| |
| |||||||
Log-Analyse und Auswertung: Avast deaktiviert, Rechner bootet selbst neu, VisthAux.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
10.06.2013, 11:18
| #1 |
 |  Avast deaktiviert, Rechner bootet selbst neu, VisthAux.exe Hallo, seit einigen Tagen bootet mein Rechner sich hin und wieder neu. Heute ist mir aufgefallen, dass der Virenscanner (free Avast!) nicht mehr aktiviert ist. Wenn ich über das Vista-Sicherheitscenter den Scanner aktivieren möchte, bittet ein Programm namens VisthAux.exe um Erlaubnis, die Arbeit aufnehmen zu dürfen. Mir schwant Ungutes. Hier mein Logfiles: Code:
ATTFilter OTL logfile created on: 10.06.2013 09:52:55 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Schloik\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,26 Gb Available Physical Memory | 78,27% Memory free 16,22 Gb Paging File | 14,52 Gb Available in Paging File | 89,51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 455,32 Gb Total Space | 236,86 Gb Free Space | 52,02% Space Free | Partition Type: NTFS Drive R: | 10,43 Gb Total Space | 4,76 Gb Free Space | 45,64% Space Free | Partition Type: NTFS Computer Name: DON-PC | User Name: Don | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.10 09:49:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Schloik\Desktop\OTL.exe PRC - [2013.05.15 09:43:07 | 000,389,016 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe PRC - [2013.05.11 08:56:56 | 001,105,408 | ---- | M] (Spotify Ltd) -- C:\Users\Schloik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe PRC - [2009.02.23 11:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe ========== Modules (No Company Name) ========== MOD - [2013.05.15 09:43:10 | 002,244,504 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll MOD - [2013.05.15 09:43:10 | 000,158,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll MOD - [2013.05.15 09:43:10 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.05.27 18:59:40 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.05.22 09:19:34 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.15 09:42:22 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2010.12.10 17:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.23 11:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.05.09 10:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2013.05.09 10:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2013.05.09 10:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2013.05.09 10:59:07 | 000,059,144 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr) DRV:64bit: - [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2010.05.27 19:39:12 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.05.27 19:39:12 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.05.27 18:25:36 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2009.05.09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr) DRV:64bit: - [2008.10.04 02:17:30 | 000,184,320 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2008.08.26 12:26:02 | 000,185,248 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2008.04.28 15:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2007.10.12 03:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\amdide64.sys -- (amdide64) DRV:64bit: - [2006.11.01 15:23:00 | 000,015,680 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\asacpi.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "hxxp://news.google.de/nwshp?client=firefox-a&rls=org.mozilla:de:official&ie=UTF-8&oe=UTF-8&hl=de&channel=s&tab=wn&q=&auth=DQAAAHIAAAAQPuJHZ9yGBflo4bWNzUR4hY8oqn1HymfS5StGdq5Yt7l-7_kNrdk02045OwkIwZggqMAlRcsyymwv9DOJS7xyRm7pOBC0ts02LFj1zAA6C4vgOj1OIRk-qkdEPnUM8xWqkaWOoqK9sESENBSTybGtpA63A18Ad1l4psIUL4LqvQ" FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1483 FF - prefs.js..extensions.enabledAddons: magicplayer%40torrentstream.org:1.1.22 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0 FF - prefs.js..extensions.enabledItems: de-AT@dictionaries.addons.mozilla.org:1.0.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=2.0.13: C:\Users\Don\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies) FF - HKCU\Software\MozillaPlugins\@torrentstream.net/tsplugin,version=2.0.8.11.1: C:\Users\Don\AppData\Roaming\TorrentStream\player\npts_plugin.dll (Innovative Digital Technologies) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.31 12:58:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.15 09:43:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\magicplayer@torrentstream.org: C:\Users\Don\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org [2013.04.09 17:07:03 | 000,000,000 | ---D | M] [2013.04.07 16:45:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Don\AppData\Roaming\mozilla\Extensions [2013.05.22 09:19:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.22 09:19:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.05.31 12:58:51 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2013.04.09 17:07:03 | 000,000,000 | ---D | M] (TS Magic Player) -- C:\USERS\DON\APPDATA\ROAMING\TORRENTSTREAM\EXTENSIONS\FIREFOX\MAGICPLAYER@TORRENTSTREAM.ORG O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software) O4 - HKLM..\RunOnce: [aswasOutExt.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software) O4 - HKLM..\RunOnce: [aswredemption.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software) O4 - HKLM..\RunOnce: [aswredemption64.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe (AVAST Software) O4 - HKCU..\RunOnce: [RunCanonMsetUp] C:\Program Files (x86)\Canon\IJ_MSetup4\MCDCHK2.EXE (CANON INC.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7CEEBF4-17E1-408F-9675-AF31881BB483}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\awave.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\awave.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.01 15:22:20 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.05.22 09:19:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.20 12:53:01 | 000,201,392 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2013.05.16 20:15:02 | 000,000,000 | ---D | C] -- C:\output [2013.05.16 19:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.05.16 19:40:24 | 000,000,000 | ---D | C] -- C:\Users\Don\AppData\Roaming\PhotoScape [2013.05.16 19:40:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape [2013.05.16 19:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape [2013.05.16 19:40:01 | 000,000,000 | ---D | C] -- C:\Users\Don\AppData\Local\Google [2013.05.16 19:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.05.16 14:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJ [2013.05.16 14:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM [2013.05.16 14:48:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan [2013.05.16 14:46:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJSolutionMenuEX [2013.05.16 14:46:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX2 [2013.05.16 14:46:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonEPP [2013.05.16 14:46:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMyPrinter [2013.05.16 14:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJMSetup [2013.05.16 14:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series Benutzerregistrierung [2013.05.16 14:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON [2013.05.16 14:39:56 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt [2013.05.16 14:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2013.05.16 14:38:23 | 000,000,000 | ---D | C] -- C:\Program Files\Canon [2013.05.16 14:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series Manual [2013.05.16 14:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series [2013.05.16 14:37:31 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ [2013.05.16 14:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon [2013.05.16 14:35:20 | 000,000,000 | ---D | C] -- C:\Users\Don\AppData\Roaming\ATI [2013.05.16 14:35:20 | 000,000,000 | ---D | C] -- C:\Users\Don\AppData\Local\ATI [2013.05.15 09:43:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird ========== Files - Modified Within 30 Days ========== [2013.06.10 09:55:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.10 09:48:29 | 000,000,000 | ---- | M] () -- C:\Users\Don\defogger_reenable [2013.06.10 09:42:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.10 08:57:35 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.10 08:23:01 | 001,592,750 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.10 08:23:01 | 000,685,474 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.10 08:23:01 | 000,642,506 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.10 08:23:01 | 000,149,774 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.10 08:23:01 | 000,121,394 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.10 08:16:02 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.10 08:16:02 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.10 08:15:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.10 08:15:48 | 486,865,691 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.07 09:58:37 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.05.31 12:59:56 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.05.16 19:40:19 | 000,000,875 | ---- | M] () -- C:\Users\Don\Desktop\PhotoScape.lnk [2013.05.16 18:40:23 | 000,401,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.16 14:39:57 | 000,001,915 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk [2013.05.16 14:38:10 | 000,002,188 | ---- | M] () -- C:\Users\Public\Desktop\Canon MP280 series Online-Handbuch.lnk [2013.05.13 12:57:45 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk ========== Files Created - No Company Name ========== [2013.06.10 09:48:29 | 000,000,000 | ---- | C] () -- C:\Users\Don\defogger_reenable [2013.06.01 15:22:15 | 486,865,691 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.05.16 19:41:37 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.05.16 19:40:19 | 000,000,875 | ---- | C] () -- C:\Users\Don\Desktop\PhotoScape.lnk [2013.05.16 19:40:06 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.16 19:40:05 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.16 14:39:57 | 000,001,915 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk [2013.05.16 14:38:10 | 000,002,188 | ---- | C] () -- C:\Users\Public\Desktop\Canon MP280 series Online-Handbuch.lnk [2013.04.08 10:01:14 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2013.04.07 18:58:11 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2013.04.07 18:57:25 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2013.04.07 18:56:38 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2013.04.07 15:21:02 | 000,000,680 | ---- | C] () -- C:\Users\Don\AppData\Local\d3d9caps.dat [2013.04.07 14:59:19 | 000,000,732 | ---- | C] () -- C:\Users\Don\AppData\Local\d3d9caps64.dat ========== ZeroAccess Check ========== [2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.09 17:10:58 | 000,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\.ACEStream [2013.04.09 17:11:59 | 000,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\.Torrent Stream [2013.04.09 16:51:24 | 000,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\ACEStream [2013.05.16 20:15:32 | 000,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\PhotoScape [2013.04.07 16:51:55 | 000,000,000 | ---D | M] -- C:\Users\Don\AppData\Roaming\Thunderbird ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 10.06.2013 09:52:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Schloik\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,26 Gb Available Physical Memory | 78,27% Memory free
16,22 Gb Paging File | 14,52 Gb Available in Paging File | 89,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,32 Gb Total Space | 236,86 Gb Free Space | 52,02% Space Free | Partition Type: NTFS
Drive R: | 10,43 Gb Total Space | 4,76 Gb Free Space | 45,64% Space Free | Partition Type: NTFS
Computer Name: DON-PC | User Name: Don | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 5D A9 B5 52 B6 33 CE 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000348F8-0786-462B-9D01-DB5E4D86914F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{08EBCEFA-BD3B-4523-9146-F99C556DD50D}" = lport=139 | protocol=6 | dir=in | app=system |
"{3E5DE383-1EDD-4F26-BE5F-FD55D0919439}" = rport=138 | protocol=17 | dir=out | app=system |
"{595D0AC8-B7DB-462D-9D99-A1E1171EB4F5}" = rport=137 | protocol=17 | dir=out | app=system |
"{923BF3DB-79C4-43FD-85F6-2ACDB7B09F1B}" = lport=137 | protocol=17 | dir=in | app=system |
"{A225E6B7-4705-48AF-8063-E98725EC988E}" = rport=445 | protocol=6 | dir=out | app=system |
"{AFB5E84E-8A80-436C-9EC2-62B3656BDD06}" = rport=139 | protocol=6 | dir=out | app=system |
"{B2A991E1-30BB-48CA-A2BA-4F7A694DB7DD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C7E0C3F0-F860-407A-89A0-8728A0F9BA4F}" = lport=138 | protocol=17 | dir=in | app=system |
"{FFDF770C-F89C-40AC-858E-1F88FDDE7C5E}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1062FD16-C4D6-4B00-AA93-59B0322EF902}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{128B4E13-6BE7-4347-9CBE-DF9A5EB27DD5}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{137CD469-476D-41A8-8A0A-E8C2EDB7F668}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{1384A957-BF8A-4141-B3A8-F8792AC8C1A1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{254322D6-ADD9-4CBC-B92D-573C9523A2CD}" = protocol=17 | dir=in | app=c:\users\don\appdata\roaming\acestream\engine\ace_engine.exe |
"{2EDB564C-7377-4F2B-9E3B-84D665EA5ED3}" = protocol=6 | dir=in | app=c:\users\don\appdata\roaming\torrentstream\engine\tsengine.exe |
"{501AC23B-CEDE-47EF-93CF-EE7B17CA426B}" = protocol=6 | dir=in | app=c:\users\don\appdata\roaming\acestream\engine\ace_engine.exe |
"{5739E6AC-55CC-4919-B5FC-D0774C78A26E}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{5F2703E0-E56F-4185-8904-519C3E16D0F1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{746EE78E-068D-42CE-9CC6-46D9C875E0B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7522FE70-5931-4CD0-99F2-74DB541FD509}" = protocol=17 | dir=in | app=c:\users\don\appdata\roaming\torrentstream\engine\tsengine.exe |
"{8B5D378B-0B2F-4518-B35E-58FB4CA416DE}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{8F206CAB-9F2C-4661-9290-FF3059D10EC8}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{AA2B2B45-4D46-4E20-8C85-DA286F1C8A97}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CA6807E8-EF6F-4345-B582-C87BCE896BD4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{D25760BB-292E-4B4D-B52C-6958762E90C1}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{EEDBB00B-3091-4CC5-90FB-037F94E1A18C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FB8B4778-9F71-4EE3-B02E-DC87FD7A01A5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{38F5E0B9-10B2-464E-BF82-140F4FB9D6B0}C:\users\schloik\appdata\roaming\torrentstream\engine\tsengine.exe" = protocol=6 | dir=in | app=c:\users\schloik\appdata\roaming\torrentstream\engine\tsengine.exe |
"TCP Query User{69A6DC33-D8AE-4D55-98CB-41CF9548BCD0}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{91E14813-5D18-4B1F-A816-307AFCB92630}C:\users\schloik\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\schloik\appdata\roaming\spotify\spotify.exe |
"TCP Query User{976BF299-4540-4461-8EB6-36AE2B86B025}C:\users\schloik\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\schloik\appdata\roaming\spotify\spotify.exe |
"TCP Query User{A24EE2EB-4E3A-4347-8606-F822AEE14B47}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"TCP Query User{DD0C882E-F4D9-45F7-AE1B-75BA42C71099}C:\users\schloik\appdata\roaming\torrentstream\engine\tsengine.exe" = protocol=6 | dir=in | app=c:\users\schloik\appdata\roaming\torrentstream\engine\tsengine.exe |
"TCP Query User{F3BB71FB-0394-44F8-8294-86C780876A5E}C:\users\schloik\downloads\neverwinter_nw.1.20130416a.6.exe" = protocol=6 | dir=in | app=c:\users\schloik\downloads\neverwinter_nw.1.20130416a.6.exe |
"TCP Query User{F8D5756A-6DF8-4A9F-A15C-B0A67913ADC9}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"UDP Query User{01C867A6-65D9-484A-ACD7-2EFE7A409354}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"UDP Query User{11927439-5239-40E7-8C33-1FAA7F0BA548}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"UDP Query User{4CED8749-4E30-4BE3-B03E-850B87F22A0D}C:\users\schloik\appdata\roaming\torrentstream\engine\tsengine.exe" = protocol=17 | dir=in | app=c:\users\schloik\appdata\roaming\torrentstream\engine\tsengine.exe |
"UDP Query User{88653B42-2A22-41EA-84C5-0D360A60DC9B}C:\users\schloik\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\schloik\appdata\roaming\spotify\spotify.exe |
"UDP Query User{B7DC41C5-D6AF-40DB-9DC1-7B19A7A154EE}C:\users\schloik\downloads\neverwinter_nw.1.20130416a.6.exe" = protocol=17 | dir=in | app=c:\users\schloik\downloads\neverwinter_nw.1.20130416a.6.exe |
"UDP Query User{C66E8F12-8931-4755-A8B5-07AC101A4934}C:\users\schloik\appdata\roaming\torrentstream\engine\tsengine.exe" = protocol=17 | dir=in | app=c:\users\schloik\appdata\roaming\torrentstream\engine\tsengine.exe |
"UDP Query User{CD666C60-1726-4AF8-BEA3-A025C32934AE}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{ECEFF458-D5C2-453E-8E59-D5162032A1A5}C:\users\schloik\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\schloik\appdata\roaming\spotify\spotify.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{2016B2AD-0051-05C7-9CCB-CE9F05659CB7}" = ccc-utility64
"{25D04DBB-FE9D-E3BA-C2F3-F1BE9B8C0709}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55B44B84-A758-EAF7-0906-E397B384FCDF}" = ATI AVIVO64 Codecs
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0CA1005F-B640-0354-EC82-F8F7447A8E8A}" = CCC Help Hungarian
"{0FC472C3-6A2A-969F-10E7-E8F61B18117C}" = Catalyst Control Center Localization All
"{12076C90-4A78-7241-F633-4D2B019D5611}" = CCC Help Thai
"{17E11EC2-3736-10A1-330C-CC7EB6CAC6B3}" = CCC Help Turkish
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{31405CA2-F009-D91B-FEFF-35924343CB14}" = Catalyst Control Center InstallProxy
"{31B75145-DF24-C759-E735-9C129956961E}" = CCC Help Spanish
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59F5C54C-ED39-58B4-42DA-3F20AB440E49}" = CCC Help Czech
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{641C1B16-FD4C-0F97-47AE-76637FC64225}" = CCC Help English
"{64B157C9-C291-2535-8177-237BC2D37EBF}" = CCC Help Korean
"{79C2D7F9-3BF8-52C1-6A7A-84C9296171F8}" = CCC Help German
"{7B29E627-71A5-6824-3F85-DBEF19624BD0}" = ccc-core-static
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{88B2BB7B-A684-E8E3-65C6-DDC5DC152C2A}" = CCC Help French
