| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-MeldungenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.01.2013, 12:14
| #1 |
 |  C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen Hallo Community, ich habe letztens einen vollständigen System-Scan mit AntiVir durchgeführt. Es gab während dessen meherer Funde. Ich hab die betroffenen Dateien anschließend In Quarantäne schieben lassen. Seitdem taucht die im Thema genannte Meldung auf. Leider kann ich denn ausführlichen Bericht von AntiVir nicht mehr posten das AntiVir diesen aufgrund ungünstiger Einstellung schon automatisch gelöscht hat. Anbei hab ich zumindest Log-Files der Fundsachen angefügt. Wie sollte ich ich jetzt vorgehen? MfG Typ: Datei Quelle: C:\Users\bumblebee\wgsdgsdgdsgsd.dll Status: Infiziert Quarantäne-Objekt: 54db098b.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.224 Virendefinitionsdatei: 7.11.54.132 Meldung: TR/Crypt.ZPACK.Gen8 Datum/Uhrzeit: 21.12.2012, 00:41 Typ: Datei Quelle: C:\Users\bumblebee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\6e15cd83-5420b045 Status: Infiziert Quarantäne-Objekt: 781202ab.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.222 Virendefinitionsdatei: 7.11.54.118 Meldung: EXP/2008-5353.AO.1 Datum/Uhrzeit: 21.12.2012, 00:06 Typ: Datei Quelle: C:\Users\bumblebee\AppData\Local\Temp\jar_cache9048985776644632411.tmp Status: Infiziert Quarantäne-Objekt: 42cc1df0.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.222 Virendefinitionsdatei: 7.11.54.118 Meldung: EXP/2010-0840.CQ.2 Datum/Uhrzeit: 21.12.2012, 00:06 Typ: Datei Quelle: D:\Dokumente und Einstellungen\Bumblebee\Eigene Dateien\Downloads\Partition+Magic.exe Status: Infiziert Quarantäne-Objekt: 54ac3822.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.222 Virendefinitionsdatei: 7.11.54.118 Meldung: APPL/Solimba.Gen Datum/Uhrzeit: 21.12.2012, 00:06 Typ: Datei Quelle: D:\Dokumente und Einstellungen\Bumblebee\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27\58ce481b-3f008b81 Status: Infiziert Quarantäne-Objekt: 4c4817fc.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.222 Virendefinitionsdatei: 7.11.54.118 Meldung: TR/Maljava.A.86 Datum/Uhrzeit: 21.12.2012, 00:06 Typ: Datei Quelle: C:\Users\bumblebee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\2a0e8e8c-462637e0 Status: Infiziert Quarantäne-Objekt: 3d912f91.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.222 Virendefinitionsdatei: 7.11.54.118 Meldung: EXP/CVE-2012-0507.A.434 Datum/Uhrzeit: 21.12.2012, 00:06 Typ: Datei Quelle: C:\Users\bumblebee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\3192f7e9-6c9274eb Status: Infiziert Quarantäne-Objekt: 1e2d4d1d.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.222 Virendefinitionsdatei: 7.11.54.118 Meldung: EXP/CVE-2012-4681.A.165 Datum/Uhrzeit: 21.12.2012, 00:06 Typ: Datei Quelle: C:\Users\bumblebee\Downloads\flvplayer-setup.exe Status: Infiziert Quarantäne-Objekt: 56bb941e.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.132 Virendefinitionsdatei: 7.11.40.176 Meldung: ADWARE/DownAdmin.D Datum/Uhrzeit: 23.08.2012, 16:06 Typ: Datei Quelle: C:\Program Files (x86)\FoxTabFLVPlayer\FLVPlayer.exe Status: Infiziert Quarantäne-Objekt: 55e98e20.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.120 Virendefinitionsdatei: 7.11.38.48 Meldung: ADWARE/InstallCore.Gen Datum/Uhrzeit: 31.07.2012, 20:34 Typ: Datei Quelle: C:\Users\bumblebee\Downloads\FLVPlayer30Upgrade.exe Status: Infiziert Quarantäne-Objekt: 56970d54.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.120 Virendefinitionsdatei: 7.11.38.48 Meldung: APPL/InstallIQ.Gen5 Datum/Uhrzeit: 31.07.2012, 12:12 Typ: Datei Quelle: F:\Qoobox\Quarantine\C\Users\Clifford\AppData\Local\{0533EE76-5A3E-44BC-8152-9CCCA3A5EC43}\chrome\content\overlay.xul.vir Status: Infiziert Quarantäne-Objekt: 565c080b.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.80 Virendefinitionsdatei: 7.11.32.52 Meldung: JS/Hiloti.C.1 Datum/Uhrzeit: 07.06.2012, 15:24 Typ: Datei Quelle: C:\Users\bumblebee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\1974269c-151bbcb2 Status: Infiziert Quarantäne-Objekt: 416c18e3.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.80 Virendefinitionsdatei: 7.11.32.52 Meldung: EXP/CVE-2011-3544 Datum/Uhrzeit: 07.06.2012, 14:22 Typ: Datei Quelle: C:\Users\bumblebee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\2db9d472-222cbe67 Status: Infiziert Quarantäne-Objekt: 1df14811.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.80 Virendefinitionsdatei: 7.11.32.52 Meldung: EXP/JAVA.Ternub.Gen Datum/Uhrzeit: 07.06.2012, 14:22 Typ: Datei Quelle: C:\Users\bumblebee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\5f0ec4a2-3afff761 Status: Infiziert Quarantäne-Objekt: 3e702aef.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.80 Virendefinitionsdatei: 7.11.32.52 Meldung: EXP/CVE-2010-0840 Datum/Uhrzeit: 07.06.2012, 14:22 Typ: Datei Quelle: C:\Users\bumblebee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\3f397e29-6ba6de1f Status: Infiziert Quarantäne-Objekt: 7bf707d1.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.80 Virendefinitionsdatei: 7.11.32.52 Meldung: EXP/JAVA.Ternub.Gen Datum/Uhrzeit: 07.06.2012, 14:22 Typ: Datei Quelle: C:\Users\bumblebee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\17db837e-13a9b831 Status: Infiziert Quarantäne-Objekt: 573f3d33.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.80 Virendefinitionsdatei: 7.11.32.52 Meldung: EXP/CVE-2010-0840.HD Datum/Uhrzeit: 07.06.2012, 14:22 Typ: Datei Quelle: C:\Users\bumblebee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\72cecafd-78b8ac04 Status: Infiziert Quarantäne-Objekt: 4faf12af.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.80 Virendefinitionsdatei: 7.11.32.52 Meldung: EXP/JAVA.Ternub.Gen Datum/Uhrzeit: 07.06.2012, 14:22 Typ: Datei Quelle: C:\Users\bumblebee\AppData\Local\Mozilla\Firefox\Profiles\di0dag23.default\Cache\4\B9\68289d01 Status: Infiziert Quarantäne-Objekt: 497403a5.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.28 Virendefinitionsdatei: 7.11.26.88 Meldung: HTML/Malicious.PDF.Gen Datum/Uhrzeit: 29.03.2012, 20:53 Typ: Datei Quelle: C:\Users\bumblebee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\43c9a235-36143bd0 Status: Infiziert Quarantäne-Objekt: 4a4b0549.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.10.28 Virendefinitionsdatei: 7.11.26.88 Meldung: EXP/CVE-2011-3544 Datum/Uhrzeit: 29.03.2012, 20:53 Typ: Datei Quelle: C:\Users\bumblebee\AppData\Local\Temp\plugtmp-21\plugin-xnivhphmxwiukoi.pdf Status: Infiziert Quarantäne-Objekt: 4acb64dd.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.08.44 Virendefinitionsdatei: 7.11.21.193 Meldung: EXP/Pidief.ajl Datum/Uhrzeit: 27.01.2012, 17:15 Typ: Datei Quelle: C:\Users\bumblebee\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys Status: Infiziert Quarantäne-Objekt: 4a5ee82f.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.08.34 Virendefinitionsdatei: 7.11.21.141 Meldung: TR/Crypt.ZPACK.Gen Datum/Uhrzeit: 25.01.2012, 01:06 Typ: Datei Quelle: C:\Users\bumblebee\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys Status: Infiziert Quarantäne-Objekt: 4a4c42ff.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.08.34 Virendefinitionsdatei: 7.11.21.141 Meldung: TR/Crypt.ZPACK.Gen Datum/Uhrzeit: 24.01.2012, 18:23 |
|
22.01.2013, 12:17
| #2 |
| /// Malware-holic   | C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
22.01.2013, 12:41
| #3 |
| | C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 22.01.2013 12:22:02 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\bumblebee\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,90 Gb Available Physical Memory | 72,59% Memory free 8,00 Gb Paging File | 6,57 Gb Available in Paging File | 82,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 244,14 Gb Total Space | 119,10 Gb Free Space | 48,78% Space Free | Partition Type: NTFS Drive D: | 210,52 Gb Total Space | 102,24 Gb Free Space | 48,57% Space Free | Partition Type: NTFS Drive E: | 11,10 Gb Total Space | 11,01 Gb Free Space | 99,21% Space Free | Partition Type: NTFS Drive F: | 6,42 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 7,59 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: TRANSISTOR | User Name: bumblebee | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.22 12:20:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bumblebee\Desktop\OTL.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.12 10:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe PRC - [2012.11.30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2012.08.08 12:15:27 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.06.28 16:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2012.06.21 17:43:16 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.05.08 13:34:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 10:13:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2011.11.18 16:11:22 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe PRC - [2009.05.18 13:29:16 | 003,866,624 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe ========== Modules (No Company Name) ========== MOD - [2012.11.30 03:07:48 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2012.11.30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ========== Services (SafeList) ========== SRV:64bit: - [2012.09.28 02:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.03.15 17:38:30 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.01.21 13:16:01 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.09 01:14:17 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.10.19 16:56:30 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.09.11 13:57:17 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.06.21 17:43:16 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.05.08 13:34:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 10:13:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.09.28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.09.21 20:03:12 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2012.09.21 20:03:12 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.05.08 13:34:35 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 13:34:35 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.15 17:38:30 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2011.10.19 16:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.09.30 20:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.09.30 20:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.01.07 03:20:22 | 000,448,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187.sys -- (RTL8187) DRV:64bit: - [2009.09.28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=100482&babsrc=SP_ss&mntrId=b829ebd10000000000000015af28c496 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Yahoo" FF - prefs.js..browser.search.order.2: "Search the web (Babylon)" FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20120102,16981,0,26,0" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher%40ea.com:5.0.140.0 FF - prefs.js..extensions.enabledAddons: battlefieldplay4free%40ea.com:1.0.66.2 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.6 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden) FF - HKLM\Software\MozillaPlugins\@innoplus.de/inoPanoViewer: C:\Program Files (x86)\innoPlus\Rundum-Betrachter-innoPlus\npirsviewer.dll (INNOVA-engineering GmbH Dresden) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.11.22 12:54:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.21 13:16:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.21 13:16:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.14 12:16:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.01.14 12:16:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.21 13:16:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.21 13:16:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.14 12:16:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.01.14 12:16:15 | 000,000,000 | ---D | M] [2011.11.17 21:49:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bumblebee\AppData\Roaming\mozilla\Extensions [2013.01.18 19:22:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bumblebee\AppData\Roaming\mozilla\Firefox\Profiles\di0dag23.default\extensions [2012.10.28 19:41:24 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\bumblebee\AppData\Roaming\mozilla\Firefox\Profiles\di0dag23.