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-07-28 01:35 . 2012-07-28 01:35 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-07-28 01:35 . 2012-07-28 01:35 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-07-28 01:35 . 2012-07-28 01:35 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-07-28 01:34 . 2012-07-28 01:34 16034304 ----a-w- c:\windows\system32\aticaldd64.dll
2012-07-28 01:32 . 2012-06-11 16:43 4751872 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-07-28 01:30 . 2012-07-28 01:30 13605888 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-07-28 01:25 . 2012-07-28 01:25 6676480 ----a-w- c:\windows\system32\atiumd64.dll
2012-07-28 01:15 . 2012-07-28 01:15 540160 ----a-w- c:\windows\system32\atiadlxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-07-28 01:15 . 2012-07-28 01:15 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-07-28 01:14 . 2012-07-28 01:14 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-07-28 01:14 . 2012-07-28 01:14 368640 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-07-28 01:13 . 2011-08-18 10:39 129536 ----a-w- c:\windows\system32\atiuxp64.dll
2012-07-28 01:13 . 2011-12-06 02:11 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-07-28 01:13 . 2012-07-28 01:13 103936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-07-28 01:13 . 2011-03-10 02:14 83456 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-07-28 01:12 . 2012-07-28 01:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-07-27 20:47 . 2012-07-27 20:47 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-07-27 20:47 . 2012-07-27 20:47 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-07-27 20:47 . 2012-07-27 20:47 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-07-27 20:47 . 2012-07-27 20:47 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-07-27 20:47 . 2012-07-27 20:47 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-07-27 20:46 . 2012-07-27 20:46 16464896 ----a-w- c:\windows\system32\amdocl64.dll
2012-07-27 20:46 . 2012-07-27 20:46 13013504 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-07-18 18:15 . 2012-08-15 08:59 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-15 08:59 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 08:59 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 08:59 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 08:59 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-06-29 04:55 . 2012-08-15 20:15 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-15 20:15 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-15 20:15 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-15 20:15 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-15 20:15 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-15 20:15 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-15 20:15 237056 ----a-w- c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-15 20:15 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-15 20:15 816640 ----a-w- c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-15 20:15 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-15 20:15 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-15 20:15 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-15 20:15 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-15 20:15 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-15 20:15 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-15 20:15 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-15 20:15 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 20:15 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 20:15 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-19 14:38 . 2012-06-19 14:38 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2006-05-03 11:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 12:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 14:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2012-04-21 11:14 164352 --sh--w- c:\windows\SysWOW64\SC.dll
2010-01-06 23:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-13 1353080]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-03-09 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 250568]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R3 cpuz130;cpuz130;c:\users\ADMINI~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2010-11-11 77952]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2010-11-11 37504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Mouse Driver\KMWDSrv.exe [2007-04-05 208896]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SystemStore;System Store;c:\program files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [2012-04-24 14848]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-28 10278912]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-28 368640]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-04-27 184968]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 14:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF20773.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\e45f6zac.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-13054080.sys
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fs_Rec]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fuel.Service.exe pid: 1128 48: C:]
--
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WUDFHost.exe pid: 3552 48: C:]
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3184936613-344643640-2133257759-1000\Software\SecuROM\License information*]
"datasecu"=hex:5b,ca,2c,cb,42,7e,43,74,f2,e6,8c,d5,f0,b6,c7,a3,c3,27,2f,1e,8c,
9b,9a,12,1c,07,3d,38,2f,79,ff,0e,2a,36,f9,19,56,17,64,f1,7b,22,31,00,c3,05,\
"rkeysecu"=hex:47,1f,b8,fb,bb,d4,ad,21,79,49,7f,5a,03,4d,d0,8e
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-15 14:44:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-09-15 12:44
.
Vor Suchlauf: 13 Verzeichnis(se), 687.815.614.464 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 687.160.266.752 Bytes frei
.
