Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Exploit:Java/CVE-2013 etc.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.07.2013, 16:55   #1
Kaese
 
Exploit:Java/CVE-2013 etc. - Standard

Exploit:Java/CVE-2013 etc.



Hallo allerseits!

Ich habe mich vor einigen Tagen bei Ebay angemeldet und beim ersten Versuch eines Bietens gemerkt, dass ich auf eine Website geleitet werde, die meine Kreditkartennummer zur Authentifizierung verlangt. Obwohl ich im ersten Moment durch die https-Ad diese sogar eingeben wollte, habe ich rechtzeitig geschnallt, dass das wohl keine so gute Idee ist.

Habe danach ein wenig gesucht und ähnliche Trojaner-Fälle gefunden. Ich nehme an, ich habe mir das ganze über eine lange nicht aktualisierte Java-Version eingefangen.

Habe auf Anraten des Ebay-Supports alle temporären Internetdateien sowie den Cache gelöscht; einen Virenscan mit dem Defender durchgeführt (erfolglos). Da es nicht verschwand, anschließend Malwarebytes drübergejagt, und dann fand währenddessen lustigerweise der Defender drei Dateien:
Exploit:JS/Blacole.GB
Exploit:Java/CVE-2013-2423
Exploit:Java/CVE-2013-1493
Auf seine Empfehlung (dumm, ich weiß) habe ich leider auf "Entfernen" gedrückt. Nun tauchen, nur zur Info, die Dateien im Defender nicht mehr unter dem Menüpunkt "unter Quarantäne" auf, jedoch noch unter "alle Elemente" mit dem Status "in Quarantäne".

Anschließend waren Malwarebytes und tdsskiller erfolglos auf der Suche auf meinem PC.
Das Problem ist aber nicht verschwunden.

Ich bitte um Hilfe.
Vielen Dank im Voraus.!
Kaese


OTL logfile created on: 09.07.2013 17:34:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Timmi\Desktop
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16599)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,91 Gb Total Physical Memory | 6,09 Gb Available Physical Memory | 76,91% Memory free
9,10 Gb Paging File | 7,22 Gb Available in Paging File | 79,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 126,95 Gb Total Space | 83,69 Gb Free Space | 65,92% Space Free | Partition Type: NTFS
Drive D: | 804,56 Gb Total Space | 719,04 Gb Free Space | 89,37% Space Free | Partition Type: NTFS

Computer Name: TIMMIS | User Name: Timmi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.07.09 17:32:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Timmi\Desktop\OTL.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.06 02:21:50 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2010.09.29 15:08:58 | 000,200,624 | ---- | M] (Telefónica I+D) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013.03.18 20:32:24 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013.05.04 08:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.05.04 08:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013.04.09 06:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.07.26 05:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 05:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013.06.29 02:05:11 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.06 02:21:50 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013.02.28 19:09:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.10 05:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.07.26 05:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2010.09.29 15:08:58 | 000,200,624 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.05.04 09:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013.05.04 09:34:17 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013.05.04 09:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.03.02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013.03.02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013.02.10 05:25:27 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012.12.14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 04:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012.07.26 04:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 04:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012.07.26 04:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.06.02 16:31:56 | 000,589,824 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012.06.02 16:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010.10.20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.09 08:49:52 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010.08.31 12:09:00 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010.08.07 11:49:04 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010.07.27 03:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ew_hwusbdev.sys -- (ew_hwusbdev)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7B8AA36F4F-6DC7-4c06-77AF-5035170634FE%7D:2013.01.16
FF - prefs.js..extensions.enabledAddons: client%40anonymox.net:1.0.2
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013.04.05 13:35:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.04.16 13:33:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.07.01 22:11:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.07.01 22:11:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2013.03.24 16:40:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timmi\AppData\Roaming\mozilla\Extensions
[2013.07.04 00:50:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timmi\AppData\Roaming\mozilla\Firefox\Profiles\271z4be7.default\extensions
[2013.05.08 23:03:28 | 000,363,920 | ---- | M] () (No name found) -- C:\Users\Timmi\AppData\Roaming\mozilla\firefox\profiles\271z4be7.default\extensions\client@anonymox.net.xpi
[2013.07.04 00:50:42 | 000,534,371 | ---- | M] () (No name found) -- C:\Users\Timmi\AppData\Roaming\mozilla\firefox\profiles\271z4be7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.03.24 18:37:25 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Timmi\AppData\Roaming\mozilla\firefox\profiles\271z4be7.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.06.29 02:04:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.06.29 02:05:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.04.05 13:35:37 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX

O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A0B976A-5829-470F-B52C-434CB743C64E}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D04FDD5C-702D-4BC2-B168-5D0E37254FCA}: NameServer = 193.189.244.225 193.189.244.206
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{97e173f9-ac3b-11e2-be6f-ac72897cf16d}\Shell - "" = AutoRun
O33 - MountPoints2\{97e173f9-ac3b-11e2-be6f-ac72897cf16d}\Shell\AutoRun\command - "" = "G:\AutoRun.exe"
O33 - MountPoints2\{97e17424-ac3b-11e2-be6f-ac72897cf16d}\Shell - "" = AutoRun
O33 - MountPoints2\{97e17424-ac3b-11e2-be6f-ac72897cf16d}\Shell\AutoRun\command - "" = "G:\AutoRun.exe"
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = "G:\AutoRun.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.07.09 17:32:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Timmi\Desktop\OTL.exe
[2013.07.09 17:05:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.07.09 17:03:36 | 000,000,000 | ---D | C] -- C:\Users\Timmi\AppData\Roaming\GetRightToGo
[2013.07.09 17:02:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.07.09 17:01:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.07.09 16:41:04 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Timmi\Desktop\tdsskiller.exe
[2013.07.09 16:12:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.07.09 15:50:31 | 000,000,000 | ---D | C] -- C:\Users\Timmi\AppData\Roaming\Malwarebytes
[2013.07.09 15:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.07.09 15:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.07.09 15:49:55 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.07.09 15:49:41 | 000,000,000 | ---D | C] -- C:\Users\Timmi\AppData\Local\Programs
[2013.07.01 22:11:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.06.29 02:04:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.06.11 16:11:06 | 000,000,000 | ---D | C] -- C:\Users\Timmi\AppData\Roaming\Broken Sword 2.5
[2013.06.11 16:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broken Sword 2.5