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} [2011.11.30 18:32:19 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\bumblebee\AppData\Roaming\mozilla\Firefox\Profiles\di0dag23.default\extensions\2020Player_IKEA@2020Technologies.com [2012.06.11 13:11:44 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\bumblebee\AppData\Roaming\mozilla\Firefox\Profiles\di0dag23.default\extensions\battlefieldheroespatcher@ea.com [2012.06.14 11:22:44 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\bumblebee\AppData\Roaming\mozilla\Firefox\Profiles\di0dag23.default\extensions\battlefieldplay4free@ea.com [2013.01.18 19:22:45 | 000,266,840 | ---- | M] () (No name found) -- C:\Users\bumblebee\AppData\Roaming\mozilla\firefox\profiles\di0dag23.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013.01.21 13:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.21 13:16:01 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.09 00:17:04 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.08.29 13:33:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.09 01:32:58 | 000,002,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll (PriceGong) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.117.1.25 89.16.129.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3705DFE0-6E76-4EB1-8044-8ADF5BCBA054}: DhcpNameServer = 62.117.1.25 89.16.129.25 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.05.01 13:21:49 | 001,418,544 | R--- | M] (Codemasters Software Co.) - F:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2008.02.26 14:51:29 | 000,000,067 | R--- | M] () - F:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2011.02.28 17:42:54 | 000,467,168 | R--- | M] (Electronic Arts) - G:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2011.02.28 17:58:30 | 000,000,000 | ---D | M] - G:\Autorun -- [ CDFS ] O32 - AutoRun File - [2011.02.28 17:58:24 | 003,582,976 | R--- | M] () - G:\autorun.dat -- [ CDFS ] O32 - AutoRun File - [2011.02.28 17:58:24 | 000,000,152 | R--- | M] () - G:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{25a55bee-041e-11e2-a197-001d60390bac}\Shell - "" = AutoRun O33 - MountPoints2\{25a55bee-041e-11e2-a197-001d60390bac}\Shell\AutoRun\command - "" = L:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.01.22 12:20:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\bumblebee\Desktop\OTL.exe [2013.01.22 11:53:35 | 000,000,000 | ---D | C] -- C:\Users\bumblebee\Desktop\mbar [2013.01.21 13:15:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.14 12:16:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.01.08 23:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 ========== Files - Modified Within 30 Days ========== [2013.01.22 12:20:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bumblebee\Desktop\OTL.exe [2013.01.22 12:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.22 11:54:04 | 000,000,998 | ---- | M] () -- C:\Users\bumblebee\Desktop\mbar - Verknüpfung.lnk [2013.01.22 11:46:59 | 000,025,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.22 11:46:59 | 000,025,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.22 11:39:33 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.22 11:39:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.22 11:39:19 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys [2013.01.22 00:37:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.13 23:46:17 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.01.13 23:46:17 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.01.13 23:46:00 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.01.09 02:07:01 | 000,297,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.09 01:22:18 | 001,519,798 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.09 01:22:18 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.09 01:22:18 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.09 01:22:18 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.09 01:22:18 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.08 23:14:48 | 000,001,877 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2013.01.08 23:14:48 | 000,001,862 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk ========== Files Created - No Company Name ========== [2013.01.22 11:54:04 | 000,000,998 | ---- | C] () -- C:\Users\bumblebee\Desktop\mbar - Verknüpfung.lnk [2013.01.08 23:14:48 | 000,001,877 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2013.01.08 23:14:48 | 000,001,862 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [2012.12.20 21:52:16 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.03.15 17:39:09 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.02.15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2012.01.05 02:17:21 | 000,000,082 | ---- | C] () -- C:\Windows\SysWow64\Sun Clock 6.ini [2012.01.05 02:15:59 | 001,269,644 | ---- | C] () -- C:\Windows\WKB NASA ScreenSaver.dat [2012.01.05 01:56:11 | 005,378,912 | ---- | C] () -- C:\Windows\Wallpaper Sexy Girls 2006.dat [2012.01.05 01:56:11 | 000,180,224 | ---- | C] () -- C:\Windows\UninstallWSST.exe [2011.11.23 00:11:18 | 000,007,681 | ---- | C] () -- C:\Users\bumblebee\AppData\Local\Resmon.ResmonCfg [2011.11.17 23:20:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.11.17 22:57:27 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.11.17 22:57:26 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.31 23:14:20 | 000,000,000 | ---D | M] -- C:\Users\bumblebee\AppData\Roaming\Amazon [2012.11.09 16:07:58 | 000,000,000 | ---D | M] -- C:\Users\bumblebee\AppData\Roaming\Applian FLV and Media Player [2012.01.09 00:17:02 | 000,000,000 | ---D | M] -- C:\Users\bumblebee\AppData\Roaming\Babylon [2011.11.17 21:54:31 | 000,000,000 | ---D | M] -- C:\Users\bumblebee\AppData\Roaming\IrfanView [2012.01.05 01:41:12 | 000,000,000 | ---D | M] -- C:\Users\bumblebee\AppData\Roaming\Laconic Software [2012.01.05 02:32:22 | 000,000,000 | ---D | M] -- C:\Users\bumblebee\AppData\Roaming\Map Maker [2012.04.16 13:05:27 | 000,000,000 | ---D | M] -- C:\Users\bumblebee\AppData\Roaming\Need for Speed World [2011.12.15 14:14:01 | 000,000,000 | ---D | M] -- C:\Users\bumblebee\AppData\Roaming\OpenOffice.org [2012.11.30 15:14:25 | 000,000,000 | ---D | M] -- C:\Users\bumblebee\AppData\Roaming\Origin [2012.01.31 12:36:57 | 000,000,000 | ---D | M] -- C:\Users\bumblebee\AppData\Roaming\pdfforge [2012.05.10 13:17:21 | 000,000,000 | ---D | M] -- C:\Users\bumblebee\AppData\Roaming\Thunderbird [2012.12.13 11:08:33 | 000,000,000 | ---D | M] -- C:\Users\bumblebee\AppData\Roaming\TS3Client [2012.01.05 02:08:57 | 000,000,000 | ---D | M] -- C:\Users\bumblebee\AppData\Roaming\YoWindow ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.12.18 17:19:37 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.01.30 16:44:55 | 000,000,000 | ---D | M] -- C:\AMD [2011.11.17 22:05:23 | 000,000,000 | ---D | M] -- C:\ATI [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.11.17 21:36:55 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.11.18 06:21:17 | 000,000,000 | ---D | M] -- C:\Drivers [2011.11.18 06:21:17 | 000,000,000 | ---D | M] -- C:\Hotfix [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.08.31 12:11:24 | 000,000,000 | R--D | M] -- C:\Program Files [2013.01.21 14:28:49 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.12.21 00:40:24 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.11.17 21:36:55 | 000,000,000 | -HSD | M] -- C:\Programme [2011.11.17 21:36:55 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.05.15 06:11:24 | 000,000,000 | ---D | M] -- C:\Sicherung Intenso Stick [2013.01.22 12:24:02 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.11.17 21:37:01 | 000,000,000 | R--D | M] -- C:\Users [2012.11.14 11:29:04 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.03.28 16:23:29 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2012.03.29 10:22:56 | 000,001,112 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2012.03.29 10:22:56 | 000,001,116 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.01.22 12:34:15 | 002,883,584 | -HS- | M] () -- C:\Users\bumblebee\NTUSER.DAT [2013.01.22 12:34:15 | 000,262,144 | -HS- | M] () -- C:\Users\bumblebee\ntuser.dat.LOG1 [2011.11.17 21:37:01 | 000,000,000 | -HS- | M] () -- C:\Users\bumblebee\ntuser.dat.LOG2 [2011.11.17 23:19:17 | 000,065,536 | -HS- | M] () -- C:\Users\bumblebee\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011.11.17 23:19:17 | 000,524,288 | -HS- | M] () -- C:\Users\bumblebee\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011.11.17 23:19:17 | 000,524,288 | -HS- | M] () -- C:\Users\bumblebee\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2011.11.17 21:37:01 | 000,000,020 | -HS- | M] () -- C:\Users\bumblebee\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.01.2013 12:22:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\bumblebee\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,90 Gb Available Physical Memory | 72,59% Memory free
8,00 Gb Paging File | 6,57 Gb Available in Paging File | 82,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244,14 Gb Total Space | 119,10 Gb Free Space | 48,78% Space Free | Partition Type: NTFS
Drive D: | 210,52 Gb Total Space | 102,24 Gb Free Space | 48,57% Space Free | Partition Type: NTFS
Drive E: | 11,10 Gb Total Space | 11,01 Gb Free Space | 99,21% Space Free | Partition Type: NTFS
Drive F: | 6,42 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 7,59 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: TRANSISTOR | User Name: bumblebee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C0C4E47-5AD9-473F-A916-1ECB2F2155E1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{36E73970-44B3-4E54-B693-ECB540F5E232}" = lport=139 | protocol=6 | dir=in | app=system |
"{3DFF26D8-9609-466F-8CF0-780765BC3967}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5499DD91-715C-4E34-839D-9883729556FE}" = lport=57654 | protocol=6 | dir=in | name=pando media booster |
"{60BE364B-2B3A-430F-BE96-AAD281B64BF3}" = lport=57654 | protocol=17 | dir=in | name=pando media booster |
"{60C3EFAA-0664-4D60-ACE1-E8C3AE9147C9}" = rport=137 | protocol=17 | dir=out | app=system |
"{63B17E61-25E3-4B63-9112-D676BD27BBE5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{659CFF77-5D41-460B-98E0-49CBCEEF3C4C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72352618-2F79-4CD4-9D1C-637025DD5AD4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D8018A6-A38F-4BAE-BE6F-F77BDFA87E27}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8B19D95F-4703-4D16-86E7-B689627E8CBE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8F0F1914-3077-42FD-A4F5-3A776B365385}" = lport=57654 | protocol=6 | dir=in | name=pando media booster |
"{A0501EF0-02A0-451D-B093-F2B02383D158}" = rport=138 | protocol=17 | dir=out | app=system |
"{A45E3E40-F1D5-41A7-B77D-3C8148D153A9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AC1E162D-5C4D-4059-93AC-2FA38AE1247C}" = rport=445 | protocol=6 | dir=out | app=system |
"{B26B65F4-E4CE-4F83-8834-203E90D857FD}" = rport=139 | protocol=6 | dir=out | app=system |
"{BEB0FB55-DFA3-475D-8D50-E6F58BB4733C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CB11DE07-2507-4417-B1B3-A182967CBBF3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CFD9EA27-90F9-4697-B120-CE01DCD6577E}" = lport=138 | protocol=17 | dir=in | app=system |
"{DA661422-4C62-4FAF-8A6F-EE0D21BEA06C}" = lport=137 | protocol=17 | dir=in | app=system |
"{DD3219D9-D0AE-4BFD-82DB-472636ED7009}" = lport=445 | protocol=6 | dir=in | app=system |
"{DEA4A32E-D072-4BBF-8FEB-FDE9D1A44CD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E5F20F38-F5AB-4241-8907-46A581D22171}" = lport=57654 | protocol=17 | dir=in | name=pando media booster |
"{E62967D9-22A9-4E84-B3AA-D8EAFEFF7A3D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F391B080-A7D1-4EEC-BD39-7F2FF2670460}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F77A5DF1-4579-4534-B42F-C255D4EC5C3B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F82DE22C-EC28-44FB-A31E-38D6E4895AF6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B8D7C2-2EE1-4663-A35C-DFD7F6C7B8E5}" = protocol=58 | dir=in | app=system |
