| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: YouTube VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.01.2013, 20:41
| #1 |
 |  YouTube Virus Hallo zusammen, ich hab ein Problem nämlich ich habe einen eigenen YouTube Account und habe bemerkt dass ich auf einmal Post bekommen habe wo z.B. drin stande dass ich diese bescheuerten Kommentare lassen sollte. Ich hatte keine Ahnung wovon gesprochen wurde und geschaut was für ein Kommentar ich geschrieben habe und einen gefunden den ich gar nicht verfasst habe nämlich: "@zmigblg Yeah this website here is just sending out 100% free White Apple iPads for today only. But you do have to be living in the U.S though but it is legit, I claimed my one a few minutes ago. Get in quick! bit.ly/XxGzfv?=pmywt" Nun vermute ich dass das ein Virus ist der über diesen Link von anderen Usern heruntergeladen wird und das will ich nun wirklich nicht haben also bitte ich um Hilfe. Nur als Info ich habe keine anderen Themen dazu hier oder irgentwo anders gefunden/gelesen. Geändert von Thomser22 (14.01.2013 um 20:50 Uhr) |
|
14.01.2013, 20:58
| #2 |
| /// Malware-holic   |  YouTube Virus hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
15.01.2013, 15:10
| #3 |
| | OTL.txtCode:
ATTFilter OTL logfile created on: 14.01.2013 21:02:29 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thomser\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,99 Gb Total Physical Memory | 3,75 Gb Available Physical Memory | 62,64% Memory free 11,98 Gb Paging File | 9,36 Gb Available in Paging File | 78,08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 688,11 Gb Total Space | 530,31 Gb Free Space | 77,07% Space Free | Partition Type: NTFS Drive D: | 688,55 Gb Total Space | 688,44 Gb Free Space | 99,98% Space Free | Partition Type: NTFS Drive E: | 6,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: THOMSERS-PC | User Name: Thomser | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.14 21:00:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thomser\Downloads\OTL.exe PRC - [2012.12.20 21:56:46 | 001,574,176 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.12.11 15:40:30 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.11 15:39:57 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.12.11 15:39:51 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.12.11 15:39:50 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.11.24 23:24:32 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.09.15 15:35:20 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Users\Thomser\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe PRC - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.01.18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2010.08.04 13:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe PRC - [2010.06.29 18:26:30 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe PRC - [2010.05.27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe PRC - [2009.12.09 10:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe ========== Modules (No Company Name) ========== MOD - [2012.12.05 02:15:15 | 012,456,040 | ---- | M] () -- C:\Users\Thomser\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll MOD - [2012.12.05 02:15:15 | 000,460,904 | ---- | M] () -- C:\Users\Thomser\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll MOD - [2012.12.05 02:15:14 | 004,008,040 | ---- | M] () -- C:\Users\Thomser\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll MOD - [2012.12.05 02:14:29 | 000,587,880 | ---- | M] () -- C:\Users\Thomser\AppData\Local\Google\Chrome\Application\23.0.1271.97\libglesv2.dll MOD - [2012.12.05 02:14:28 | 000,124,520 | ---- | M] () -- C:\Users\Thomser\AppData\Local\Google\Chrome\Application\23.0.1271.97\libegl.dll MOD - [2012.12.05 02:14:21 | 000,157,304 | ---- | M] () -- C:\Users\Thomser\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll MOD - [2012.12.05 02:14:20 | 000,275,576 | ---- | M] () -- C:\Users\Thomser\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll MOD - [2012.12.05 02:14:19 | 002,168,952 | ---- | M] () -- C:\Users\Thomser\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll MOD - [2012.05.30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.05.30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.08.04 13:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe MOD - [2010.08.04 10:47:32 | 000,144,896 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.09.28 02:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.01.09 18:11:25 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.21 09:39:27 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.11 15:40:30 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.11 15:39:57 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.12.11 15:39:51 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.11.24 23:24:32 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.09.06 02:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2012.01.18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 13:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.06.02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.12.09 10:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.19 15:53:41 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2012.12.19 15:53:41 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.12.11 15:40:38 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.11 15:40:37 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.12.03 16:27:04 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2012.12.03 16:27:04 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.09.28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.09.28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.18 05:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.03.04 14:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.12.09 10:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IESB02 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C D0 96 4F 9C 87 CD 01 [binary data] IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{2252BA15-5279-4688-BC04-EA863952956A}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&SSPV=IEOB04 IE - HKCU\..\SearchScopes\{A97ED691-9AF2-4B26-B3B1-7E01AEC21C14}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=7ec784cd-289c-488b-82b3-48f89c48eaf5&apn_sauid=677678D3-6D6A-443A-BF30-074C198AB737 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Thomser\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Thomser\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Thomser\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.23 22:38:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.06 14:21:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.23 22:38:37 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions [2012.12.23 22:38:37 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} [2012.11.06 14:21:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.06 02:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Thomser\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Thomser\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Thomser\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Thomser\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Thomser\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: DVDVideoSoftTB DE = C:\Users\Thomser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.13.20.29_0\ CHR - Extension: Adblock Plus = C:\Users\Thomser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\ CHR - Extension: Youtube 2 Mp3 = C:\Users\Thomser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfdifeicmijiobaflmbcnohpplhiipka\1.0.0_0\ CHR - Extension: Apple Shooter = C:\Users\Thomser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ingecjekeggadjbbklelffkgeppklgnm\4.0.0_0\ CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Thomser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngmgjibklfpcjnbikkhnglgnmneoeimo\1.1.8_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Thomser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\ CHR - Extension: Battlefield Play4Free = C:\Users\Thomser\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.80.5_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe (Microsoft) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - Startup: C:\Users\Thomser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thomser\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thomser\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56A95432-2732-46A8-8E34-1FF327EBBD83}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.05.08 03:26:46 | 000,438,272 | R--- | M] (Disney Interactive Studios) - E:\autoplay.exe -- [ UDF ] O32 - AutoRun File - [2008.10.04 12:33:59 | 000,000,076 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{1810fcd2-ec65-11e1-a8ed-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1810fcd2-ec65-11e1-a8ed-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autoplay.exe -- [2008.05.08 03:26:46 | 000,438,272 | R--- | M] (Disney Interactive Studios) O33 - MountPoints2\{d7897193-3d5a-11e2-a41d-d027881e4f78}\Shell - "" = AutoRun O33 - MountPoints2\{d7897193-3d5a-11e2-a41d-d027881e4f78}\Shell\AutoRun\command - "" = H:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.01.14 19:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.01.13 19:43:40 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.01.13 19:42:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2013.01.13 19:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2013.01.13 19:38:47 | 000,000,000 | ---D | C] -- C:\AMD [2013.01.13 19:38:47 | 000,000,000 | ---D | C] -- \AMD [2013.01.12 21:39:56 | 000,000,000 | ---D | C] -- C:\Users\Thomser\AppData\Local\Programs [2013.01.12 21:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo [2013.01.12 21:10:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gyazo [2012.12.23 22:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.12.23 22:38:50 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012.12.23 22:38:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.12.23 22:38:37 | 000,000,000 | ---D | C] -- C:\Mozilla [2012.12.23 22:38:37 | 000,000,000 | ---D | C] -- \Mozilla [2012.12.23 22:38:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2012.12.20 12:44:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA [2012.12.20 12:43:56 | 000,000,000 | ---D | C] -- C:\Users\Thomser\Desktop\Terraria [2012.12.19 15:55:46 | 000,000,000 | ---D | C] -- C:\Users\Thomser\AppData\Local\Risen [2012.12.19 15:48:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deep Silver [2012.12.18 14:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012.12.18 14:00:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2012.12.17 16:59:00 | 000,000,000 | ---D | C] -- C:\Users\Thomser\AppData\Local\Activision [2012.12.16 16:41:01 | 000,000,000 | ---D | C] -- C:\Users\Thomser\Praat [2012.12.16 15:20:19 | 000,000,000 | ---D | C] -- C:\Users\Thomser\Desktop\RevOps [2012.12.16 12:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.12.16 12:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.12.16 12:04:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.12.16 12:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.12.16 12:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.14 20:40:02 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3403330043-3658068796-4252196347-1001UA.job [2013.01.14 20:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.14 19:29:55 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.14 19:29:55 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.14 19:22:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.14 19:22:11 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys [2013.01.14 16:40:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3403330043-3658068796-4252196347-1001Core.job [2013.01.12 21:40:12 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.12 21:10:57 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Gyazo.lnk [2013.01.12 16:48:08 | 000,000,773 | ---- | M] () -- C:\Windows\disney.ini [2013.01.10 13:57:40 | 000,294,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.09 22:19:07 | 001,518,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.09 22:19:07 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.09 22:19:07 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.09 22:19:07 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.09 22:19:07 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.23 22:38:55 | 000,000,009 | ---- | M] () -- C:\END [2012.12.23 22:38:22 | 000,001,406 | ---- | M] () -- C:\Users\Thomser\Desktop\Free YouTube to MP3 Converter.lnk [2012.12.21 11:26:58 | 001,735,012 | ---- | M] () -- C:\Users\Thomser\Desktop\mcpatcher-2.4.4_01.exe [2012.12.19 15:55:29 | 000,000,586 | ---- | M] () -- C:\Users\Thomser\Desktop\Risen - Verknüpfung.lnk [2012.12.19 15:53:41 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys [2012.12.19 15:53:41 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2012.12.19 15:43:38 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.12.18 14:00:51 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.12 21:40:12 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.12 21:10:57 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Gyazo.lnk [2013.01.10 20:29:16 | 000,000,773 | ---- | C] () -- C:\Windows\disney.ini [2013.01.02 22:52:22 | 002,151,882 | ---- | C] () -- C:\Users\Thomser\Desktop\P7130768.JPG [2012.12.23 22:38:22 | 000,001,406 | ---- | C] () -- C:\Users\Thomser\Desktop\Free YouTube to MP3 Converter.lnk [2012.12.21 11:26:54 | 001,735,012 | ---- | C] () -- C:\Users\Thomser\Desktop\mcpatcher-2.4.4_01.exe [2012.12.19 15:55:29 | 000,000,586 | ---- | C] () -- C:\Users\Thomser\Desktop\Risen - Verknüpfung.lnk [2012.12.19 15:53:41 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys [2012.12.19 15:53:41 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2012.12.18 14:00:51 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2012.12.16 12:04:52 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.11.20 22:07:24 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.11.20 22:07:17 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.09.25 17:01:44 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.09.25 17:01:11 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.09.25 17:00:31 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.08.31 22:44:29 | 000,000,009 | ---- | C] () -- \END [2012.08.22 15:32:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.08.22 15:24:37 | 529,879,039 | -HS- | C] () -- \hiberfil.sys [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011.01.28 16:48:08 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2011.01.28 16:39:57 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.09.13 06:06:45 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2013.01.13 19:38:47 | 000,000,000 | ---D | M] -- C:\AMD [2012.08.22 15:32:58 | 000,000,000 | ---D | M] -- C:\book [2012.11.21 14:42:59 | 000,000,000 | ---D | M] -- C:\Crash [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.08.31 18:12:47 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.10.12 19:35:34 | 000,000,000 | -HSD | M] -- C:\found.000 [2012.12.08 19:28:56 | 000,000,000 | -HSD | M] -- C:\found.001 [2012.09.15 20:21:45 | 000,000,000 | ---D | M] -- C:\Fraps [2012.09.09 18:43:59 | 000,000,000 | ---D | M] -- C:\Games [2012.08.22 15:26:04 | 000,000,000 | ---D | M] -- C:\Intel [2012.12.23 22:38:37 | 000,000,000 | ---D | M] -- C:\Mozilla [2012.08.22 16:07:46 | 000,000,000 | -H-D | M] -- C:\OEM [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.12.16 12:04:38 | 000,000,000 | R--D | M] -- C:\Program Files [2013.01.13 19:42:52 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.01.13 19:43:40 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.08.31 18:12:47 | 000,000,000 | -HSD | M] -- C:\Programme [2012.08.31 18:12:47 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.01.14 21:04:53 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.09.13 06:06:42 | 000,000,000 | R--D | M] -- C:\Users [2013.01.14 14:59:51 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.07.14 02:14:11 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,764 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.08.31 18:30:15 | 000,001,076 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3403330043-3658068796-4252196347-1001Core.job [2012.08.31 18:30:15 | 000,001,128 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3403330043-3658068796-4252196347-1001UA.job [2012.11.20 20:00:19 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: AHCIX86S.SYS > [2011.05.20 04:29:52 | 000,229,456 | ---- | M] (Advanced Micro Devices, Inc) MD5=64DBBD157003D7020D70C5D7ECB2163C -- C:\OEM\Preload\Autorun\DRV\AMD VGA Generic Driver\Packages\Drivers\SBDrv\SB8xx\RAID\LH\ahcix86s.sys [2011.05.20 04:29:52 | 000,229,456 | ---- | M] (Advanced Micro Devices, Inc) MD5=64DBBD157003D7020D70C5D7ECB2163C -- C:\OEM\Preload\Autorun\DRV\AMD VGA Generic Driver\Packages\Drivers\SBDrv\SB8xx\RAID\W7\ahcix86s.sys [2011.05.20 04:29:52 | 000,229,456 | ---- | M] (Advanced Micro Devices, Inc) MD5=64DBBD157003D7020D70C5D7ECB2163C -- C:\OEM\Preload\Autorun\DRV\AMD VGA Generic Driver\Packages\Drivers\SBDrv\SB8xx\RAID_svr\LH\ahcix86s.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2010.07.17 20:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2010.02.04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.07.17 20:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2010.02.04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2010.07.17 20:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2010.02.04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2010.07.17 20:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2010.02.04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2009.12.09 10:20:44 | 000,432,664 | ---- | M] (Intel Corporation) MD5=5A6C5876FB84418D08D67B8CAED5EFCF -- C:\OEM\Preload\4K\X86\iaStor.sys [2009.12.09 10:39:52 | 000,537,624 | ---- | M] (Intel Corporation) MD5=BF5442DC14608D18949DC83DE37E667A -- C:\OEM\Preload\4K\X64\iaStor.sys [2009.12.09 10:39:52 | 000,537,624 | ---- | M] (Intel Corporation) MD5=BF5442DC14608D18949DC83DE37E667A -- C:\OEM\Preload\Autorun\DRV\Intel Storage Generic Driver\iaStor.sys [2009.12.09 10:39:52 | 000,537,624 | ---- | M] (Intel Corporation) MD5=BF5442DC14608D18949DC83DE37E667A -- C:\Windows\SysNative\drivers\iaStor.sys [2009.12.09 10:39:52 | 000,537,624 | ---- | M] (Intel Corporation) MD5=BF5442DC14608D18949DC83DE37E667A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a850f9740f1a3db7\iaStor.sys [2009.12.09 10:39:52 | 000,537,624 | ---- | M] (Intel Corporation) MD5=BF5442DC14608D18949DC83DE37E667A -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_c102f5ecab1a70a7\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2010.05.12 09:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys [2010.05.12 09:50:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2010.05.12 09:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2010.05.12 09:50:49 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.07.17 20:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010.07.17 20:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2010.07.17 20:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.01.14 21:18:00 | 002,621,440 | -HS- | M] () -- C:\Users\Thomser\ntuser.dat [2013.01.14 21:18:00 | 000,262,144 | -HS- | M] () -- C:\Users\Thomser\ntuser.dat.LOG1 [2012.08.31 18:12:59 | 000,000,000 | -HS- | M] () -- C:\Users\Thomser\ntuser.dat.LOG2 [2012.08.31 18:22:37 | 000,065,536 | -HS- | M] () -- C:\Users\Thomser\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.08.31 18:22:37 | 000,524,288 | -HS- | M] () -- C:\Users\Thomser\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.08.31 18:22:37 | 000,524,288 | -HS- | M] () -- C:\Users\Thomser\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.08.31 18:12:59 | 000,000,020 | -HS- | M] () -- C:\Users\Thomser\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > |
|
15.01.2013, 15:12
| #4 |
| | YouTube Virus Musste zwei mal antworten weil es sonst zu lang gewesen wäre.  Code:
ATTFilter OTL Extras logfile created on: 14.01.2013 21:02:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thomser\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,99 Gb Total Physical Memory | 3,75 Gb Available Physical Memory | 62,64% Memory free
11,98 Gb Paging File | 9,36 Gb Available in Paging File | 78,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 688,11 Gb Total Space | 530,31 Gb Free Space | 77,07% Space Free | Partition Type: NTFS
Drive D: | 688,55 Gb Total Space | 688,44 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Drive E: | 6,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: THOMSERS-PC | User Name: Thomser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CD1FF4-E665-4607-B44D-023F668A7FB0}" = lport=137 | protocol=17 | dir=in | app=system |
"{0FAE6C55-8C6A-4FFA-BE48-1AC9EDB837F4}" = rport=138 | protocol=17 | dir=out | app=system |
"{17B0A6F5-2A0B-411B-AF82-EE652523EC03}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{24A7ED77-5F1A-4336-844E-9B65A03C490D}" = lport=138 | protocol=17 | dir=in | app=system |
"{2A0224AA-FBBF-4FBB-96CE-DBB2C71140F2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3AEA7D33-B05D-4D7F-A918-B80A1155E78C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{402043AE-13F9-4B21-AEB9-359C7B0C9227}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{43BDC25F-9F5C-4FCA-A0A9-D49A61395335}" = rport=445 | protocol=6 | dir=out | app=system |
"{4B24CF64-41A5-4F75-BBE8-7A9B599573AF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4DFB8A67-669C-42B2-B9CC-ED46C6DB67F6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5DDB50EF-D651-4225-8758-D407CB4B084E}" = lport=445 | protocol=6 | dir=in | app=system |
"{612E6309-FAB2-4002-96A2-87E8B9C5E6FD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7A897406-11EF-48F3-AC7C-E17BEB456AB2}" = lport=139 | protocol=6 | dir=in | app=system |
"{86302703-9712-4C61-9BB7-299EE146850C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AB72C694-4217-467C-AD52-C1FD1C5E1716}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B2D6C33A-B57D-4184-AF4A-FDDC204BA64C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CB2F7134-C8F7-4585-987B-5BFA62BA2389}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D17390EF-EA7D-4D04-A8D8-4E4D6AB15493}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D54448A2-87ED-4013-86E1-B540CD45F808}" = rport=139 | protocol=6 | dir=out | app=system |
"{D68A7973-5C62-4226-94F4-D98C861D87F2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DFC3A7AE-73DE-4605-9739-BA3BD7BA47C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E26B9AA3-7767-4ADA-ACFE-D5D10E3D2E31}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EC5F6FB7-5469-4F4D-9B80-D37B7C33FF4D}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04A5A321-865A-4DA3-8840-23EFEF55C23A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{04DA9420-64C3-42A4-A924-9BA854EA7BFC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{05D3F5E2-CAD2-46B5-B3C1-447EADFB83CF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0780B5B3-15F6-4297-B363-3EC6293F05B3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{08D88FDE-E4E0-4617-A8C9-9A4A3109B178}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{09EE83CD-4DE7-4B3C-9FF7-5FABF659A03F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{0BBE7D9B-96A3-4405-998C-A9AB5AA785BC}" = protocol=17 | dir=in | app=c:\program files (x86)\sony\planetside2.exe |
"{0C064C92-EEE2-4059-A246-5521A57B92D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{0D215224-EA21-4217-B2DD-498D8F92CB6D}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\clmlsvc.exe |
"{0F7293BE-5A7C-47E6-814B-B5DC0EBDB05E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{107B40FE-CC42-4992-BF80-C0D583FE3861}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{13CF66B0-5367-4562-8DFB-B00E6849C5A2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1624316A-1F83-4CA5-84F0-431A857F60A0}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{16EF5BF0-F6B0-4411-9A2B-1404B13A66D4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{193D1BB3-B08E-4A41-980C-C19B9B81644A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{1B91F285-3CA8-46BA-B3DC-0BF8EEE45073}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1EB11E67-EB84-4F04-B014-8D7883DCA5DB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{264F820F-0EDD-4E1D-8C06-3E8638CCAC02}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{2BA4BCBE-6944-4B08-B501-C2ABC86B8CC6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2CFF09C4-7EE3-40B6-93B5-BF7619356C86}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{2F1CD8E5-2DB8-4843-99BE-E8D50131C9BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2F629FA1-1DCC-47A0-8806-5D3B60BEA993}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3176F54E-151A-41A1-87FF-BB352A4FF17E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rock of ages\binaries\win32\roa.exe |
"{3726E6C2-F2BA-45C3-BF54-6CBE2C76D607}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{38F21B52-74F1-4F9B-BF46-771253F792EA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{39EA8E1A-2494-4645-B59C-5862689FD88F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3A415BC3-97A2-4FE3-8F96-0C9CE1A083F4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3A4DEC93-C459-4831-B315-CEADCB5C8D66}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3BB757C1-6870-45CF-8A7B-5669A92F3500}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3D04A66D-7E25-4E3C-B8DB-B883334983A5}" = protocol=6 | dir=in | app=c:\users\thomser\desktop\revops\blackopsmp.exe |