========== Files - Modified Within 30 Days ==========

[2013.07.09 17:32:59 | 000,000,000 | ---- | M] () -- C:\Users\Timmi\defogger_reenable
[2013.07.09 17:32:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Timmi\Desktop\OTL.exe
[2013.07.09 17:31:48 | 000,050,477 | ---- | M] () -- C:\Users\Timmi\Desktop\Defogger.exe
[2013.07.09 16:46:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.09 16:44:09 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.07.09 16:44:04 | 2503,675,903 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.09 16:41:21 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Timmi\Desktop\tdsskiller.exe
[2013.07.09 15:50:14 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.07.07 15:12:30 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.07 15:12:30 | 000,753,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.07 15:12:30 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.07 15:12:30 | 000,155,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.07 15:12:30 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.21 08:18:34 | 000,307,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.06.11 16:10:10 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\Broken Sword 2.5.lnk

========== Files Created - No Company Name ==========

[2013.07.09 17:32:59 | 000,000,000 | ---- | C] () -- C:\Users\Timmi\defogger_reenable
[2013.07.09 17:31:46 | 000,050,477 | ---- | C] () -- C:\Users\Timmi\Desktop\Defogger.exe
[2013.07.09 15:50:14 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.21 08:18:19 | 000,307,904 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.06.14 21:51:27 | 000,386,646 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013.06.11 16:10:10 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\Broken Sword 2.5.lnk
[2013.03.24 16:50:03 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012.12.14 03:42:30 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012.12.14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.12.14 03:42:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2013.04.05 13:32:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.06.11 16:20:50 | 000,000,000 | ---D | M] -- C:\Users\Timmi\AppData\Roaming\Broken Sword 2.5
[2013.07.09 17:04:15 | 000,000,000 | ---D | M] -- C:\Users\Timmi\AppData\Roaming\GetRightToGo
[2013.03.24 16:51:57 | 000,000,000 | ---D | M] -- C:\Users\Timmi\AppData\Roaming\OpenOffice.org
[2013.04.17 17:29:43 | 000,000,000 | ---D | M] -- C:\Users\Timmi\AppData\Roaming\Origin
[2013.04.17 18:04:57 | 000,000,000 | ---D | M] -- C:\Users\Timmi\AppData\Roaming\Sports Interactive
[2013.04.05 15:28:52 | 000,000,000 | ---D | M] -- C:\Users\Timmi\AppData\Roaming\Swiss Academic Software
[2013.04.09 16:33:09 | 000,000,000 | ---D | M] -- C:\Users\Timmi\AppData\Roaming\Thunderbird
[2013.04.25 21:14:29 | 000,000,000 | ---D | M] -- C:\Users\Timmi\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 09.07.2013 17:34:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Timmi\Desktop
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16599)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,91 Gb Total Physical Memory | 6,09 Gb Available Physical Memory | 76,91% Memory free
9,10 Gb Paging File | 7,22 Gb Available in Paging File | 79,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 126,95 Gb Total Space | 83,69 Gb Free Space | 65,92% Space Free | Partition Type: NTFS
Drive D: | 804,56 Gb Total Space | 719,04 Gb Free Space | 89,37% Space Free | Partition Type: NTFS