"{229999AA-39C9-4F77-9040-31DD6056E34A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{22B00522-9E08-44A2-BD2F-7BBA2B3C942B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{24ADA2C5-CA1E-4DFA-9559-C46FADEA2C1A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2702C363-6362-4D1D-8A82-90764D0AA648}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{27AC26C3-9456-49AE-BA10-DB6D13943032}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2C839EF5-3463-40C9-A790-5B99F586282D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2CB473A0-18E9-4B64-8F4E-E47DB7CF968A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{33F6BBDD-8FF9-4679-BA3B-8221DF4F9524}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{36504CCE-4603-4790-9388-39403548D1C4}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{39BB2FD5-E7B9-4D13-8564-CEF60744CC63}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe |
"{3C62D32E-9122-4A83-B459-285D870F1B88}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe |
"{4B47568B-772F-42B0-A4B2-2C3A6EA7D353}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4BA2685C-3F85-458C-BE11-6C585C618808}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{57D2AFC8-7132-4899-A0C0-FCE508618D6A}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{58F7142C-B4D4-42AC-9AA5-5E0111DC9C64}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5BF29C19-D15B-4560-A2E9-5311E74946B0}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{5F23F7B4-18B1-4D12-BF89-3E1CCBF41E98}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{69B6B863-3A5B-4F53-81D2-F6AA7945CA80}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{6E9A44D6-7B18-4D6A-BCED-37FB633F9797}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{74A3F2BA-33E2-49F5-957D-BF737D7E1A4C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{74ABF26F-ED82-4C16-98AA-A3F1ACD75DE2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen2demo\system\risen2.exe |
"{7D2E1B32-9953-4110-A0CF-99C6D47D82CE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8FFCA1A1-1961-4B3C-992A-60929EE7A10C}" = protocol=6 | dir=out | app=system |
"{937D384D-B567-40B5-867D-CB40B5387F0A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen2demo\system\risen2.exe |
"{9AD719DA-B415-485F-909B-F6079ABC1890}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9CBCBE87-59BD-4F87-B839-C5B1127C0E16}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{9FF50858-EE7C-4A20-A671-244059F44FD1}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{A0CBB1DE-9882-4D71-A1DB-E5ADE268CE12}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{A1B60976-AEEB-4EE6-897E-650B3B76CC4E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A2E45C55-D559-4E23-9D8E-E29DA03F4FDC}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{A3E1C754-3E50-47ED-9FF6-98B280F2BF03}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A7267175-25E0-409A-975B-36B1A43C0281}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{AC06D72C-0183-4304-8202-D2E98B1F8F0B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{AED3BB2C-4D4B-4563-9163-32031539208E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\f1 2012 demo\f1_2012.exe |
"{AF8258E6-7BD8-4FDC-B6C2-D46D08D55D91}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{BD5A6F73-12AA-4EF1-ADE8-8F8637A336F0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BDCE6F1A-2B17-4876-8026-F0CC693FDB15}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BE9D6124-1E34-462D-A7EE-DAD8B9B27C4F}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{C1ED5363-D55E-4425-8275-47C415DE7E65}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{C29C0268-BA88-45D5-A4A7-552A8444E8B0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C5662426-9012-4003-8816-9FC266719B9D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CF9ED3C8-7E20-445E-859A-2907BC005F32}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D40F38FD-6F27-4CE2-A959-B19AC9DDB693}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D9827087-7423-4E4C-A7EB-49335FD56CE9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DA6274AA-230C-433D-B41C-3C6C4DFEABF9}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{DFD94560-AD16-46AE-8016-7729E8265A8A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E0059A63-15F6-44F8-AC11-ED608E34494D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F00A49B6-8A43-4330-A083-4EF84F7F3122}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F0B4CAF7-AB99-4B2C-96AE-AF363BE22CB3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\f1 2012 demo\f1_2012.exe |
"{F2E30C1A-25B3-4A3B-9588-1705E1E2E844}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB1991CD-8422-469E-A294-AA45C4DEA3D3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{7DF46E81-F787-4411-8951-7729B5940EB7}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"TCP Query User{8FDAEC61-811C-4C7E-A2FB-A69FD1732780}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"TCP Query User{98BB7C61-58C7-4011-B550-F1DC59879469}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{AAB80412-8F40-404B-AE22-1D25828DFF5E}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{C23829D9-4121-41CC-AF60-6617E6F9E3A2}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{C3F7CCFC-41BD-4CA5-B1E3-E5B2018B006F}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{F886C80B-F842-46DC-94C8-060C404F35CD}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"UDP Query User{079CDAD7-4E2B-4C3A-9FB7-42869759BB7B}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{5C236A52-9D4C-429C-B847-A95EDD7936DB}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{9799918D-22D1-4C63-8B96-2CD76F225C8B}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{AEF71D6C-5572-44EE-8047-DA0F2CC7D290}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{D15CD0F9-3F7E-47FD-B2F6-1820A43D6D1E}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"UDP Query User{DB85500C-75C9-4F19-B06C-0A5F8F994F22}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{E0549B7C-B3BC-4EBC-879C-E10A215B8260}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{18A5D014-E9AD-DEFE-FAFE-A409612F51B4}" = AMD Media Foundation Decoders
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{50BD00DC-127E-BF00-FDD5-E1A93AB3507C}" = ccc-utility64
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B69A7CBA-9139-7ACB-7564-4CD5D8C36E26}" = AMD Drag and Drop Transcoding
"{BB009B20-0BA0-ABDF-1947-4D56639214C7}" = AMD Accelerated Video Transcoding
"{CD54A15F-4FBA-04DE-FE24-20AE11BE07AE}" = AMD AVIVO64 Codecs
"{E85D1C80-28C4-76B8-5A5A-2C8D8B38D5D9}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03AEAB60-A7B3-A8DB-468B-EB30FB4B40B0}" = CCC Help German
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{162ABED6-E60C-6CFF-100E-43C16ABBC5BE}" = CCC Help Chinese Standard
"{1CB724FF-D18C-8FFB-E7C9-0A09CF8EC066}" = CCC Help Japanese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C14CC3-5E3B-D39A-5B37-B15E59785063}" = CCC Help Chinese Traditional
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2632A2C0-ECF4-7F79-7136-9FEA4C253A4C}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11
"{30F712DA-64FE-5DBE-AE76-3F8EA3F8223C}" = CCC Help French
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3C39B3CC-4EC8-C756-AF4B-72366504FCA5}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CC9D761-A9B6-D8EA-D2A9-B74B5A90B108}" = CCC Help Norwegian
"{54B227A6-BDBE-69FA-D450-B99609063044}" = CCC Help Greek
"{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7C587778-C433-980E-F3C1-203890DC4FBE}" = CCC Help Polish
"{7DC3EABF-66A2-6D79-B485-6328525CA387}" = CCC Help Swedish
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{843603C6-75B7-BAB5-80DE-E76FB28DEEF2}" = CCC Help Finnish
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBC66FD-0195-29B4-5A58-E0B0554E8F42}" = Catalyst Control Center
"{8D9EEAC7-42D5-3951-612A-EAA7B684C592}" = CCC Help Italian
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9791DAED-B734-2835-988B-157BDA087496}" = CCC Help Dutch
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98B740C3-FAA4-C523-7478-4DBCAB7B27D1}" = Catalyst Control Center Graphics Previews Common
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F0CAC6D-9B0D-A95F-CF61-6E88952D6181}" = CCC Help Thai
"{A2C60BF1-82E3-493C-911D-14AD50471F2F}" = Rundum-Betrachter-innoPlus
"{A625DB70-98D5-16FD-C49D-4B8B1B2304A4}" = CCC Help Spanish
"{A90214C3-3A0C-2F05-6083-E1A4BAD9E30D}" = CCC Help Danish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA123216-6DE0-E57C-DC57-4FECEACB482F}" = CCC Help Russian
"{AB25C7D6-B68B-DC97-5138-3A7E1E23683E}" = HydraVision
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B96DB037-DBEA-4186-9081-9CBD537F82E8}" = 3D-Viewer-innoplus
"{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}" = Application Profiles
"{D0837A59-83E6-3392-1BD9-86D3445676DB}" = CCC Help Korean
"{D70AB273-113B-D7DE-5C8D-82CABA7CB0AF}" = Catalyst Control Center Localization All
"{DC8772D4-C75F-5235-63E2-BBC73F909B7A}" = CCC Help Czech
"{DED7FD3C-DDD2-43BB-B0F5-B07F9D0430D3}" = CCC Help Portuguese
"{E157F2EB-E06F-B57F-9105-68F348DB2EAD}" = CCC Help English
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EF036F44-A287-BC23-3F6E-AAE6FDEF47EF}" = Catalyst Control Center InstallProxy
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.108
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"Battlelog Web Plugins" = Battlelog Web Plugins
"DivX Setup" = DivX-Setup
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"ESN Sonar-0.70.4" = ESN Sonar
"FLV Player" = FLV Player 2.0 (build 25)
"Free Fire Screensaver" = Free Fire Screensaver
"GlobFX Space Travel" = GlobFX Space Travel
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"INCEPTION SCREENSAVER" = INCEPTION SCREENSAVER
"IrfanView" = IrfanView (remove only)
"martin_1009" = martin_1009 Screen Saver
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"PriceGong" = PriceGong 2.6.4
"PunkBusterSvc" = PunkBuster Services
"Star Trek Online" = Star Trek Online
"Steam App 202610" = Risen 2 Demo
"Steam App 211940" = F1 2012 Demo
"Sun Clock" = Sun Clock 6.5
"Update Engine" = Sony Ericsson Update Engine
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 2.0.0
"Winamp" = Winamp
"yowindow" = YoWindow
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab FLV Player" = FoxTab FLV Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.01.2013 10:18:57 | Computer Name = transistor | Source = WinMgmt | ID = 10
Description =
Error - 11.01.2013 09:32:53 | Computer Name = transistor | Source = WinMgmt | ID = 10
Description =
Error - 13.01.2013 15:30:35 | Computer Name = transistor | Source = WinMgmt | ID = 10
Description =
Error - 14.01.2013 07:12:03 | Computer Name = transistor | Source = WinMgmt | ID = 10
Description =
Error - 16.01.2013 10:52:03 | Computer Name = transistor | Source = WinMgmt | ID = 10
Description =
Error - 18.01.2013 14:12:57 | Computer Name = transistor | Source = WinMgmt | ID = 10
Description =
Error - 21.01.2013 08:00:40 | Computer Name = transistor | Source = WinMgmt | ID = 10
Description =
Error - 21.01.2013 09:28:41 | Computer Name = transistor | Source = WinMgmt | ID = 10
Description =
Error - 21.01.2013 15:32:03 | Computer Name = transistor | Source = WinMgmt | ID = 10
Description =
Error - 22.01.2013 06:41:09 | Computer Name = transistor | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 11.09.2012 11:38:35 | Computer Name = transistor | Source = DCOM | ID = 10010
Description =
Error - 12.09.2012 07:57:28 | Computer Name = transistor | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 12.09.2012 07:57:28 | Computer Name = transistor | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 24.10.2012 03:49:52 | Computer Name = transistor | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
IPsec-Richtlinien-Agent erreicht.
Error - 24.10.2012 03:49:52 | Computer Name = transistor | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 26.10.2012 06:15:40 | Computer Name = transistor | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 12.11.2012 08:30:03 | Computer Name = transistor | Source = volsnap | ID = 393245
Description = Die Schattenkopien von Volume "C:" wurde während der Ermittlung abgebrochen.
Error - 27.11.2012 11:36:21 | Computer Name = transistor | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 27.11.2012 12:26:32 | Computer Name = transistor | Source = volsnap | ID = 393245
Description = Die Schattenkopien von Volume "C:" wurde während der Ermittlung abgebrochen.