"{3F3FA146-2AC3-42E9-9961-8B478342F9C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{415B9F7C-FD86-4E85-8882-F10F69FC28ED}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"{473968CC-5A9E-4FE4-AAAE-28E312F9706C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{4C004D61-F91E-47C7-8729-90305338C91E}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe |
"{50033B27-0E66-49DB-9493-3985069BFF5A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{50573325-8605-4500-AF1C-D63924FDC859}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5B1C9CB6-705C-4F7F-86A7-62B23DB49559}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"{62D4AB6C-EC19-401F-84D3-F8FFCD8D6653}" = protocol=6 | dir=in | app=c:\users\thomser\desktop\terraria\terrariaserver.exe |
"{62EC6FDD-A3B7-45FD-8C48-3EAE2944EBC0}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{68FCA6F4-4E9C-4561-AC01-60F6BAFD42D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{6C31618A-4195-4656-A91C-348B46C5F44A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{6FF9A63C-A379-4B70-92F0-C706C486ACBF}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{70677E73-7716-486E-BE14-A9649A7EF235}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{715020B6-17A1-4554-A67C-04ADE1481A35}" = protocol=17 | dir=in | app=c:\users\thomser\desktop\revops\blackopsmp.exe |
"{750C6259-EA69-485E-A740-F7FB24CE2344}" = protocol=17 | dir=in | app=c:\users\thomser\desktop\aiw-client\iw4mp.exe |
"{751A9367-F9B0-4474-9AA1-362FF43A031D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{78527BD1-D317-4CB7-8271-FB89E860AB4C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{789CCD05-B142-44EF-885D-BD400989DF0F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{79140059-7474-4233-8FEB-F6C37771FF67}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C57EF34-9E0B-4F1C-9489-C6445E5BF26F}" = protocol=17 | dir=in | app=c:\users\thomser\desktop\revops\blackops.dat |
"{7CAFA88E-56F3-400B-AE27-48A1D869E8C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{7E3AA346-8D60-45B9-BFC9-8E1E228953FE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{83AAA81D-7773-498F-B7B3-92F92039C440}" = protocol=6 | dir=in | app=c:\users\thomser\desktop\revops\blackops.exe |
"{8773518D-4A4B-4997-9C84-7C25ACD654B0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{88918003-C0D4-49D4-8760-2D0B5BAF0D30}" = protocol=6 | dir=in | app=c:\users\thomser\desktop\revops\blackopsmp.dat |
"{8E9F7862-F405-4ADA-8297-D8B1EEF2FAFD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8FD609DC-9008-4314-B8BB-CFB224D218B6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rock of ages\binaries\win32\roa.exe |
"{906BC870-A7E0-4D31-9B1B-3DD1DF7650FF}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{93DB309A-E724-4D9F-8897-E1E192BAAEF0}" = protocol=6 | dir=in | app=c:\users\thomser\desktop\aiw-client\iw4mp.exe |
"{96B373F4-001B-42CF-B443-303443CD30B0}" = protocol=17 | dir=in | app=c:\users\thomser\desktop\revops\blackops.exe |
"{9A4A348C-DB84-48FE-B635-88F695B8F309}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9D3856F6-9E4D-4365-8905-CEF1A539B392}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9D7EB6EA-BCE0-42B7-9694-9844FF077321}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9E7FEE5C-CC13-4706-9B6B-70BEEBE35A1F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A7A13E7B-DA0C-4EEC-A497-E747C2DBDA62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A9FD7BF2-D9DA-47E2-A002-D3F849BFA1FC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AA24D71A-1C56-450A-BBA1-83F47030E900}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{AA8A824B-8D78-4DCA-A4CC-46539BCC2F7C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AAF50B9E-5160-4B5E-9DCC-B999F1B84BCE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B6F6D811-180A-49C2-826C-C2F22AC1CADD}" = protocol=6 | dir=in | app=c:\program files (x86)\sony\planetside2.exe |
"{BB39E74A-8760-4668-AF1F-F464722BE146}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{C5727D63-4ACD-40F8-92AB-0DA024347219}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C65DB24A-8A12-4924-84F2-F4C806A4CBF5}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{C838AEE0-8018-4E8E-A64C-FD99DF95373E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C8994CD6-5C2A-47DA-941E-C8A6E44E90E5}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{CBC7EDE3-6940-4CF0-B006-4B0A22818CBE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{CC7FDFFB-BA82-4B03-AA0D-66986D93CF54}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{CE1FBBE2-E694-4BA9-B954-9A33895699D2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{D29994E0-FB83-4516-85C2-5E9F32366288}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{D4B64943-C1D1-4288-85C3-C4DFD8DB9752}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{D8631E03-3B5E-4F6D-AAA7-CBB69E25F6DF}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\arcadedeluxeagent.exe |
"{DA1C1D9D-7A40-4A89-86BA-C12BA25F63EF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{DE6084A7-1B20-4854-BD12-7BC4FC15F589}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe |
"{DEE1869B-60F4-40C7-8BF5-20F3E85E2886}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{E3CE51F8-92DB-45AC-9522-9037B1EBC9A3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{EB946D88-0415-40BD-B944-90CD78A531D1}" = protocol=17 | dir=in | app=c:\users\thomser\desktop\terraria\terrariaserver.exe |
"{EBD04DF2-DB3F-402B-8D3B-571ABE951435}" = protocol=17 | dir=in | app=c:\users\thomser\desktop\revops\blackopsmp.dat |
"{ECDAB54D-4F9C-4579-91D2-3A9BC7B47406}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{EFC1DA6E-C70E-42F1-949A-D824DDBAECBB}" = protocol=6 | dir=out | app=system |
"{F07BF350-4387-4E3A-B539-CAC1B85B6BDC}" = protocol=58 | dir=in | app=system |
"{F3009A76-C942-4054-9ED1-3987B1562432}" = protocol=6 | dir=in | app=c:\users\thomser\desktop\revops\blackops.dat |
"TCP Query User{0A92F018-F124-4FF5-A74B-716942E229DA}C:\users\thomser\desktop\revops\blackopsmp.dat" = protocol=6 | dir=in | app=c:\users\thomser\desktop\revops\blackopsmp.dat |
"TCP Query User{1992D378-36C0-4BBF-8E74-6C0D67976E34}C:\users\thomser\desktop\revops\blackopsmp.exe" = protocol=6 | dir=in | app=c:\users\thomser\desktop\revops\blackopsmp.exe |
"TCP Query User{2AFD5C35-2343-4AA6-B901-D7C7970FB06D}C:\users\thomser\desktop\mw2mp\iw4mp.dat" = protocol=6 | dir=in | app=c:\users\thomser\desktop\mw2mp\iw4mp.dat |
"TCP Query User{2FF0E2B4-1DB0-4FAA-9D3A-8E86E373DE96}C:\users\thomser\desktop\revops\blackops.exe" = protocol=6 | dir=in | app=c:\users\thomser\desktop\revops\blackops.exe |
"TCP Query User{4CDA5B6D-4CD1-461E-AF98-DB4B8B5411A0}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{4DFB7A81-E196-4957-93C5-C00F438E6DDE}C:\users\thomser\appdata\local\iw4m\iw4m.dat" = protocol=6 | dir=in | app=c:\users\thomser\appdata\local\iw4m\iw4m.dat |
"TCP Query User{4F4F7714-8DDB-4D89-AD11-408CFEAE67F7}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"TCP Query User{5E659F88-9370-41D6-A111-79C3477808AB}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{84DD76E6-3556-402C-8D06-81741A11001C}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{8C5B1D1C-D97D-4116-9B32-3DCC85EF85E6}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{8F5EC826-7667-4DD1-BC32-268BB340E576}C:\users\thomser\desktop\aiw-client\iw4mp.exe" = protocol=6 | dir=in | app=c:\users\thomser\desktop\aiw-client\iw4mp.exe |
"TCP Query User{90871137-A163-4981-816C-7F63DC1E8288}C:\users\thomser\desktop\aiw-client\iw4mp.dat" = protocol=6 | dir=in | app=c:\users\thomser\desktop\aiw-client\iw4mp.dat |
"TCP Query User{9A2108EB-E539-4B50-835F-25FBEE61148B}C:\users\thomser\desktop\gta - san andreas\gta_sa.exe" = protocol=6 | dir=in | app=c:\users\thomser\desktop\gta - san andreas\gta_sa.exe |
"TCP Query User{BA0C33A4-1CF4-4E47-88EA-B7560798F435}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{BA97B185-B87B-4751-ACC8-688092D55BF5}C:\users\thomser\desktop\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\thomser\desktop\terraria\terrariaserver.exe |
"TCP Query User{CA7C4D24-643C-4E89-B75D-E7EA44A22B7E}C:\users\thomser\desktop\revops\blackops.dat" = protocol=6 | dir=in | app=c:\users\thomser\desktop\revops\blackops.dat |
"TCP Query User{E28585F8-BBFF-49F0-9EC4-5412B16A184C}C:\program files (x86)\sony\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\planetside2.exe |
"TCP Query User{E7E345E6-AB9B-4A4E-B4C8-2A0EA3C944A5}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{07C5F426-9477-4573-8C38-813E2DCE3696}C:\users\thomser\desktop\revops\blackops.exe" = protocol=17 | dir=in | app=c:\users\thomser\desktop\revops\blackops.exe |
"UDP Query User{0EA7B609-8400-4A1B-AE6A-A6532BDCE7ED}C:\users\thomser\desktop\aiw-client\iw4mp.exe" = protocol=17 | dir=in | app=c:\users\thomser\desktop\aiw-client\iw4mp.exe |
"UDP Query User{3CC714AA-8D1F-46D9-ADEC-6BBFCB0785CC}C:\users\thomser\desktop\aiw-client\iw4mp.dat" = protocol=17 | dir=in | app=c:\users\thomser\desktop\aiw-client\iw4mp.dat |
"UDP Query User{3E1EEA13-679E-4004-B702-214B643FF22D}C:\users\thomser\appdata\local\iw4m\iw4m.dat" = protocol=17 | dir=in | app=c:\users\thomser\appdata\local\iw4m\iw4m.dat |
"UDP Query User{4D556E7D-66AC-416A-B0E2-D0508911981F}C:\users\thomser\desktop\mw2mp\iw4mp.dat" = protocol=17 | dir=in | app=c:\users\thomser\desktop\mw2mp\iw4mp.dat |
"UDP Query User{52CD05E3-6E39-4D7A-B449-DCE6A5737BD6}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{58F9D57C-4CC2-4061-AD8A-A8EE05E79B03}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{60F818B3-9713-4658-A78D-DDF3C7E4EBD4}C:\users\thomser\desktop\revops\blackopsmp.dat" = protocol=17 | dir=in | app=c:\users\thomser\desktop\revops\blackopsmp.dat |
"UDP Query User{93F2CA7F-45B6-45E8-8E7F-878C27FE17DA}C:\users\thomser\desktop\revops\blackopsmp.exe" = protocol=17 | dir=in | app=c:\users\thomser\desktop\revops\blackopsmp.exe |
"UDP Query User{96AFF7EA-FCB6-44DB-8D1B-16810F9E6F8D}C:\users\thomser\desktop\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\thomser\desktop\terraria\terrariaserver.exe |
"UDP Query User{9C12F404-DCA9-42D4-9B0A-F5C52C5EF476}C:\users\thomser\desktop\revops\blackops.dat" = protocol=17 | dir=in | app=c:\users\thomser\desktop\revops\blackops.dat |
"UDP Query User{A3383DBB-4884-4F76-BE09-E3B82A3FA628}C:\users\thomser\desktop\gta - san andreas\gta_sa.exe" = protocol=17 | dir=in | app=c:\users\thomser\desktop\gta - san andreas\gta_sa.exe |
"UDP Query User{A7C2DD9C-27F0-4A08-B15E-89533B4441F0}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{AAF19DAB-D837-4119-9769-C7B3704B5B29}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{CDA9AA5F-2F39-4D79-89D6-4B59B82083B2}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{F1515F29-02B7-4C24-915A-0AA4C6A583E8}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{F1A0DA60-5261-418E-8582-3C08A218B278}C:\program files (x86)\sony\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\planetside2.exe |
"UDP Query User{F9F60DAF-0941-4193-8E9F-70CE43C0E449}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DCAB5DD-CC69-271A-CF03-F2BD6B60BD8A}" = AMD Media Foundation Decoders
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{14381C99-F5EB-0DDF-A9D1-B6048D4E9913}" = AMD Drag and Drop Transcoding
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{23A94419-A21F-EB9D-6975-F32D79BC411F}" = AMD AVIVO64 Codecs
"{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{504184A2-1B0E-5D93-603A-517E93E7EDB3}" = AMD Accelerated Video Transcoding
"{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.2.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{065DBB54-6E55-A609-2E1E-F0617E827D53}" = Media Go Video Playback Engine 1.96.112.08260
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29399c23-7940-49a2-a4ce-0717fa2e653a}" = Nero 9 Essentials
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56E884B5-B9B6-4432-B209-3A3EF41C7A01}" = Camtasia Studio 8
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BE7495E-8DF1-11E1-BB7D-F04DA23A5C58}" = Vegas Pro 11.0
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 1.0
"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A6C3344-5CF9-4B83-959C-6576C5B27D09}" = Media Go
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86095E92-1959-8364-920E-82E81F64F8FB}" = Catalyst Control Center
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.115
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broken Sword 2.5_is1" = Broken Sword 2.5
"DVDVideoSoftTB_DE Toolbar" = DVDVideoSoftTB DE Toolbar