Computer Name: TIMMIS | User Name: Timmi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A0F89CA-5FC2-43A7-8852-518D4B096BDF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{41C5EF1F-27B7-4674-8603-F1EC2EEAF865}" = lport=137 | protocol=17 | dir=in | app=system |
"{522C1863-E80E-4499-974C-A9CFB87DE966}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{691DC377-0627-4458-B589-4320C499BEF7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73E0376B-B0A8-4ADE-878D-4B86DB409641}" = rport=445 | protocol=6 | dir=out | app=system |
"{7E9C28AC-3E18-40C7-B8CE-543E5B530E99}" = lport=445 | protocol=6 | dir=in | app=system |
"{84425985-8D94-477F-8CA8-177C6754F151}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8D4029F9-D200-43B9-A3F7-6C6E2ACAE184}" = lport=139 | protocol=6 | dir=in | app=system |
"{93E08B12-4884-42C4-896C-CE4161BFCB89}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9A110454-2052-4F55-BB3D-D1EE29144663}" = rport=139 | protocol=6 | dir=out | app=system |
"{9EFAC639-13DB-4DDA-8BB1-69BA965B0E66}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A1EC3B6A-29F9-4AA2-B454-CC2E0314CBFD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BAA6A692-23EE-4C86-BB78-B18600E126F4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C1566D96-D37B-40AE-B1F6-076A0EC9E4DE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D2137CA5-17A1-4444-A5CA-EBEA35AD1A1D}" = lport=138 | protocol=17 | dir=in | app=system |
"{DFF676D3-B0D7-4C05-A109-76584AC36B87}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E10E2BE6-00C7-48A2-AFD3-39A44E0C27A2}" = rport=137 | protocol=17 | dir=out | app=system |
"{E5B4BABB-C0EA-4254-85A8-FB53F701D98D}" = rport=138 | protocol=17 | dir=out | app=system |
"{F0B98985-7D85-42E7-938D-D1600B9F7023}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F96261A6-3FB4-49AE-8800-288761737377}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FFFD8253-EC03-415B-9C80-65F9186FE1F7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02BA4D99-2A83-4ADB-A633-256DB835436E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{077BF90C-6DF6-4696-B32A-81D58B065002}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{153B7471-B48F-4C54-A74D-AE49ED325E98}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{189E8F4A-2790-44E9-B412-EC84AAC1B120}" = protocol=6 | dir=out | app=system |
"{19163CFC-4FDD-4C1C-AA94-98E9950C1FD4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19F14398-E7EC-4079-A821-FEDE1A3AD37E}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{22F1B290-FDD9-4B22-B5EA-1CB1068F2836}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\football manager 2013 demo\fm.exe |
"{26DCAA1D-B1CC-4859-9B78-1F6986A24D9C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{27505365-1CAD-4AF4-8EB5-B715951FFAB1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2B071A0F-CEA3-4335-9C88-7E4A9D009A59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2CEA260B-F8A0-4DF9-A69C-20610A21A562}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3EAC616A-0859-4387-A776-4CCAADD8447B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{41F07F46-9A8B-451D-91C0-72ED8F6E7FDC}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{44078CDF-4917-4801-8089-D9CA682C6446}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{58F83DCF-D03C-4D25-A3A2-41DC05AF776E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{60CEB602-2BE4-447A-8FED-8D200B63A246}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{61F389B5-5559-4D2A-810E-C763D40DC791}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{625F0B1D-85D5-4DFA-B907-A858AA476621}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{6AA9796E-3FB2-4AA1-9340-8DC05DA73559}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{7B9DD555-76A2-4F0B-9BCB-CA0C54C4E5D8}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{83EBA733-3039-4CD4-B747-EBC3323A09D1}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{90F06798-0E04-48C1-BB3E-7E77EF6EFE89}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{9100BD55-5004-455C-B62E-5637ECF7D8C8}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{9108F9DA-55D6-4A52-AC80-483724B5E516}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{912AAE53-4432-4738-AE6D-7723294E0F76}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{9895B66C-F4F7-4CC3-8220-633495362ADA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A250A396-A0D8-4F14-970B-B39588BC68FC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A46EC3D0-E9EA-4C05-8E94-DA8C62277A06}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{A9BB5E4F-07AB-48A2-BFE9-D58D468551C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AA8F2FCF-C9DB-43BC-B7EF-C92262218B72}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{AAF95B0F-AA6C-45ED-9340-FF7AF899ABE8}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 13 demo\game\fifa13_demo.exe |
"{AC7D2FF3-F18C-413E-B852-E70235C4E48B}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{AF806673-19A6-403F-ADB6-C2F8CD19E57C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B0D332B0-59ED-4E82-847B-277524A3FA24}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 13 demo\game\fifa13_demo.exe |
"{B13873FA-8AA1-4050-8588-51B1242864E5}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\football manager 2013 demo\fm.exe |
"{B3DC6C0E-AF01-4C0E-B02E-806E7AEDE260}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{B47598E3-E7EE-49C5-947F-CF436262F820}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B7AAE101-2147-4F02-94A6-2A0521C6D0A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BD7B8F99-EEF3-49A9-8A9D-0DCF7246B327}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CE18D98F-44F3-4FC6-81C1-F73170E72CF5}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{D155E957-A12A-4723-AA0A-D14EC91AC7D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DCE70B1B-DC79-4ECC-AEC7-0F1EC886B9D1}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{E0C5B614-8119-4F12-83F6-DC78E75E6A5D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{F112B69A-AC9B-4DF5-9395-5CCF0F3E7F6B}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{F81409FF-A070-4338-A0E3-4D26AD1FFFCA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FCF7936F-5832-4354-90B8-10D1D97DF789}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"CCleaner" = CCleaner
"HitmanPro37" = HitmanPro 3.7

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3F499657-766A-4A5F-AEE9-A1F8D295A4CE}" = FIFA 13 Demo
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65F8E0A6-A290-4D47-B391-D6353D756854}" = Pro Evolution Soccer 2013 DEMO
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Broken Sword 2.5_is1" = Broken Sword 2.5
"GeoGebra 4.2" = GeoGebra 4.2
"HUAWEI DataCard Driver" = HUAWEI DataCard Driver 4.20.12.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"Mozilla Thunderbird 17.0.7 (x86 de)" = Mozilla Thunderbird 17.0.7 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"o2DE" = Mobile Connection Manager
"Origin" = Origin
"RealPlayer 16.0" = RealPlayer
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"Steam App 216530" = Football Manager 2013 Demo

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 06.07.2013 05:41:47 | Computer Name = Timmis | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“
wurde nicht innerhalb der vorgesehenen Zeit gestartet.

Error - 08.07.2013 07:55:52 | Computer Name = Timmis | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: pes2013-unlock.exe, Version: 1.0.0.0,
Zeitstempel: 0x4ffa93be Name des fehlerhaften Moduls: pes2013-unlock.exe, Version:
1.0.0.0, Zeitstempel: 0x4ffa93be Ausnahmecode: 0xc0000005 Fehleroffset: 0x004a98a6
ID
des fehlerhaften Prozesses: 0xfd0 Startzeit der fehlerhaften Anwendung: 0x01ce7bcf876645c7
Pfad
der fehlerhaften Anwendung: D:\Program Files (x86)\KONAMI\Pro Evolution Soccer
2013 DEMO\pes2013-unlock.exe Pfad des fehlerhaften Moduls: D:\Program Files (x86)\KONAMI\Pro
Evolution Soccer 2013 DEMO\pes2013-unlock.exe Berichtskennung: 5605930d-e7c5-11e2-be7d-ac72897cf16d
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:

Error - 08.07.2013 08:40:53 | Computer Name = Timmis | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe".
Die
abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 08.07.2013 16:00:35 | Computer Name = Timmis | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: pes2013-unlock.exe, Version: 1.0.0.0,
Zeitstempel: 0x4ffa93be Name des fehlerhaften Moduls: pes2013-unlock.exe, Version:
1.0.0.0, Zeitstempel: 0x4ffa93be Ausnahmecode: 0xc0000005 Fehleroffset: 0x004a98a6
ID
des fehlerhaften Prozesses: 0xea8 Startzeit der fehlerhaften Anwendung: 0x01ce7c074e173631
Pfad
der fehlerhaften Anwendung: D:\Program Files (x86)\KONAMI\Pro Evolution Soccer
2013 DEMO\pes2013-unlock.exe Pfad des fehlerhaften Moduls: D:\Program Files (x86)\KONAMI\Pro
Evolution Soccer 2013 DEMO\pes2013-unlock.exe Berichtskennung: 0ce5ff6c-e809-11e2-be7d-ac72897cf16d
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:

Error - 08.07.2013 17:39:27 | Computer Name = Timmis | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe".
Die
abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 08.07.2013 17:51:42 | Computer Name = Timmis | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe".
Die
abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 08.07.2013 18:17:57 | Computer Name = Timmis | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: pes2013-unlock.exe, Version: 1.0.0.0,
Zeitstempel: 0x4ffa93be Name des fehlerhaften Moduls: pes2013-unlock.exe, Version:
1.0.0.0, Zeitstempel: 0x4ffa93be Ausnahmecode: 0xc0000005 Fehleroffset: 0x004a98a6
ID
des fehlerhaften Prozesses: 0x2c Startzeit der fehlerhaften Anwendung: 0x01ce7c25e509e239
Pfad
der fehlerhaften Anwendung: D:\Program Files (x86)\KONAMI\Pro Evolution Soccer
2013 DEMO\pes2013-unlock.exe Pfad des fehlerhaften Moduls: D:\Program Files (x86)\KONAMI\Pro
Evolution Soccer 2013 DEMO\pes2013-unlock.exe Berichtskennung: 3de33777-e81c-11e2-be7d-ac72897cf16d
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:

Error - 08.07.2013 18:25:33 | Computer Name = Timmis | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe".
Die
abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 08.07.2013 18:26:18 | Computer Name = Timmis | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe".
Die
abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 09.07.2013 11:12:35 | Computer Name = Timmis | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe".
Die
abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

[ System Events ]
Error - 06.07.2013 06:04:43 | Computer Name = Timmis | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 06.07.2013 06:04:43 | Computer Name = Timmis | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069

Error - 07.07.2013 10:19:39 | Computer Name = Timmis | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.55 registriert werden. Der Computer mit IP-Adresse 192.168.178.29
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.

Error - 08.07.2013 18:40:06 | Computer Name = Timmis | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 08.07.2013 18:40:06 | Computer Name = Timmis | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069

Error - 09.07.2013 10:38:51 | Computer Name = Timmis | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?07.?2013 um 16:21:39 unerwartet heruntergefahren.

Error - 09.07.2013 10:41:02 | Computer Name = Timmis | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 09.07.2013 10:41:02 | Computer Name = Timmis | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069

Error - 09.07.2013 10:46:34 | Computer Name = Timmis | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 09.07.2013 10:46:34 | Computer Name = Timmis | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069


< End of report >



Die Gmer.txt folgt nach dem Scan (will jetzt erstmal das Thema starten, bevor ich die InetVerbindung trenne).

Alt 09.07.2013, 16:58   #2
aharonov
/// TB-Ausbilder
 
Exploit:Java/CVE-2013 etc. - Standard

Exploit:Java/CVE-2013 etc.



Hallo,

Zitat:
Die Gmer.txt folgt nach dem Scan (will jetzt erstmal das Thema starten, bevor ich die InetVerbindung trenne).
Ok, dann warte ich noch auf das Gmer-Log, bevor wir loslegen.
__________________

__________________

Alt 09.07.2013, 17:07   #3
Kaese
 
Exploit:Java/CVE-2013 etc. - Standard

Exploit:Java/CVE-2013 etc.



GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-07-09 18:06:21
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000003a HGST_HTS721010A9E630 rev.JB0OA3B0 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Timmi\AppData\Local\Temp\axloipoc.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\Windows\system32\ntoskrnl.exe!KiCpuId + 988                                                                          fffff80107cc541c 1 byte [31]