Error - 28.11.2012 13:47:24 | Computer Name = transistor | Source = WMPNetworkSvc | ID = 866300
Description =
< End of report >
|
|
22.01.2013, 13:18
| #4 |
| /// Malware-holic | C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.01.2013, 15:06
| #5 |
| | C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen 15:03:08.0176 4340 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 15:03:08.0336 4340 ============================================================ 15:03:08.0336 4340 Current date / time: 2013/01/22 15:03:08.0336 15:03:08.0336 4340 SystemInfo: 15:03:08.0336 4340 15:03:08.0336 4340 OS Version: 6.1.7601 ServicePack: 1.0 15:03:08.0336 4340 Product type: Workstation 15:03:08.0336 4340 ComputerName: TRANSISTOR 15:03:08.0336 4340 UserName: bumblebee 15:03:08.0336 4340 Windows directory: C:\Windows 15:03:08.0336 4340 System windows directory: C:\Windows 15:03:08.0336 4340 Running under WOW64 15:03:08.0336 4340 Processor architecture: Intel x64 15:03:08.0336 4340 Number of processors: 2 15:03:08.0336 4340 Page size: 0x1000 15:03:08.0336 4340 Boot type: Normal boot 15:03:08.0336 4340 ============================================================ 15:03:09.0176 4340 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:03:09.0196 4340 ============================================================ 15:03:09.0196 4340 \Device\Harddisk0\DR0: 15:03:09.0196 4340 MBR partitions: 15:03:09.0196 4340 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1A507BDA 15:03:09.0206 4340 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A507C58, BlocksNum 0x163322A 15:03:09.0286 4340 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1BB3AEC1, BlocksNum 0x1E849D80 15:03:09.0286 4340 ============================================================ 15:03:09.0366 4340 C: <-> \Device\Harddisk0\DR0\Partition3 15:03:09.0386 4340 D: <-> \Device\Harddisk0\DR0\Partition1 15:03:09.0406 4340 E: <-> \Device\Harddisk0\DR0\Partition2 15:03:09.0406 4340 ============================================================ 15:03:09.0406 4340 Initialize success 15:03:09.0406 4340 ============================================================ 15:03:48.0407 4516 ============================================================ 15:03:48.0407 4516 Scan started 15:03:48.0407 4516 Mode: Manual; SigCheck; TDLFS; 15:03:48.0407 4516 ============================================================ 15:03:48.0953 4516 ================ Scan system memory ======================== 15:03:48.0953 4516 System memory - ok 15:03:48.0953 4516 ================ Scan services ============================= 15:03:49.0062 4516 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 15:03:49.0140 4516 1394ohci - ok 15:03:49.0155 4516 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 15:03:49.0171 4516 ACPI - ok 15:03:49.0187 4516 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 15:03:49.0343 4516 AcpiPmi - ok 15:03:49.0389 4516 [ 1C090E86AFD15231377AD37436C3C719 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys 15:03:49.0436 4516 ADIHdAudAddService - ok 15:03:49.0530 4516 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 15:03:49.0530 4516 AdobeARMservice - ok 15:03:49.0623 4516 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 15:03:49.0655 4516 AdobeFlashPlayerUpdateSvc - ok 15:03:49.0686 4516 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 15:03:49.0701 4516 adp94xx - ok 15:03:49.0748 4516 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 15:03:49.0764 4516 adpahci - ok 15:03:49.0779 4516 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 15:03:49.0795 4516 adpu320 - ok 15:03:49.0826 4516 [ 3BDB13C79CC8C06E2F8182595903ED69 ] AEADIFilters C:\Windows\system32\AEADISRV.EXE 15:03:49.0842 4516 AEADIFilters - ok 15:03:49.0857 4516 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 15:03:49.0951 4516 AeLookupSvc - ok 15:03:49.0998 4516 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 15:03:50.0029 4516 AFD - ok 15:03:50.0060 4516 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 15:03:50.0076 4516 agp440 - ok 15:03:50.0091 4516 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 15:03:50.0123 4516 ALG - ok 15:03:50.0138 4516 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 15:03:50.0138 4516 aliide - ok 15:03:50.0185 4516 [ 4C1E3649C89C7D542CD18ECC5210099D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 15:03:50.0247 4516 AMD External Events Utility - ok 15:03:50.0263 4516 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 15:03:50.0279 4516 amdide - ok 15:03:50.0294 4516 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 15:03:50.0325 4516 AmdK8 - ok 15:03:50.0513 4516 [ A3C0A15B39F979E8F3EABA901D72ECD7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 15:03:50.0684 4516 amdkmdag - ok 15:03:50.0747 4516 [ 20F3CD38B107C1BD747C0EA37D450165 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 15:03:50.0762 4516 amdkmdap - ok 15:03:50.0778 4516 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 15:03:50.0793 4516 AmdPPM - ok 15:03:50.0809 4516 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 15:03:50.0825 4516 amdsata - ok 15:03:50.0856 4516 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 15:03:50.0871 4516 amdsbs - ok 15:03:50.0887 4516 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 15:03:50.0887 4516 amdxata - ok 15:03:50.0934 4516 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 15:03:50.0934 4516 AntiVirSchedulerService - ok 15:03:50.0965 4516 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 15:03:50.0981 4516 AntiVirService - ok 15:03:50.0996 4516 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 15:03:51.0105 4516 AppID - ok 15:03:51.0121 4516 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 15:03:51.0168 4516 AppIDSvc - ok 15:03:51.0183 4516 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 15:03:51.0215 4516 Appinfo - ok 15:03:51.0277 4516 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 15:03:51.0308 4516 AppMgmt - ok 15:03:51.0324 4516 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 15:03:51.0339 4516 arc - ok 15:03:51.0355 4516 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 15:03:51.0371 4516 arcsas - ok 15:03:51.0386 4516 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 15:03:51.0417 4516 AsyncMac - ok 15:03:51.0433 4516 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 15:03:51.0449 4516 atapi - ok 15:03:51.0480 4516 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 15:03:51.0495 4516 AtiHDAudioService - ok 15:03:51.0527 4516 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 15:03:51.0573 4516 AudioEndpointBuilder - ok 15:03:51.0589 4516 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 15:03:51.0620 4516 AudioSrv - ok 15:03:51.0636 4516 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 15:03:51.0651 4516 avgntflt - ok 15:03:51.0683 4516 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 15:03:51.0683 4516 avipbb - ok 15:03:51.0698 4516 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 15:03:51.0714 4516 avkmgr - ok 15:03:51.0761 4516 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 15:03:51.0823 4516 AxInstSV - ok 15:03:51.0854 4516 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 15:03:51.0885 4516 b06bdrv - ok 15:03:51.0917 4516 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 15:03:51.0948 4516 b57nd60a - ok 15:03:51.0963 4516 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 15:03:51.0995 4516 BDESVC - ok 15:03:52.0010 4516 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 15:03:52.0057 4516 Beep - ok 15:03:52.0088 4516 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 15:03:52.0135 4516 BFE - ok 15:03:52.0166 4516 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 15:03:52.0244 4516 BITS - ok 15:03:52.0260 4516 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 15:03:52.0275 4516 blbdrive - ok 15:03:52.0322 4516 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 15:03:52.0353 4516 bowser - ok 15:03:52.0385 4516 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 15:03:52.0400 4516 BrFiltLo - ok 15:03:52.0400 4516 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 15:03:52.0431 4516 BrFiltUp - ok 15:03:52.0463 4516 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 15:03:52.0478 4516 Browser - ok 15:03:52.0494 4516 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 15:03:52.0541 4516 Brserid - ok 15:03:52.0541 4516 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 15:03:52.0556 4516 BrSerWdm - ok 15:03:52.0572 4516 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 15:03:52.0603 4516 BrUsbMdm - ok 15:03:52.0603 4516 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 15:03:52.0603 4516 BrUsbSer - ok 15:03:52.0619 4516 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 15:03:52.0634 4516 BTHMODEM - ok 15:03:52.0665 4516 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 15:03:52.0697 4516 bthserv - ok 15:03:52.0712 4516 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 15:03:52.0743 4516 cdfs - ok 15:03:52.0775 4516 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 15:03:52.0790 4516 cdrom - ok 15:03:52.0806 4516 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 15:03:52.0853 4516 CertPropSvc - ok 15:03:52.0868 4516 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 15:03:52.0868 4516 circlass - ok 15:03:52.0899 4516 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 15:03:52.0915 4516 CLFS - ok 15:03:52.0962 4516 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:03:52.0977 4516 clr_optimization_v2.0.50727_32 - ok 15:03:53.0024 4516 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 15:03:53.0024 4516 clr_optimization_v2.0.50727_64 - ok 15:03:53.0102 4516 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:03:53.0118 4516 clr_optimization_v4.0.30319_32 - ok 15:03:53.0149 4516 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 15:03:53.0165 4516 clr_optimization_v4.0.30319_64 - ok 15:03:53.0165 4516 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 15:03:53.0196 4516 CmBatt - ok 15:03:53.0211 4516 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 15:03:53.0227 4516 cmdide - ok 15:03:53.0258 4516 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys 15:03:53.0289 4516 CNG - ok 15:03:53.0305 4516 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 15:03:53.0321 4516 Compbatt - ok 15:03:53.0336 4516 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 15:03:53.0367 4516 CompositeBus - ok 15:03:53.0367 4516 COMSysApp - ok 15:03:53.0383 4516 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 15:03:53.0399 4516 crcdisk - ok 15:03:53.0430 4516 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 15:03:53.0477 4516 CryptSvc - ok 15:03:53.0508 4516 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 15:03:53.0555 4516 CSC - ok 15:03:53.0570 4516 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 15:03:53.0601 4516 CscService - ok 15:03:53.0633 4516 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 15:03:53.0679 4516 DcomLaunch - ok 15:03:53.0711 4516 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 15:03:53.0742 4516 defragsvc - ok 15:03:53.0757 4516 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 15:03:53.0789 4516 DfsC - ok 15:03:53.0820 4516 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 15:03:53.0851 4516 Dhcp - ok 15:03:53.0867 4516 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 15:03:53.0898 4516 discache - ok 15:03:53.0929 4516 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 15:03:53.0945 4516 Disk - ok 15:03:53.0976 4516 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 15:03:54.0007 4516 dmvsc - ok 15:03:54.0038 4516 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 15:03:54.0069 4516 Dnscache - ok 15:03:54.0085 4516 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 15:03:54.0132 4516 dot3svc - ok 15:03:54.0147 4516 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 15:03:54.0179 4516 DPS - ok 15:03:54.0210 4516 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 15:03:54.0225 4516 drmkaud - ok 15:03:54.0272 4516 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 15:03:54.0288 4516 DXGKrnl - ok 15:03:54.0319 4516 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 15:03:54.0366 4516 EapHost - ok 15:03:54.0413 4516 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 15:03:54.0475 4516 ebdrv - ok 15:03:54.0491 4516 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 15:03:54.0522 4516 EFS - ok 15:03:54.0569 4516 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 15:03:54.0600 4516 ehRecvr - ok 15:03:54.0631 4516 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 15:03:54.0647 4516 ehSched - ok 15:03:54.0662 4516 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 15:03:54.0678 4516 elxstor - ok 15:03:54.0693 4516 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 15:03:54.0725 4516 ErrDev - ok 15:03:54.0756 4516 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 15:03:54.0787 4516 EventSystem - ok 15:03:54.0803 4516 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 15:03:54.0834 4516 exfat - ok 15:03:54.0849 4516 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 15:03:54.0881 4516 fastfat - ok 15:03:54.0912 4516 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 15:03:54.0943 4516 Fax - ok 15:03:54.0959 4516 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 15:03:54.0974 4516 fdc - ok 15:03:54.0990 4516 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 15:03:55.0021 4516 fdPHost - ok 15:03:55.0021 4516 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 15:03:55.0068 4516 FDResPub - ok 15:03:55.0083 4516 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 15:03:55.0099 4516 FileInfo - ok 15:03:55.0099 4516 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 15:03:55.0130 4516 Filetrace - ok 15:03:55.0146 4516 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 15:03:55.0161 4516 flpydisk - ok 15:03:55.0177 4516 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 15:03:55.0193 4516 FltMgr - ok 15:03:55.0239 4516 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 15:03:55.0302 4516 FontCache - ok 15:03:55.0333 4516 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 15:03:55.0333 4516 FontCache3.0.0.0 - ok 15:03:55.0349 4516 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 15:03:55.0364 4516 FsDepends - ok 15:03:55.0411 4516 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 15:03:55.0411 4516 Fs_Rec - ok 15:03:55.0442 4516 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 15:03:55.0473 4516 fvevol - ok 15:03:55.0489 4516 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 15:03:55.0505 4516 gagp30kx - ok 15:03:55.0536 4516 [ 16C2A6BCDDA8952C2035DEC861492A19 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys 15:03:55.0551 4516 ggflt - ok 15:03:55.0567 4516 [ 6B503DF845EABF3457E49FBBDA26C10E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys 15:03:55.0583 4516 ggsemc - ok 15:03:55.0614 4516 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 15:03:55.0661 4516 gpsvc - ok 15:03:55.0723 4516 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 15:03:55.0739 4516 gupdate - ok 15:03:55.0739 4516 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 15:03:55.0754 4516 gupdatem - ok 15:03:55.0770 4516 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 15:03:55.0801 4516 hcw85cir - ok 15:03:55.0832 4516 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 15:03:55.0863 4516 HdAudAddService - ok 15:03:55.0879 4516 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 15:03:55.0910 4516 HDAudBus - ok 15:03:55.0926 4516 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 15:03:55.0941 4516 HidBatt - ok 15:03:55.0957 4516 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 15:03:55.0973 4516 HidBth - ok 15:03:55.0988 4516 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 15:03:56.0004 4516 HidIr - ok 15:03:56.0004 4516 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 15:03:56.0051 4516 hidserv - ok 15:03:56.0082 4516 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 15:03:56.0097 4516 HidUsb - ok 15:03:56.0113 4516 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 15:03:56.0144 4516 hkmsvc - ok 15:03:56.0160 4516 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 15:03:56.0175 4516 HomeGroupListener - ok 15:03:56.0207 4516 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 15:03:56.0238 4516 HomeGroupProvider - ok 15:03:56.0238 4516 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 15:03:56.0253 4516 HpSAMD - ok 15:03:56.0285 4516 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 15:03:56.0331 4516 HTTP - ok 15:03:56.0331 4516 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 15:03:56.0347 4516 hwpolicy - ok 15:03:56.0378 4516 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 15:03:56.0378 4516 i8042prt - ok 15:03:56.0409 4516 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 15:03:56.0425 4516 iaStorV - ok 15:03:56.0456 4516 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 15:03:56.0487 4516 idsvc - ok 15:03:56.0503 4516 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 15:03:56.0519 4516 iirsp - ok 15:03:56.0550 4516 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 15:03:56.0597 4516 IKEEXT - ok 15:03:56.0612 4516 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 15:03:56.0628 4516 intelide - ok 15:03:56.0643 4516 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 15:03:56.0659 4516 intelppm - ok 15:03:56.0675 4516 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 15:03:56.0706 4516 IPBusEnum - ok 15:03:56.0721 4516 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:03:56.0753 4516 IpFilterDriver - ok 15:03:56.0799 4516 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 15:03:56.0831 4516 iphlpsvc - ok 15:03:56.0846 4516 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 15:03:56.0846 4516 IPMIDRV - ok 15:03:56.0862 4516 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 15:03:56.0893 4516 IPNAT - ok 15:03:56.0924 4516 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 15:03:56.0955 4516 IRENUM - ok 15:03:56.0971 4516 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 15:03:56.0971 4516 isapnp - ok 15:03:57.0002 4516 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 15:03:57.0018 4516 iScsiPrt - ok 15:03:57.0033 4516 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 15:03:57.0049 4516 kbdclass - ok 15:03:57.0065 4516 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 15:03:57.0096 4516 kbdhid - ok 15:03:57.0096 4516 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 15:03:57.0111 4516 KeyIso - ok 15:03:57.0143 4516 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 15:03:57.0158 4516 KSecDD - ok 15:03:57.0189 4516 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 15:03:57.0205 4516 KSecPkg - ok 15:03:57.0221 4516 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 15:03:57.0252 4516 ksthunk - ok 15:03:57.0283 4516 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 15:03:57.0314 4516 KtmRm - ok 15:03:57.0345 4516 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 15:03:57.0377 4516 LanmanServer - ok 15:03:57.0392 4516 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 15:03:57.0423 4516 LanmanWorkstation - ok 15:03:57.0455 4516 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 15:03:57.0486 4516 lltdio - ok 15:03:57.0501 4516 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 15:03:57.0548 4516 lltdsvc - ok 15:03:57.0564 4516 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 15:03:57.0611 4516 lmhosts - ok 15:03:57.0626 4516 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 15:03:57.0642 4516 LSI_FC - ok 15:03:57.0657 4516 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 15:03:57.0673 4516 LSI_SAS - ok 15:03:57.0689 4516 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 15:03:57.0689 4516 LSI_SAS2 - ok 15:03:57.0704 4516 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 15:03:57.0720 4516 LSI_SCSI - ok 15:03:57.0751 4516 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 15:03:57.0782 4516 luafv - ok 15:03:57.0829 4516 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys 15:03:57.0845 4516 LVRS64 - ok 15:03:57.0954 4516 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys 15:03:58.0032 4516 LVUVC64 - ok 15:03:58.0063 4516 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 15:03:58.0079 4516 Mcx2Svc - ok 15:03:58.0094 4516 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 15:03:58.0110 4516 megasas - ok 15:03:58.0125 4516 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 15:03:58.0141 4516 MegaSR - ok 15:03:58.0172 4516 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 15:03:58.0203 4516 MMCSS - ok 15:03:58.0219 4516 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 15:03:58.0250 4516 Modem - ok 15:03:58.0281 4516 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 15:03:58.0297 4516 monitor - ok 15:03:58.0313 4516 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 15:03:58.0328 4516 mouclass - ok 15:03:58.0344 4516 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 15:03:58.0359 4516 mouhid - ok 15:03:58.0375 4516 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 15:03:58.0391 4516 mountmgr - ok 15:03:58.0422 4516 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 15:03:58.0437 4516 MozillaMaintenance - ok 15:03:58.0453 4516 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 15:03:58.0453 4516 mpio - ok 15:03:58.0469 4516 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 15:03:58.0500 4516 mpsdrv - ok 15:03:58.0531 4516 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 15:03:58.0562 4516 MpsSvc - ok 15:03:58.0578 4516 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 15:03:58.0609 4516 MRxDAV - ok 15:03:58.0640 4516 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 15:03:58.0671 4516 mrxsmb - ok 15:03:58.0687 4516 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:03:58.0703 4516 mrxsmb10 - ok 15:03:58.0718 4516 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:03:58.0734 4516 mrxsmb20 - ok 15:03:58.0749 4516 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 15:03:58.0765 4516 msahci - ok 15:03:58.0765 4516 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 15:03:58.0781 4516 msdsm - ok 15:03:58.0796 4516 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 15:03:58.0812 4516 MSDTC - ok 15:03:58.0827 4516 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 15:03:58.0859 4516 Msfs - ok 15:03:58.0874 4516 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 15:03:58.0905 4516 mshidkmdf - ok 15:03:58.0921 4516 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 15:03:58.0921 4516 msisadrv - ok 15:03:58.0952 4516 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 15:03:58.0983 4516 MSiSCSI - ok 15:03:58.0983 4516 msiserver - ok 15:03:58.0999 4516 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 15:03:59.0046 4516 MSKSSRV - ok 15:03:59.0061 4516 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 15:03:59.0093 4516 MSPCLOCK - ok 15:03:59.0108 4516 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 15:03:59.0139 4516 MSPQM - ok 15:03:59.0155 4516 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 15:03:59.0171 4516 MsRPC - ok 15:03:59.0186 4516 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 15:03:59.0186 4516 mssmbios - ok 15:03:59.0202 4516 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 15:03:59.0233 4516 MSTEE - ok 15:03:59.0233 4516 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 15:03:59.0249 4516 MTConfig - ok 15:03:59.0280 4516 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys 15:03:59.0295 4516 MTsensor - ok 15:03:59.0295 4516 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 15:03:59.0311 4516 Mup - ok 15:03:59.0342 4516 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 15:03:59.0373 4516 napagent - ok 15:03:59.0420 4516 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 15:03:59.0436 4516 NativeWifiP - ok 15:03:59.0483 4516 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 15:03:59.0514 4516 NDIS - ok 15:03:59.0529 4516 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 15:03:59.0576 4516 NdisCap - ok 15:03:59.0592 4516 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 15:03:59.0623 4516 NdisTapi - ok 15:03:59.0654 4516 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 15:03:59.0701 4516 Ndisuio - ok 15:03:59.0717 4516 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 15:03:59.0795 4516 NdisWan - ok 15:03:59.0810 4516 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 15:03:59.0841 4516 NDProxy - ok 15:03:59.0857 4516 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 15:03:59.0888 4516 NetBIOS - ok 15:03:59.0919 4516 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 15:03:59.0951 4516 NetBT - ok 15:03:59.0951 4516 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 15:03:59.0966 4516 Netlogon - ok 15:03:59.0997 4516 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 15:04:00.0029 4516 Netman - ok 15:04:00.0044 4516 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 15:04:00.0075 4516 netprofm - ok 15:04:00.0091 4516 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:04:00.0138 4516 NetTcpPortSharing - ok 15:04:00.0153 4516 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 15:04:00.0153 4516 nfrd960 - ok 15:04:00.0200 4516 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 15:04:00.0231 4516 NlaSvc - ok 15:04:00.0247 4516 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 15:04:00.0278 4516 Npfs - ok 15:04:00.0294 4516 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 15:04:00.0325 4516 nsi - ok 15:04:00.0341 4516 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 15:04:00.0387 4516 nsiproxy - ok 15:04:00.0434 4516 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 15:04:00.0481 4516 Ntfs - ok 15:04:00.0481 4516 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 15:04:00.0512 4516 Null - ok 15:04:00.0543 4516 [ 786DB821BFD57C0551DBBE4F75384A7D ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys 15:04:00.0575 4516 nusb3hub - ok 15:04:00.0590 4516 [ DAA8005CAF745042BB427A1ED7433354 ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys 15:04:00.0606 4516 nusb3xhc - ok 15:04:00.0637 4516 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 15:04:00.0653 4516 nvraid - ok 15:04:00.0668 4516 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 15:04:00.0684 4516 nvstor - ok 15:04:00.0715 4516 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 15:04:00.0731 4516 nv_agp - ok 15:04:00.0731 4516 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 15:04:00.0746 4516 ohci1394 - ok 15:04:00.0777 4516 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 15:04:00.0809 4516 p2pimsvc - ok 15:04:00.0824 4516 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 15:04:00.0840 4516 p2psvc - ok 15:04:00.0871 4516 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 15:04:00.0887 4516 Parport - ok 15:04:00.0918 4516 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 15:04:00.0933 4516 partmgr - ok 15:04:00.0949 4516 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 15:04:00.0965 4516 PcaSvc - ok 15:04:00.0980 4516 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 15:04:00.0996 4516 pci - ok 15:04:00.0996 4516 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 15:04:01.0011 4516 pciide - ok 15:04:01.0027 4516 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 15:04:01.0043 4516 pcmcia - ok 15:04:01.0058 4516 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 15:04:01.0058 4516 pcw - ok 15:04:01.0089 4516 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 15:04:01.0136 4516 PEAUTH - ok 15:04:01.0167 4516 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 15:04:01.0214 4516 PeerDistSvc - ok 15:04:01.0261 4516 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 15:04:01.0277 4516 PerfHost - ok 15:04:01.0339 4516 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 15:04:01.0401 4516 pla - ok 15:04:01.0448 4516 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 15:04:01.0479 4516 PlugPlay - ok 15:04:01.0511 4516 PnkBstrA - ok 15:04:01.0526 4516 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 