"{8CB77076-DB66-5D92-7886-807226C9CE4B}" = CCC Help Italian
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{94F4B1D4-0BCC-E5C6-4EAE-F1A287383D5B}" = CCC Help Finnish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98838C21-AD83-77AA-3B09-F437C6F24F8F}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6F56DA-7051-6677-4E5A-9DC6C573F2B5}" = CCC Help Portuguese
"{9FE051B0-39BC-F5DD-C99B-0D4793184C2A}" = CCC Help Chinese Standard
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA6B96C4-7AF5-3F6A-E630-4096508A9C47}" = CCC Help Danish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B48E87FE-A8D9-EE14-B607-3FA1ACEF218E}" = CCC Help Norwegian
"{B4FA8E67-D299-485A-407B-05A2681BAF47}" = CCC Help Japanese
"{BB05BC7D-BEF8-7A7B-C62E-F1BE381E70BB}" = CCC Help Swedish
"{BD49141C-188C-4B75-9F46-C2C42F2D1031}" = Nero 7 Essentials
"{C3FA3CCE-2A88-0976-B875-4B3E9D41204D}" = Catalyst Control Center Graphics Previews Common
"{D34F0251-1C96-09B3-EE29-2A9148413252}" = CCC Help Chinese Traditional
"{D54A0D86-35B0-BFC8-174B-D991EDF903B8}" = Catalyst Control Center Graphics Previews Vista
"{D5610369-AF78-386F-4985-9822654973A3}" = CCC Help Polish
"{E937F8DA-8C7F-ADFE-7EA5-7C1CAAB23C05}" = HydraVision
"{ECD129A4-5A21-1977-0849-6913BA6BA29C}" = CCC Help Russian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F77D44EB-2A6E-E2EE-7C30-40A5409B2650}" = CCC Help Greek
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"Canon MP280 series Benutzerregistrierung" = Canon MP280 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Diablo III" = Diablo III
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Google Chrome" = Google Chrome
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"PhotoScape" = PhotoScape
"SopCast" = SopCast 3.8.2
"StarCraft II" = StarCraft II
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ACEStream" = ACE Stream Media 2.0.13
"TorrentStream" = Torrent Stream 2.0.8.11.1
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.04.2013 02:53:17 | Computer Name = Don-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.04.2013 09:35:04 | Computer Name = Don-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 20.0.0.4833 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: bf8 Anfangszeit: 01ce35269494d3f0 Zeitpunkt der
Beendigung: 16
Error - 09.04.2013 09:39:45 | Computer Name = Don-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.04.2013 11:15:48 | Computer Name = Don-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.04.2013 11:46:19 | Computer Name = Don-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.04.2013 03:21:32 | Computer Name = Don-PC | Source = WinMgmt | ID = 10
Description =
Error - 11.04.2013 02:15:45 | Computer Name = Don-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.04.2013 02:45:56 | Computer Name = Don-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.04.2013 03:28:01 | Computer Name = Don-PC | Source = MsiInstaller | ID = 1024
Description =
Error - 12.04.2013 03:39:30 | Computer Name = Don-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 08.04.2013 18:19:26 | Computer Name = Don-PC | Source = bowser | ID = 8003
Description =
Error - 08.04.2013 18:28:38 | Computer Name = Don-PC | Source = DCOM | ID = 10005
Description =
Error - 08.04.2013 18:28:38 | Computer Name = Don-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 08.04.2013 18:28:38 | Computer Name = Don-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-10 11:57:13
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 Hitachi_HDP725050GLA360 rev.GM4OA52A 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Don\AppData\Local\Temp\kwldapow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[648] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077112c52 1 byte [62]
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077112c52 1 byte [62]
.text C:\Windows\System32\svchost.exe[276] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077112c52 1 byte [62]
.text C:\Windows\system32\atiesrxx.exe[536] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077112c52 1 byte [62]
.text C:\Windows\System32\svchost.exe[556] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077112c52 1 byte [62]
.text C:\Windows\System32\svchost.exe[516] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077112c52 1 byte [62]
.text C:\Windows\system32\svchost.exe[932] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077112c52 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1644] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 194 0000000077112c52 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1288] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779517d7 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1288] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077953221 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1288] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077969578 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1288] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077969608 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077969758 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1288] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077969ab8 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1288] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 000000007796b24c 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1288] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000076104228 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1288] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000761d010d 5 bytes JMP 00000001000c0a08
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1288] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000761d03d2 5 bytes JMP 00000001000c0804
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1288] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000761d1b58 5 bytes JMP 00000001000c0600
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1288] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000761d6530 5 bytes JMP 00000001000c03fc
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1288] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000761e653e 5 bytes JMP 00000001000c01f8
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1288] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075789eb4 5 bytes JMP 00000001000d03fc
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1288] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 000000007578a07e 5 bytes JMP 00000001000d0600
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1288] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity 00000000757c6cd9 5 bytes JMP 00000001000d1014
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1288] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000757c6dd9 5 bytes JMP 00000001000d0804
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1288] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000757c6f81 5 bytes JMP 00000001000d0a08
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1288] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A 00000000757c7099 5 bytes JMP 00000001000d0c0c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1288] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W 00000000757c71e1 5 bytes JMP 00000001000d0e10
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1288] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757c72a1 5 bytes JMP 00000001000d01f8
.text C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1244] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779517d7 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1244] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077953221 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077969578 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077969608 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077969758 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077969ab8 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1244] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 000000007796b24c 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1244] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000076104228 1 byte [62]
.text C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1244] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075789eb4 5 bytes JMP 00000001000f03fc
.text C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1244] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 000000007578a07e 5 bytes JMP 00000001000f0600
.text C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1244] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity 00000000757c6cd9 5 bytes JMP 00000001000f1014
.text C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1244] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000757c6dd9 5 bytes JMP 00000001000f0804
.text C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1244] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000757c6f81 5 bytes JMP 00000001000f0a08
.text C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1244] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A 00000000757c7099 5 bytes JMP 00000001000f0c0c
.text C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1244] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W 00000000757c71e1 5 bytes JMP 00000001000f0e10
.text C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1244] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757c72a1 5 bytes JMP 00000001000f01f8
.text C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1244] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000761d010d 5 bytes JMP 0000000100100a08
.text C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1244] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000761d03d2 5 bytes JMP 0000000100100804
.text C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1244] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000761d1b58 5 bytes JMP 0000000100100600
.text C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1244] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000761d6530 5 bytes JMP 00000001001003fc
.text C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[1244] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000761e653e 5 bytes JMP 00000001001001f8
.text C:\Windows\system32\taskeng.exe[2120] C:\Windows\system32\ntdll.dll!LdrUnloadDll 0000000077776d20 5 bytes JMP 000000010012075c
.text C:\Windows\system32\taskeng.exe[2120] C:\Windows\system32\ntdll.dll!LdrLoadDll 0000000077793bd0 5 bytes JMP 00000001001203a4
.text C:\Windows\system32\taskeng.exe[2120] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory 00000000777a6ff0 5 bytes JMP 0000000100120b14
.text C:\Windows\system32\taskeng.exe[2120] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory 00000000777a7050 5 bytes JMP 0000000100120ecc
.text C:\Windows\system32\taskeng.exe[2120] C:\Windows\system32\ntdll.dll!NtTerminateProcess 00000000777a7130 5 bytes JMP 000000010012163c
.text C:\Windows\system32\taskeng.exe[2120] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory 00000000777a7370 5 bytes JMP 0000000100121284
.text C:\Windows\system32\taskeng.exe[2120] C:\Windows\system32\ntdll.dll!NtSetContextThread 00000000777a8330 5 bytes JMP 00000001001219f4
.text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2288] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779517d7 5 bytes JMP 00000001000301f8
.text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2288] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077953221 5 bytes JMP 00000001000303fc
.text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077969578 5 bytes JMP 0000000100030600
.text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077969608 5 bytes JMP 0000000100030804
.text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077969758 5 bytes JMP 0000000100030c0c
.text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077969ab8 5 bytes JMP 0000000100030a08
.text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2288] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 000000007796b24c 5 bytes JMP 0000000100030e10
.text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2288] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000076104228 1 byte [62]
.text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2288] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075789eb4 5 bytes JMP 00000001000f03fc
.text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2288] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 000000007578a07e 5 bytes JMP 00000001000f0600
.text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2288] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity 00000000757c6cd9 5 bytes JMP 00000001000f1014
.text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2288] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000757c6dd9 5 bytes JMP 00000001000f0804
.text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2288] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000757c6f81 5 bytes JMP 00000001000f0a08
.text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2288] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A 00000000757c7099 5 bytes JMP 00000001000f0c0c
.text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2288] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W 00000000757c71e1 5 bytes JMP 00000001000f0e10
.text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2288] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757c72a1 5 bytes JMP 00000001000f01f8
.text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2288] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000761d010d 5 bytes JMP 0000000100130a08
.text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2288] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000761d03d2 5 bytes JMP 0000000100130804
.text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2288] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000761d1b58 5 bytes JMP 0000000100130600
.text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2288] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000761d6530 5 bytes JMP 00000001001303fc
.text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2288] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000761e653e 5 bytes JMP 00000001001301f8
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2308] C:\Windows\system32\ntdll.dll!LdrUnloadDll 0000000077776d20 5 bytes JMP 000000010092075c
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2308] C:\Windows\system32\ntdll.dll!LdrLoadDll 0000000077793bd0 5 bytes JMP 00000001009203a4
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2308] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory 00000000777a6ff0 5 bytes JMP 0000000100920b14
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2308] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory 00000000777a7050 5 bytes JMP 0000000100920ecc
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2308] C:\Windows\system32\ntdll.dll!NtTerminateProcess 00000000777a7130 5 bytes JMP 000000010092163c
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2308] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory 00000000777a7370 5 bytes JMP 0000000100921284
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2308] C:\Windows\system32\ntdll.dll!NtSetContextThread 00000000777a8330 5 bytes JMP 00000001009219f4
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2308] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 194 0000000077112c52 1 byte [62]
.text C:\Windows\system32\svchost.exe[2344] C:\Windows\system32\ntdll.dll!LdrUnloadDll 0000000077776d20 5 bytes JMP 000000010018075c
.text C:\Windows\system32\svchost.exe[2344] C:\Windows\system32\ntdll.dll!LdrLoadDll 0000000077793bd0 5 bytes JMP 00000001001803a4
.text C:\Windows\system32\svchost.exe[2344] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory 00000000777a6ff0 5 bytes JMP 0000000100180b14
.text C:\Windows\system32\svchost.exe[2344] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory 00000000777a7050 5 bytes JMP 0000000100180ecc
.text C:\Windows\system32\svchost.exe[2344] C:\Windows\system32\ntdll.dll!NtTerminateProcess 00000000777a7130 5 bytes JMP 000000010018163c
.text C:\Windows\system32\svchost.exe[2344] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory 00000000777a7370 5 bytes JMP 0000000100181284
.text C:\Windows\system32\svchost.exe[2344] C:\Windows\system32\ntdll.dll!NtSetContextThread 00000000777a8330 5 bytes JMP 00000001001819f4
.text C:\Windows\System32\svchost.exe[2372] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 194 0000000077112c52 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2416] C:\Windows\system32\ntdll.dll!LdrUnloadDll 0000000077776d20 5 bytes JMP 000000010013075c
.text C:\Windows\system32\SearchIndexer.exe[2416] C:\Windows\system32\ntdll.dll!LdrLoadDll 0000000077793bd0 5 bytes JMP 00000001001303a4
.text C:\Windows\system32\SearchIndexer.exe[2416] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory 00000000777a6ff0 5 bytes JMP 0000000100130b14
.text C:\Windows\system32\SearchIndexer.exe[2416] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory 00000000777a7050 5 bytes JMP 0000000100130ecc
.text C:\Windows\system32\SearchIndexer.exe[2416] C:\Windows\system32\ntdll.dll!NtTerminateProcess 00000000777a7130 5 bytes JMP 000000010013163c
.text C:\Windows\system32\SearchIndexer.exe[2416] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory 00000000777a7370 5 bytes JMP 0000000100131284
.text C:\Windows\system32\SearchIndexer.exe[2416] C:\Windows\system32\ntdll.dll!NtSetContextThread 00000000777a8330 5 bytes JMP 00000001001319f4
.text C:\Windows\System32\WUDFHost.exe[2508] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 194 0000000077112c52 1 byte [62]
.text C:\Windows\system32\taskeng.exe[3100] C:\Windows\system32\ntdll.dll!LdrUnloadDll 0000000077776d20 5 bytes JMP 00000001001c075c
.text C:\Windows\system32\taskeng.exe[3100] C:\Windows\system32\ntdll.dll!LdrLoadDll 0000000077793bd0 5 bytes JMP 00000001001c03a4
.text C:\Windows\system32\taskeng.exe[3100] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory 00000000777a6ff0 5 bytes JMP 00000001001c0b14
.text C:\Windows\system32\taskeng.exe[3100] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory 00000000777a7050 5 bytes JMP 00000001001c0ecc
.text C:\Windows\system32\taskeng.exe[3100] C:\Windows\system32\ntdll.dll!NtTerminateProcess 00000000777a7130 5 bytes JMP 00000001001c163c
.text C:\Windows\system32\taskeng.exe[3100] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory 00000000777a7370 5 bytes JMP 00000001001c1284