- - End Of File - - C66B7CD437740B2809C2B476F6CBC5A0
|
|
16.09.2012, 15:30
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sirefef-AHF/Maleware-Gen nach Facebooknachricht. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.09.2012, 18:35
| #26 |
| | Sirefef-AHF/Maleware-Gen nach Facebooknachricht. hay  GMER hat gemeind das mein System sauber ist. Die anderen logs habe ich hier:Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-17 18:43:41
-----------------------------
18:43:41.658 OS Version: Windows x64 6.1.7601 Service Pack 1
18:43:41.658 Number of processors: 6 586 0xA00
18:43:41.658 ComputerName: LUCAS-PC UserName: Lucas
18:43:44.044 Initialize success
18:43:44.091 AVAST engine defs: 12091700
18:44:10.830 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006c
18:44:10.830 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 11
18:44:10.830 Disk 0 MBR read successfully
18:44:10.830 Disk 0 MBR scan
18:44:10.830 Disk 0 Windows 7 default MBR code
18:44:10.845 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10000 MB offset 2048
18:44:10.845 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 943867 MB offset 20482048
18:44:10.861 Disk 0 scanning C:\Windows\system32\drivers
18:44:14.839 Service scanning
18:44:24.480 Modules scanning
18:44:24.480 Disk 0 trace - called modules:
18:44:24.495 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
18:44:24.495 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ad8060]
18:44:24.495 3 CLASSPNP.SYS[fffff8800194743f] -> nt!IofCallDriver -> [0xfffffa8006b138a0]
18:44:24.495 5 amd_xata.sys[fffff880010dc900] -> nt!IofCallDriver -> \Device\0000006c[0xfffffa8006b11060]
18:44:26.617 AVAST engine scan C:\Windows
18:44:28.910 AVAST engine scan C:\Windows\system32
18:45:40.015 AVAST engine scan C:\Windows\system32\drivers
18:45:46.255 AVAST engine scan C:\Users\Lucas
19:04:44.140 AVAST engine scan C:\ProgramData
19:09:43.535 Scan finished successfully
19:13:40.827 Disk 0 MBR has been saved successfully to "C:\Users\Lucas\Desktop\MBR.dat"
19:13:40.843 The log file has been saved successfully to "C:\Users\Lucas\Desktop\aswMBR.txt"
Code:
ATTFilter OSAM Logfile: |
|
18.09.2012, 13:35
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sirefef-AHF/Maleware-Gen nach Facebooknachricht. Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.09.2012, 15:59
| #28 |
| | Sirefef-AHF/Maleware-Gen nach Facebooknachricht. hallo Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 09/19/2012 at 04:52 PM
Application Version : 5.5.1016
Core Rules Database Version : 9252
Trace Rules Database Version: 7064
Scan type : Quick Scan
Total Scan Time : 00:08:17
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 740
Memory threats detected : 0
Registry items scanned : 54389
Registry threats detected : 0
File items scanned : 18821
File threats detected : 89
Adware.Tracking Cookie
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\NWPWEGGT.txt [ /www.zanox-affiliate.de ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\RPHBRVL2.txt [ /tracking.mindshare.de ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\K64PTNQT.txt [ /statcounter.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\7726DMB4.txt [ /ad.360yield.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\1FNV71KE.txt [ /partypoker.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\ZL3ORFA8.txt [ /ad.mlnadvertising.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\5VO5NQEI.txt [ /c.atdmt.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\9E6GVUBN.txt [ /bs.serving-sys.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\XZ0AG1KX.txt [ /www.mediafire.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\6WA8XGWA.txt [ /serving-sys.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\491OS9OY.txt [ /www.elitepvpers.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\F0MX0IN9.txt [ /tracking.quisma.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\XAQL9KN6.txt [ /liveperson.net ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\OT2NRYJO.txt [ /doubleclick.net ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\1FPXIELE.txt [ /zanox.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\F0XRI07M.txt [ /traffictrack.de ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\AUQKWTUT.txt [ /de-fourmedia.videoplaza.tv ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\RN1LS2JD.txt [ /ru4.