---- User code sections - GMER 2.1 ----

.text   C:\Windows\system32\dwm.exe[904] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW                               000007fb0c5e5658 7 bytes JMP 000007fc09dc0260
.text   C:\Windows\system32\dwm.exe[904] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation                               000007fb0c5e5778 7 bytes JMP 000007fc09dc02d0
.text   C:\Windows\system32\dwm.exe[904] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW                                 000007fb0c6140e4 7 bytes JMP 000007fc09dc0298
.text   C:\Windows\system32\dwm.exe[904] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx                               000007fb0c614178 8 bytes JMP 000007fc09dc0228
.text   C:\Windows\system32\dwm.exe[904] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA                                        000007fb0c61479c 8 bytes JMP 000007fc09dc0308
.text   C:\Windows\system32\dwm.exe[904] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                    000007fb09e228a0 7 bytes JMP 000007fc09dc00d8
.text   C:\Windows\system32\dwm.exe[904] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                         000007fb09e228e8 5 bytes JMP 000007fc09dc0180
.text   C:\Windows\system32\dwm.exe[904] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                      000007fb09e3f590 6 bytes JMP 000007fc09dc0148
.text   C:\Windows\system32\dwm.exe[904] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                  000007fb09e3f8ac 5 bytes JMP 000007fc09dc0110
.text   C:\Windows\system32\dwm.exe[904] C:\Windows\system32\USER32.dll!CreateWindowExW                                         000007fb0b96c5b0 7 bytes JMP 000007fc09dc0378
.text   C:\Windows\system32\dwm.exe[904] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA                                     000007fb0b977160 5 bytes JMP 000007fc09dc0340
.text   C:\Windows\system32\dwm.exe[904] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                   000007fb0b811070 8 bytes JMP 000007fc09dc01f0
.text   C:\Windows\system32\dwm.exe[904] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                 000007fb0b830dc0 8 bytes JMP 000007fc09dc01b8
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[848] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW  000007fb0c5e5658 7 bytes JMP 000007fc09dc02d0
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[848] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation  000007fb0c5e5778 7 bytes JMP 000007fc09dc0340
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[848] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW    000007fb0c6140e4 7 bytes JMP 000007fc09dc0308
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[848] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx  000007fb0c614178 8 bytes JMP 000007fc09dc0298
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[848] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA           000007fb0c61479c 8 bytes JMP 000007fc09dc0378
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[848] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW       000007fb09e228a0 7 bytes JMP 000007fc09dc00d8
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[848] C:\Windows\system32\KERNELBASE.dll!FreeLibrary            000007fb09e228e8 5 bytes JMP 000007fc09dc0180
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[848] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW         000007fb09e3f590 6 bytes JMP 000007fc09dc0148
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[848] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW     000007fb09e3f8ac 5 bytes JMP 000007fc09dc0110
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[848] C:\Windows\system32\USER32.dll!CreateWindowExW            000007fb0b96c5b0 7 bytes JMP 000007fc09dc03e8
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[848] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA        000007fb0b977160 5 bytes JMP 000007fc09dc03b0
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[848] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo      000007fb0b811070 8 bytes JMP 000007fc09dc01f0
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[848] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList    000007fb0b830dc0 8 bytes JMP 000007fc09dc01b8
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[848] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance          000007fb0bcc2100 5 bytes JMP 000007fc09dc0228
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[848] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket         000007fb0bcd5d4c 7 bytes JMP 000007fc09dc0260
.text   C:\Windows\system32\taskhostex.exe[2480] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW                       000007fb0c5e5658 7 bytes JMP 000007fc09dc0260
.text   C:\Windows\system32\taskhostex.exe[2480] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation                       000007fb0c5e5778 7 bytes JMP 000007fc09dc02d0
.text   C:\Windows\system32\taskhostex.exe[2480] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW                         000007fb0c6140e4 7 bytes JMP 000007fc09dc0298
.text   C:\Windows\system32\taskhostex.exe[2480] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx                       000007fb0c614178 8 bytes JMP 000007fc09dc0228
.text   C:\Windows\system32\taskhostex.exe[2480] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA                                000007fb0c61479c 8 bytes JMP 000007fc09dc0308
.text   C:\Windows\system32\taskhostex.exe[2480] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                            000007fb09e228a0 7 bytes JMP 000007fc09dc00d8
.text   C:\Windows\system32\taskhostex.exe[2480] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                 000007fb09e228e8 5 bytes JMP 000007fc09dc0180
.text   C:\Windows\system32\taskhostex.exe[2480] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                              000007fb09e3f590 6 bytes JMP 000007fc09dc0148
.text   C:\Windows\system32\taskhostex.exe[2480] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                          000007fb09e3f8ac 5 bytes JMP 000007fc09dc0110
.text   C:\Windows\system32\taskhostex.exe[2480] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW                                 000007fb0b96c5b0 7 bytes JMP 000007fc09dc0378
.text   C:\Windows\system32\taskhostex.exe[2480] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesA                             000007fb0b977160 5 bytes JMP 000007fc09dc0340
.text   C:\Windows\system32\taskhostex.exe[2480] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                           000007fb0b811070 8 bytes JMP 000007fc09dc01f0
.text   C:\Windows\system32\taskhostex.exe[2480] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                         000007fb0b830dc0 8 bytes JMP 000007fc09dc01b8
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2720] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW   000007fb0c5e5658 7 bytes JMP 000007fc09dc02d0
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2720] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation   000007fb0c5e5778 7 bytes JMP 000007fc09dc0340
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2720] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW     000007fb0c6140e4 7 bytes JMP 000007fc09dc0308
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2720] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx   000007fb0c614178 8 bytes JMP 000007fc09dc0298
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2720] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA            000007fb0c61479c 8 bytes JMP 000007fc09dc0378
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2720] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW        000007fb09e228a0 7 bytes JMP 000007fc09dc00d8
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2720] C:\Windows\system32\KERNELBASE.dll!FreeLibrary             000007fb09e228e8 5 bytes JMP 000007fc09dc0180
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2720] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW          000007fb09e3f590 6 bytes JMP 000007fc09dc0148
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2720] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW      000007fb09e3f8ac 5 bytes JMP 000007fc09dc0110
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2720] C:\Windows\system32\USER32.dll!CreateWindowExW             000007fb0b96c5b0 7 bytes JMP 000007fc09dc03e8
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2720] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA         000007fb0b977160 5 bytes JMP 000007fc09dc03b0
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2720] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo       000007fb0b811070 8 bytes JMP 000007fc09dc01f0
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2720] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList     000007fb0b830dc0 8 bytes JMP 000007fc09dc01b8
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2720] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690         000007fb086a1532 4 bytes [6A, 08, FB, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2720] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698         000007fb086a153a 4 bytes [6A, 08, FB, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2720] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246       000007fb086a165a 4 bytes [6A, 08, FB, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2720] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance           000007fb0bcc2100 5 bytes JMP 000007fc09dc0228
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2720] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket          000007fb0bcd5d4c 7 bytes JMP 000007fc09dc0260
.text   C:\Windows\System32\igfxpers.exe[2604] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW                         000007fb0c5e5658 7 bytes JMP 000007fc09dc02d0
.text   C:\Windows\System32\igfxpers.exe[2604] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation                         000007fb0c5e5778 7 bytes JMP 000007fc09dc0340
.text   C:\Windows\System32\igfxpers.exe[2604] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW                           000007fb0c6140e4 7 bytes JMP 000007fc09dc0308
.text   C:\Windows\System32\igfxpers.exe[2604] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx                         000007fb0c614178 8 bytes JMP 000007fc09dc0298
.text   C:\Windows\System32\igfxpers.exe[2604] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA                                  000007fb0c61479c 8 bytes JMP 000007fc09dc0378
.text   C:\Windows\System32\igfxpers.exe[2604] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                              000007fb09e228a0 7 bytes JMP 000007fc09dc00d8
.text   C:\Windows\System32\igfxpers.exe[2604] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                   000007fb09e228e8 5 bytes JMP 000007fc09dc0180
.text   C:\Windows\System32\igfxpers.exe[2604] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                000007fb09e3f590 6 bytes JMP 000007fc09dc0148
.text   C:\Windows\System32\igfxpers.exe[2604] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                            000007fb09e3f8ac 5 bytes JMP 000007fc09dc0110
.text   C:\Windows\System32\igfxpers.exe[2604] C:\Windows\system32\USER32.dll!CreateWindowExW                                   000007fb0b96c5b0 7 bytes JMP 000007fc09dc03e8
.text   C:\Windows\System32\igfxpers.exe[2604] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA                               000007fb0b977160 5 bytes JMP 000007fc09dc03b0
.text   C:\Windows\System32\igfxpers.exe[2604] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                             000007fb0b811070 8 bytes JMP 000007fc09dc01f0
.text   C:\Windows\System32\igfxpers.exe[2604] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                           000007fb0b830dc0 8 bytes JMP 000007fc09dc01b8
.text   C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance                                 000007fb0bcc2100 5 bytes JMP 000007fc09dc0228
.text   C:\Windows\System32\igfxpers.exe[2604] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket                                000007fb0bcd5d4c 7 bytes JMP 000007fc09dc0260
.text   C:\Program Files\Windows Defender\MSASCui.exe[1428] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW            000007fb0c5e5658 7 bytes JMP 000007fc09da02d0
.text   C:\Program Files\Windows Defender\MSASCui.exe[1428] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation            000007fb0c5e5778 7 bytes JMP 000007fc09da0340
.text   C:\Program Files\Windows Defender\MSASCui.exe[1428] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW              000007fb0c6140e4 7 bytes JMP 000007fc09da0308
.text   C:\Program Files\Windows Defender\MSASCui.exe[1428] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx            000007fb0c614178 8 bytes JMP 000007fc09da0298
.text   C:\Program Files\Windows Defender\MSASCui.exe[1428] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA                     000007fb0c61479c 8 bytes JMP 000007fc09da0378
.text   C:\Program Files\Windows Defender\MSASCui.exe[1428] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                 000007fb09e228a0 7 bytes JMP 000007fc09da00d8
.text   C:\Program Files\Windows Defender\MSASCui.exe[1428] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                      000007fb09e228e8 5 bytes JMP 000007fc09da0180
.text   C:\Program Files\Windows Defender\MSASCui.exe[1428] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                   000007fb09e3f590 6 bytes JMP 000007fc09da0148
.text   C:\Program Files\Windows Defender\MSASCui.exe[1428] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW               000007fb09e3f8ac 5 bytes JMP 000007fc09da0110
.text   C:\Program Files\Windows Defender\MSASCui.exe[1428] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                000007fb0b811070 8 bytes JMP 000007fc09da01f0
.text   C:\Program Files\Windows Defender\MSASCui.exe[1428] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList              000007fb0b830dc0 8 bytes JMP 000007fc09da01b8
.text   C:\Program Files\Windows Defender\MSASCui.exe[1428] C:\Windows\system32\USER32.dll!CreateWindowExW                      000007fb0b96c5b0 7 bytes JMP 000007fc09da03e8
.text   C:\Program Files\Windows Defender\MSASCui.exe[1428] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA                  000007fb0b977160 5 bytes JMP 000007fc09da03b0
.text   C:\Program Files\Windows Defender\MSASCui.exe[1428] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306        000007fb0c45177a 4 bytes [45, 0C, FB, 07]
.text   C:\Program Files\Windows Defender\MSASCui.exe[1428] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314        000007fb0c451782 4 bytes [45, 0C, FB, 07]
.text   C:\Program Files\Windows Defender\MSASCui.exe[1428] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance                    000007fb0bcc2100 5 bytes JMP 000007fc09da0228
.text   C:\Program Files\Windows Defender\MSASCui.exe[1428] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket                   000007fb0bcd5d4c 7 bytes JMP 000007fc09da0260