15:04:01.0542 4516 PNRPAutoReg - ok 15:04:01.0557 4516 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 15:04:01.0589 4516 PNRPsvc - ok 15:04:01.0604 4516 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 15:04:01.0651 4516 PolicyAgent - ok 15:04:01.0667 4516 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 15:04:01.0713 4516 Power - ok 15:04:01.0745 4516 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 15:04:01.0776 4516 PptpMiniport - ok 15:04:01.0791 4516 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 15:04:01.0807 4516 Processor - ok 15:04:01.0854 4516 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 15:04:01.0869 4516 ProfSvc - ok 15:04:01.0885 4516 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 15:04:01.0901 4516 ProtectedStorage - ok 15:04:01.0916 4516 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 15:04:01.0963 4516 Psched - ok 15:04:01.0994 4516 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 15:04:02.0025 4516 ql2300 - ok 15:04:02.0041 4516 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 15:04:02.0057 4516 ql40xx - ok 15:04:02.0072 4516 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 15:04:02.0088 4516 QWAVE - ok 15:04:02.0103 4516 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 15:04:02.0119 4516 QWAVEdrv - ok 15:04:02.0135 4516 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 15:04:02.0150 4516 RasAcd - ok 15:04:02.0181 4516 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 15:04:02.0213 4516 RasAgileVpn - ok 15:04:02.0228 4516 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 15:04:02.0259 4516 RasAuto - ok 15:04:02.0275 4516 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 15:04:02.0337 4516 Rasl2tp - ok 15:04:02.0353 4516 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 15:04:02.0384 4516 RasMan - ok 15:04:02.0400 4516 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 15:04:02.0431 4516 RasPppoe - ok 15:04:02.0447 4516 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 15:04:02.0478 4516 RasSstp - ok 15:04:02.0493 4516 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 15:04:02.0525 4516 rdbss - ok 15:04:02.0540 4516 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 15:04:02.0571 4516 rdpbus - ok 15:04:02.0571 4516 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 15:04:02.0603 4516 RDPCDD - ok 15:04:02.0618 4516 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 15:04:02.0649 4516 RDPDR - ok 15:04:02.0665 4516 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 15:04:02.0696 4516 RDPENCDD - ok 15:04:02.0712 4516 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 15:04:02.0743 4516 RDPREFMP - ok 15:04:02.0790 4516 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 15:04:02.0821 4516 RdpVideoMiniport - ok 15:04:02.0852 4516 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 15:04:02.0883 4516 RDPWD - ok 15:04:02.0915 4516 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 15:04:02.0930 4516 rdyboost - ok 15:04:02.0961 4516 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 15:04:02.0993 4516 RemoteAccess - ok 15:04:03.0024 4516 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 15:04:03.0071 4516 RemoteRegistry - ok 15:04:03.0086 4516 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 15:04:03.0117 4516 RpcEptMapper - ok 15:04:03.0133 4516 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 15:04:03.0149 4516 RpcLocator - ok 15:04:03.0180 4516 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 15:04:03.0211 4516 RpcSs - ok 15:04:03.0227 4516 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 15:04:03.0242 4516 rspndr - ok 15:04:03.0289 4516 [ 333224D4D25F9BCCA488E08345083E1C ] RTL8187 C:\Windows\system32\DRIVERS\RTL8187.sys 15:04:03.0320 4516 RTL8187 - ok 15:04:03.0336 4516 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 15:04:03.0351 4516 s3cap - ok 15:04:03.0367 4516 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 15:04:03.0367 4516 SamSs - ok 15:04:03.0383 4516 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 15:04:03.0398 4516 sbp2port - ok 15:04:03.0414 4516 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 15:04:03.0445 4516 SCardSvr - ok 15:04:03.0461 4516 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 15:04:03.0507 4516 scfilter - ok 15:04:03.0523 4516 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 15:04:03.0570 4516 Schedule - ok 15:04:03.0585 4516 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 15:04:03.0617 4516 SCPolicySvc - ok 15:04:03.0632 4516 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 15:04:03.0663 4516 SDRSVC - ok 15:04:03.0695 4516 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 15:04:03.0726 4516 secdrv - ok 15:04:03.0726 4516 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 15:04:03.0757 4516 seclogon - ok 15:04:03.0773 4516 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 15:04:03.0804 4516 SENS - ok 15:04:03.0819 4516 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 15:04:03.0851 4516 SensrSvc - ok 15:04:03.0866 4516 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 15:04:03.0882 4516 Serenum - ok 15:04:03.0897 4516 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 15:04:03.0913 4516 Serial - ok 15:04:03.0929 4516 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 15:04:03.0944 4516 sermouse - ok 15:04:03.0960 4516 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 15:04:04.0007 4516 SessionEnv - ok 15:04:04.0022 4516 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 15:04:04.0022 4516 sffdisk - ok 15:04:04.0038 4516 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 15:04:04.0069 4516 sffp_mmc - ok 15:04:04.0069 4516 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 15:04:04.0085 4516 sffp_sd - ok 15:04:04.0085 4516 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 15:04:04.0100 4516 sfloppy - ok 15:04:04.0131 4516 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 15:04:04.0194 4516 SharedAccess - ok 15:04:04.0209 4516 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 15:04:04.0241 4516 ShellHWDetection - ok 15:04:04.0256 4516 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 15:04:04.0272 4516 SiSRaid2 - ok 15:04:04.0272 4516 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 15:04:04.0287 4516 SiSRaid4 - ok 15:04:04.0350 4516 [ 8B603F150942992F2E6792E507B4C67F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 15:04:04.0365 4516 SkypeUpdate - ok 15:04:04.0365 4516 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 15:04:04.0412 4516 Smb - ok 15:04:04.0428 4516 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 15:04:04.0459 4516 SNMPTRAP - ok 15:04:04.0537 4516 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe 15:04:04.0537 4516 Sony PC Companion - ok 15:04:04.0568 4516 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 15:04:04.0568 4516 spldr - ok 15:04:04.0615 4516 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 15:04:04.0646 4516 Spooler - ok 15:04:04.0709 4516 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 15:04:04.0787 4516 sppsvc - ok 15:04:04.0802 4516 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 15:04:04.0833 4516 sppuinotify - ok 15:04:04.0865 4516 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 15:04:04.0896 4516 srv - ok 15:04:04.0911 4516 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 15:04:04.0927 4516 srv2 - ok 15:04:04.0943 4516 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 15:04:04.0958 4516 srvnet - ok 15:04:04.0974 4516 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 15:04:05.0005 4516 SSDPSRV - ok 15:04:05.0021 4516 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 15:04:05.0052 4516 SstpSvc - ok 15:04:05.0083 4516 Steam Client Service - ok 15:04:05.0099 4516 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 15:04:05.0114 4516 stexstor - ok 15:04:05.0145 4516 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 15:04:05.0161 4516 stisvc - ok 15:04:05.0192 4516 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 15:04:05.0208 4516 storflt - ok 15:04:05.0223 4516 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll 15:04:05.0239 4516 StorSvc - ok 15:04:05.0255 4516 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 15:04:05.0270 4516 storvsc - ok 15:04:05.0286 4516 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 15:04:05.0286 4516 swenum - ok 15:04:05.0317 4516 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 15:04:05.0348 4516 swprv - ok 15:04:05.0395 4516 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 15:04:05.0442 4516 SysMain - ok 15:04:05.0457 4516 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 15:04:05.0489 4516 TabletInputService - ok 15:04:05.0504 4516 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 15:04:05.0535 4516 TapiSrv - ok 15:04:05.0535 4516 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 15:04:05.0582 4516 TBS - ok 15:04:05.0629 4516 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 15:04:05.0676 4516 Tcpip - ok 15:04:05.0707 4516 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 15:04:05.0738 4516 TCPIP6 - ok 15:04:05.0738 4516 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 15:04:05.0754 4516 tcpipreg - ok 15:04:05.0769 4516 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 15:04:05.0801 4516 TDPIPE - ok 15:04:05.0832 4516 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 15:04:05.0832 4516 TDTCP - ok 15:04:05.0863 4516 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 15:04:05.0894 4516 tdx - ok 15:04:05.0910 4516 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 15:04:05.0925 4516 TermDD - ok 15:04:05.0941 4516 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 15:04:05.0988 4516 TermService - ok 15:04:05.0988 4516 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 15:04:06.0003 4516 Themes - ok 15:04:06.0019 4516 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 15:04:06.0050 4516 THREADORDER - ok 15:04:06.0066 4516 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 15:04:06.0097 4516 TrkWks - ok 15:04:06.0128 4516 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 15:04:06.0159 4516 TrustedInstaller - ok 15:04:06.0175 4516 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 15:04:06.0206 4516 tssecsrv - ok 15:04:06.0253 4516 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 15:04:06.0269 4516 TsUsbFlt - ok 15:04:06.0300 4516 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 15:04:06.0315 4516 TsUsbGD - ok 15:04:06.0347 4516 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 15:04:06.0393 4516 tunnel - ok 15:04:06.0393 4516 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 15:04:06.0409 4516 uagp35 - ok 15:04:06.0425 4516 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 15:04:06.0471 4516 udfs - ok 15:04:06.0487 4516 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 15:04:06.0503 4516 UI0Detect - ok 15:04:06.0518 4516 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 15:04:06.0534 4516 uliagpkx - ok 15:04:06.0565 4516 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 15:04:06.0581 4516 umbus - ok 15:04:06.0581 4516 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 15:04:06.0612 4516 UmPass - ok 15:04:06.0643 4516 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 15:04:06.0690 4516 UmRdpService - ok 15:04:06.0846 4516 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe 15:04:06.0893 4516 UMVPFSrv - ok 15:04:06.0924 4516 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 15:04:06.0955 4516 upnphost - ok 15:04:06.0971 4516 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 15:04:07.0002 4516 usbaudio - ok 15:04:07.0017 4516 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 15:04:07.0033 4516 usbccgp - ok 15:04:07.0049 4516 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 15:04:07.0049 4516 usbcir - ok 15:04:07.0064 4516 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 15:04:07.0080 4516 usbehci - ok 15:04:07.0111 4516 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 15:04:07.0127 4516 usbhub - ok 15:04:07.0142 4516 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 15:04:07.0158 4516 usbohci - ok 15:04:07.0189 4516 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 15:04:07.0220 4516 usbprint - ok 15:04:07.0236 4516 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:04:07.0267 4516 USBSTOR - ok 15:04:07.0283 4516 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 15:04:07.0314 4516 usbuhci - ok 15:04:07.0329 4516 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 15:04:07.0345 4516 usbvideo - ok 15:04:07.0361 4516 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 15:04:07.0407 4516 UxSms - ok 15:04:07.0407 4516 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 15:04:07.0423 4516 VaultSvc - ok 15:04:07.0454 4516 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 15:04:07.0454 4516 vdrvroot - ok 15:04:07.0485 4516 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 15:04:07.0532 4516 vds - ok 15:04:07.0548 4516 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 15:04:07.0563 4516 vga - ok 15:04:07.0579 4516 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 15:04:07.0610 4516 VgaSave - ok 15:04:07.0626 4516 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 15:04:07.0641 4516 vhdmp - ok 15:04:07.0657 4516 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 15:04:07.0657 4516 viaide - ok 15:04:07.0688 4516 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 15:04:07.0704 4516 vmbus - ok 15:04:07.0704 4516 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 15:04:07.0719 4516 VMBusHID - ok 15:04:07.0735 4516 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 15:04:07.0751 4516 volmgr - ok 15:04:07.0766 4516 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 15:04:07.0782 4516 volmgrx - ok 15:04:07.0797 4516 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 15:04:07.0813 4516 volsnap - ok 15:04:07.0813 4516 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 15:04:07.0829 4516 vsmraid - ok 15:04:07.0860 4516 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 15:04:07.0922 4516 