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\KTLSKXAI.txt [ /adbrite.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\JOSYMAQS.txt [ /server.cpmstar.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\T38FJWQK.txt [ /adx2.chip.de ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\KFJDI14R.txt [ /lucidmedia.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\NKRLACH8.txt [ /ad.yieldmanager.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\5ETGVK42.txt [ /revsci.net ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\KTGT27WC.txt [ /imrworldwide.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\KVW5UR7O.txt [ /tradedoubler.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\08CIKLCK.txt [ /questionmarket.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\4TYU4OLM.txt [ /webmasterplan.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\LUJUYO8K.txt [ /tracker.vinsight.de ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\FUFBEHD9.txt [ /atdmt.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\VEKOQ081.txt [ /accounts.google.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\ATI6JES0.txt [ /ad.dyntracker.de ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\AWQCNFB6.txt [ /elitepvpers.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\SOVEW01B.txt [ /ads.creative-serving.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\PN1QQJNI.txt [ /ad1.adfarm1.adition.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\36REMAWI.txt [ /mediafire.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\VPGAS2ZA.txt [ /zanox-affiliate.de ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\WPG2SBDJ.txt [ /tomtailor.dyntracker.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\CO7ND52C.txt [ /mediaplex.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\5M0E8FDO.txt [ /adtech.de ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\0QB1IP01.txt [ /adfarm1.adition.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\SCUIX727.txt [ /invitemedia.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\TLN67Y14.txt [ /ad3.adfarm1.adition.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\IAMQKSLH.txt [ /fastclick.net ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\9EVSH0V2.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\7FUOV6ZA.txt [ /adx.chip.de ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\RPIN4WP6.txt [ /media6degrees.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\SWC8PK0U.txt [ /ad.zanox.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\1VRDM4DA.txt [ /apmebf.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\02OPGYN1.txt [ /ad.ad-srv.net ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\WER5S8ZV.txt [ /advertising.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\KF9XALUR.txt [ /ad4.adfarm1.adition.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\FM62TT2O.txt [ /atdmt.com ]
C:\USERS\LUCAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\GFWXF50Y.txt [ Cookie:lucas@doubleclick.net/ ]
C:\USERS\LUCAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\DGO31M0O.txt [ Cookie:lucas@imrworldwide.com/cgi-bin ]
C:\USERS\LUCAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\9WWXD8F5.txt [ Cookie:lucas@accounts.google.com/ ]
C:\USERS\LUCAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\V2Y5OZ98.txt [ Cookie:lucas@ad2.adfarm1.adition.com/ ]
C:\USERS\LUCAS\AppData\Roaming\Microsoft\Windows\Cookies\Low\1MSBY014.txt [ Cookie:lucas@apmebf.com/ ]
C:\USERS\LUCAS\Cookies\RPHBRVL2.txt [ Cookie:lucas@tracking.mindshare.de/ ]
C:\USERS\LUCAS\Cookies\9E6GVUBN.txt [ Cookie:lucas@bs.serving-sys.com/ ]
C:\USERS\LUCAS\Cookies\XZ0AG1KX.txt [ Cookie:lucas@www.mediafire.com/ ]
C:\USERS\LUCAS\Cookies\6WA8XGWA.txt [ Cookie:lucas@serving-sys.com/ ]
C:\USERS\LUCAS\Cookies\491OS9OY.txt [ Cookie:lucas@www.elitepvpers.com/ ]
C:\USERS\LUCAS\Cookies\F0MX0IN9.txt [ Cookie:lucas@tracking.quisma.com/ ]
C:\USERS\LUCAS\Cookies\XAQL9KN6.txt [ Cookie:lucas@liveperson.net/ ]
C:\USERS\LUCAS\Cookies\OT2NRYJO.txt [ Cookie:lucas@doubleclick.net/ ]
C:\USERS\LUCAS\Cookies\F0XRI07M.txt [ Cookie:lucas@traffictrack.de/ ]
C:\USERS\LUCAS\Cookies\RN1LS2JD.txt [ Cookie:lucas@ru4.com/ ]
C:\USERS\LUCAS\Cookies\T38FJWQK.txt [ Cookie:lucas@adx2.chip.de/ ]
C:\USERS\LUCAS\Cookies\NKRLACH8.txt [ Cookie:lucas@ad.yieldmanager.com/ ]
C:\USERS\LUCAS\Cookies\KTGT27WC.txt [ Cookie:lucas@imrworldwide.com/cgi-bin ]