.text C:\Windows\system32\taskeng.exe[3100] C:\Windows\system32\ntdll.dll!NtSetContextThread 00000000777a8330 5 bytes JMP 00000001001c19f4
.text C:\Windows\Explorer.EXE[3200] C:\Windows\system32\ntdll.dll!LdrUnloadDll 0000000077776d20 5 bytes JMP 000000010016075c
.text C:\Windows\Explorer.EXE[3200] C:\Windows\system32\ntdll.dll!LdrLoadDll 0000000077793bd0 5 bytes JMP 00000001001603a4
.text C:\Windows\Explorer.EXE[3200] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory 00000000777a6ff0 5 bytes JMP 0000000100160b14
.text C:\Windows\Explorer.EXE[3200] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory 00000000777a7050 5 bytes JMP 0000000100160ecc
.text C:\Windows\Explorer.EXE[3200] C:\Windows\system32\ntdll.dll!NtTerminateProcess 00000000777a7130 5 bytes JMP 000000010016163c
.text C:\Windows\Explorer.EXE[3200] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory 00000000777a7370 5 bytes JMP 0000000100161284
.text C:\Windows\Explorer.EXE[3200] C:\Windows\system32\ntdll.dll!NtSetContextThread 00000000777a8330 5 bytes JMP 00000001001619f4
.text C:\Windows\Explorer.EXE[3200] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 194 0000000077112c52 1 byte [62]
.text C:\Windows\RAVCpl64.exe[3364] C:\Windows\system32\ntdll.dll!LdrUnloadDll 0000000077776d20 5 bytes JMP 000000010074075c
.text C:\Windows\RAVCpl64.exe[3364] C:\Windows\system32\ntdll.dll!LdrLoadDll 0000000077793bd0 5 bytes JMP 00000001007403a4
.text C:\Windows\RAVCpl64.exe[3364] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory 00000000777a6ff0 5 bytes JMP 0000000100740b14
.text C:\Windows\RAVCpl64.exe[3364] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory 00000000777a7050 5 bytes JMP 0000000100740ecc
.text C:\Windows\RAVCpl64.exe[3364] C:\Windows\system32\ntdll.dll!NtTerminateProcess 00000000777a7130 5 bytes JMP 000000010074163c
.text C:\Windows\RAVCpl64.exe[3364] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory 00000000777a7370 5 bytes JMP 0000000100741284
.text C:\Windows\RAVCpl64.exe[3364] C:\Windows\system32\ntdll.dll!NtSetContextThread 00000000777a8330 5 bytes JMP 00000001007419f4
.text C:\Windows\RAVCpl64.exe[3364] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 194 0000000077112c52 1 byte [62]
.text C:\Users\Schloik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3468] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779517d7 5 bytes JMP 00000001000301f8
.text C:\Users\Schloik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3468] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077953221 5 bytes JMP 00000001000303fc
.text C:\Users\Schloik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077969578 5 bytes JMP 0000000100030600
.text C:\Users\Schloik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077969608 5 bytes JMP 0000000100030804
.text C:\Users\Schloik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077969758 5 bytes JMP 0000000100030c0c
.text C:\Users\Schloik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077969ab8 5 bytes JMP 0000000100030a08
.text C:\Users\Schloik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 000000007796b24c 5 bytes JMP 0000000100030e10
.text C:\Users\Schloik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3468] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000076104228 1 byte [62]
.text C:\Users\Schloik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3468] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000761d010d 5 bytes JMP 00000001000b0a08
.text C:\Users\Schloik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3468] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000761d03d2 5 bytes JMP 00000001000b0804
.text C:\Users\Schloik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3468] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000761d1b58 5 bytes JMP 00000001000b0600
.text C:\Users\Schloik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3468] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000761d6530 5 bytes JMP 00000001000b03fc
.text C:\Users\Schloik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3468] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000761e653e 5 bytes JMP 00000001000b01f8
.text C:\Users\Schloik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3468] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075789eb4 5 bytes JMP 00000001000c03fc
.text C:\Users\Schloik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3468] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 000000007578a07e 5 bytes JMP 00000001000c0600
.text C:\Users\Schloik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3468] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity 00000000757c6cd9 5 bytes JMP 00000001000c1014
.text C:\Users\Schloik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3468] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000757c6dd9 5 bytes JMP 00000001000c0804
.text C:\Users\Schloik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3468] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000757c6f81 5 bytes JMP 00000001000c0a08
.text C:\Users\Schloik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3468] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A 00000000757c7099 5 bytes JMP 00000001000c0c0c
.text C:\Users\Schloik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3468] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W 00000000757c71e1 5 bytes JMP 00000001000c0e10
.text C:\Users\Schloik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3468] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757c72a1 5 bytes JMP 00000001000c01f8
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3580] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000076104228 1 byte [62]
.text C:\Windows\SysWOW64\conime.exe[3984] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779517d7 5 bytes JMP 00000001000301f8
.text C:\Windows\SysWOW64\conime.exe[3984] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077953221 5 bytes JMP 00000001000303fc
.text C:\Windows\SysWOW64\conime.exe[3984] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077969578 5 bytes JMP 0000000100030600
.text C:\Windows\SysWOW64\conime.exe[3984] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077969608 5 bytes JMP 0000000100030804
.text C:\Windows\SysWOW64\conime.exe[3984] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077969758 5 bytes JMP 0000000100030c0c
.text C:\Windows\SysWOW64\conime.exe[3984] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077969ab8 5 bytes JMP 0000000100030a08
.text C:\Windows\SysWOW64\conime.exe[3984] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 000000007796b24c 5 bytes JMP 0000000100030e10
.text C:\Windows\SysWOW64\conime.exe[3984] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000076104228 1 byte [62]
.text C:\Windows\SysWOW64\conime.exe[3984] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075789eb4 5 bytes JMP 00000001000603fc
.text C:\Windows\SysWOW64\conime.exe[3984] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 000000007578a07e 5 bytes JMP 0000000100060600
.text C:\Windows\SysWOW64\conime.exe[3984] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity 00000000757c6cd9 5 bytes JMP 0000000100061014
.text C:\Windows\SysWOW64\conime.exe[3984] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000757c6dd9 5 bytes JMP 0000000100060804
.text C:\Windows\SysWOW64\conime.exe[3984] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000757c6f81 5 bytes JMP 0000000100060a08
.text C:\Windows\SysWOW64\conime.exe[3984] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A 00000000757c7099 5 bytes JMP 0000000100060c0c
.text C:\Windows\SysWOW64\conime.exe[3984] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W 00000000757c71e1 5 bytes JMP 0000000100060e10
.text C:\Windows\SysWOW64\conime.exe[3984] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757c72a1 5 bytes JMP 00000001000601f8
.text C:\Windows\SysWOW64\conime.exe[3984] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000761d010d 5 bytes JMP 0000000100070a08
.text C:\Windows\SysWOW64\conime.exe[3984] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000761d03d2 5 bytes JMP 0000000100070804
.text C:\Windows\SysWOW64\conime.exe[3984] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000761d1b58 5 bytes JMP 0000000100070600
.text C:\Windows\SysWOW64\conime.exe[3984] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000761d6530 5 bytes JMP 00000001000703fc
.text C:\Windows\SysWOW64\conime.exe[3984] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000761e653e 5 bytes JMP 00000001000701f8
.text C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe[2964] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779517d7 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe[2964] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077953221 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077969578 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077969608 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077969758 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077969ab8 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe[2964] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 000000007796b24c 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe[2964] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000076104228 1 byte [62]
.text C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe[2964] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000761d010d 5 bytes JMP 0000000100070a08
.text C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe[2964] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000761d03d2 5 bytes JMP 0000000100070804
.text C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe[2964] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000761d1b58 5 bytes JMP 0000000100070600
.text C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe[2964] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000761d6530 5 bytes JMP 00000001000703fc
.text C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe[2964] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000761e653e 5 bytes JMP 00000001000701f8
.text C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075789eb4 5 bytes JMP 00000001000803fc
.text C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 000000007578a07e 5 bytes JMP 0000000100080600
.text C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity 00000000757c6cd9 5 bytes JMP 0000000100081014
.text C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000757c6dd9 5 bytes JMP 0000000100080804
.text C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000757c6f81 5 bytes JMP 0000000100080a08
.text C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A 00000000757c7099 5 bytes JMP 0000000100080c0c
.text C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W 00000000757c71e1 5 bytes JMP 0000000100080e10
.text C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe[2964] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757c72a1 5 bytes JMP 00000001000801f8
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4372] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779517d7 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4372] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077953221 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4372] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077969578 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4372] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077969608 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4372] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077969758 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4372] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077969ab8 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4372] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 000000007796b24c 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4372] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000076104228 1 byte [62]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4372] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000761d010d 5 bytes JMP 0000000100080a08
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4372] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000761d03d2 5 bytes JMP 0000000100080804
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4372] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000761d1b58 5 bytes JMP 0000000100080600
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4372] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000761d6530 5 bytes JMP 00000001000803fc
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4372] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000761e653e 5 bytes JMP 00000001000801f8
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4372] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075789eb4 5 bytes JMP 00000001000903fc
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4372] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 000000007578a07e 5 bytes JMP 0000000100090600
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4372] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity 00000000757c6cd9 5 bytes JMP 0000000100091014
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4372] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000757c6dd9 5 bytes JMP 0000000100090804
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4372] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000757c6f81 5 bytes JMP 0000000100090a08
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4372] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A 00000000757c7099 5 bytes JMP 0000000100090c0c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4372] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W 00000000757c71e1 5 bytes JMP 0000000100090e10
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[4372] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757c72a1 5 bytes JMP 00000001000901f8
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4396] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000779517d7 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4396] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077953221 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4396] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077969578 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4396] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077969608 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4396] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077969758 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4396] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077969ab8 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4396] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 000000007796b24c 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4396] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 130 0000000076104228 1 byte [62]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4396] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000761d010d 5 bytes JMP 0000000100090a08
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4396] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000761d03d2 5 bytes JMP 0000000100090804
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4396] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000761d1b58 5 bytes JMP 0000000100090600
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4396] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000761d6530 5 bytes JMP 00000001000903fc
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4396] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000761e653e 5 bytes JMP 00000001000901f8
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4396] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 0000000075789eb4 5 bytes JMP 00000001000a03fc
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4396] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 000000007578a07e 5 bytes JMP 00000001000a0600
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4396] C:\Windows\syswow64\ADVAPI32.dll!SetServiceObjectSecurity 00000000757c6cd9 5 bytes JMP 00000001000a1014
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4396] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000757c6dd9 5 bytes JMP 00000001000a0804
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4396] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000757c6f81 5 bytes JMP 00000001000a0a08
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4396] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2A 00000000757c7099 5 bytes JMP 00000001000a0c0c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4396] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfig2W 00000000757c71e1 5 bytes JMP 00000001000a0e10
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4396] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000757c72a1 5 bytes JMP 00000001000a01f8
.text C:\Windows\splwow64.exe[4492] C:\Windows\system32\ntdll.dll!LdrUnloadDll 0000000077776d20 5 bytes JMP 00000001002b075c
.text C:\Windows\splwow64.exe[4492] C:\Windows\system32\ntdll.dll!LdrLoadDll 0000000077793bd0 5 bytes JMP 00000001002b03a4
.text C:\Windows\splwow64.exe[4492] C:\Windows\system32\ntdll.dll!NtAllocateVirtualMemory 00000000777a6ff0 5 bytes JMP 00000001002b0b14
.text C:\Windows\splwow64.exe[4492] C:\Windows\system32\ntdll.dll!NtFreeVirtualMemory 00000000777a7050 5 bytes JMP 00000001002b0ecc
.text C:\Windows\splwow64.exe[4492] C:\Windows\system32\ntdll.dll!NtTerminateProcess 00000000777a7130 5 bytes JMP 00000001002b163c
.text C:\Windows\splwow64.exe[4492] C:\Windows\system32\ntdll.dll!NtProtectVirtualMemory 00000000777a7370 5 bytes JMP 00000001002b1284
.text C:\Windows\splwow64.exe[4492] C:\Windows\system32\ntdll.dll!NtSetContextThread 00000000777a8330 5 bytes JMP 00000001002b19f4
.text C:\Windows\splwow64.exe[4492] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 194 0000000077112c52 1 byte [62]
.text C:\Users\Schloik\Desktop\gmer_2.1.19163.exe[1312] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 130 0000000076104228 1 byte [62]
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
---- EOF - GMER 2.1 ----
|
|
10.06.2013, 11:22
| #2 |
| /// Malware-holic   | Avast deaktiviert, Rechner bootet selbst neu, VisthAux.exe Hi,
__________________Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
10.06.2013, 11:31
| #3 |
| | Avast deaktiviert, Rechner bootet selbst neu, VisthAux.exe Nichts gefunden.