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [532:548]                                                                                 fffff960008865e8

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                       613364706
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\ac72897cf16d                                             

---- EOF - GMER 2.1 ----
         
--- --- ---

Da! (:
__________________

Alt 09.07.2013, 17:09   #4
aharonov
/// TB-Ausbilder
 
Exploit:Java/CVE-2013 etc. - Standard

Exploit:Java/CVE-2013 etc.



Ich habe gesehen, dass du auch andere Tools schon heruntergeladen hast (wie TDSSKiller, Combofix, MBAM..).
Poste bitte ebenfalls noch alle Logs, die damit schon erstellt worden sind.
__________________
cheers,
Leo

Alt 09.07.2013, 17:12   #5
Kaese
 
Exploit:Java/CVE-2013 etc. - Standard

Exploit:Java/CVE-2013 etc.



TdssKiller:

18:10:41.0417 0804 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:10:41.0745 0804 ============================================================
18:10:41.0745 0804 Current date / time: 2013/07/09 18:10:41.0745
18:10:41.0745 0804 SystemInfo:
18:10:41.0745 0804
18:10:41.0745 0804 OS Version: 6.2.9200 ServicePack: 0.0
18:10:41.0745 0804 Product type: Workstation
18:10:41.0745 0804 ComputerName: TIMMIS
18:10:41.0745 0804 UserName: Timmi
18:10:41.0745 0804 Windows directory: C:\Windows
18:10:41.0745 0804 System windows directory: C:\Windows
18:10:41.0745 0804 Running under WOW64
18:10:41.0745 0804 Processor architecture: Intel x64
18:10:41.0745 0804 Number of processors: 4
18:10:41.0745 0804 Page size: 0x1000
18:10:41.0745 0804 Boot type: Normal boot
18:10:41.0745 0804 ============================================================
18:10:42.0964 0804 BG loaded
18:10:43.0479 0804 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:10:43.0667 0804 ============================================================
18:10:43.0667 0804 \Device\Harddisk0\DR0:
18:10:43.0667 0804 MBR partitions:
18:10:43.0667 0804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFDE8182
18:10:43.0667 0804 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFDE8800, BlocksNum 0x6491D800
18:10:43.0667 0804 ============================================================
18:10:43.0667 0804 C: <-> \Device\Harddisk0\DR0\Partition1
18:10:43.0698 0804 D: <-> \Device\Harddisk0\DR0\Partition2
18:10:43.0698 0804 ============================================================
18:10:43.0698 0804 Initialize success
18:10:43.0698 0804 ============================================================


Combofix konnte nicht ausgeführt werden (nehme an, das liegt am Betriebssystem Win8?)

MBAM:

Malwarebytes Anti-Malware (Test) 1.75.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.07.09.05

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16599
Timmi :: TIMMIS [Administrator]

Schutz: Aktiviert

09.07.2013 16:45:50
mbam-log-2013-07-09 (16-45-50).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 231832
Laufzeit: 5 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

---

Ich hatte mit MBAM auch einen vollständigen Suchlauf begonnen, dabei wurde allerdings mein PC heruntergefahren (ich glaube aber, das war ein profanes Akku-Problem).

Gruß


Alt 09.07.2013, 17:18   #6
aharonov
/// TB-Ausbilder
 
Exploit:Java/CVE-2013 etc. - Standard

Exploit:Java/CVE-2013 etc.