"Fraps" = Fraps (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MTA:SA 1.3" = MTA:SA v1.3.1
"Notepad++" = Notepad++
"PunkBusterSvc" = PunkBuster Services
"Sauerbraten" = Sauerbraten
"Steam App 113400" = APB Reloaded
"Steam App 22230" = Rock of Ages
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 550" = Left 4 Dead 2
"Steam App 570" = Dota 2
"TeamViewer 7" = TeamViewer 7
"TmNationsForever_is1" = TmNationsForever
"Update Engine" = Sony Ericsson Update Engine
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"Google Chrome" = Google Chrome
"SOE-" = gamelauncher-ps2-live
"SOE-C:/Program Files (x86)/Sony" = gamelauncher-ps2-psg (x86)-Sony
"SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2 PSG" = gamelauncher-ps2-psg
"SOE-C:/Users/Thomser/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"soe-PlanetSide 2 PSG" = PlanetSide 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.12.2012 11:55:51 | Computer Name = Thomsers-PC | Source = Application Hang | ID = 1002
Description = Programm BlackOpsMP.dat, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1300 Startzeit:
01cde76b2bbf6c4c Endzeit: 22 Anwendungspfad: C:\Users\Thomser\Desktop\RevOps\BlackOpsMP.dat
Berichts-ID:
Error - 31.12.2012 13:58:21 | Computer Name = Thomsers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BlackOpsMP.dat, Version: 0.0.0.0,
Zeitstempel: 0x4e4991e9 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74c8c9f1 ID des fehlerhaften
Prozesses: 0x122c Startzeit der fehlerhaften Anwendung: 0x01cde78058ca42b3 Pfad der
fehlerhaften Anwendung: C:\Users\Thomser\Desktop\RevOps\BlackOpsMP.dat Pfad des
fehlerhaften Moduls: unknown Berichtskennung: a95f3a9c-5373-11e2-90b4-d027881e4f78
Error - 31.12.2012 14:22:50 | Computer Name = Thomsers-PC | Source = Application Hang | ID = 1002
Description = Programm BlackOpsMP.dat, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1318 Startzeit:
01cde7806f1c3dae Endzeit: 30 Anwendungspfad: C:\Users\Thomser\Desktop\RevOps\BlackOpsMP.dat
Berichts-ID:
Error - 31.12.2012 16:46:44 | Computer Name = Thomsers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BlackOpsMP.dat, Version: 0.0.0.0,
Zeitstempel: 0x4e4991e9 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74c8c9f1 ID des fehlerhaften
Prozesses: 0xaa4 Startzeit der fehlerhaften Anwendung: 0x01cde797d5748168 Pfad der
fehlerhaften Anwendung: C:\Users\Thomser\Desktop\RevOps\BlackOpsMP.dat Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 2f254d85-538b-11e2-90b4-d027881e4f78
Error - 31.12.2012 16:46:49 | Computer Name = Thomsers-PC | Source = .NET Runtime | ID = 1026
Description =
Error - 31.12.2012 16:46:49 | Computer Name = Thomsers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BlackOpsMP.exe, Version: 1.0.0.0,
Zeitstempel: 0x50d3c7b2 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.17135,
Zeitstempel: 0x506dbfdc Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000c41f ID des fehlerhaften
Prozesses: 0x17e8 Startzeit der fehlerhaften Anwendung: 0x01cde797f45c2eb0 Pfad der
fehlerhaften Anwendung: C:\Users\Thomser\Desktop\RevOps\BlackOpsMP.exe Pfad des
fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 32429ec2-538b-11e2-90b4-d027881e4f78
Error - 31.12.2012 17:10:21 | Computer Name = Thomsers-PC | Source = Application Hang | ID = 1002
Description = Programm BlackOpsMP.dat, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 153c Startzeit:
01cde797f4914937 Endzeit: 160 Anwendungspfad: C:\Users\Thomser\Desktop\RevOps\BlackOpsMP.dat
Berichts-ID:
Error - 31.12.2012 17:37:23 | Computer Name = Thomsers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BlackOpsMP.dat, Version: 0.0.0.0,
Zeitstempel: 0x4e4991e9 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74c8c9f1 ID des fehlerhaften
Prozesses: 0x1558 Startzeit der fehlerhaften Anwendung: 0x01cde79ef6b58b15 Pfad der
fehlerhaften Anwendung: C:\Users\Thomser\Desktop\RevOps\BlackOpsMP.dat Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 428ebdef-5392-11e2-90b4-d027881e4f78
Error - 01.01.2013 06:29:35 | Computer Name = Thomsers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BlackOpsMP.dat, Version: 0.0.0.0,
Zeitstempel: 0x4e4991e9 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x7532c9f1 ID des fehlerhaften
Prozesses: 0x14dc Startzeit der fehlerhaften Anwendung: 0x01cde80ad1e7a91b Pfad der
fehlerhaften Anwendung: C:\Users\Thomser\Desktop\RevOps\BlackOpsMP.dat Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 22f79f31-53fe-11e2-9423-d027881e4f78
Error - 01.01.2013 16:45:24 | Computer Name = Thomsers-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BlackOpsMP.dat, Version: 0.0.0.0,
Zeitstempel: 0x4e4991e9 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x7469c9f1 ID des fehlerhaften
Prozesses: 0x1668 Startzeit der fehlerhaften Anwendung: 0x01cde85fcc338ac7 Pfad der
fehlerhaften Anwendung: C:\Users\Thomser\Desktop\RevOps\BlackOpsMP.dat Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 2a4fd180-5454-11e2-a6bc-d027881e4f78
[ System Events ]
Error - 13.12.2012 09:07:09 | Computer Name = Thomsers-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 15.12.2012 11:07:09 | Computer Name = Thomsers-PC | Source = volsnap | ID = 393230
Description = Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers
auf Volume "C:" abgebrochen.
Error - 18.12.2012 09:00:54 | Computer Name = Thomsers-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver
Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive
Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 18.12.2012 09:00:54 | Computer Name = Thomsers-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
LogMeIn Hamachi Tunneling Engine erreicht.
Error - 18.12.2012 09:00:54 | Computer Name = Thomsers-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 21.12.2012 04:40:22 | Computer Name = Thomsers-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 21.12.2012 04:40:22 | Computer Name = Thomsers-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 23.12.2012 17:33:53 | Computer Name = Thomsers-PC | Source = WMPNetworkSvc | ID = 866333
Description =
Error - 27.12.2012 16:14:09 | Computer Name = Thomsers-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
AMD External Events Utility erreicht.
Error - 27.12.2012 16:14:09 | Computer Name = Thomsers-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AMD External Events Utility" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
< End of report >
|
|
15.01.2013, 20:12
| #5 |
| /// Malware-holic | YouTube Virus warum hat das system keine windows updates gesehen? sp1 fehlt zb. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhal posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.01.2013, 21:28
| #6 |
| | YouTube VirusCode:
ATTFilter 21:25:37.0014 5480 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:25:37.0300 5480 ============================================================
21:25:37.0300 5480 Current date / time: 2013/01/15 21:25:37.0300
21:25:37.0300 5480 SystemInfo:
21:25:37.0300 5480
21:25:37.0300 5480 OS Version: 6.1.7600 ServicePack: 0.0
21:25:37.0300 5480 Product type: Workstation
21:25:37.0300 5480 ComputerName: THOMSERS-PC
21:25:37.0301 5480 UserName: Thomser
21:25:37.0301 5480 Windows directory: C:\Windows
21:25:37.0301 5480 System windows directory: C:\Windows
21:25:37.0301 5480 Running under WOW64
21:25:37.0301 5480 Processor architecture: Intel x64
21:25:37.0301 5480 Number of processors: 4
21:25:37.0301 5480 Page size: 0x1000
21:25:37.0301 5480 Boot type: Normal boot
21:25:37.0301 5480 ============================================================
21:25:37.0664 5480 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:25:37.0676 5480 ============================================================
21:25:37.0676 5480 \Device\Harddisk0\DR0:
21:25:37.0677 5480 MBR partitions:
21:25:37.0677 5480 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2904800, BlocksNum 0x32000
21:25:37.0677 5480 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2936800, BlocksNum 0x56037000
21:25:37.0677 5480 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x5896D800, BlocksNum 0x56119800
21:25:37.0677 5480 ============================================================
21:25:37.0696 5480 C: <-> \Device\Harddisk0\DR0\Partition2
21:25:37.0725 5480 D: <-> \Device\Harddisk0\DR0\Partition3
21:25:37.0725 5480 ============================================================
21:25:37.0725 5480 Initialize success
21:25:37.0725 5480 ============================================================
21:25:48.0923 4652 ============================================================
21:25:48.0923 4652 Scan started
21:25:48.0923 4652 Mode: Manual; SigCheck; TDLFS;
21:25:48.0923 4652 ============================================================
21:25:49.0117 4652 ================ Scan system memory ========================
21:25:49.0117 4652 System memory - ok
21:25:49.0118 4652 ================ Scan services =============================
21:25:49.0285 4652 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
21:25:49.0343 4652 1394ohci - ok
21:25:49.0368 4652 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
21:25:49.0381 4652 ACPI - ok
21:25:49.0397 4652 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
21:25:49.0410 4652 AcpiPmi - ok
21:25:49.0520 4652 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:25:49.0548 4652 AdobeFlashPlayerUpdateSvc - ok
21:25:49.0570 4652 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:25:49.0587 4652 adp94xx - ok
21:25:49.0594 4652 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:25:49.0608 4652 adpahci - ok
21:25:49.0622 4652 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:25:49.0633 4652 adpu320 - ok
21:25:49.0653 4652 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:25:49.0686 4652 AeLookupSvc - ok
21:25:49.0742 4652 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
21:25:49.0756 4652 AFD - ok
21:25:49.0769 4652 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
21:25:49.0779 4652 agp440 - ok
21:25:49.0805 4652 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:25:49.0817 4652 ALG - ok
21:25:49.0833 4652 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
21:25:49.0844 4652 aliide - ok
21:25:49.0878 4652 [ 4C1E3649C89C7D542CD18ECC5210099D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:25:49.0911 4652 AMD External Events Utility - ok
21:25:49.0932 4652 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
21:25:49.0943 4652 amdide - ok
21:25:49.0964 4652 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:25:49.0977 4652 AmdK8 - ok
21:25:50.0196 4652 [ A3C0A15B39F979E8F3EABA901D72ECD7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:25:50.0292 4652 amdkmdag - ok
21:25:50.0333 4652 [ 20F3CD38B107C1BD747C0EA37D450165 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
21:25:50.0363 4652 amdkmdap - ok
21:25:50.0389 4652 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:25:50.0401 4652 AmdPPM - ok
21:25:50.0430 4652 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:25:50.0442 4652 amdsata - ok
21:25:50.0463 4652 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:25:50.0476 4652 amdsbs - ok
21:25:50.0492 4652 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:25:50.0503 4652 amdxata - ok
21:25:50.0596 4652 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:25:50.0615 4652 AntiVirSchedulerService - ok
21:25:50.0631 4652 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:25:50.0643 4652 AntiVirService - ok
21:25:50.0672 4652 [ 255527AB98293EA390352A8C53B0042A ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
21:25:50.0693 4652 AntiVirWebService - ok
21:25:50.0715 4652 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
21:25:50.0739 4652 AppID - ok
21:25:50.0793 4652 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:25:50.0849 4652 AppIDSvc - ok
21:25:50.0881 4652 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
21:25:50.0892 4652 Appinfo - ok
21:25:50.0943 4652 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:25:50.0960 4652 Apple Mobile Device - ok
21:25:50.0979 4652 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:25:50.0998 4652 arc - ok
21:25:51.0016 4652 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:25:51.0036 4652 arcsas - ok
21:25:51.0046 4652 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:25:51.0078 4652 AsyncMac - ok
21:25:51.0143 4652 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
21:25:51.0163 4652 atapi - ok
21:25:51.0196 4652 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
21:25:51.0212 4652 AtiHDAudioService - ok
21:25:51.0277 4652 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
21:25:51.0302 4652 atksgt - ok
21:25:51.0343 4652 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:25:51.0388 4652 AudioEndpointBuilder - ok