__________________Code:
ATTFilter 12:28:49.0904 4308 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:28:50.0169 4308 ============================================================
12:28:50.0169 4308 Current date / time: 2013/06/10 12:28:50.0169
12:28:50.0169 4308 SystemInfo:
12:28:50.0169 4308
12:28:50.0169 4308 OS Version: 6.0.6002 ServicePack: 2.0
12:28:50.0169 4308 Product type: Workstation
12:28:50.0169 4308 ComputerName: DON-PC
12:28:50.0169 4308 UserName: Don
12:28:50.0169 4308 Windows directory: C:\Windows
12:28:50.0169 4308 System windows directory: C:\Windows
12:28:50.0169 4308 Running under WOW64
12:28:50.0169 4308 Processor architecture: Intel x64
12:28:50.0169 4308 Number of processors: 4
12:28:50.0169 4308 Page size: 0x1000
12:28:50.0169 4308 Boot type: Normal boot
12:28:50.0169 4308 ============================================================
12:28:51.0698 4308 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:28:51.0729 4308 ============================================================
12:28:51.0729 4308 \Device\Harddisk0\DR0:
12:28:51.0729 4308 MBR partitions:
12:28:51.0729 4308 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x38EA6000
12:28:51.0729 4308 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38EA6D6F, BlocksNum 0x14DDED2
12:28:51.0729 4308 ============================================================
12:28:51.0838 4308 C: <-> \Device\Harddisk0\DR0\Partition1
12:28:52.0072 4308 R: <-> \Device\Harddisk0\DR0\Partition2
12:28:52.0072 4308 ============================================================
12:28:52.0072 4308 Initialize success
12:28:52.0072 4308 ============================================================
12:29:00.0153 2852 ============================================================
12:29:00.0153 2852 Scan started
12:29:00.0153 2852 Mode: Manual; SigCheck; TDLFS;
12:29:00.0153 2852 ============================================================
12:29:02.0072 2852 ================ Scan system memory ========================
12:29:02.0072 2852 System memory - ok
12:29:02.0072 2852 ================ Scan services =============================
12:29:02.0540 2852 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
12:29:02.0743 2852 ACPI - ok
12:29:02.0836 2852 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:29:02.0852 2852 AdobeARMservice - ok
12:29:03.0086 2852 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:29:03.0101 2852 AdobeFlashPlayerUpdateSvc - ok
12:29:03.0179 2852 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:29:03.0242 2852 adp94xx - ok
12:29:03.0289 2852 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:29:03.0320 2852 adpahci - ok
12:29:03.0335 2852 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
12:29:03.0351 2852 adpu160m - ok
12:29:03.0398 2852 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:29:03.0429 2852 adpu320 - ok
12:29:03.0491 2852 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:29:03.0569 2852 AeLookupSvc - ok
12:29:03.0601 2852 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
12:29:03.0647 2852 AFD - ok
12:29:03.0694 2852 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:29:03.0710 2852 agp440 - ok
12:29:03.0741 2852 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
12:29:03.0757 2852 aic78xx - ok
12:29:03.0772 2852 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
12:29:03.0881 2852 ALG - ok
12:29:03.0928 2852 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
12:29:03.0944 2852 aliide - ok
12:29:04.0006 2852 [ F687D4976EFF550FB0BE45A5CB19F18F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:29:04.0069 2852 AMD External Events Utility - ok
12:29:04.0084 2852 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
12:29:04.0100 2852 amdide - ok
12:29:04.0162 2852 [ D52A2E98C5EEFF88CED28793B6B04D84 ] amdide64 C:\Windows\system32\DRIVERS\amdide64.sys
12:29:04.0178 2852 amdide64 - ok
12:29:04.0225 2852 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:29:04.0318 2852 AmdK8 - ok
12:29:04.0973 2852 [ 74687C33C4AD25A975BBB1EA1E8B3884 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:29:05.0254 2852 amdkmdag - ok
12:29:05.0395 2852 [ C7F56ED86327A78E7F8A5CC503A98BD6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:29:05.0488 2852 amdkmdap - ok
12:29:05.0566 2852 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
12:29:05.0613 2852 Appinfo - ok
12:29:05.0629 2852 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
12:29:05.0660 2852 arc - ok
12:29:05.0722 2852 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:29:05.0738 2852 arcsas - ok
12:29:05.0785 2852 [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
12:29:05.0847 2852 aswFsBlk - ok
12:29:05.0894 2852 [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
12:29:05.0925 2852 aswMonFlt - ok
12:29:05.0941 2852 [ 9A9565BB92EE412B77B7416DD1D32F0B ] AswRdr C:\Windows\system32\drivers\AswRdr.sys
12:29:05.0972 2852 AswRdr - ok
12:29:06.0003 2852 [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
12:29:06.0034 2852 aswRvrt - ok
12:29:06.0268 2852 [ 10ED1CAB84AA65983C41A11F60294C9B ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
12:29:06.0331 2852 aswSnx - ok
12:29:06.0362 2852 [ 00E5253353717D3CA12A0F5A6F9991EC ] aswSP C:\Windows\system32\drivers\aswSP.sys
12:29:06.0409 2852 aswSP - ok
12:29:06.0440 2852 [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
12:29:06.0455 2852 aswTdi - ok
12:29:06.0487 2852 [ 6359B99C955DB9F40B653159A0EED261 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
12:29:06.0518 2852 aswVmm - ok
12:29:06.0565 2852 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:29:06.0643 2852 AsyncMac - ok
12:29:06.0674 2852 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
12:29:06.0705 2852 atapi - ok
12:29:06.0908 2852 [ 74687C33C4AD25A975BBB1EA1E8B3884 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:29:07.0111 2852 atikmdag - ok
12:29:07.0157 2852 [ DB0D3DE15EDC96E7529FC0D3F7760894 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
12:29:07.0173 2852 AtiPcie - ok
12:29:07.0251 2852 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:29:07.0360 2852 AudioEndpointBuilder - ok
12:29:07.0376 2852 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:29:07.0438 2852 AudioSrv - ok
12:29:07.0501 2852 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:29:07.0516 2852 avast! Antivirus - ok
12:29:07.0594 2852 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
12:29:07.0625 2852 BcmSqlStartupSvc - ok
12:29:07.0688 2852 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
12:29:07.0766 2852 BFE - ok
12:29:07.0844 2852 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
12:29:07.0922 2852 BITS - ok
12:29:07.0953 2852 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
12:29:08.0015 2852 blbdrive - ok
12:29:08.0047 2852 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:29:08.0062 2852 bowser - ok
12:29:08.0109 2852 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
12:29:08.0140 2852 BrFiltLo - ok
12:29:08.0156 2852 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
12:29:08.0203 2852 BrFiltUp - ok
12:29:08.0265 2852 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
12:29:08.0312 2852 Browser - ok
12:29:08.0374 2852 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
12:29:08.0437 2852 Brserid - ok
12:29:08.0452 2852 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
12:29:08.0515 2852 BrSerWdm - ok
12:29:08.0515 2852 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
12:29:08.0593 2852 BrUsbMdm - ok
12:29:08.0593 2852 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
12:29:08.0655 2852 BrUsbSer - ok
12:29:08.0686 2852 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:29:08.0749 2852 BTHMODEM - ok
12:29:08.0811 2852 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:29:08.0858 2852 cdfs - ok
12:29:08.0920 2852 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:29:08.0951 2852 cdrom - ok
12:29:09.0014 2852 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
12:29:09.0061 2852 CertPropSvc - ok
12:29:09.0076 2852 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
12:29:09.0123 2852 circlass - ok
12:29:09.0154 2852 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
12:29:09.0185 2852 CLFS - ok
12:29:09.0263 2852 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:29:09.0279 2852 clr_optimization_v2.0.50727_32 - ok
12:29:09.0326 2852 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:29:09.0326 2852 clr_optimization_v2.0.50727_64 - ok
12:29:09.0435 2852 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:29:09.0435 2852 clr_optimization_v4.0.30319_32 - ok
12:29:09.0497 2852 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:29:09.0513 2852 clr_optimization_v4.0.30319_64 - ok
12:29:09.0529 2852 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:29:09.0544 2852 cmdide - ok
12:29:09.0560 2852 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
12:29:09.0575 2852 Compbatt - ok
12:29:09.0575 2852 COMSysApp - ok
12:29:09.0591 2852 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:29:09.0607 2852 crcdisk - ok
12:29:09.0653 2852 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:29:09.0685 2852 CryptSvc - ok
12:29:09.0763 2852 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
12:29:09.0856 2852 DcomLaunch - ok
12:29:09.0919 2852 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:29:09.0950 2852 DfsC - ok
12:29:10.0043 2852 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
12:29:10.0184 2852 DFSR - ok
12:29:10.0246 2852 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
12:29:10.0309 2852 Dhcp - ok
12:29:10.0340 2852 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
12:29:10.0355 2852 disk - ok
12:29:10.0402 2852 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:29:10.0433 2852 Dnscache - ok
12:29:10.0465 2852 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
12:29:10.0511 2852 dot3svc - ok
12:29:10.0574 2852 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
12:29:10.0652 2852 DPS - ok
12:29:10.0699 2852 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:29:10.0761 2852 drmkaud - ok
12:29:10.0808 2852 [ F3932288EEECD776FF1F9F653AD878F3 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:29:10.0839 2852 DXGKrnl - ok
12:29:10.0855 2852 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
12:29:10.0901 2852 E1G60 - ok
12:29:10.0964 2852 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
12:29:10.0979 2852 EapHost - ok
12:29:11.0042 2852 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
12:29:11.0057 2852 Ecache - ok
12:29:11.0104 2852 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:29:11.0151 2852 ehRecvr - ok
12:29:11.0167 2852 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
12:29:11.0213 2852 ehSched - ok
12:29:11.0229 2852 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
12:29:11.0260 2852 ehstart - ok
12:29:11.0291 2852 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:29:11.0323 2852 elxstor - ok
12:29:11.0354 2852 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
12:29:11.0401 2852 EMDMgmt - ok
12:29:11.0447 2852 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:29:11.0510 2852 ErrDev - ok
12:29:11.0541 2852 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
12:29:11.0572 2852 EventSystem - ok
12:29:11.0603 2852 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
12:29:11.0635 2852 exfat - ok
12:29:11.0666 2852 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:29:11.0697 2852 fastfat - ok
12:29:11.0728 2852 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:29:11.0759 2852 fdc - ok
12:29:11.0837 2852 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
12:29:11.0884 2852 fdPHost - ok
12:29:11.0915 2852 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
12:29:11.0993 2852 FDResPub - ok
12:29:12.0025 2852 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:29:12.0071 2852 FileInfo - ok
12:29:12.0087 2852 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:29:12.0118 2852 Filetrace - ok
12:29:12.0134 2852 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:29:12.0165 2852 flpydisk - ok
12:29:12.0274 2852 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:29:12.0290 2852 FltMgr - ok
12:29:12.0539 2852 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
12:29:12.0711 2852 FontCache - ok
12:29:12.0836 2852 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:29:12.0867 2852 FontCache3.0.0.0 - ok
12:29:12.0929 2852 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:29:12.0976 2852 Fs_Rec - ok
12:29:13.0007 2852 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:29:13.0054 2852 gagp30kx - ok
12:29:13.0148 2852 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
12:29:13.0210 2852 gpsvc - ok
12:29:13.0304 2852 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:29:13.0319 2852 gupdate - ok
12:29:13.0335 2852 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:29:13.0351 2852 gupdatem - ok
12:29:13.0382 2852 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:29:13.0507 2852 HdAudAddService - ok
12:29:13.0709 2852 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:29:13.0787 2852 HDAudBus - ok
12:29:13.0803 2852 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:29:13.0897 2852 HidBth - ok
12:29:13.0959 2852 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
12:29:14.0099 2852 HidIr - ok
12:29:14.0162 2852 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
12:29:14.0271 2852 hidserv - ok
12:29:14.0333 2852 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:29:14.0411 2852 HidUsb - ok
12:29:14.0474 2852 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
12:29:14.0583 2852 hkmsvc - ok
12:29:14.0645 2852 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
12:29:14.0677 2852 HpCISSs - ok
12:29:14.0848 2852 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:29:14.0942 2852 HTTP - ok
12:29:14.0973 2852 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
12:29:14.0989 2852 i2omp - ok
12:29:15.0035 2852 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:29:15.0082 2852 i8042prt - ok