Und passiert das in beiden Browsern oder nur in einem?
__________________
--> Exploit:Java/CVE-2013 etc.

Alt 09.07.2013, 17:20   #7
Kaese
 
Exploit:Java/CVE-2013 etc. - Standard

Exploit:Java/CVE-2013 etc.



Habe gerade im IE nachgesehen: auch dort.

Alt 09.07.2013, 17:23   #8
aharonov
/// TB-Ausbilder
 
Exploit:Java/CVE-2013 etc. - Standard

Exploit:Java/CVE-2013 etc.



Übrigens: Das TDSSKiller-Log ist nicht vollständig. Sieht das wirklich so aus? Poste es sonst bitte noch einmal ganz.

Zitat:
dass ich auf eine Website geleitet werde, die meine Kreditkartennummer zur Authentifizierung verlangt.
Kannst du angeben, was für eine Website das ist?
__________________
cheers,
Leo

Alt 09.07.2013, 17:28   #9
Kaese
 
Exploit:Java/CVE-2013 etc. - Standard

Exploit:Java/CVE-2013 etc.



Habe es gerade einfach noch einmal gemacht, jetzt sieht es so aus:

18:25:47.0970 3292 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:25:48.0267 3292 ============================================================
18:25:48.0267 3292 Current date / time: 2013/07/09 18:25:48.0267
18:25:48.0267 3292 SystemInfo:
18:25:48.0267 3292
18:25:48.0267 3292 OS Version: 6.2.9200 ServicePack: 0.0
18:25:48.0267 3292 Product type: Workstation
18:25:48.0267 3292 ComputerName: TIMMIS
18:25:48.0267 3292 UserName: Timmi
18:25:48.0267 3292 Windows directory: C:\Windows
18:25:48.0267 3292 System windows directory: C:\Windows
18:25:48.0267 3292 Running under WOW64
18:25:48.0267 3292 Processor architecture: Intel x64
18:25:48.0267 3292 Number of processors: 4
18:25:48.0267 3292 Page size: 0x1000
18:25:48.0267 3292 Boot type: Normal boot
18:25:48.0267 3292 ============================================================
18:25:49.0470 3292 BG loaded
18:25:52.0033 3292 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:25:52.0064 3292 ============================================================
18:25:52.0064 3292 \Device\Harddisk0\DR0:
18:25:52.0064 3292 MBR partitions:
18:25:52.0064 3292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFDE8182
18:25:52.0064 3292 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFDE8800, BlocksNum 0x6491D800
18:25:52.0064 3292 ============================================================
18:25:52.0064 3292 C: <-> \Device\Harddisk0\DR0\Partition1
18:25:52.0080 3292 D: <-> \Device\Harddisk0\DR0\Partition2
18:25:52.0080 3292 ============================================================
18:25:52.0080 3292 Initialize success
18:25:52.0080 3292 ============================================================
18:25:59.0486 0236 ============================================================
18:25:59.0486 0236 Scan started
18:25:59.0486 0236 Mode: Manual; SigCheck; TDLFS;
18:25:59.0486 0236 ============================================================
18:26:00.0643 0236 ================ Scan system memory ========================
18:26:00.0643 0236 System memory - ok
18:26:00.0658 0236 ================ Scan services =============================
18:26:00.0783 0236 [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
18:26:00.0893 0236 1394ohci - ok
18:26:00.0908 0236 [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware C:\Windows\system32\drivers\3ware.sys
18:26:00.0955 0236 3ware - ok
18:26:00.0987 0236 [ 975AABEB243B800C23626D6B652C5A9C ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:26:01.0018 0236 ACPI - ok
18:26:01.0049 0236 [ DC968C37822117E576B933F34A2D130C ] acpiex C:\Windows\system32\Drivers\acpiex.sys
18:26:01.0080 0236 acpiex - ok
18:26:01.0096 0236 [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
18:26:01.0127 0236 acpipagr - ok
18:26:01.0143 0236 [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
18:26:01.0158 0236 AcpiPmi - ok
18:26:01.0174 0236 [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime C:\Windows\System32\drivers\acpitime.sys
18:26:01.0205 0236 acpitime - ok
18:26:01.0252 0236 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:26:01.0283 0236 AdobeARMservice - ok
18:26:01.0315 0236 [ 93C6388592B99925C1D1576E465BC80F ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:26:01.0377 0236 adp94xx - ok
18:26:01.0408 0236 [ D27763E0247292654E7F7D16444C7C72 ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:26:01.0455 0236 adpahci - ok
18:26:01.0471 0236 [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:26:01.0502 0236 adpu320 - ok
18:26:01.0549 0236 [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:26:01.0580 0236 AeLookupSvc - ok
18:26:01.0612 0236 [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD C:\Windows\system32\drivers\afd.sys
18:26:01.0658 0236 AFD - ok
18:26:01.0674 0236 [ 01590377A5AB19E792528C628A2A68F9 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:26:01.0690 0236 agp440 - ok
18:26:01.0721 0236 [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG C:\Windows\System32\alg.exe
18:26:01.0752 0236 ALG - ok
18:26:01.0768 0236 [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
18:26:01.0799 0236 AllUserInstallAgent - ok
18:26:01.0815 0236 [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
18:26:01.0846 0236 AmdK8 - ok
18:26:01.0846 0236 [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
18:26:01.0862 0236 AmdPPM - ok
18:26:01.0877 0236 [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:26:01.0893 0236 amdsata - ok
18:26:01.0924 0236 [ 00452671904F5EE94B50BF0219C97164 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:26:01.0955 0236 amdsbs - ok
18:26:01.0987 0236 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:26:02.0018 0236 amdxata - ok
18:26:02.0018 0236 [ 83B3682CE922FB0F415734B26D9D6233 ] AppID C:\Windows\system32\drivers\appid.sys
18:26:02.0049 0236 AppID - ok