VSS - ok 15:04:07.0938 4516 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 15:04:07.0953 4516 vwifibus - ok 15:04:07.0969 4516 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 15:04:08.0000 4516 vwififlt - ok 15:04:08.0016 4516 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 15:04:08.0031 4516 vwifimp - ok 15:04:08.0047 4516 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 15:04:08.0094 4516 W32Time - ok 15:04:08.0094 4516 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 15:04:08.0109 4516 WacomPen - ok 15:04:08.0141 4516 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 15:04:08.0172 4516 WANARP - ok 15:04:08.0172 4516 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 15:04:08.0203 4516 Wanarpv6 - ok 15:04:08.0234 4516 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 15:04:08.0281 4516 wbengine - ok 15:04:08.0297 4516 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 15:04:08.0312 4516 WbioSrvc - ok 15:04:08.0328 4516 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 15:04:08.0359 4516 wcncsvc - ok 15:04:08.0375 4516 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 15:04:08.0406 4516 WcsPlugInService - ok 15:04:08.0406 4516 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 15:04:08.0421 4516 Wd - ok 15:04:08.0453 4516 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 15:04:08.0484 4516 Wdf01000 - ok 15:04:08.0499 4516 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 15:04:08.0562 4516 WdiServiceHost - ok 15:04:08.0577 4516 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 15:04:08.0593 4516 WdiSystemHost - ok 15:04:08.0609 4516 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 15:04:08.0640 4516 WebClient - ok 15:04:08.0655 4516 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 15:04:08.0702 4516 Wecsvc - ok 15:04:08.0718 4516 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 15:04:08.0749 4516 wercplsupport - ok 15:04:08.0765 4516 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 15:04:08.0796 4516 WerSvc - ok 15:04:08.0811 4516 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 15:04:08.0843 4516 WfpLwf - ok 15:04:08.0858 4516 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 15:04:08.0858 4516 WIMMount - ok 15:04:08.0889 4516 WinDefend - ok 15:04:08.0889 4516 WinHttpAutoProxySvc - ok 15:04:08.0936 4516 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 15:04:08.0967 4516 Winmgmt - ok 15:04:09.0014 4516 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 15:04:09.0077 4516 WinRM - ok 15:04:09.0123 4516 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 15:04:09.0139 4516 WinUsb - ok 15:04:09.0170 4516 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 15:04:09.0201 4516 Wlansvc - ok 15:04:09.0201 4516 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 15:04:09.0217 4516 WmiAcpi - ok 15:04:09.0233 4516 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 15:04:09.0264 4516 wmiApSrv - ok 15:04:09.0279 4516 WMPNetworkSvc - ok 15:04:09.0295 4516 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 15:04:09.0311 4516 WPCSvc - ok 15:04:09.0326 4516 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 15:04:09.0357 4516 WPDBusEnum - ok 15:04:09.0373 4516 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 15:04:09.0404 4516 ws2ifsl - ok 15:04:09.0420 4516 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 15:04:09.0451 4516 wscsvc - ok 15:04:09.0451 4516 WSearch - ok 15:04:09.0513 4516 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 15:04:09.0560 4516 wuauserv - ok 15:04:09.0591 4516 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 15:04:09.0623 4516 WudfPf - ok 15:04:09.0638 4516 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 15:04:09.0669 4516 WUDFRd - ok 15:04:09.0669 4516 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 15:04:09.0701 4516 wudfsvc - ok 15:04:09.0716 4516 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 15:04:09.0747 4516 WwanSvc - ok 15:04:09.0779 4516 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys 15:04:09.0810 4516 yukonw7 - ok 15:04:09.0825 4516 ================ Scan global =============================== 15:04:09.0841 4516 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 15:04:09.0872 4516 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll 15:04:09.0872 4516 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll 15:04:09.0888 4516 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 15:04:09.0919 4516 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 15:04:09.0919 4516 [Global] - ok 15:04:09.0919 4516 ================ Scan MBR ================================== 15:04:09.0935 4516 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 15:04:10.0137 4516 \Device\Harddisk0\DR0 - ok 15:04:10.0137 4516 ================ Scan VBR ================================== 15:04:10.0137 4516 [ 40A157B1B71966B0899B0A211F8F1BB3 ] \Device\Harddisk0\DR0\Partition1 15:04:10.0137 4516 \Device\Harddisk0\DR0\Partition1 - ok 15:04:10.0153 4516 [ 9E062D245C0EA814A4D52E92D1EDEA17 ] \Device\Harddisk0\DR0\Partition2 15:04:10.0153 4516 \Device\Harddisk0\DR0\Partition2 - ok 15:04:10.0169 4516 [ 8874EC646E6A9018ADFF00F9EC58316C ] \Device\Harddisk0\DR0\Partition3 15:04:10.0169 4516 \Device\Harddisk0\DR0\Partition3 - ok 15:04:10.0169 4516 ============================================================ 15:04:10.0169 4516 Scan finished 15:04:10.0169 4516 ============================================================ 15:04:10.0184 2488 Detected object count: 0 15:04:10.0184 2488 Actual detected object count: 0 |
|
22.01.2013, 17:22
| #6 | |
| /// Malware-holic | C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen |
|
22.01.2013, 17:46
| #7 |
| | C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen Combofix Logfile: Code:
ATTFilter ComboFix 13-01-21.04 - bumblebee 22.01.2013 17:37:50.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4095.2757 [GMT 1:00]
ausgeführt von:: c:\users\bumblebee\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\bumblebee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-22 bis 2013-01-22 ))))))))))))))))))))))))))))))
.
.
2013-01-22 16:42 . 2013-01-22 16:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-21 19:36 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF28FB5F-2EEC-40A9-B13A-A43EA93A4244}\mpengine.dll
2013-01-16 19:02 . 2013-01-12 02:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-14 11:16 . 2013-01-14 12:45 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-01-08 21:43 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-22 12:40 . 2011-11-17 22:37 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-01-22 12:40 . 2011-11-17 21:57 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-01-22 12:40 . 2011-11-17 21:57 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-01-09 00:19 . 2011-11-20 18:41 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 00:14 . 2012-03-28 15:23 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 00:14 . 2011-11-17 21:41 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 17:11 . 2012-12-21 12:28 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 12:28 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 12:28 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 12:28 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-08 21:43 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-12 18:35 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 18:35 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 18:36 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 18:36 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 18:36 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 18:36 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 18:36 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 18:36 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 18:36 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 18:36 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 18:36 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 18:35 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 18:36 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 18:36 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 18:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 18:36 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 18:36 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 18:36 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 18:36 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 18:36 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 18:36 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 18:36 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2012-11-09 05:45 . 2012-12-12 11:35 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 11:35 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-12 11:35 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 11:35 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
2012-03-18 16:32 413568 ----a-w- c:\program files (x86)\PriceGong\2.6.4\PriceGongIE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2012-03-15 1310720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-12-12 163000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-09-21 14448]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-09-30 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-09-30 180736]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2010-01-07 448512]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 00:14]
.
2013-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-29 09:22]
.
2013-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-29 09:22]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
TCP: DhcpNameServer = 62.117.1.25 89.16.129.25
FF - ProfilePath - c:\users\bumblebee\AppData\Roaming\Mozilla\Firefox\Profiles\di0dag23.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100482
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - b829ebd10000000000000015af28c496
FF - user.js: extensions.BabylonToolbar_i.hardId - b829ebd10000000000000015af28c496
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15347
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.170:17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-martin_1009 - c:\windows\system32\martin_1009.scr
AddRemove-FoxTab FLV Player - c:\progra~2\FOXTAB~1\Uninstall\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-22 17:44:48
ComboFix-quarantined-files.txt 2013-01-22 16:44
.
Vor Suchlauf: 11 Verzeichnis(se), 127.218.966.528 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 128.981.983.232 Bytes frei
.
- - End Of File - - 89B2BD32E01C1171254C16CE60293840
|
|
22.01.2013, 17:57
| #8 |
| /// Malware-holic | C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen hi malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.01.2013, 19:54
| #9 |
| | C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen So ich habe den Suchlauf mit folgendem Ergebnis durchgeführt: Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.22.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 bumblebee :: TRANSISTOR [Administrator] Schutz: Aktiviert 22.01.2013 18:43:33 mbam-log-2013-01-22 (18-43-33).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 485087 Laufzeit: 1 Stunde(n), 5 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Nur was komisch ist, zwischendurch hatte sich AntiVir gemeldet weil ich den Echtzeitscanner nicht aus hatte mit fogender Meldung: Avira Free Antivirus Erstellungsdatum der Reportdatei: Dienstag, 22. Januar 2013 19:05 Es wird nach 4709346 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Professional Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : TRANSISTOR Versionsinformationen: BUILD.DAT : 12.1.9.1236 40872 Bytes 11.10.2012 15:29:00 AVSCAN.EXE : 12.3.0.48 468256 Bytes 14.11.2012 21:29:06 AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 09:13:42 LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 12:34:32 AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 12:34:36 AVREG.DLL : 12.3.0.17 232200 Bytes 11.05.2012 13:11:13 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 10:07:39 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 19:09:48 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 15:39:14 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 13:01:00 VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 00:12:47 VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 09:56:27 VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 11:54:44 VBASE008.VDF : 7.11.55.142 2214912 Bytes 03.01.2013 15:40:29 VBASE009.VDF : 7.11.55.143 2048 Bytes 03.01.2013 15:40:30 VBASE010.VDF : 7.11.55.144 2048 Bytes 03.01.2013 15:40:30 VBASE011.VDF : 7.11.55.145 2048 Bytes 03.01.2013 15:40:30 VBASE012.VDF : 7.11.55.146 2048 Bytes 03.01.2013 15:40:30 VBASE013.VDF : 7.11.55.196 260096 Bytes 04.01.2013 20:59:38 VBASE014.VDF : 7.11.56.23 206848 Bytes 07.01.2013 21:09:08 VBASE015.VDF : 7.11.56.83 186880 Bytes 08.01.2013 21:39:19 VBASE016.VDF : 7.11.56.145 135168 Bytes 09.01.2013 21:41:38 VBASE017.VDF : 7.11.56.211 139776 Bytes 11.01.2013 19:33:49 VBASE018.VDF : 7.11.57.11 153088 Bytes 13.01.2013 19:33:49 VBASE019.VDF : 7.11.57.75 165888 Bytes 15.01.2013 14:56:20 VBASE020.VDF : 7.11.57.163 190976 Bytes 17.01.2013 12:03:50 VBASE021.VDF : 7.11.57.219 119808 Bytes 18.01.2013 12:03:51 VBASE022.VDF : 7.11.58.7 167936 Bytes 21.01.2013 12:03:51 VBASE023.VDF : 7.11.58.8 2048 Bytes 21.01.2013 12:03:51 VBASE024.VDF : 7.11.58.9 2048 Bytes 21.01.2013 12:03:51 VBASE025.VDF : 7.11.58.10 2048 Bytes 21.01.2013 12:03:51 VBASE026.VDF : 7.11.58.11 2048 Bytes 21.01.2013 12:03:51 VBASE027.VDF : 7.11.58.12 2048 Bytes 21.01.2013 12:03:51 VBASE028.VDF : 7.11.58.13 2048 Bytes 21.01.2013 12:03:51 VBASE029.VDF : 7.11.58.14 2048 Bytes 21.01.2013 12:03:51 VBASE030.VDF : 7.11.58.15 2048 Bytes 21.01.2013 12:03:51 VBASE031.VDF : 7.11.58.44 128512 Bytes 22.01.2013 12:03:50 Engineversion : 8.2.10.236 AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 19:44:28 AESCRIPT.DLL : 8.1.4.82 467323 Bytes 21.01.2013 12:03:53 AESCN.DLL : 8.1.10.0 131445 Bytes 16.12.2012 20:02:42 AESBX.DLL : 8.2.5.12 606578 Bytes 15.06.2012 12:55:50 AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 21:41:43 AEPACK.DLL : 8.3.1.2 819574 Bytes 20.12.2012 23:11:59 AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 21:10:37 AEHEUR.DLL : 8.1.4.180 5665144 Bytes 21.01.2013 12:03:53 AEHELP.DLL : 8.1.25.2 258423 Bytes 12.10.2012 08:26:24 AEGEN.DLL : 8.1.6.14 434548 Bytes 10.01.2013 21:41:40 AEEXP.DLL : 8.3.0.12 188789 Bytes 21.01.2013 12:03:54 AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 19:44:28 AECORE.DLL : 8.1.30.0 201079 Bytes 16.12.2012 20:02:40 AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 21:10:35 AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 09:13:42 AVPREF.DLL : 12.3.0.32 50720 Bytes 14.11.2012 21:29:06 AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 12:34:36 AVARKT.DLL : 12.3.0.33 209696 Bytes 14.11.2012 21:29:05 AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 09:13:42 SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 12:34:34 AVSMTP.DLL : 12.3.0.32 63480 Bytes 08.08.2012 11:15:27 NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 12:34:32 RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 08.08.2012 11:15:23 RCTEXT.DLL : 12.3.0.32 98848 Bytes 14.11.2012 21:29:05 Konfiguration für den aktuellen Suchlauf: Job Name..............................: AVGuardAsyncScan Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_50fecdc7\guard_slideup.