12:29:15.0207 2852 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
12:29:15.0254 2852 iaStorV - ok
12:29:15.0535 2852 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:29:15.0613 2852 idsvc - ok
12:29:15.0644 2852 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:29:15.0675 2852 iirsp - ok
12:29:15.0722 2852 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
12:29:15.0815 2852 IKEEXT - ok
12:29:15.0893 2852 [ FA6355AD5F6DDC5C213E995D4939DCAE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:29:15.0956 2852 IntcAzAudAddService - ok
12:29:16.0018 2852 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
12:29:16.0065 2852 intelide - ok
12:29:16.0081 2852 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:29:16.0143 2852 intelppm - ok
12:29:16.0190 2852 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:29:16.0252 2852 IPBusEnum - ok
12:29:16.0283 2852 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:29:16.0346 2852 IpFilterDriver - ok
12:29:16.0377 2852 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:29:16.0408 2852 iphlpsvc - ok
12:29:16.0424 2852 IpInIp - ok
12:29:16.0455 2852 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
12:29:16.0533 2852 IPMIDRV - ok
12:29:16.0549 2852 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
12:29:16.0611 2852 IPNAT - ok
12:29:16.0627 2852 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:29:16.0689 2852 IRENUM - ok
12:29:16.0720 2852 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:29:16.0736 2852 isapnp - ok
12:29:16.0783 2852 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
12:29:16.0798 2852 iScsiPrt - ok
12:29:16.0829 2852 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
12:29:16.0876 2852 iteatapi - ok
12:29:16.0923 2852 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
12:29:16.0923 2852 iteraid - ok
12:29:16.0939 2852 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:29:16.0954 2852 kbdclass - ok
12:29:16.0985 2852 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:29:17.0032 2852 kbdhid - ok
12:29:17.0063 2852 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
12:29:17.0110 2852 KeyIso - ok
12:29:17.0126 2852 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:29:17.0157 2852 KSecDD - ok
12:29:17.0204 2852 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:29:17.0266 2852 ksthunk - ok
12:29:17.0391 2852 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
12:29:17.0485 2852 KtmRm - ok
12:29:17.0563 2852 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:29:17.0609 2852 LanmanServer - ok
12:29:17.0656 2852 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:29:17.0703 2852 LanmanWorkstation - ok
12:29:17.0719 2852 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:29:17.0781 2852 lltdio - ok
12:29:17.0812 2852 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:29:17.0859 2852 lltdsvc - ok
12:29:17.0875 2852 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:29:17.0921 2852 lmhosts - ok
12:29:17.0999 2852 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:29:18.0031 2852 LSI_FC - ok
12:29:18.0077 2852 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:29:18.0093 2852 LSI_SAS - ok
12:29:18.0109 2852 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:29:18.0124 2852 LSI_SCSI - ok
12:29:18.0124 2852 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
12:29:18.0171 2852 luafv - ok
12:29:18.0202 2852 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:29:18.0265 2852 Mcx2Svc - ok
12:29:18.0311 2852 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
12:29:18.0327 2852 megasas - ok
12:29:18.0374 2852 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
12:29:18.0421 2852 MegaSR - ok
12:29:18.0436 2852 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
12:29:18.0514 2852 MMCSS - ok
12:29:18.0545 2852 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
12:29:18.0639 2852 Modem - ok
12:29:18.0701 2852 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:29:18.0764 2852 monitor - ok
12:29:18.0795 2852 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:29:18.0811 2852 mouclass - ok
12:29:18.0873 2852 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:29:18.0967 2852 mouhid - ok
12:29:18.0998 2852 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
12:29:19.0045 2852 MountMgr - ok
12:29:19.0107 2852 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:29:19.0123 2852 MozillaMaintenance - ok
12:29:19.0201 2852 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
12:29:19.0247 2852 mpio - ok
12:29:19.0263 2852 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:29:19.0341 2852 mpsdrv - ok
12:29:19.0513 2852 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
12:29:19.0575 2852 MpsSvc - ok
12:29:19.0653 2852 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
12:29:19.0700 2852 Mraid35x - ok
12:29:19.0778 2852 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:29:19.0825 2852 MRxDAV - ok
12:29:19.0871 2852 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:29:19.0918 2852 mrxsmb - ok
12:29:20.0012 2852 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:29:20.0090 2852 mrxsmb10 - ok
12:29:20.0090 2852 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:29:20.0152 2852 mrxsmb20 - ok
12:29:20.0168 2852 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
12:29:20.0183 2852 msahci - ok
12:29:20.0199 2852 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:29:20.0230 2852 msdsm - ok
12:29:20.0246 2852 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
12:29:20.0355 2852 MSDTC - ok
12:29:20.0371 2852 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:29:20.0433 2852 Msfs - ok
12:29:20.0495 2852 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:29:20.0495 2852 msisadrv - ok
12:29:20.0542 2852 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:29:20.0605 2852 MSiSCSI - ok
12:29:20.0605 2852 msiserver - ok
12:29:20.0667 2852 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:29:20.0714 2852 MSKSSRV - ok
12:29:20.0729 2852 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:29:20.0776 2852 MSPCLOCK - ok
12:29:20.0776 2852 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:29:20.0823 2852 MSPQM - ok
12:29:20.0870 2852 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:29:20.0885 2852 MsRPC - ok
12:29:20.0917 2852 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:29:20.0917 2852 mssmbios - ok
12:29:20.0979 2852 MSSQL$MSSMLBIZ - ok
12:29:21.0026 2852 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
12:29:21.0026 2852 MSSQLServerADHelper - ok
12:29:21.0057 2852 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:29:21.0135 2852 MSTEE - ok
12:29:21.0182 2852 [ 6936198F2CC25B39CF5262436C80DF46 ] MTsensor C:\Windows\system32\drivers\asacpi.sys
12:29:21.0213 2852 MTsensor - ok
12:29:21.0260 2852 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
12:29:21.0291 2852 Mup - ok
12:29:21.0400 2852 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
12:29:21.0494 2852 napagent - ok
12:29:21.0541 2852 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:29:21.0587 2852 NativeWifiP - ok
12:29:21.0665 2852 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:29:21.0728 2852 NDIS - ok
12:29:21.0775 2852 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:29:21.0837 2852 NdisTapi - ok
12:29:21.0868 2852 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:29:21.0962 2852 Ndisuio - ok
12:29:22.0055 2852 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:29:22.0118 2852 NdisWan - ok
12:29:22.0149 2852 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:29:22.0227 2852 NDProxy - ok
12:29:22.0274 2852 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:29:22.0352 2852 NetBIOS - ok
12:29:22.0445 2852 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
12:29:22.0508 2852 netbt - ok
12:29:22.0523 2852 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
12:29:22.0539 2852 Netlogon - ok
12:29:22.0679 2852 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
12:29:22.0835 2852 Netman - ok
12:29:22.0960 2852 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
12:29:23.0101 2852 netprofm - ok
12:29:23.0163 2852 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:29:23.0194 2852 NetTcpPortSharing - ok
12:29:23.0225 2852 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:29:23.0257 2852 nfrd960 - ok
12:29:23.0272 2852 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
12:29:23.0366 2852 NlaSvc - ok
12:29:23.0475 2852 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
12:29:23.0491 2852 NMIndexingService - ok
12:29:23.0522 2852 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:29:23.0600 2852 Npfs - ok
12:29:23.0631 2852 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
12:29:23.0725 2852 nsi - ok
12:29:23.0787 2852 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:29:23.0896 2852 nsiproxy - ok
12:29:24.0037 2852 [ 2ACCAA3C3C55370A32F17B3595E1A217 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:29:24.0146 2852 Ntfs - ok
12:29:24.0177 2852 [ D4012918D3A3847B44B888D56BC095D6 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
12:29:24.0193 2852 NuidFltr - ok
12:29:24.0239 2852 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
12:29:24.0349 2852 Null - ok
12:29:24.0380 2852 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:29:24.0427 2852 nvraid - ok
12:29:24.0442 2852 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:29:24.0473 2852 nvstor - ok
12:29:24.0473 2852 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:29:24.0520 2852 nv_agp - ok
12:29:24.0536 2852 NwlnkFlt - ok
12:29:24.0536 2852 NwlnkFwd - ok
12:29:24.0598 2852 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:29:24.0707 2852 ohci1394 - ok
12:29:24.0863 2852 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:29:24.0926 2852 ose - ok
12:29:25.0004 2852 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
12:29:25.0066 2852 p2pimsvc - ok
12:29:25.0082 2852 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
12:29:25.0207 2852 p2psvc - ok
12:29:25.0285 2852 [ 4C6A7FD04DDF4DB88791048382E3EDB1 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:29:25.0347 2852 Parport - ok
12:29:25.0425 2852 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:29:25.0472 2852 partmgr - ok
12:29:25.0487 2852 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
12:29:25.0503 2852 PcaSvc - ok
12:29:25.0534 2852 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
12:29:25.0550 2852 pci - ok
12:29:25.0612 2852 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
12:29:25.0628 2852 pciide - ok
12:29:25.0643 2852 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:29:25.0659 2852 pcmcia - ok
12:29:25.0675 2852 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:29:25.0784 2852 PEAUTH - ok
12:29:26.0314 2852 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:29:26.0423 2852 PerfHost - ok
12:29:26.0751 2852 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
12:29:26.0860 2852 pla - ok
12:29:26.0954 2852 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:29:27.0001 2852 PlugPlay - ok
12:29:27.0032 2852 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
12:29:27.0110 2852 PNRPAutoReg - ok
12:29:27.0125 2852 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
12:29:27.0188 2852 PNRPsvc - ok
12:29:27.0266 2852 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:29:27.0359 2852 PolicyAgent - ok
12:29:27.0422 2852 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:29:27.0469 2852 PptpMiniport - ok
12:29:27.0484 2852 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:29:27.0531 2852 Processor - ok
12:29:27.0640 2852 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
12:29:27.0687 2852 ProfSvc - ok
12:29:27.0703 2852 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
12:29:27.0734 2852 ProtectedStorage - ok
12:29:27.0796 2852 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
12:29:27.0827 2852 PSched - ok
12:29:27.0905 2852 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:29:28.0061 2852 ql2300 - ok
12:29:28.0124 2852 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:29:28.0171 2852 ql40xx - ok
12:29:28.0249 2852 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
12:29:28.0327 2852 QWAVE - ok
12:29:28.0342 2852 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:29:28.0373 2852 QWAVEdrv - ok
12:29:28.0389 2852 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:29:28.0467 2852 RasAcd - ok
12:29:28.0498 2852 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
12:29:28.0561 2852 RasAuto - ok
12:29:28.0623 2852 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:29:28.0670 2852 Rasl2tp - ok
12:29:28.0685 2852 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
12:29:28.0717 2852 RasMan - ok
12:29:28.0763 2852 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:29:28.0810 2852 RasPppoe - ok
12:29:28.0857 2852 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:29:28.0904 2852 RasSstp - ok
12:29:28.0951 2852 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:29:28.0997 2852 rdbss - ok
12:29:29.0013 2852 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:29:29.0060 2852 RDPCDD - ok
12:29:29.0169 2852 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
12:29:29.0278 2852 rdpdr - ok
12:29:29.0278 2852 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:29:29.0356 2852 RDPENCDD - ok
12:29:29.0419 2852 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:29:29.0450 2852 RDPWD - ok
12:29:29.0481 2852 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:29:29.0543 2852 RemoteAccess - ok
12:29:29.0621 2852 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:29:29.0684 2852 RemoteRegistry - ok
12:29:29.0731 2852 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
12:29:29.0777 2852 RpcLocator - ok
12:29:29.0809 2852 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
12:29:29.0887 2852 RpcSs - ok
12:29:29.0933 2852 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:29:30.0027 2852 rspndr - ok
12:29:30.0089 2852 [ 730C8393DFC90386D5A1ECB24DD6C614 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