21:25:51.0402 4652 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:25:51.0438 4652 AudioSrv - ok
21:25:51.0480 4652 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:25:51.0499 4652 avgntflt - ok
21:25:51.0517 4652 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:25:51.0535 4652 avipbb - ok
21:25:51.0552 4652 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:25:51.0566 4652 avkmgr - ok
21:25:51.0584 4652 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:25:51.0612 4652 AxInstSV - ok
21:25:51.0648 4652 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:25:51.0673 4652 b06bdrv - ok
21:25:51.0700 4652 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:25:51.0712 4652 b57nd60a - ok
21:25:51.0737 4652 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:25:51.0749 4652 BDESVC - ok
21:25:51.0758 4652 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:25:51.0788 4652 Beep - ok
21:25:51.0840 4652 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
21:25:51.0897 4652 BFE - ok
21:25:51.0923 4652 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
21:25:51.0963 4652 BITS - ok
21:25:51.0974 4652 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:25:51.0986 4652 blbdrive - ok
21:25:52.0050 4652 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:25:52.0074 4652 Bonjour Service - ok
21:25:52.0097 4652 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:25:52.0112 4652 bowser - ok
21:25:52.0128 4652 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:25:52.0145 4652 BrFiltLo - ok
21:25:52.0161 4652 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:25:52.0179 4652 BrFiltUp - ok
21:25:52.0211 4652 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
21:25:52.0224 4652 Browser - ok
21:25:52.0236 4652 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:25:52.0252 4652 Brserid - ok
21:25:52.0265 4652 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:25:52.0280 4652 BrSerWdm - ok
21:25:52.0288 4652 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:25:52.0302 4652 BrUsbMdm - ok
21:25:52.0317 4652 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:25:52.0328 4652 BrUsbSer - ok
21:25:52.0332 4652 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:25:52.0348 4652 BTHMODEM - ok
21:25:52.0387 4652 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:25:52.0429 4652 bthserv - ok
21:25:52.0434 4652 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:25:52.0471 4652 cdfs - ok
21:25:52.0493 4652 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:25:52.0505 4652 cdrom - ok
21:25:52.0516 4652 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
21:25:52.0548 4652 CertPropSvc - ok
21:25:52.0563 4652 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:25:52.0576 4652 circlass - ok
21:25:52.0603 4652 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:25:52.0617 4652 CLFS - ok
21:25:52.0679 4652 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:25:52.0698 4652 clr_optimization_v2.0.50727_32 - ok
21:25:52.0749 4652 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:25:52.0765 4652 clr_optimization_v2.0.50727_64 - ok
21:25:52.0815 4652 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:25:52.0833 4652 clr_optimization_v4.0.30319_32 - ok
21:25:52.0847 4652 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:25:52.0864 4652 clr_optimization_v4.0.30319_64 - ok
21:25:52.0895 4652 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:25:52.0907 4652 CmBatt - ok
21:25:52.0918 4652 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
21:25:52.0930 4652 cmdide - ok
21:25:52.0969 4652 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
21:25:52.0992 4652 CNG - ok
21:25:53.0010 4652 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:25:53.0019 4652 Compbatt - ok
21:25:53.0040 4652 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:25:53.0054 4652 CompositeBus - ok
21:25:53.0063 4652 COMSysApp - ok
21:25:53.0076 4652 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:25:53.0086 4652 crcdisk - ok
21:25:53.0130 4652 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:25:53.0142 4652 CryptSvc - ok
21:25:53.0171 4652 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:25:53.0210 4652 DcomLaunch - ok
21:25:53.0239 4652 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:25:53.0275 4652 defragsvc - ok
21:25:53.0304 4652 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:25:53.0315 4652 DfsC - ok
21:25:53.0326 4652 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
21:25:53.0344 4652 Dhcp - ok
21:25:53.0361 4652 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:25:53.0393 4652 discache - ok
21:25:53.0424 4652 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:25:53.0434 4652 Disk - ok
21:25:53.0470 4652 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:25:53.0483 4652 Dnscache - ok
21:25:53.0495 4652 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
21:25:53.0536 4652 dot3svc - ok
21:25:53.0557 4652 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
21:25:53.0591 4652 DPS - ok
21:25:53.0640 4652 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:25:53.0667 4652 drmkaud - ok
21:25:53.0698 4652 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:25:53.0733 4652 DXGKrnl - ok
21:25:53.0752 4652 [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
21:25:53.0766 4652 E1G60 - ok
21:25:53.0779 4652 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:25:53.0816 4652 EapHost - ok
21:25:53.0892 4652 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:25:53.0952 4652 ebdrv - ok
21:25:53.0971 4652 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
21:25:53.0982 4652 EFS - ok
21:25:54.0033 4652 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:25:54.0067 4652 ehRecvr - ok
21:25:54.0094 4652 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:25:54.0116 4652 ehSched - ok
21:25:54.0147 4652 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:25:54.0174 4652 elxstor - ok
21:25:54.0182 4652 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
21:25:54.0193 4652 ErrDev - ok
21:25:54.0224 4652 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:25:54.0259 4652 EventSystem - ok
21:25:54.0266 4652 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:25:54.0298 4652 exfat - ok
21:25:54.0313 4652 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:25:54.0345 4652 fastfat - ok
21:25:54.0374 4652 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
21:25:54.0390 4652 Fax - ok
21:25:54.0404 4652 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:25:54.0416 4652 fdc - ok
21:25:54.0432 4652 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:25:54.0463 4652 fdPHost - ok
21:25:54.0473 4652 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:25:54.0502 4652 FDResPub - ok
21:25:54.0519 4652 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:25:54.0527 4652 FileInfo - ok
21:25:54.0539 4652 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:25:54.0567 4652 Filetrace - ok
21:25:54.0581 4652 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:25:54.0590 4652 flpydisk - ok
21:25:54.0595 4652 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:25:54.0606 4652 FltMgr - ok
21:25:54.0634 4652 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
21:25:54.0652 4652 FontCache - ok
21:25:54.0683 4652 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:25:54.0690 4652 FontCache3.0.0.0 - ok
21:25:54.0706 4652 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:25:54.0715 4652 FsDepends - ok
21:25:54.0744 4652 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:25:54.0753 4652 Fs_Rec - ok
21:25:54.0788 4652 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:25:54.0802 4652 fvevol - ok
21:25:54.0819 4652 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:25:54.0830 4652 gagp30kx - ok
21:25:54.0856 4652 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:25:54.0864 4652 GEARAspiWDM - ok
21:25:54.0900 4652 [ 16C2A6BCDDA8952C2035DEC861492A19 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
21:25:54.0908 4652 ggflt - ok
21:25:54.0916 4652 [ 6B503DF845EABF3457E49FBBDA26C10E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
21:25:54.0925 4652 ggsemc - ok
21:25:54.0970 4652 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
21:25:54.0996 4652 gpsvc - ok
21:25:55.0061 4652 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
21:25:55.0077 4652 GREGService - ok
21:25:55.0102 4652 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
21:25:55.0119 4652 hamachi - ok
21:25:55.0236 4652 [ 785FD63B74B30986A9F2C7D965CA509F ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
21:25:55.0276 4652 Hamachi2Svc - ok
21:25:55.0286 4652 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:25:55.0297 4652 hcw85cir - ok
21:25:55.0327 4652 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:25:55.0343 4652 HdAudAddService - ok
21:25:55.0352 4652 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:25:55.0366 4652 HDAudBus - ok
21:25:55.0383 4652 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:25:55.0394 4652 HidBatt - ok
21:25:55.0405 4652 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:25:55.0421 4652 HidBth - ok
21:25:55.0432 4652 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:25:55.0445 4652 HidIr - ok
21:25:55.0476 4652 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:25:55.0509 4652 hidserv - ok
21:25:55.0537 4652 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:25:55.0547 4652 HidUsb - ok
21:25:55.0564 4652 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:25:55.0602 4652 hkmsvc - ok
21:25:55.0624 4652 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:25:55.0636 4652 HomeGroupListener - ok
21:25:55.0662 4652 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:25:55.0675 4652 HomeGroupProvider - ok
21:25:55.0678 4652 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
21:25:55.0688 4652 HpSAMD - ok
21:25:55.0713 4652 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:25:55.0750 4652 HTTP - ok
21:25:55.0767 4652 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:25:55.0776 4652 hwpolicy - ok
21:25:55.0798 4652 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:25:55.0809 4652 i8042prt - ok
21:25:55.0832 4652 [ BF5442DC14608D18949DC83DE37E667A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:25:55.0848 4652 iaStor - ok
21:25:55.0881 4652 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:25:55.0911 4652 iaStorV - ok
21:25:55.0968 4652 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:25:55.0992 4652 idsvc - ok
21:25:56.0002 4652 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:25:56.0011 4652 iirsp - ok
21:25:56.0048 4652 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
21:25:56.0088 4652 IKEEXT - ok
21:25:56.0162 4652 [ 6FECEB88CBB6E761E9194F5711F02102 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:25:56.0211 4652 IntcAzAudAddService - ok
21:25:56.0228 4652 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
21:25:56.0238 4652 intelide - ok
21:25:56.0251 4652 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:25:56.0261 4652 intelppm - ok
21:25:56.0279 4652 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:25:56.0314 4652 IPBusEnum - ok
21:25:56.0331 4652 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:25:56.0367 4652 IpFilterDriver - ok
21:25:56.0394 4652 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:25:56.0433 4652 iphlpsvc - ok
21:25:56.0436 4652 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:25:56.0446 4652 IPMIDRV - ok
21:25:56.0461 4652 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:25:56.0491 4652 IPNAT - ok
21:25:56.0532 4652 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:25:56.0547 4652 iPod Service - ok
21:25:56.0568 4652 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:25:56.0582 4652 IRENUM - ok
21:25:56.0595 4652 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
21:25:56.0605 4652 isapnp - ok
21:25:56.0616 4652 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:25:56.0629 4652 iScsiPrt - ok
21:25:56.0631 4652 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:25:56.0641 4652 kbdclass - ok
21:25:56.0658 4652 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:25:56.0667 4652 kbdhid - ok
21:25:56.0683 4652 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
21:25:56.0693 4652 KeyIso - ok
21:25:56.0712 4652 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:25:56.0722 4652 KSecDD - ok
21:25:56.0740 4652 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:25:56.0751 4652 KSecPkg - ok
21:25:56.0762 4652 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:25:56.0794 4652 ksthunk - ok
21:25:56.0819 4652 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:25:56.0851 4652 KtmRm - ok