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: quarantäne Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: aus Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: vollständig Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+SPR, Beginn des Suchlaufs: Dienstag, 22. Januar 2013 19:05 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamscheduler.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'FlashPlayerPlugin_11_5_502_146.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'FlashPlayerPlugin_11_5_502_146.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'HydraDM.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'pdf24.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'DivXUpdate.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'winampa.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'smax4pnp.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'PnkBstrA.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'UMVPFSrv.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Users\bumblebee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-3c0911d8' C:\Users\bumblebee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-3c0911d8 [FUND] Ist das Trojanische Pferd TR/Kazy.127225 Beginne mit der Desinfektion: C:\Users\bumblebee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-3c0911d8 [FUND] Ist das Trojanische Pferd TR/Kazy.127225 [WARNUNG] Die Datei wurde ignoriert. Ende des Suchlaufs: Dienstag, 22. Januar 2013 19:06 Benötigte Zeit: 00:00 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 22 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 21 Dateien ohne Befall 0 Archive wurden durchsucht 1 Warnungen 0 Hinweise Die Suchergebnisse werden an den Guard übermittelt. |
|
22.01.2013, 19:59
| #10 |
| /// Malware-holic | C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen ok den cache von Java leeren wir noch: lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.01.2013, 20:20
| #11 |
| | C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen 3D-Viewer-innoplus INNOVA-engineering GmbH 11.01.2012 2,73MB 13.01.16 unnötig 7-Zip 9.20 (x64 edition) Igor Pavlov 04.12.2011 4,53MB 9.20.00.0 nötig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 09.01.2013 6,00MB 11.5.502.146 nötig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 09.01.2013 6,00MB 11.5.502.146 nötig Adobe Reader X (10.1.5) - Deutsch Adobe Systems Incorporated 09.01.2013 122MB 10.1.5 nötig Amazon MP3-Downloader 1.0.17 Amazon Services LLC 31.10.2012 1.0.17 nötig AMD Catalyst Install Manager Advanced Micro Devices, Inc. 23.10.2012 26,3MB 8.0.891.0 nötig Apple Application Support Apple Inc. 11.11.2012 65,0MB 2.3 nötig Apple Software Update Apple Inc. 17.11.2011 2,38MB 2.1.3.127 nötig Applian FLV and Media Player 3.1.1.12 Applian Technologies 02.04.2012 3.1.1.12 nötig Avira Free Antivirus Avira 14.11.2012 105MB 12.1.9.1236 nötig Babylon toolbar on IE 09.01.2012 unnötig Battlefield 1942™ Electronic Arts 21.11.2012 1,21GB 1.6.20.0 nötig Battlefield 3™ Electronic Arts 04.09.2012 1.4.0.0 nötig Battlefield Heroes EA Digital illusions 11.06.2012 nötig Battlefield Play4Free EA Digital illusions 14.06.2012 nötig Battlelog Web Plugins EA Digital Illusions CE AB 20.11.2012 2.1.2 nötig CCleaner Piriform 19.12.2012 3.26 nötig Crysis® 2 Electronic Arts 30.04.2012 7,57GB 1.0.0.0 nötig DEUTSCHLAND SPIELT GAME CENTER INTENIUM GmbH 20.04.2012 1.2009.10.29 unnötig DivX-Setup DivX, LLC 22.11.2012 2.6.1.22 nötig ESN Sonar ESN Social Software AB 20.11.2012 0.70.4 unbekannt F1 2012 Demo 12.09.2012 nötig FLV Player 2.0 (build 25) Martijn de Visser 09.01.2012 2.0 (build 25) nötig Free Fire Screensaver Laconic Software 05.01.2012 nötig GlobFX Space Travel GlobFX Technologies 05.01.2012 1.0 unbekannt Google Earth Plug-in Google 30.04.2012 48,7MB 6.2.2.6613 nötig Host OpenAL (ADI) 15.03.2012 unbekannt INCEPTION SCREENSAVER 05.01.2012 nötig IrfanView (remove only) Irfan Skiljan 17.11.2011 1,50MB 4.30 nötig Java 7 Update 11 Oracle 31.08.2012 130MB 7.0.110 nötig Java 7 Update 7 (64-bit) Oracle 31.08.2012 127MB 7.0.70 nötig Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 22.01.2013 18,4MB 1.70.0.1100 nötig martin_1009 Screen Saver 05.01.2012 unbekannt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 19.11.2011 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 19.11.2011 2,93MB 4.0.30319 Microsoft Silverlight Microsoft Corporation 11.05.2012 60,4MB 4.1.10329.0 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 03.07.2012 252KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 15.12.2011 788KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 16.12.2011 788KB 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Corporation 08.08.2012 1,46MB 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 30.04.2012 234KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 17.11.2011 596KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 15.12.2011 232KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 12.12.2011 600KB 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 12.12.2011 13,8MB 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 12.12.2011 12,2MB 10.0.40219 Mozilla Firefox 18.0.1 (x86 de) Mozilla 21.01.2013 44,5MB 18.0.1 nötig Mozilla Maintenance Service Mozilla 21.01.2013 330KB 18.0.1 nötig Mozilla Thunderbird 17.0.2 (x86 de) Mozilla 14.01.2013 42,1MB 17.0.2 nötig Need For Speed™ World Electronic Arts 16.04.2012 12,4MB 1.0.0.857 nötig OpenOffice.org 3.4.1 Apache Software Foundation 23.10.2012 331MB 3.41.9593 nötig Origin Electronic Arts, Inc. 01.03.2012 8.5.0.4550 nötig Paint.NET v3.5.10 dotPDN LLC 18.05.2012 10,6MB 3.60.0 nötig Pando Media Booster Pando Networks Inc. 17.01.2012 5,46MB 2.6.0.1 unbekannt PDF24 Creator 5.2.0 PDF24.org 08.01.2013 41,4MB nötig PDFCreator Frank Heindörfer, Philip Chinery 31.01.2012 1.2.3 nötig Pflanzen gegen Zombies INTENIUM GmbH 20.04.2012 0.0.0.0 nötig PriceGong 2.6.4 PriceGong 02.04.2012 2.6.4 unbekannt PunkBuster Services Even Balance, Inc. 14.06.2012 0.990 nötig QuickTime Apple Inc. 11.11.2012 73,1MB 7.73.80.64 nötig Risen 2 Demo 26.06.2012 unnötig Rundum-Betrachter-innoPlus INNOVA-engineering GmbH Dresden 04.01.2012 2,25MB 12.00.0203 unnötig Skype™ 6.0 Skype Technologies S.A. 13.11.2012 20,3MB 6.0.120 nötig Sony Ericsson Update Engine Sony Ericsson Communications AB 21.09.2012 2.12.11.22 nötig Sony PC Companion 2.10.108 Sony 27.11.2012 19,2MB 2.10.108 nötig SoundMAX Analog Devices 15.03.2012 6.10.2.6585 nötig Star Trek Online Cryptic Studios 17.01.2012 unnötig Steam Valve Corporation 15.02.2012 35,4MB 1.0.0.0 nötig Sun Clock 6.5 Map Maker Ltd 05.01.2012 6.5 unnötig TeamSpeak 3 Client TeamSpeak Systems GmbH 25.11.2012 3.0.9.2 nötig Veetle TV Veetle, Inc 19.01.2012 0.9.19 nötig VLC media player 2.0.0 VideoLAN 20.02.2012 2.0.0 nötig Winamp Nullsoft, Inc 14.11.2012 5.63 nötig Winamp Erkennungs-Plug-in Nullsoft, Inc 14.11.2012 75,0KB 1.0.0.1 nötig WinRAR 4.11 (64-Bit) win.rar GmbH 28.05.2012 4.11.0 nötig YoWindow 05.01.2012 unbekannt |
|
22.01.2013, 20:22
| #12 |
| /// Malware-holic | C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen deinstaliere: 3D Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Babylon DEUTSCHLAND Java 7 Update 7 martin_1009 PriceGong Risen Rundum Star Sun YoWindow öffne CCleaner, analysieren starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.01.2013, 20:53
| #13 |
| | C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen # AdwCleaner v2.107 - Datei am 22/01/2013 um 20:52:14 erstellt # Aktualisiert am 21/01/2013 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzer : bumblebee - TRANSISTOR # Bootmodus : Normal # Ausgeführt unter : C:\Users\bumblebee\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml Datei Gefunden : C:\user.js Ordner Gefunden : C:\ProgramData\Babylon Ordner Gefunden : C:\Users\bumblebee\AppData\Local\Babylon Ordner Gefunden : C:\Users\bumblebee\AppData\LocalLow\boost_interprocess Ordner Gefunden : C:\Users\bumblebee\AppData\Roaming\Babylon Ordner Gefunden : C:\Users\bumblebee\AppData\Roaming\pdfforge ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gefunden : HKCU\Software\InstallCore Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gefunden : HKLM\Software\Babylon Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gefunden : HKLM\Software\Conduit Schlüssel Gefunden : HKLM\Software\Freeze.com Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Schlüssel Gefunden : HKU\S-1-5-21-883727545-1864389886-1727134032-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} Schlüssel Gefunden : HKU\S-1-5-21-883727545-1864389886-1727134032-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4 -\\ Mozilla Firefox v18.0.1 (de) Datei : C:\Users\bumblebee\AppData\Roaming\Mozilla\Firefox\Profiles\di0dag23.default\prefs.js Gefunden : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Gefunden : user_pref("browser.search.order.2", "Search the web (Babylon)"); Gefunden : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Gefunden : user_pref("extensions.BabylonToolbar_i.babExt", ""); Gefunden : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100482"); Gefunden : user_pref("extensions.BabylonToolbar_i.hardId", "b829ebd10000000000000015af28c496"); Gefunden : user_pref("extensions.BabylonToolbar_i.id", "b829ebd10000000000000015af28c496"); Gefunden : user_pref("extensions.BabylonToolbar_i.instlDay", "15347"); Gefunden : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", true); Gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=100482&babsrc=NT_s[...] Gefunden : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Gefunden : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Gefunden : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Gefunden : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9"); Gefunden : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.170:17:08"); Gefunden : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); ************************* AdwCleaner[R1].txt - [5550 octets] - [22/01/2013 20:52:14] ########## EOF - C:\AdwCleaner[R1].txt - [5610 octets] ########## |
|
22.01.2013, 20:54
| #14 |
| /// Malware-holic | C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen hi, Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.01.2013, 21:17
| #15 |
| | C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen # AdwCleaner v2.107 - Datei am 22/01/2013 um 21:14:11 erstellt # Aktualisiert am 21/01/2013 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzer : bumblebee - TRANSISTOR # Bootmodus : Normal # Ausgeführt unter : C:\Users\bumblebee\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml Datei Gelöscht : C:\user.js Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\Users\bumblebee\AppData\Local\Babylon Ordner Gelöscht : C:\Users\bumblebee\AppData\LocalLow\boost_interprocess Ordner Gelöscht : C:\Users\bumblebee\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\bumblebee\AppData\Roaming\pdfforge ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gelöscht : HKCU\Software\InstallCore Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\Software\Freeze.com Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4 --> hxxp://www.google.com -\\ Mozilla Firefox v18.0.1 (de) Datei : C:\Users\bumblebee\AppData\Roaming\Mozilla\Firefox\Profiles\di0dag23.default\prefs.js C:\Users\bumblebee\AppData\Roaming\Mozilla\Firefox\Profiles\di0dag23.default\user.js ... Gelöscht ! Gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Gelöscht : user_pref("browser.search.order.2", "Search the web (Babylon)"); Gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", ""); Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100482"); Gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "b829ebd10000000000000015af28c496"); Gelöscht : user_pref("extensions.BabylonToolbar_i.id", "b829ebd10000000000000015af28c496"); Gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15347"); Gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true); Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=100482&babsrc=NT_s[...] Gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9"); Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.170:17:08"); Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); ************************* AdwCleaner[R1].txt - [5671 octets] - [22/01/2013 20:52:14] AdwCleaner[S1].txt - [5429 octets] - [22/01/2013 21:14:11] ########## EOF - C:\AdwCleaner[S1].txt - [5489 octets] ########## |
|
| Themen zu C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen |
| antivir, appdata, automatisch, avira, bericht, cache, content, dateien, dokumente, einstellung, einstellungen, firefox, gelöscht, gen, günstiger, java, meldung, mozilla, nicht mehr, posten, punkbuster, quarantäne, temp, thema, works |
Linear-Darstellung