12:29:30.0105 2852 RTHDMIAzAudService - ok
12:29:30.0152 2852 [ 9F248EF4D204ADE0B18DD50E26095CD5 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
12:29:30.0199 2852 RTL8169 - ok
12:29:30.0245 2852 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
12:29:30.0277 2852 SamSs - ok
12:29:30.0323 2852 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:29:30.0386 2852 sbp2port - ok
12:29:30.0433 2852 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:29:30.0495 2852 SCardSvr - ok
12:29:30.0604 2852 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
12:29:30.0713 2852 Schedule - ok
12:29:30.0807 2852 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:29:30.0854 2852 SCPolicySvc - ok
12:29:30.0901 2852 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:29:30.0963 2852 SDRSVC - ok
12:29:30.0994 2852 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:29:31.0088 2852 secdrv - ok
12:29:31.0150 2852 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
12:29:31.0197 2852 seclogon - ok
12:29:31.0213 2852 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
12:29:31.0291 2852 SENS - ok
12:29:31.0306 2852 [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:29:31.0353 2852 Serenum - ok
12:29:31.0415 2852 [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:29:31.0447 2852 Serial - ok
12:29:31.0478 2852 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:29:31.0525 2852 sermouse - ok
12:29:31.0556 2852 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
12:29:31.0603 2852 SessionEnv - ok
12:29:31.0634 2852 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:29:31.0727 2852 sffdisk - ok
12:29:31.0743 2852 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:29:31.0790 2852 sffp_mmc - ok
12:29:31.0805 2852 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:29:31.0852 2852 sffp_sd - ok
12:29:31.0868 2852 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:29:31.0915 2852 sfloppy - ok
12:29:32.0055 2852 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:29:32.0164 2852 SharedAccess - ok
12:29:32.0305 2852 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:29:32.0367 2852 ShellHWDetection - ok
12:29:32.0383 2852 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
12:29:32.0414 2852 SiSRaid2 - ok
12:29:32.0414 2852 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:29:32.0445 2852 SiSRaid4 - ok
12:29:32.0944 2852 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
12:29:33.0085 2852 slsvc - ok
12:29:33.0100 2852 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
12:29:33.0163 2852 SLUINotify - ok
12:29:33.0194 2852 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:29:33.0225 2852 Smb - ok
12:29:33.0256 2852 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:29:33.0287 2852 SNMPTRAP - ok
12:29:33.0319 2852 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
12:29:33.0334 2852 spldr - ok
12:29:33.0365 2852 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
12:29:33.0412 2852 Spooler - ok
12:29:33.0459 2852 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:29:33.0490 2852 SQLBrowser - ok
12:29:33.0537 2852 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:29:33.0553 2852 SQLWriter - ok
12:29:33.0584 2852 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
12:29:33.0646 2852 srv - ok
12:29:33.0677 2852 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:29:33.0709 2852 srv2 - ok
12:29:33.0740 2852 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:29:33.0771 2852 srvnet - ok
12:29:33.0802 2852 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:29:33.0880 2852 SSDPSRV - ok
12:29:33.0927 2852 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:29:33.0974 2852 SstpSvc - ok
12:29:34.0005 2852 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
12:29:34.0052 2852 stisvc - ok
12:29:34.0099 2852 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:29:34.0114 2852 swenum - ok
12:29:34.0161 2852 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
12:29:34.0223 2852 swprv - ok
12:29:34.0255 2852 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
12:29:34.0270 2852 Symc8xx - ok
12:29:34.0286 2852 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
12:29:34.0317 2852 Sym_hi - ok
12:29:34.0333 2852 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
12:29:34.0348 2852 Sym_u3 - ok
12:29:34.0395 2852 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
12:29:34.0457 2852 SysMain - ok
12:29:34.0504 2852 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:29:34.0520 2852 TabletInputService - ok
12:29:34.0551 2852 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:29:34.0598 2852 TapiSrv - ok
12:29:34.0613 2852 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
12:29:34.0676 2852 TBS - ok
12:29:34.0723 2852 [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:29:34.0769 2852 Tcpip - ok
12:29:34.0785 2852 [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
12:29:34.0832 2852 Tcpip6 - ok
12:29:34.0863 2852 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:29:34.0879 2852 tcpipreg - ok
12:29:34.0910 2852 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:29:34.0941 2852 TDPIPE - ok
12:29:34.0957 2852 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:29:35.0003 2852 TDTCP - ok
12:29:35.0035 2852 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:29:35.0081 2852 tdx - ok
12:29:35.0081 2852 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:29:35.0097 2852 TermDD - ok
12:29:35.0144 2852 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
12:29:35.0206 2852 TermService - ok
12:29:35.0222 2852 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
12:29:35.0237 2852 Themes - ok
12:29:35.0253 2852 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
12:29:35.0284 2852 THREADORDER - ok
12:29:35.0315 2852 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
12:29:35.0362 2852 TrkWks - ok
12:29:35.0393 2852 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:29:35.0440 2852 TrustedInstaller - ok
12:29:35.0471 2852 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:29:35.0518 2852 tssecsrv - ok
12:29:35.0549 2852 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
12:29:35.0581 2852 tunmp - ok
12:29:35.0627 2852 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:29:35.0659 2852 tunnel - ok
12:29:35.0674 2852 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:29:35.0690 2852 uagp35 - ok
12:29:35.0721 2852 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:29:35.0768 2852 udfs - ok
12:29:35.0783 2852 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:29:35.0830 2852 UI0Detect - ok
12:29:35.0861 2852 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:29:35.0877 2852 uliagpkx - ok
12:29:35.0893 2852 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
12:29:35.0908 2852 uliahci - ok
12:29:35.0924 2852 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
12:29:35.0939 2852 UlSata - ok
12:29:35.0955 2852 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
12:29:35.0971 2852 ulsata2 - ok
12:29:35.0986 2852 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:29:36.0017 2852 umbus - ok
12:29:36.0049 2852 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
12:29:36.0111 2852 upnphost - ok
12:29:36.0158 2852 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:29:36.0205 2852 usbccgp - ok
12:29:36.0236 2852 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:29:36.0298 2852 usbcir - ok
12:29:36.0329 2852 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:29:36.0361 2852 usbehci - ok
12:29:36.0376 2852 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:29:36.0423 2852 usbhub - ok
12:29:36.0454 2852 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:29:36.0470 2852 usbohci - ok
12:29:36.0517 2852 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:29:36.0548 2852 usbprint - ok
12:29:36.0610 2852 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:29:36.0641 2852 usbscan - ok
12:29:36.0657 2852 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:29:36.0688 2852 USBSTOR - ok
12:29:36.0704 2852 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:29:36.0735 2852 usbuhci - ok
12:29:36.0751 2852 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
12:29:36.0766 2852 UxSms - ok
12:29:36.0813 2852 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
12:29:36.0844 2852 vds - ok
12:29:36.0860 2852 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:29:36.0922 2852 vga - ok
12:29:36.0938 2852 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:29:36.0985 2852 VgaSave - ok
12:29:36.0985 2852 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
12:29:37.0016 2852 viaide - ok
12:29:37.0016 2852 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:29:37.0031 2852 volmgr - ok
12:29:37.0063 2852 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:29:37.0078 2852 volmgrx - ok
12:29:37.0125 2852 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:29:37.0141 2852 volsnap - ok
12:29:37.0203 2852 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:29:37.0219 2852 vsmraid - ok
12:29:37.0265 2852 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
12:29:37.0453 2852 VSS - ok
12:29:37.0484 2852 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
12:29:37.0562 2852 W32Time - ok
12:29:37.0593 2852 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:29:37.0702 2852 WacomPen - ok
12:29:37.0765 2852 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
12:29:37.0811 2852 Wanarp - ok
12:29:37.0811 2852 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:29:37.0858 2852 Wanarpv6 - ok
12:29:37.0905 2852 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:29:37.0936 2852 wcncsvc - ok
12:29:37.0967 2852 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:29:37.0999 2852 WcsPlugInService - ok
12:29:38.0030 2852 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
12:29:38.0045 2852 Wd - ok
12:29:38.0092 2852 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:29:38.0139 2852 Wdf01000 - ok
12:29:38.0155 2852 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:29:38.0201 2852 WdiServiceHost - ok
12:29:38.0201 2852 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:29:38.0248 2852 WdiSystemHost - ok
12:29:38.0279 2852 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
12:29:38.0295 2852 WebClient - ok
12:29:38.0342 2852 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:29:38.0373 2852 Wecsvc - ok
12:29:38.0389 2852 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:29:38.0420 2852 wercplsupport - ok
12:29:38.0435 2852 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
12:29:38.0467 2852 WerSvc - ok
12:29:38.0482 2852 WinDefend - ok
12:29:38.0498 2852 WinHttpAutoProxySvc - ok
12:29:38.0545 2852 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:29:38.0607 2852 Winmgmt - ok
12:29:38.0669 2852 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
12:29:38.0747 2852 WinRM - ok
12:29:38.0794 2852 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:29:38.0857 2852 Wlansvc - ok
12:29:38.0888 2852 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
12:29:38.0919 2852 WmiAcpi - ok
12:29:38.0950 2852 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:29:38.0981 2852 wmiApSrv - ok
12:29:38.0997 2852 WMPNetworkSvc - ok
12:29:39.0028 2852 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:29:39.0059 2852 WPCSvc - ok
12:29:39.0106 2852 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:29:39.0153 2852 WPDBusEnum - ok
12:29:39.0247 2852 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:29:39.0278 2852 WPFFontCache_v0400 - ok
12:29:39.0309 2852 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:29:39.0356 2852 ws2ifsl - ok
12:29:39.0387 2852 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
12:29:39.0403 2852 wscsvc - ok
12:29:39.0403 2852 WSearch - ok
12:29:39.0481 2852 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:29:39.0543 2852 wuauserv - ok
12:29:39.0605 2852 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:29:39.0637 2852 WudfPf - ok
12:29:39.0699 2852 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:29:39.0730 2852 WUDFRd - ok
12:29:39.0746 2852 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:29:39.0777 2852 wudfsvc - ok
12:29:39.0808 2852 ================ Scan global ===============================
12:29:39.0855 2852 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
12:29:39.0871 2852 [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
12:29:39.0902 2852 [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
12:29:39.0933 2852 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
12:29:39.0949 2852 [Global] - ok
12:29:39.0949 2852 ================ Scan MBR ==================================
12:29:39.0964 2852 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
12:29:40.0229 2852 \Device\Harddisk0\DR0 - ok
12:29:40.0245 2852 ================ Scan VBR ==================================
12:29:40.0245 2852 [ 8A3D8AEA6617111C3E4E6B6B1D7AEABA ] \Device\Harddisk0\DR0\Partition1
12:29:40.0245 2852 \Device\Harddisk0\DR0\Partition1 - ok
12:29:40.0261 2852 [ 7CCF3C54FCB8EC617324D3AEBC919CAD ] \Device\Harddisk0\DR0\Partition2
12:29:40.0261 2852 \Device\Harddisk0\DR0\Partition2 - ok
12:29:40.0261 2852 ============================================================
12:29:40.0261 2852 Scan finished
12:29:40.0261 2852 ============================================================
12:29:40.0276 3796 Detected object count: 0
12:29:40.0276 3796 Actual detected object count: 0
|
|
10.06.2013, 11:34
| #4 |
| /// Malware-holic | Avast deaktiviert, Rechner bootet selbst neu, VisthAux.exe Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.06.2013, 12:05
| #5 |
| | Avast deaktiviert, Rechner bootet selbst neu, VisthAux.exe Einen Neustart gab es nicht. Code:
ATTFilter ComboFix 13-06-08.02 - Don 10.06.2013 12:44:02.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.8190.5769 [GMT 2:00]
ausgeführt von:: c:\users\Schloik\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-10 bis 2013-06-10 ))))))))))))))))))))))))))))))
.