21:25:56.0882 4652 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:25:56.0895 4652 LanmanServer - ok
21:25:56.0913 4652 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:25:56.0949 4652 LanmanWorkstation - ok
21:25:56.0992 4652 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
21:25:57.0010 4652 lirsgt - ok
21:25:57.0026 4652 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:25:57.0063 4652 lltdio - ok
21:25:57.0081 4652 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:25:57.0113 4652 lltdsvc - ok
21:25:57.0146 4652 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:25:57.0177 4652 lmhosts - ok
21:25:57.0206 4652 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:25:57.0216 4652 LSI_FC - ok
21:25:57.0229 4652 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:25:57.0239 4652 LSI_SAS - ok
21:25:57.0243 4652 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:25:57.0252 4652 LSI_SAS2 - ok
21:25:57.0255 4652 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:25:57.0265 4652 LSI_SCSI - ok
21:25:57.0269 4652 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:25:57.0298 4652 luafv - ok
21:25:57.0420 4652 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
21:25:57.0490 4652 LVUVC64 - ok
21:25:57.0537 4652 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:25:57.0553 4652 MBAMProtector - ok
21:25:57.0599 4652 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:25:57.0622 4652 MBAMScheduler - ok
21:25:57.0655 4652 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:25:57.0676 4652 MBAMService - ok
21:25:57.0689 4652 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:25:57.0701 4652 Mcx2Svc - ok
21:25:57.0709 4652 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:25:57.0718 4652 megasas - ok
21:25:57.0739 4652 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:25:57.0752 4652 MegaSR - ok
21:25:57.0790 4652 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:25:57.0823 4652 MMCSS - ok
21:25:57.0835 4652 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:25:57.0865 4652 Modem - ok
21:25:57.0880 4652 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:25:57.0893 4652 monitor - ok
21:25:57.0905 4652 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:25:57.0915 4652 mouclass - ok
21:25:57.0927 4652 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:25:57.0937 4652 mouhid - ok
21:25:57.0940 4652 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:25:57.0950 4652 mountmgr - ok
21:25:58.0007 4652 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:25:58.0027 4652 MozillaMaintenance - ok
21:25:58.0041 4652 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
21:25:58.0056 4652 mpio - ok
21:25:58.0060 4652 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:25:58.0101 4652 mpsdrv - ok
21:25:58.0131 4652 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:25:58.0175 4652 MpsSvc - ok
21:25:58.0191 4652 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:25:58.0206 4652 MRxDAV - ok
21:25:58.0229 4652 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:25:58.0240 4652 mrxsmb - ok
21:25:58.0266 4652 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:25:58.0279 4652 mrxsmb10 - ok
21:25:58.0311 4652 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:25:58.0323 4652 mrxsmb20 - ok
21:25:58.0337 4652 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
21:25:58.0347 4652 msahci - ok
21:25:58.0364 4652 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
21:25:58.0377 4652 msdsm - ok
21:25:58.0423 4652 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:25:58.0438 4652 MSDTC - ok
21:25:58.0456 4652 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:25:58.0494 4652 Msfs - ok
21:25:58.0511 4652 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:25:58.0543 4652 mshidkmdf - ok
21:25:58.0564 4652 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
21:25:58.0573 4652 msisadrv - ok
21:25:58.0623 4652 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:25:58.0685 4652 MSiSCSI - ok
21:25:58.0688 4652 msiserver - ok
21:25:58.0729 4652 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:25:58.0758 4652 MSKSSRV - ok
21:25:58.0772 4652 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:25:58.0801 4652 MSPCLOCK - ok
21:25:58.0804 4652 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:25:58.0833 4652 MSPQM - ok
21:25:58.0855 4652 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:25:58.0868 4652 MsRPC - ok
21:25:58.0879 4652 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:25:58.0889 4652 mssmbios - ok
21:25:58.0891 4652 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:25:58.0921 4652 MSTEE - ok
21:25:58.0936 4652 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:25:58.0946 4652 MTConfig - ok
21:25:58.0949 4652 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:25:58.0959 4652 Mup - ok
21:25:58.0972 4652 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
21:25:58.0979 4652 mwlPSDFilter - ok
21:25:58.0994 4652 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
21:25:59.0002 4652 mwlPSDNServ - ok
21:25:59.0014 4652 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
21:25:59.0022 4652 mwlPSDVDisk - ok
21:25:59.0067 4652 [ 3E5E20817259F7328C8F3BE5421F35B9 ] MWLService C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
21:25:59.0089 4652 MWLService - ok
21:25:59.0113 4652 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
21:25:59.0163 4652 napagent - ok
21:25:59.0183 4652 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:25:59.0206 4652 NativeWifiP - ok
21:25:59.0248 4652 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
21:25:59.0275 4652 NDIS - ok
21:25:59.0287 4652 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:25:59.0317 4652 NdisCap - ok
21:25:59.0325 4652 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:25:59.0356 4652 NdisTapi - ok
21:25:59.0370 4652 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:25:59.0400 4652 Ndisuio - ok
21:25:59.0409 4652 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:25:59.0441 4652 NdisWan - ok
21:25:59.0467 4652 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:25:59.0496 4652 NDProxy - ok
21:25:59.0617 4652 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
21:25:59.0657 4652 Nero BackItUp Scheduler 4.0 - ok
21:25:59.0674 4652 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:25:59.0713 4652 NetBIOS - ok
21:25:59.0718 4652 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:25:59.0748 4652 NetBT - ok
21:25:59.0754 4652 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
21:25:59.0765 4652 Netlogon - ok
21:25:59.0807 4652 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:25:59.0868 4652 Netman - ok
21:25:59.0892 4652 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:25:59.0927 4652 netprofm - ok
21:25:59.0948 4652 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:25:59.0956 4652 NetTcpPortSharing - ok
21:25:59.0985 4652 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:25:59.0995 4652 nfrd960 - ok
21:26:00.0010 4652 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:26:00.0048 4652 NlaSvc - ok
21:26:00.0144 4652 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
21:26:00.0217 4652 NOBU - ok
21:26:00.0220 4652 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:26:00.0250 4652 Npfs - ok
21:26:00.0259 4652 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:26:00.0289 4652 nsi - ok
21:26:00.0304 4652 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:26:00.0331 4652 nsiproxy - ok
21:26:00.0377 4652 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:26:00.0407 4652 Ntfs - ok
21:26:00.0419 4652 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:26:00.0447 4652 Null - ok
21:26:00.0484 4652 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:26:00.0493 4652 nvraid - ok
21:26:00.0508 4652 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:26:00.0519 4652 nvstor - ok
21:26:00.0544 4652 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
21:26:00.0554 4652 nv_agp - ok
21:26:00.0564 4652 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
21:26:00.0576 4652 ohci1394 - ok
21:26:00.0605 4652 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:26:00.0620 4652 p2pimsvc - ok
21:26:00.0647 4652 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:26:00.0663 4652 p2psvc - ok
21:26:00.0685 4652 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:26:00.0698 4652 Parport - ok
21:26:00.0715 4652 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:26:00.0727 4652 partmgr - ok
21:26:00.0739 4652 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:26:00.0758 4652 PcaSvc - ok
21:26:00.0800 4652 PCDSRVC{5368CD8C-7868C3EA-06020200}_0 - ok
21:26:00.0803 4652 PCDSRVC{B368CD8C-FA3611C4-06020200}_0 - ok
21:26:00.0824 4652 PCDSRVC{E368CD8C-4733001A-06020200}_0 - ok
21:26:00.0843 4652 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
21:26:00.0856 4652 pci - ok
21:26:00.0868 4652 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
21:26:00.0877 4652 pciide - ok
21:26:00.0888 4652 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:26:00.0900 4652 pcmcia - ok
21:26:00.0912 4652 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:26:00.0922 4652 pcw - ok
21:26:00.0940 4652 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:26:00.0975 4652 PEAUTH - ok
21:26:01.0033 4652 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:26:01.0057 4652 PerfHost - ok
21:26:01.0109 4652 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
21:26:01.0164 4652 pla - ok
21:26:01.0221 4652 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:26:01.0250 4652 PlugPlay - ok
21:26:01.0278 4652 PnkBstrA - ok
21:26:01.0296 4652 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:26:01.0310 4652 PNRPAutoReg - ok
21:26:01.0325 4652 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:26:01.0343 4652 PNRPsvc - ok
21:26:01.0375 4652 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:26:01.0425 4652 PolicyAgent - ok
21:26:01.0451 4652 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:26:01.0486 4652 Power - ok
21:26:01.0516 4652 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:26:01.0547 4652 PptpMiniport - ok
21:26:01.0562 4652 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:26:01.0573 4652 Processor - ok
21:26:01.0591 4652 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
21:26:01.0604 4652 ProfSvc - ok
21:26:01.0614 4652 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:26:01.0624 4652 ProtectedStorage - ok
21:26:01.0633 4652 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:26:01.0665 4652 Psched - ok
21:26:01.0710 4652 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:26:01.0754 4652 ql2300 - ok
21:26:01.0762 4652 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:26:01.0773 4652 ql40xx - ok
21:26:01.0799 4652 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:26:01.0817 4652 QWAVE - ok
21:26:01.0830 4652 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:26:01.0846 4652 QWAVEdrv - ok
21:26:01.0856 4652 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:26:01.0890 4652 RasAcd - ok
21:26:01.0911 4652 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:26:01.0942 4652 RasAgileVpn - ok
21:26:01.0953 4652 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:26:01.0986 4652 RasAuto - ok
21:26:01.0989 4652 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:26:02.0020 4652 Rasl2tp - ok
21:26:02.0037 4652 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
21:26:02.0070 4652 RasMan - ok
21:26:02.0073 4652 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:26:02.0103 4652 RasPppoe - ok
21:26:02.0117 4652 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:26:02.0145 4652 RasSstp - ok
21:26:02.0164 4652 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:26:02.0194 4652 rdbss - ok
21:26:02.0196 4652 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:26:02.0207 4652 rdpbus - ok
21:26:02.0219 4652 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:26:02.0247 4652 RDPCDD - ok
21:26:02.0261 4652 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:26:02.0289 4652 RDPENCDD - ok
21:26:02.0294 4652 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:26:02.0322 4652 RDPREFMP - ok
21:26:02.0350 4652 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:26:02.0363 4652 RDPWD - ok
21:26:02.0415 4652 [ E5DC9BA9E439D6DBDD79F8CAACB5BF01 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:26:02.0440 4652 rdyboost - ok
21:26:02.0473 4652 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:26:02.0515 4652 RemoteAccess - ok
21:26:02.0527 4652 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:26:02.0559 4652 RemoteRegistry - ok
21:26:02.0599 4652 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