C:\USERS\LUCAS\Cookies\KVW5UR7O.txt [ Cookie:lucas@tradedoubler.com/ ]
C:\USERS\LUCAS\Cookies\LUJUYO8K.txt [ Cookie:lucas@tracker.vinsight.de/ ]
C:\USERS\LUCAS\Cookies\VEKOQ081.txt [ Cookie:lucas@accounts.google.com/ ]
C:\USERS\LUCAS\Cookies\ATI6JES0.txt [ Cookie:lucas@ad.dyntracker.de/ ]
C:\USERS\LUCAS\Cookies\PN1QQJNI.txt [ Cookie:lucas@ad1.adfarm1.adition.com/ ]
C:\USERS\LUCAS\Cookies\36REMAWI.txt [ Cookie:lucas@mediafire.com/ ]
C:\USERS\LUCAS\Cookies\VPGAS2ZA.txt [ Cookie:lucas@zanox-affiliate.de/ ]
C:\USERS\LUCAS\Cookies\WPG2SBDJ.txt [ Cookie:lucas@tomtailor.dyntracker.com/ ]
C:\USERS\LUCAS\Cookies\5M0E8FDO.txt [ Cookie:lucas@adtech.de/ ]
C:\USERS\LUCAS\Cookies\SCUIX727.txt [ Cookie:lucas@invitemedia.com/ ]
C:\USERS\LUCAS\Cookies\IAMQKSLH.txt [ Cookie:lucas@fastclick.net/ ]
C:\USERS\LUCAS\Cookies\9EVSH0V2.txt [ Cookie:lucas@ad2.adfarm1.adition.com/ ]
C:\USERS\LUCAS\Cookies\7FUOV6ZA.txt [ Cookie:lucas@adx.chip.de/ ]
C:\USERS\LUCAS\Cookies\RPIN4WP6.txt [ Cookie:lucas@media6degrees.com/ ]
C:\USERS\LUCAS\Cookies\SWC8PK0U.txt [ Cookie:lucas@ad.zanox.com/ ]
C:\USERS\LUCAS\Cookies\1VRDM4DA.txt [ Cookie:lucas@apmebf.com/ ]
C:\USERS\LUCAS\Cookies\WER5S8ZV.txt [ Cookie:lucas@advertising.com/ ]
C:\USERS\LUCAS\Cookies\KF9XALUR.txt [ Cookie:lucas@ad4.adfarm1.adition.com/ ]
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.19.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Lucas :: LUCAS-PC [Administrator] Schutz: Aktiviert 19.09.2012 14:31:44 mbam-log-2012-09-19 (14-31-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 554479 Laufzeit: 56 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 7 C:\TDSSKiller_Quarantine\14.09.2012_22.19.17\zasubsys0000\zafs0000\tsk0000.dta (Trojan.0access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\TDSSKiller_Quarantine\14.09.2012_22.19.17\zasubsys0000\zafs0000\tsk0001.dta (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\09142012_135005\C_Windows\Installer\{4b4ca271-0f3c-c8a3-a686-04c709bef670}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\09142012_135005\C_Windows\Installer\{4b4ca271-0f3c-c8a3-a686-04c709bef670}\U\000000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\09142012_135005\C_Windows\Installer\{4b4ca271-0f3c-c8a3-a686-04c709bef670}\U\80000000.@ (Rootkit.0Access.64) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\09142012_135005\C_Windows\Installer\{4b4ca271-0f3c-c8a3-a686-04c709bef670}\U\trz5A5E.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\09142012_135005\C_Windows\Installer\{4b4ca271-0f3c-c8a3-a686-04c709bef670}\U\trz9666.tmp (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
19.09.2012, 19:31
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sirefef-AHF/Maleware-Gen nach Facebooknachricht. Ja nur Funde in der Q, ansonsten Cookies aber: Code:
ATTFilter UAC On - Limited User
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.09.2012, 13:27
| #30 |
| | Sirefef-AHF/Maleware-Gen nach Facebooknachricht. Hallo.. grade neuen Scan gemacht aber das selbe ergebniss diesmal habe ich sicher auf "als administrator öffnen" gemacht.... Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 09/20/2012 at 02:25 PM
Application Version : 5.5.1016
Core Rules Database Version : 9252
Trace Rules Database Version: 7064
Scan type : Quick Scan
Total Scan Time : 00:07:23
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 741
Memory threats detected : 0
Registry items scanned : 54413
Registry threats detected : 0
File items scanned : 18600
File threats detected : 62
Adware.Tracking Cookie
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\PLFGAQJE.txt [ /track.effiliation.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\VD3KZ3KW.txt [ /statcounter.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\00DI00QV.txt [ /ad.360yield.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\SUX8IJCN.txt [ /casalemedia.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\NRW2ELA7.txt [ /doubleclick.net ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\391OYAMJ.txt [ /zanox.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\ETZL4EX4.txt [ /traffictrack.de ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\TNMQPCQ6.txt [ /adbrite.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\1UL0KHO7.txt [ /ads.pubmatic.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\F1MQJC4G.txt [ /smartadserver.