.
2013-06-10 10:40 . 2013-06-10 10:41 -------- d-----w- C:\32788R22FWJFW
2013-06-07 07:20 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E831BE64-5618-47F5-B858-558851F6217A}\mpengine.dll
2013-05-20 10:53 . 2012-07-04 14:18 201392 ----a-w- c:\windows\SysWow64\aswBoot.exe
2013-05-17 08:24 . 2013-05-17 08:26 -------- d-----w- c:\users\Schloik\AppData\Roaming\PhotoScape
2013-05-16 18:15 . 2013-05-16 18:15 -------- d-----w- C:\output
2013-05-16 17:40 . 2013-05-16 18:15 -------- d-----w- c:\users\Don\AppData\Roaming\PhotoScape
2013-05-16 17:40 . 2013-05-16 17:41 -------- d-----w- c:\program files (x86)\Google
2013-05-16 17:40 . 2013-05-16 17:40 -------- d-----w- c:\program files (x86)\PhotoScape
2013-05-16 17:40 . 2013-05-16 17:40 -------- d-----w- c:\users\Don\AppData\Local\Google
2013-05-16 15:55 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll
2013-05-16 15:55 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-16 15:55 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-16 12:49 . 2013-05-16 12:49 -------- d-----w- c:\programdata\CanonIJ
2013-05-16 12:47 . 2013-05-16 12:48 -------- d-----w- c:\users\Schloik\AppData\Roaming\Canon
2013-05-16 12:46 . 2013-05-16 12:46 -------- d--h--w- c:\programdata\CanonEPP
2013-05-16 12:40 . 2013-05-16 12:40 -------- d-----w- c:\program files\Common Files\CANON
2013-05-16 12:38 . 2013-05-16 12:38 -------- d-----w- c:\program files\Canon
2013-05-16 12:36 . 2013-05-16 12:44 -------- d-----w- c:\program files (x86)\Canon
2013-05-16 12:35 . 2013-05-16 12:35 -------- d-----w- c:\users\Don\AppData\Roaming\ATI
2013-05-16 12:35 . 2013-05-16 12:35 -------- d-----w- c:\users\Don\AppData\Local\ATI
2013-05-16 07:26 . 2013-04-09 01:55 2774016 ----a-w- c:\windows\system32\win32k.sys
2013-05-16 07:26 . 2013-04-15 14:17 901496 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 07:26 . 2013-04-13 03:34 47104 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 07:43 . 2013-05-15 07:43 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 15:59 . 2006-11-02 12:35 75016696 ----a-w- c:\windows\system32\mrt.exe
2013-05-15 07:42 . 2013-04-08 14:54 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 07:42 . 2013-04-08 14:54 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-09 08:59 . 2013-04-07 13:20 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2013-04-07 13:20 59144 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2013-04-07 13:20 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-04-07 13:20 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2013-04-07 13:20 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2013-04-07 13:20 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-04-07 13:20 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2013-04-07 13:20 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2013-04-07 13:19 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2013-04-07 13:20 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-02 00:06 . 2013-04-08 12:17 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-08 21:54 . 2013-04-08 21:54 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-08 21:54 . 2013-04-08 21:54 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-04-08 21:54 . 2013-04-08 21:54 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-08 21:54 . 2013-04-08 21:54 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-08 21:54 . 2013-04-08 21:54 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-04-08 21:54 . 2013-04-08 21:54 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-04-08 21:54 . 2013-04-08 21:54 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-08 21:54 . 2013-04-08 21:54 367104 ----a-w- c:\windows\SysWow64\html.iec
2013-04-08 21:54 . 2013-04-08 21:54 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-08 21:54 . 2013-04-08 21:54 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-08 21:54 . 2013-04-08 21:54 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-08 21:54 . 2013-04-08 21:54 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-08 21:54 . 2013-04-08 21:54 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-08 21:54 . 2013-04-08 21:54 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-08 21:54 . 2013-04-08 21:54 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2013-04-08 21:54 . 2013-04-08 21:54 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-08 21:54 . 2013-04-08 21:54 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-04-08 21:54 . 2013-04-08 21:54 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-08 21:54 . 2013-04-08 21:54 49664 ----a-w- c:\windows\system32\imgutil.dll
2013-04-08 21:54 . 2013-04-08 21:54 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-08 21:54 . 2013-04-08 21:54 267776 ----a-w- c:\windows\system32\ieaksie.dll
2013-04-08 21:54 . 2013-04-08 21:54 222208 ----a-w- c:\windows\system32\msls31.dll
2013-04-08 21:54 . 2013-04-08 21:54 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-08 21:54 . 2013-04-08 21:54 163840 ----a-w- c:\windows\system32\ieakui.dll
2013-04-08 21:54 . 2013-04-08 21:54 160256 ----a-w- c:\windows\system32\ieakeng.dll
2013-04-08 21:54 . 2013-04-08 21:54 145920 ----a-w- c:\windows\system32\iepeers.dll
2013-04-08 21:54 . 2013-04-08 21:54 136192 ----a-w- c:\windows\system32\advpack.dll
2013-04-08 21:54 . 2013-04-08 21:54 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-08 21:54 . 2013-04-08 21:54 12288 ----a-w- c:\windows\system32\mshta.exe
2013-04-08 21:54 . 2013-04-08 21:54 114176 ----a-w- c:\windows\system32\admparse.dll
2013-04-08 21:54 . 2013-04-08 21:54 111616 ----a-w- c:\windows\system32\iesysprep.dll
2013-04-08 21:54 . 2013-04-08 21:54 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-08 21:54 . 2013-04-08 21:54 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2013-04-08 21:54 . 2013-04-08 21:54 85504 ----a-w- c:\windows\system32\iesetup.dll
2013-04-08 21:54 . 2013-04-08 21:54 82432 ----a-w- c:\windows\system32\icardie.dll
2013-04-08 21:54 . 2013-04-08 21:54 76800 ----a-w- c:\windows\system32\tdc.ocx
2013-04-08 21:54 . 2013-04-08 21:54 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-08 21:54 . 2013-04-08 21:54 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-08 21:54 . 2013-04-08 21:54 448512 ----a-w- c:\windows\system32\html.iec
2013-04-08 21:54 . 2013-04-08 21:54 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-08 21:54 . 2013-04-08 21:54 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-04-08 21:54 . 2013-04-08 21:54 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-08 21:54 . 2013-04-08 21:54 30720 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-08 21:54 . 2013-04-08 21:54 282112 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-08 21:54 . 2013-04-08 21:54 249344 ----a-w- c:\windows\system32\webcheck.dll
2013-04-08 21:54 . 2013-04-08 21:54 165888 ----a-w- c:\windows\system32\iexpress.exe
2013-04-08 21:54 . 2013-04-08 21:54 160256 ----a-w- c:\windows\system32\wextract.exe
2013-04-08 21:54 . 2013-04-08 21:54 103936 ----a-w- c:\windows\system32\inseng.dll
2013-04-08 21:54 . 2013-04-08 21:54 65024 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-08 21:54 . 2013-04-08 21:54 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-08 21:53 . 2013-04-08 21:53 98816 ----a-w- c:\windows\SysWow64\mfps.dll
2013-04-08 21:53 . 2013-04-08 21:53 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
2013-04-08 21:53 . 2013-04-08 21:53 748544 ----a-w- c:\windows\system32\stobject.dll
2013-04-08 21:53 . 2013-04-08 21:53 586240 ----a-w- c:\windows\SysWow64\stobject.dll
2013-04-08 21:53 . 2013-04-08 21:53 428544 ----a-w- c:\windows\system32\MFHEAACdec.dll
2013-04-08 21:53 . 2013-04-08 21:53 377344 ----a-w- c:\windows\system32\mfmp4src.dll
2013-04-08 21:53 . 2013-04-08 21:53 357376 ----a-w- c:\windows\SysWow64\MFHEAACdec.dll
2013-04-08 21:53 . 2013-04-08 21:53 3548672 ----a-w- c:\windows\system32\mf.dll
2013-04-08 21:53 . 2013-04-08 21:53 345088 ----a-w- c:\windows\system32\mfreadwrite.dll
2013-04-08 21:53 . 2013-04-08 21:53 34304 ----a-w- c:\windows\system32\mfpmp.exe
2013-04-08 21:53 . 2013-04-08 21:53 302592 ----a-w- c:\windows\SysWow64\mfmp4src.dll
2013-04-08 21:53 . 2013-04-08 21:53 2873344 ----a-w- c:\windows\SysWow64\mf.dll
2013-04-08 21:53 . 2013-04-08 21:53 278528 ----a-w- c:\windows\system32\mfplat.dll
2013-04-08 21:53 . 2013-04-08 21:53 261632 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2013-04-08 21:53 . 2013-04-08 21:53 209920 ----a-w- c:\windows\SysWow64\mfplat.dll
2013-04-08 21:53 . 2013-04-08 21:53 195072 ----a-w- c:\windows\system32\mfps.dll
2013-04-08 21:53 . 2013-04-08 21:53 1257984 ----a-w- c:\windows\system32\MFH264Dec.dll
2013-04-08 21:53 . 2013-04-08 21:53 1204224 ----a-w- c:\windows\system32\shdocvw.dll
2013-04-08 21:53 . 2013-04-08 21:53 625152 ----a-w- c:\windows\system32\dxgi.dll
2013-04-08 21:53 . 2013-04-08 21:53 566272 ----a-w- c:\windows\system32\d3d10level9.dll
2013-04-08 21:53 . 2013-04-08 21:53 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-04-08 21:53 . 2013-04-08 21:53 478720 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-04-08 21:53 . 2013-04-08 21:53 366592 ----a-w- c:\windows\system32\winspool.drv
2013-04-08 21:53 . 2013-04-08 21:53 287232 ----a-w- c:\windows\system32\d3d10core.dll
2013-04-08 21:53 . 2013-04-08 21:53 258048 ----a-w- c:\windows\SysWow64\winspool.drv
2013-04-08 21:53 . 2013-04-08 21:53 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
2013-04-08 21:53 . 2013-04-08 21:53 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-04-08 21:53 . 2013-04-08 21:53 1268224 ----a-w- c:\windows\system32\d3d10.dll
2013-04-08 21:53 . 2013-04-08 21:53 1029120 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-04-08 21:53 . 2013-04-08 21:53 847360 ----a-w- c:\windows\SysWow64\OpcServices.dll
2013-04-08 21:53 . 2013-04-08 21:53 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2013-04-08 21:53 . 2013-04-08 21:53 1461760 ----a-w- c:\windows\system32\OpcServices.dll
2013-04-08 21:53 . 2013-04-08 21:53 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2013-04-08 21:53 . 2013-04-08 21:53 3068416 ----a-w- c:\windows\system32\xpsservices.dll
2013-04-08 21:53 . 2013-04-08 21:53 1554432 ----a-w- c:\windows\SysWow64\xpsservices.dll
2013-04-08 21:53 . 2013-04-08 21:53 135680 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"aswAhAScr.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2013-05-09 51880]
"aswasOutExt.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2013-05-09 51880]
"aswredemption.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2013-05-09 51880]
"aswredemption64.dll"="c:\program files\AVAST Software\Avast\aswRegSvr64.exe" [2013-05-09 50904]
.
c:\users\Schloik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 29814604
*NewlyCreated* - KWLDAPOW
*Deregistered* - 29814604
*Deregistered* - kwldapow
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-07 07:55 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-08 07:42]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-16 17:40]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-16 17:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-09 6477344]
"Skytel"="Skytel.exe" [2008-09-09 1833504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-04-11 260608]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://news.google.de/nwshp?client=firefox-a&rls=org.mozilla:de:official&ie=UTF-8&oe=UTF-8&hl=de&channel=s&tab=wn&q=&auth=DQAAAHIAAAAQPuJHZ9yGBflo4bWNzUR4hY8oqn1HymfS5StGdq5Yt7l-7_kNrdk02045OwkIwZggqMAlRcsyymwv9DOJS7xyRm7pOBC0ts02LFj1zAA6C4vgOj1OIRk-qkdEPnUM8xWqkaWOoqK9sESENBSTybGtpA63A18Ad1l4psIUL4LqvQ
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Zeit der Fertigstellung: 2013-06-10 12:52:25
ComboFix-quarantined-files.txt 2013-06-10 10:52
.
Vor Suchlauf: 11 Verzeichnis(se), 253.985.996.800 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 255.978.971.136 Bytes frei
.