21:26:02.0615 4652 RichVideo ( UnsignedFile.Multi.Generic ) - warning
21:26:02.0615 4652 RichVideo - detected UnsignedFile.Multi.Generic (1)
21:26:02.0626 4652 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:26:02.0677 4652 RpcEptMapper - ok
21:26:02.0693 4652 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:26:02.0706 4652 RpcLocator - ok
21:26:02.0746 4652 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
21:26:02.0821 4652 RpcSs - ok
21:26:02.0837 4652 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:26:02.0879 4652 rspndr - ok
21:26:02.0906 4652 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:26:02.0920 4652 RTL8167 - ok
21:26:02.0934 4652 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
21:26:02.0947 4652 SamSs - ok
21:26:02.0961 4652 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
21:26:02.0975 4652 sbp2port - ok
21:26:02.0991 4652 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:26:03.0034 4652 SCardSvr - ok
21:26:03.0048 4652 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:26:03.0078 4652 scfilter - ok
21:26:03.0123 4652 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
21:26:03.0152 4652 Schedule - ok
21:26:03.0171 4652 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:26:03.0207 4652 SCPolicySvc - ok
21:26:03.0224 4652 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:26:03.0235 4652 SDRSVC - ok
21:26:03.0254 4652 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:26:03.0287 4652 secdrv - ok
21:26:03.0292 4652 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
21:26:03.0325 4652 seclogon - ok
21:26:03.0334 4652 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:26:03.0365 4652 SENS - ok
21:26:03.0368 4652 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:26:03.0378 4652 SensrSvc - ok
21:26:03.0392 4652 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:26:03.0402 4652 Serenum - ok
21:26:03.0428 4652 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:26:03.0438 4652 Serial - ok
21:26:03.0468 4652 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:26:03.0479 4652 sermouse - ok
21:26:03.0494 4652 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
21:26:03.0525 4652 SessionEnv - ok
21:26:03.0549 4652 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
21:26:03.0559 4652 sffdisk - ok
21:26:03.0562 4652 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:26:03.0571 4652 sffp_mmc - ok
21:26:03.0577 4652 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
21:26:03.0588 4652 sffp_sd - ok
21:26:03.0603 4652 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:26:03.0613 4652 sfloppy - ok
21:26:03.0639 4652 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:26:03.0676 4652 SharedAccess - ok
21:26:03.0728 4652 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:26:03.0760 4652 ShellHWDetection - ok
21:26:03.0784 4652 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:26:03.0795 4652 SiSRaid2 - ok
21:26:03.0812 4652 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:26:03.0823 4652 SiSRaid4 - ok
21:26:03.0873 4652 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:26:03.0892 4652 SkypeUpdate - ok
21:26:03.0901 4652 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:26:03.0958 4652 Smb - ok
21:26:03.0969 4652 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:26:03.0982 4652 SNMPTRAP - ok
21:26:04.0065 4652 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
21:26:04.0082 4652 Sony PC Companion - ok
21:26:04.0103 4652 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:26:04.0117 4652 spldr - ok
21:26:04.0150 4652 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
21:26:04.0173 4652 Spooler - ok
21:26:04.0251 4652 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
21:26:04.0296 4652 sppsvc - ok
21:26:04.0306 4652 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:26:04.0338 4652 sppuinotify - ok
21:26:04.0364 4652 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:26:04.0376 4652 srv - ok
21:26:04.0389 4652 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:26:04.0401 4652 srv2 - ok
21:26:04.0414 4652 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:26:04.0426 4652 srvnet - ok
21:26:04.0444 4652 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:26:04.0480 4652 SSDPSRV - ok
21:26:04.0493 4652 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:26:04.0527 4652 SstpSvc - ok
21:26:04.0542 4652 Steam Client Service - ok
21:26:04.0557 4652 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:26:04.0566 4652 stexstor - ok
21:26:04.0593 4652 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
21:26:04.0613 4652 stisvc - ok
21:26:04.0623 4652 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:26:04.0632 4652 swenum - ok
21:26:04.0660 4652 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:26:04.0694 4652 swprv - ok
21:26:04.0736 4652 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
21:26:04.0768 4652 SysMain - ok
21:26:04.0778 4652 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:26:04.0794 4652 TabletInputService - ok
21:26:04.0809 4652 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
21:26:04.0842 4652 TapiSrv - ok
21:26:04.0855 4652 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:26:04.0884 4652 TBS - ok
21:26:04.0937 4652 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:26:04.0972 4652 Tcpip - ok
21:26:05.0010 4652 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:26:05.0047 4652 TCPIP6 - ok
21:26:05.0055 4652 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:26:05.0091 4652 tcpipreg - ok
21:26:05.0099 4652 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:26:05.0108 4652 TDPIPE - ok
21:26:05.0128 4652 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:26:05.0137 4652 TDTCP - ok
21:26:05.0158 4652 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:26:05.0188 4652 tdx - ok
21:26:05.0285 4652 [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
21:26:05.0340 4652 TeamViewer7 - ok
21:26:05.0344 4652 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:26:05.0353 4652 TermDD - ok
21:26:05.0376 4652 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
21:26:05.0415 4652 TermService - ok
21:26:05.0430 4652 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:26:05.0444 4652 Themes - ok
21:26:05.0458 4652 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:26:05.0489 4652 THREADORDER - ok
21:26:05.0503 4652 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:26:05.0534 4652 TrkWks - ok
21:26:05.0582 4652 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:26:05.0594 4652 TrustedInstaller - ok
21:26:05.0606 4652 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:26:05.0638 4652 tssecsrv - ok
21:26:05.0660 4652 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:26:05.0691 4652 tunnel - ok
21:26:05.0708 4652 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:26:05.0717 4652 uagp35 - ok
21:26:05.0741 4652 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:26:05.0776 4652 udfs - ok
21:26:05.0795 4652 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:26:05.0807 4652 UI0Detect - ok
21:26:05.0829 4652 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
21:26:05.0838 4652 uliagpkx - ok
21:26:05.0862 4652 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:26:05.0873 4652 umbus - ok
21:26:05.0885 4652 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:26:05.0896 4652 UmPass - ok
21:26:05.0945 4652 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
21:26:05.0973 4652 UMVPFSrv - ok
21:26:06.0020 4652 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
21:26:06.0041 4652 Updater Service - ok
21:26:06.0062 4652 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:26:06.0110 4652 upnphost - ok
21:26:06.0145 4652 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:26:06.0154 4652 USBAAPL64 - ok
21:26:06.0207 4652 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:26:06.0233 4652 usbaudio - ok
21:26:06.0252 4652 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:26:06.0266 4652 usbccgp - ok
21:26:06.0281 4652 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
21:26:06.0299 4652 usbcir - ok
21:26:06.0315 4652 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\drivers\usbehci.sys
21:26:06.0328 4652 usbehci - ok
21:26:06.0355 4652 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:26:06.0371 4652 usbhub - ok
21:26:06.0390 4652 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:26:06.0403 4652 usbohci - ok
21:26:06.0423 4652 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:26:06.0442 4652 usbprint - ok
21:26:06.0487 4652 [ B5E6C4F280EBF0B16F74A5B415F2E0DF ] USBS3S4Detection C:\OEM\USBDECTION\USBS3S4Detection.exe
21:26:06.0498 4652 USBS3S4Detection - ok
21:26:06.0513 4652 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:26:06.0528 4652 USBSTOR - ok
21:26:06.0545 4652 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:26:06.0559 4652 usbuhci - ok
21:26:06.0588 4652 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
21:26:06.0603 4652 usbvideo - ok
21:26:06.0626 4652 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:26:06.0673 4652 UxSms - ok
21:26:06.0690 4652 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
21:26:06.0701 4652 VaultSvc - ok
21:26:06.0721 4652 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
21:26:06.0731 4652 vdrvroot - ok
21:26:06.0750 4652 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
21:26:06.0768 4652 vds - ok
21:26:06.0790 4652 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:26:06.0806 4652 vga - ok
21:26:06.0820 4652 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:26:06.0859 4652 VgaSave - ok
21:26:06.0878 4652 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
21:26:06.0889 4652 vhdmp - ok
21:26:06.0903 4652 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
21:26:06.0912 4652 viaide - ok
21:26:06.0928 4652 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
21:26:06.0938 4652 volmgr - ok
21:26:06.0944 4652 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:26:06.0959 4652 volmgrx - ok
21:26:06.0985 4652 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:26:06.0999 4652 volsnap - ok
21:26:07.0028 4652 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:26:07.0040 4652 vsmraid - ok
21:26:07.0082 4652 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
21:26:07.0112 4652 VSS - ok
21:26:07.0126 4652 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:26:07.0141 4652 vwifibus - ok
21:26:07.0154 4652 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:26:07.0188 4652 W32Time - ok
21:26:07.0204 4652 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:26:07.0215 4652 WacomPen - ok
21:26:07.0229 4652 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:26:07.0261 4652 WANARP - ok
21:26:07.0264 4652 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:26:07.0295 4652 Wanarpv6 - ok
21:26:07.0326 4652 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
21:26:07.0349 4652 wbengine - ok
21:26:07.0363 4652 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:26:07.0379 4652 WbioSrvc - ok
21:26:07.0410 4652 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:26:07.0424 4652 wcncsvc - ok
21:26:07.0436 4652 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:26:07.0449 4652 WcsPlugInService - ok
21:26:07.0452 4652 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:26:07.0461 4652 Wd - ok
21:26:07.0495 4652 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:26:07.0515 4652 Wdf01000 - ok
21:26:07.0530 4652 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:26:07.0546 4652 WdiServiceHost - ok
21:26:07.0549 4652 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:26:07.0565 4652 WdiSystemHost - ok
21:26:07.0580 4652 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
21:26:07.0592 4652 WebClient - ok
21:26:07.0608 4652 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:26:07.0640 4652 Wecsvc - ok
21:26:07.0652 4652 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:26:07.0681 4652 wercplsupport - ok
21:26:07.0705 4652 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:26:07.0737 4652 WerSvc - ok
21:26:07.0751 4652 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:26:07.0783 4652 WfpLwf - ok
21:26:07.0789 4652 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:26:07.0798 4652 WIMMount - ok
21:26:07.0827 4652 WinDefend - ok
21:26:07.0830 4652 WinHttpAutoProxySvc - ok
21:26:07.0868 4652 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:26:07.0904 4652 Winmgmt - ok
21:26:07.0948 4652 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
21:26:08.0024 4652 WinRM - ok
21:26:08.0081 4652 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:26:08.0104 4652 WinUsb - ok
21:26:08.0131 4652 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:26:08.0155 4652 Wlansvc - ok