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\C3WE3TK9.txt [ /ad.yieldmanager.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\JACLXJEY.txt [ /revsci.net ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\MVPIDBIL.txt [ /tradedoubler.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\2TNNIFJ8.txt [ /webmasterplan.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\F1338F4B.txt [ /ads.creative-serving.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\3PHYE3IN.txt [ /adform.net ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\TVTIXQ25.txt [ /ad1.adfarm1.adition.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\RFH2TOCL.txt [ /amazon-adsystem.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\S48KRGYD.txt [ /zanox-affiliate.de ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\1NWRIB7U.txt [ /track.adform.net ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\HCGXV7K2.txt [ /tomtailor.dyntracker.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\S9B5OSL4.txt [ /mediaplex.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\ENDIMRSW.txt [ /adfarm1.adition.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\LGAJ0DT8.txt [ /invitemedia.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\L3G2L2PG.txt [ /adtech.de ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\UHSKLHQ9.txt [ /ad3.adfarm1.adition.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\997HQF0D.txt [ /tradetracker.net ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\2EBVV0M0.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\3X8USHUW.txt [ /ad.zanox.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\L5FKNPFZ.txt [ /tribalfusion.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\7H75W6VA.txt [ /ad.ad-srv.net ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\7JN54O0P.txt [ /advertising.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\WVOF3H6D.txt [ /ad4.adfarm1.adition.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\IQZ0OX7C.txt [ /bs.serving-sys.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\OK39OFV5.txt [ /track.effiliation.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\5HZPAWM8.txt [ /serving-sys.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\4M2T8TO9.txt [ /apmebf.com ]
C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Cookies\UB630YJV.txt [ /at.atwola.com ]
C:\USERS\LUCAS\Cookies\SUX8IJCN.txt [ Cookie:lucas@casalemedia.com/ ]
C:\USERS\LUCAS\Cookies\NRW2ELA7.txt [ Cookie:lucas@doubleclick.net/ ]
C:\USERS\LUCAS\Cookies\ETZL4EX4.txt [ Cookie:lucas@traffictrack.de/ ]
C:\USERS\LUCAS\Cookies\F1MQJC4G.txt [ Cookie:lucas@smartadserver.com/ ]
C:\USERS\LUCAS\Cookies\C3WE3TK9.txt [ Cookie:lucas@ad.yieldmanager.com/ ]
C:\USERS\LUCAS\Cookies\MVPIDBIL.txt [ Cookie:lucas@tradedoubler.com/ ]
C:\USERS\LUCAS\Cookies\3PHYE3IN.txt [ Cookie:lucas@adform.net/ ]
C:\USERS\LUCAS\Cookies\TVTIXQ25.txt [ Cookie:lucas@ad1.adfarm1.adition.com/ ]
C:\USERS\LUCAS\Cookies\S48KRGYD.txt [ Cookie:lucas@zanox-affiliate.de/ ]
C:\USERS\LUCAS\Cookies\1NWRIB7U.txt [ Cookie:lucas@track.adform.net/ ]
C:\USERS\LUCAS\Cookies\HCGXV7K2.txt [ Cookie:lucas@tomtailor.dyntracker.com/ ]
C:\USERS\LUCAS\Cookies\LGAJ0DT8.txt [ Cookie:lucas@invitemedia.com/ ]
C:\USERS\LUCAS\Cookies\L3G2L2PG.txt [ Cookie:lucas@adtech.de/ ]
C:\USERS\LUCAS\Cookies\997HQF0D.txt [ Cookie:lucas@tradetracker.net/ ]
C:\USERS\LUCAS\Cookies\2EBVV0M0.txt [ Cookie:lucas@ad2.adfarm1.adition.com/ ]
C:\USERS\LUCAS\Cookies\3X8USHUW.txt [ Cookie:lucas@ad.zanox.com/ ]
C:\USERS\LUCAS\Cookies\L5FKNPFZ.txt [ Cookie:lucas@tribalfusion.com/ ]
C:\USERS\LUCAS\Cookies\7JN54O0P.txt [ Cookie:lucas@advertising.com/ ]
C:\USERS\LUCAS\Cookies\WVOF3H6D.txt [ Cookie:lucas@ad4.adfarm1.adition.com/ ]
C:\USERS\LUCAS\Cookies\IQZ0OX7C.txt [ Cookie:lucas@bs.serving-sys.com/ ]
C:\USERS\LUCAS\Cookies\OK39OFV5.txt [ Cookie:lucas@track.effiliation.com/ ]
C:\USERS\LUCAS\Cookies\5HZPAWM8.txt [ Cookie:lucas@serving-sys.com/ ]
C:\USERS\LUCAS\Cookies\4M2T8TO9.txt [ Cookie:lucas@apmebf.com/ ]
C:\USERS\LUCAS\Cookies\UB630YJV.txt [ Cookie:lucas@at.atwola.com/ ]
|
|
| Themen zu Sirefef-AHF/Maleware-Gen nach Facebooknachricht. |
| 5 minuten, avast, avast 5, erkenn, erkennt, facebook, facebook trojaner, hänge, maleware-gen, minute, minuten, otl-log, pferd, scan, sirefef-ahf, troja, trojaner, trojanische, trojanische pferd, verschiedene, woche |
Linear-Darstellung