- - End Of File - - CFAAFC816C8C4A4BE185B4DC54390A63
5C616939100B85E558DA92B899A0FC36
|
|
10.06.2013, 12:32
| #6 |
| /// Malware-holic | Avast deaktiviert, Rechner bootet selbst neu, VisthAux.exe malwarebytes: Downloade Dir bitte Malwarebytes
__________________ --> Avast deaktiviert, Rechner bootet selbst neu, VisthAux.exe |
|
10.06.2013, 14:26
| #7 |
| | Avast deaktiviert, Rechner bootet selbst neu, VisthAux.exe Nichts gefunden. Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.10.03 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Don :: DON-PC [Administrator] 10.06.2013 14:32:58 mbam-log-2013-06-10 (14-32-58).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|R:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 370492 Laufzeit: 46 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
10.06.2013, 14:29
| #8 |
| /// Malware-holic | Avast deaktiviert, Rechner bootet selbst neu, VisthAux.exe Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.06.2013, 14:42
| #9 |
| | Avast deaktiviert, Rechner bootet selbst neu, VisthAux.exeCode:
ATTFilter Adobe Flash Player 11 Plugin Adobe Systems Incorporated 15.05.2013 11.7.700.202 notwendig Adobe Reader X (10.1.7) - Deutsch Adobe Systems Incorporated 15.05.2013 10.1.7 notwendig ATI Catalyst Install Manager ATI Technologies, Inc. 08.04.2013 22,3 MB 3.0.778.0 unbekannt avast! Free Antivirus AVAST Software 31.05.2013 346 MB 8.0.1489.0 notwendig Business Contact Manager für Outlook 2007 SP2 Microsoft Corporation 07.04.2013 31,4 MB 3.0.8619.1 unnötig Canon Easy-PhotoPrint EX 16.05.2013 227 MB notwendig Canon Easy-WebPrint EX 16.05.2013 6,81 MB notwendig Canon MP Navigator EX 4.0 16.05.2013 75,2 MB notwendig Canon MP280 series Benutzerregistrierung 16.05.2013 1,18 MB notwendig Canon MP280 series MP Drivers 16.05.2013 notwendig Canon My Printer 16.05.2013 5,92 MB notwendig Canon Solution Menu EX 16.05.2013 12,3 MB notwendig CCleaner Piriform 24.05.2013 11,5 MB 4.02 unbekannt Diablo III Blizzard Entertainment 15.05.2013 12,4 GB 1.0.8.16603 notwendig Google Chrome Google Inc. 16.05.2013 362 MB 27.0.1453.110 unnötig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 10.06.2013 13,4 MB 1.75.0.1300 unbekannt Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 07.04.2013 42,0 MB unbekannt Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 07.04.2013 42,0 MB unbekannt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 07.04.2013 189 MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 07.04.2013 46,4 MB 4.0.30319 unbekannt Microsoft Office 2003 Web Components Microsoft Corporation 07.04.2013 11.0.8003.0 unbekannt Microsoft Office 2007 Primary Interop Assemblies Microsoft Corporation 07.04.2013 12.0.4518.1014 unbekannt Microsoft Office Live Add-in 1.5 Microsoft Corporation 07.04.2013 506 KB 2.0.4024.1 unbekannt Microsoft Office Small Business Connectivity Components Microsoft Corporation 04.11.2008 158 KB 2.0.7024.0 unbekannt Microsoft SQL Server 2005 Microsoft Corporation 04.11.2008 36,3 MB unbekannt Microsoft SQL Server Native Client Microsoft Corporation 07.04.2013 5,89 MB 9.00.5000.00 unbekannt Microsoft SQL Server VSS Writer Microsoft Corporation 07.04.2013 1,12 MB 9.00.5000.00 unbekannt Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 05.11.2008 830 KB 8.0.61000 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 08.04.2013 234 KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 07.04.2013 782 KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 07.04.2013 234 KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 07.04.2013 594 KB 9.0.30729.6161 unbekannt Mozilla Firefox 21.0 (x86 de) Mozilla 22.05.2013 44,7 MB 21.0 notwendig Mozilla Maintenance Service Mozilla 22.05.2013 224 KB 21.0 unbekannt Mozilla Thunderbird 17.0.6 (x86 de) Mozilla 15.05.2013 42,1 MB 17.0.6 notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 07.04.2013 1,27 MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 07.04.2013 1,33 MB 4.20.9876.0 unbekannt Nero 7 Essentials Nero AG 05.11.2008 801 MB 7.03.0934 unbekannt OpenOffice.org 3.4.1 Apache Software Foundation 07.04.2013 331 MB 3.41.9593 notwendig PhotoScape 16.05.2013 29,5 MB notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 05.11.2008 25,9 MB 2.62 unbekannt SopCast 3.8.2 www.sopcast.com 09.04.2013 12,9 MB 3.8.2 notwendig Spotify Spotify AB 11.05.2013 45,4 MB 0.9.0.133.gd18ed589 notwendig StarCraft II Blizzard Entertainment 20.05.2013 13,1 GB 2.0.8.25604 notwendig Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) Microsoft Corporation 07.04.2013 30,5 MB 9.00.5000.00 unbekannt |
|
10.06.2013, 14:45
| #10 |
| /// Malware-holic | Avast deaktiviert, Rechner bootet selbst neu, VisthAux.exe deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: avast: bitte deinstalieren, neustarten. avast! Uninstall Utility | Download aswClear for avast! Removal removal tool nutzen, neustarten, reinstalieren. deinstaliere: Business Google Chrome Nero Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.06.2013, 16:57
| #11 |
| | Avast deaktiviert, Rechner bootet selbst neu, VisthAux.exeCode:
ATTFilter # AdwCleaner v2.303 - Datei am 10/06/2013 um 17:50:01 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Don - DON-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Schloik\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKLM\Software\PIP
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16483
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\prefs.js
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
Datei : C:\Users\Schloik\AppData\Roaming\Mozilla\Firefox\Profiles\plb3wckg.default\prefs.js
C:\Users\Schloik\AppData\Roaming\Mozilla\Firefox\Profiles\plb3wckg.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
Datei : C:\Users\Schloik\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1424 octets] - [10/06/2013 17:50:01]
########## EOF - \AdwCleaner[S1].txt - [1484 octets] ##########
|
|
10.06.2013, 17:42
| #12 |
| /// Malware-holic | Avast deaktiviert, Rechner bootet selbst neu, VisthAux.exe Hi, ist bereits eine Besserung eingetreten? HitmanPro - Download - Filepony Hitmanpro laden, doppelklicken. Auf Scan klicken, nichts löschen. Weiter klicken,Log speichern, bzw als xml exportieren, dann posten, bzw packen und anhängen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.06.2013, 18:06
| #13 |
| | Avast deaktiviert, Rechner bootet selbst neu, VisthAux.exe Avast läuft wieder, gebootet hat der Rechner auch noch nicht von selbst. Also offenbar ist es besser geworden, ja. Zu Hitman: Erster Scan wurde versehentlich abgebrochen und ich glaub dabei wurde auch was gelöscht. Hab danach komplett gescanned, ohne Befund. Code:
ATTFilter HitmanPro 3.7.6.201
www.hitmanpro.com
Computer name . . . . : DON-PC
Windows . . . . . . . : 6.0.2.6002.X64/4
User name . . . . . . : Don-PC\Don
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2013-06-10 18:52:12
Scan mode . . . . . . : Normal
Scan duration . . . . : 10m 18s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 0
Objects scanned . . . : 2.757.342
Files scanned . . . . : 31.079
Remnants scanned . . : 312.469 files / 2.413.794 keys
|
|
10.06.2013, 18:08
| #14 |
| /// Malware-holic | Avast deaktiviert, Rechner bootet selbst neu, VisthAux.exe mal im programm schauen ob es quarantäne objekte bzw weitere Logs gibt, außerdem Frage von oben beantworten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.06.2013, 18:30
| #15 |
| | Avast deaktiviert, Rechner bootet selbst neu, VisthAux.exe Es ist eine Besserung eingetreten insofern, dass der Virenscanner wieder läuft und der Rechner sich bislang noch nicht wieder selbst gebootet hat. Mehr Symptome hatte ich ja auch nicht. Hier noch ein Logfile von Hitman: Code:
ATTFilter HitmanPro 3.7.6.201
www.hitmanpro.com
Computer name . . . . : DON-PC
Windows . . . . . . . : 6.0.2.6002.X64/4
User name . . . . . . : Don-PC\Don
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2013-06-10 18:49:59
Scan mode . . . . . . : Normal (cancelled by user)
Scan duration . . . . : 44s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 385
Objects scanned . . . : 7.426
Files scanned . . . . : 7.426
Remnants scanned . . : 0 files / 0 keys
Cookies _____________________________________________________________________
C:\Users\Don\AppData\Roaming\Microsoft\Windows\Cookies\6Q2N6EJG.txt
C:\Users\Don\AppData\Roaming\Microsoft\Windows\Cookies\don@2o7[2].txt
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:ad.360yield.com
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:ad.ad-srv.net
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:ad.adnet.de
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:ad.derpatriot.de
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:ad.dyntracker.de
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:ad.movad.net
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:ad.yieldmanager.com
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:ad.zanox.com
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:ads.creative-serving.com
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:adtech.de
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:apmebf.com
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:atdmt.com
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:autoscout24.112.2o7.net
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:bs.serving-sys.com
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:casalemedia.com
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:de.sitestat.com
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:doubleclick.net
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:eas.apm.emediate.eu
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:eas4.emediate.eu
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:invitemedia.com
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:ladbrokesaccount.solution.weborama.fr
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:mediaplex.com
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:olympiaverlag.122.2o7.net
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:revsci.net
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:serving-sys.com
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:smartadserver.com
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:specificclick.net
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:track.adform.net
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:tradedoubler.com
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:weborama.fr
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:ww251.smartadserver.com
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:www.etracker.de
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:xiti.com
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:yadro.ru
C:\Users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\wz296cgd.default\cookies.sqlite:zedo.com
C:\Users\Schloik\AppData\Roaming\Mozilla\Firefox\Profiles\plb3wckg.default\cookies.sqlite:ad.ad-srv.net
C:\Users\Schloik\AppData\Roaming\Mozilla\Firefox\Profiles\plb3wckg.default\cookies.sqlite:ad.zanox.com
C:\Users\Schloik\AppData\Roaming\Mozilla\Firefox\Profiles\plb3wckg.default\cookies.sqlite:ads.creative-serving.com
C:\Users\Schloik\AppData\Roaming\Mozilla\Firefox\Profiles\plb3wckg.default\cookies.sqlite:adtech.de
C:\Users\Schloik\AppData\Roaming\Mozilla\Firefox\Profiles\plb3wckg.default\cookies.sqlite:apmebf.com
C:\Users\Schloik\AppData\Roaming\Mozilla\Firefox\Profiles\plb3wckg.default\cookies.sqlite:atdmt.com
C:\Users\Schloik\AppData\Roaming\Mozilla\Firefox\Profiles\plb3wckg.default\cookies.sqlite:bs.serving-sys.com
C:\Users\Schloik\AppData\Roaming\Mozilla\Firefox\Profiles\plb3wckg.default\cookies.sqlite:doubleclick.net
C:\Users\Schloik\AppData\Roaming\Mozilla\Firefox\Profiles\plb3wckg.default\cookies.sqlite:eas4.emediate.eu
C:\Users\Schloik\AppData\Roaming\Mozilla\Firefox\Profiles\plb3wckg.default\cookies.sqlite:invitemedia.com
C:\Users\Schloik\AppData\Roaming\Mozilla\Firefox\Profiles\plb3wckg.default\cookies.sqlite:mediaplex.com
C:\Users\Schloik\AppData\Roaming\Mozilla\Firefox\Profiles\plb3wckg.default\cookies.sqlite:olympiaverlag.122.2o7.net
C:\Users\Schloik\AppData\Roaming\Mozilla\Firefox\Profiles\plb3wckg.default\cookies.sqlite:premiumtv.122.2o7.net
C:\Users\Schloik\AppData\Roaming\Mozilla\Firefox\Profiles\plb3wckg.default\cookies.sqlite:revsci.net
C:\Users\Schloik\AppData\Roaming\Mozilla\Firefox\Profiles\plb3wckg.default\cookies.sqlite:serving-sys.com
C:\Users\Schloik\AppData\Roaming\Mozilla\Firefox\Profiles\plb3wckg.default\cookies.sqlite:smartadserver.com
C:\Users\Schloik\AppData\Roaming\Mozilla\Firefox\Profiles\plb3wckg.default\cookies.sqlite:track.adform.net
C:\Users\Schloik\AppData\Roaming\Mozilla\Firefox\Profiles\plb3wckg.default\cookies.sqlite:ww251.smartadserver.com
|
|
| Themen zu Avast deaktiviert, Rechner bootet selbst neu, VisthAux.exe |
| adobe, antivirus, aswrvrt.sys, autorun, avast, avast deaktiviert, battle.net, bho, defender, error, explorer, firefox, flash player, format, home, install.exe, microsoft office 2003, mozilla, msiinstaller, ntdll.dll, programm, realtek, reboot, registry, rundll, scan, security, server, software, svchost.exe, temp, udp, vista 64 bit, visthaux.exe, winlogon.exe |
WARNUNG an die MITLESER: 
Linear-Darstellung