21:26:08.0186 4652 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:26:08.0193 4652 wlcrasvc - ok
21:26:08.0334 4652 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:26:08.0412 4652 wlidsvc - ok
21:26:08.0437 4652 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:26:08.0457 4652 WmiAcpi - ok
21:26:08.0481 4652 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:26:08.0506 4652 wmiApSrv - ok
21:26:08.0555 4652 WMPNetworkSvc - ok
21:26:08.0568 4652 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:26:08.0589 4652 WPCSvc - ok
21:26:08.0601 4652 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:26:08.0614 4652 WPDBusEnum - ok
21:26:08.0635 4652 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:26:08.0669 4652 ws2ifsl - ok
21:26:08.0689 4652 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
21:26:08.0702 4652 wscsvc - ok
21:26:08.0705 4652 WSearch - ok
21:26:08.0770 4652 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:26:08.0808 4652 wuauserv - ok
21:26:08.0840 4652 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:26:08.0858 4652 WudfPf - ok
21:26:08.0891 4652 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:26:08.0903 4652 WUDFRd - ok
21:26:08.0935 4652 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:26:08.0949 4652 wudfsvc - ok
21:26:08.0962 4652 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:26:08.0983 4652 WwanSvc - ok
21:26:09.0000 4652 ================ Scan global ===============================
21:26:09.0014 4652 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:26:09.0044 4652 [ C4C551E6AB333C0EB812A3A4672E89DB ] C:\Windows\system32\winsrv.dll
21:26:09.0051 4652 [ C4C551E6AB333C0EB812A3A4672E89DB ] C:\Windows\system32\winsrv.dll
21:26:09.0065 4652 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:26:09.0091 4652 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:26:09.0094 4652 [Global] - ok
21:26:09.0095 4652 ================ Scan MBR ==================================
21:26:09.0104 4652 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:26:09.0366 4652 \Device\Harddisk0\DR0 - ok
21:26:09.0367 4652 ================ Scan VBR ==================================
21:26:09.0370 4652 [ 0C178D43B4E9FA915F5B7F7F8312BA2F ] \Device\Harddisk0\DR0\Partition1
21:26:09.0372 4652 \Device\Harddisk0\DR0\Partition1 - ok
21:26:09.0387 4652 [ 4EB4C883CA7BBA6C05EDAB1CB53B335A ] \Device\Harddisk0\DR0\Partition2
21:26:09.0390 4652 \Device\Harddisk0\DR0\Partition2 - ok
21:26:09.0407 4652 [ AC987A840BE4F9706C4914DE7BB5B200 ] \Device\Harddisk0\DR0\Partition3
21:26:09.0411 4652 \Device\Harddisk0\DR0\Partition3 - ok
21:26:09.0411 4652 ============================================================
21:26:09.0411 4652 Scan finished
21:26:09.0412 4652 ============================================================
21:26:09.0423 2568 Detected object count: 1
21:26:09.0423 2568 Actual detected object count: 1
21:26:13.0835 2568 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
21:26:13.0836 2568 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:27:07.0829 1432 Deinitialize success
|
|
15.01.2013, 21:34
| #7 | |
| /// Malware-holic | YouTube Virus hi das ist meine Signatur, wir sammeln spam zur analyse, wenn du sowas bekommst, gerne her damit. combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.01.2013, 22:01
| #8 |
| | YouTube VirusCode:
ATTFilter ComboFix 13-01-15.02 - Thomser 15.01.2013 21:45:41.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.6135.4773 [GMT 1:00]
ausgeführt von:: c:\users\Thomser\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-15 bis 2013-01-15 ))))))))))))))))))))))))))))))
.
.
2013-01-13 18:43 . 2013-01-13 18:43 -------- d-----w- c:\programdata\ATI
2013-01-13 18:42 . 2013-01-13 18:42 -------- d-----w- c:\program files (x86)\AMD APP
2013-01-13 18:38 . 2013-01-13 18:38 -------- d-----w- C:\AMD
2013-01-12 20:39 . 2013-01-12 20:39 -------- d-----w- c:\users\Thomser\AppData\Local\Programs
2013-01-12 20:11 . 2013-01-12 20:11 -------- d-----w- c:\users\Thomser\AppData\Roaming\Gyazo
2013-01-12 20:10 . 2013-01-12 20:10 -------- d-----w- c:\program files (x86)\Gyazo
2013-01-09 13:16 . 2012-11-09 05:34 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 13:16 . 2012-11-09 04:49 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-12-27 20:11 . 2012-12-27 20:11 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-12-23 21:38 . 2012-12-23 21:38 -------- d-----w- c:\users\Thomser\AppData\Roaming\TuneUp Software
2012-12-23 21:38 . 2012-12-23 21:38 -------- d-----w- c:\programdata\TuneUp Software
2012-12-23 21:38 . 2012-12-23 21:38 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-12-23 21:38 . 2012-12-23 21:38 -------- d--h--w- c:\programdata\Common Files
2012-12-23 21:38 . 2012-12-23 21:38 -------- d-----w- C:\Mozilla
2012-12-23 21:38 . 2012-12-23 21:38 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2012-12-21 11:27 . 2012-12-16 16:52 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 11:27 . 2012-12-16 14:25 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 11:27 . 2012-12-16 14:40 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 11:27 . 2012-12-16 14:25 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-20 11:44 . 2012-12-20 11:44 -------- d-----w- c:\program files (x86)\Microsoft XNA
2012-12-20 11:08 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-12-20 11:08 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-12-19 14:55 . 2012-12-19 14:56 -------- d-----w- c:\users\Thomser\AppData\Local\Risen
2012-12-19 14:53 . 2012-12-19 14:53 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-12-19 14:53 . 2012-12-19 14:53 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-12-19 14:53 . 2012-12-19 14:53 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2012-12-19 14:48 . 2012-12-19 14:48 -------- d-----w- c:\program files (x86)\Deep Silver
2012-12-18 13:00 . 2012-12-18 13:00 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-12-17 15:59 . 2012-12-17 15:59 -------- d-----w- c:\users\Thomser\AppData\Local\Activision
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 17:11 . 2012-11-20 19:00 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 17:11 . 2012-11-20 19:00 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-14 15:49 . 2012-10-05 18:32 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-11 14:40 . 2012-10-16 12:18 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-11 14:40 . 2012-10-16 12:18 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-03 15:27 . 2012-12-03 15:27 27760 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-12-03 15:27 . 2012-12-03 15:27 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-12-03 15:27 . 2012-12-03 15:27 14448 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-11-30 04:56 . 2013-01-09 13:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-25 11:05 . 2012-11-20 21:09 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-11-25 11:05 . 2012-11-20 21:07 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-25 10:39 . 2012-11-20 21:07 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-11-24 22:24 . 2012-11-20 21:07 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-09 05:34 . 2012-12-12 15:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:49 . 2012-12-12 15:17 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:27 . 2012-12-12 15:17 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 04:48 . 2012-12-12 15:17 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-12-20 1521952]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-12-20 20:56 1521952 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-12-20 1521952]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 03:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-03 1354736]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-08-31 896912]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2012-09-12 445624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\OOTag.exe" [2010-02-23 13856]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2010-06-29 124136]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-12-20 1574176]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
.
c:\users\Thomser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-12-03 14448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 PCDSRVC{5368CD8C-7868C3EA-06020200}_0;PCDSRVC{5368CD8C-7868C3EA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\admini~1\appdata\local\temp\2reivtudvrk_\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
R3 PCDSRVC{B368CD8C-FA3611C4-06020200}_0;PCDSRVC{B368CD8C-FA3611C4-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\admini~1\appdata\local\temp\bimr.x1bgcrb\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
R3 PCDSRVC{E368CD8C-4733001A-06020200}_0;PCDSRVC{E368CD8C-4733001A-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\admini~1\appdata\local\temp\eefckdgcxzg2\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-12-11 565024]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 60747576
*NewlyCreated* - 99704048
*Deregistered* - 60747576
*Deregistered* - 99704048
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-20 17:11]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3403330043-3658068796-4252196347-1001Core.job
- c:\users\Thomser\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31 17:30]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3403330043-3658068796-4252196347-1001UA.job
- c:\users\Thomser\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-31 17:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 03:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-12 9955872]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Thomser\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Thomser\AppData\Roaming\Mozilla\Firefox\Profiles\4rb8edhf.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=7ec784cd-289c-488b-82b3-48f89c48eaf5&apn_ptnrs=%5EAGS&apn_sauid=677678D3-6D6A-443A-BF30-074C198AB737&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF - ExtSQL: 2012-12-23 22:38; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file)
AddRemove-MTA:SA 1.3 - c:\users\Thomser\Desktop\GtaSa\GTA - San Andreas\Uninstall.exe
AddRemove-{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1 - c:\games\World_of_Tanks\unins000.exe
AddRemove-SOE- - c:\users\Public\Sony Online Entertainment\Installed Games\Uninstaller.exe
AddRemove-PlanetSide 2 PSG - c:\users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2 PSG\Uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{5368CD8C-7868C3EA-06020200}_0]
"ImagePath"="\??\c:\users\admini~1\appdata\local\temp\2reivtudvrk_\pcdrdiag\bin\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{B368CD8C-FA3611C4-06020200}_0]
"ImagePath"="\??\c:\users\admini~1\appdata\local\temp\bimr.x1bgcrb\pcdrdiag\bin\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{E368CD8C-4733001A-06020200}_0]
"ImagePath"="\??\c:\users\admini~1\appdata\local\temp\eefckdgcxzg2\pcdrdiag\bin\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-15 21:56:49
ComboFix-quarantined-files.txt 2013-01-15 20:56
.
Vor Suchlauf: 13 Verzeichnis(se), 569.258.151.936 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 569.156.866.048 Bytes frei
.
- - End Of File - - 0856026918F0C4BE61DAE0BED922EFAF
|
|
15.01.2013, 22:04
| #9 |
| /// Malware-holic | YouTube Virus frage: sind deine Passwörter zu erraten, oder sind es zufällige Buchstaben und Zahlenkombis?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.01.2013, 22:06
| #10 |
| | YouTube Virus Nun ja das ist unterschiedlich bei manchen sachen hab ich ein passwort dass man eigentlich nicht so leicht erraten sollte aber bei anderen sachen hab ich ein einfach zusammengestelltes passwort |
|
15.01.2013, 22:07
| #11 |
| /// Malware-holic | YouTube Virus wir sprechen von youtube :-) oder gabs noch probleme mit anderen accs?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.01.2013, 22:09
| #12 |
| | YouTube Virus Achso bei YouTube hab ich ein Passwort dass man nicht so leicht herraus findet und mit anderen Accounts hatte ich eig noch nie Probleme... |
|
15.01.2013, 22:15
| #13 |
| /// Malware-holic | YouTube Virus malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.01.2013, 22:20
| #14 |
| | YouTube Virus uh... das kann jetzt ein paar stunden dauern  |
|
15.01.2013, 22:21
| #15 |
| /// Malware-holic | YouTube Virus lass einfach laufen und meld dich, wenns so weit ist
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu YouTube Virus |
| 100%, account, ahnung, andere, anderen, apple, auf einmal, fakelink, free, gefunde, hallo zusammen, kommentare, legit, link, problem, quick, sending, this, usern, vermute, virus, website, white, wirklich, youtube, zusammen |
Linear-Darstellung