18:26:02.0065 0236 [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:26:02.0096 0236 AppIDSvc - ok
18:26:02.0127 0236 [ 4F750B7EFCB6520AE01E01D082D7D476 ] Appinfo C:\Windows\System32\appinfo.dll
18:26:02.0158 0236 Appinfo - ok
18:26:02.0190 0236 [ 2D14788C5D0836292BEB27BBE109BE56 ] AppMgmt C:\Windows\System32\appmgmts.dll
18:26:02.0237 0236 AppMgmt - ok
18:26:02.0268 0236 [ E933401B392387F4BE34DE8BAF1722A7 ] arc C:\Windows\system32\drivers\arc.sys
18:26:02.0299 0236 arc - ok
18:26:02.0315 0236 [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:26:02.0346 0236 arcsas - ok
18:26:02.0362 0236 [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:26:02.0408 0236 AsyncMac - ok
18:26:02.0408 0236 [ A721FF570C2387E383BDDEA9632863C9 ] atapi C:\Windows\system32\drivers\atapi.sys
18:26:02.0440 0236 atapi - ok
18:26:02.0471 0236 [ BCD7A47EF587DC00DD61D12D9C2D1E44 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
18:26:02.0565 0236 AudioEndpointBuilder - ok
18:26:02.0612 0236 [ 810F30FF8490ED5ED510621DF10DE320 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:26:02.0721 0236 Audiosrv - ok
18:26:02.0737 0236 [ 89491EF71D5EA011127832C588002853 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:26:02.0783 0236 AxInstSV - ok
18:26:02.0815 0236 [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
18:26:02.0877 0236 b06bdrv - ok
18:26:02.0908 0236 [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
18:26:02.0955 0236 BasicDisplay - ok
18:26:02.0971 0236 [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
18:26:02.0987 0236 BasicRender - ok
18:26:03.0033 0236 [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC C:\Windows\System32\bdesvc.dll
18:26:03.0065 0236 BDESVC - ok
18:26:03.0080 0236 [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep C:\Windows\system32\drivers\Beep.sys
18:26:03.0112 0236 Beep - ok
18:26:03.0143 0236 [ 9E6A544F465C582AB42444A217CF04DC ] BFE C:\Windows\System32\bfe.dll
18:26:03.0190 0236 BFE - ok
18:26:03.0237 0236 [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS C:\Windows\System32\qmgr.dll
18:26:03.0315 0236 BITS - ok
18:26:03.0330 0236 [ B17AC10B47C7FCB44D22A1F06415840E ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:26:03.0362 0236 bowser - ok
18:26:03.0393 0236 [ 038FA1B55531E7020DB705B42FCCE373 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
18:26:03.0440 0236 BrokerInfrastructure - ok
18:26:03.0487 0236 [ 310068BDA80B1D55C36580FD8A873FAF ] Browser C:\Windows\System32\browser.dll
18:26:03.0518 0236 Browser - ok
18:26:03.0549 0236 [ F17DEEAC7D51D44CF1BFF8DD4F0A2B6D ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
18:26:03.0580 0236 BthAvrcpTg - ok
18:26:03.0596 0236 [ A8B20D852B07AE19A13B5D47EC4E4C3B ] BthEnum C:\Windows\System32\drivers\BthEnum.sys
18:26:03.0643 0236 BthEnum - ok
18:26:03.0674 0236 [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
18:26:03.0737 0236 BthHFEnum - ok
18:26:03.0768 0236 [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
18:26:03.0784 0236 bthhfhid - ok
18:26:03.0799 0236 [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
18:26:03.0862 0236 BTHMODEM - ok
18:26:03.0893 0236 [ 091BB978E9504D0AD14586929431A957 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:26:03.0924 0236 BthPan - ok
18:26:03.0971 0236 [ 13795CAA34239D97A7211E7F9D96E012 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
18:26:04.0080 0236 BTHPORT - ok
18:26:04.0112 0236 [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv C:\Windows\system32\bthserv.dll
18:26:04.0143 0236 bthserv - ok
18:26:04.0159 0236 [ 1F715957F5236D30B6020A19A4271F6A ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
18:26:04.0284 0236 BTHUSB - ok
18:26:04.0315 0236 [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:26:04.0362 0236 cdfs - ok
18:26:04.0393 0236 [ 339BFF85D788268752DA8C9644B188EE ] cdrom C:\Windows\System32\drivers\cdrom.sys
18:26:04.0424 0236 cdrom - ok
18:26:04.0440 0236 [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc C:\Windows\System32\certprop.dll
18:26:04.0502 0236 CertPropSvc - ok
18:26:04.0534 0236 [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass C:\Windows\System32\drivers\circlass.sys
18:26:04.0580 0236 circlass - ok
18:26:04.0612 0236 [ 9905168708DB68849B879B5548F68AB3 ] CLFS C:\Windows\system32\drivers\CLFS.sys
18:26:04.0659 0236 CLFS - ok
18:26:04.0705 0236 [ 2DC8538A2260647484A6C921CA837313 ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
18:26:04.0721 0236 CmBatt - ok
18:26:04.0768 0236 [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG C:\Windows\system32\Drivers\cng.sys
18:26:04.0830 0236 CNG - ok
18:26:04.0862 0236 [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
18:26:04.0940 0236 CompositeBus - ok
18:26:04.0955 0236 COMSysApp - ok
18:26:04.0971 0236 [ D9CB0782AF819548072AA45B70F8B22D ] condrv C:\Windows\system32\drivers\condrv.sys
18:26:05.0002 0236 condrv - ok
18:26:05.0080 0236 [ 815F3180B5117E42E422188E9CCC89C6 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
18:26:05.0127 0236 cphs - ok
18:26:05.0174 0236 [ AFA426B0E7975CEB21F8B6711EFA8945 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:26:05.0205 0236 CryptSvc - ok
18:26:05.0252 0236 [ F2C69C3D98249DE14D4B2832516D4FD5 ] CSC C:\Windows\system32\drivers\csc.sys
18:26:05.0299 0236 CSC - ok
18:26:05.0330 0236 [ 22CCB6AFF617AAC6121DF6CDA5ABF3F4 ] CscService C:\Windows\System32\cscsvc.dll
18:26:05.0393 0236 CscService - ok
18:26:05.0424 0236 [ C4D01BD86D6B207275FC143EEA951D75 ] dam C:\Windows\system32\drivers\dam.sys
18:26:05.0456 0236 dam - ok
18:26:05.0518 0236 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch C:\Windows\system32\rpcss.dll
18:26:05.0565 0236 DcomLaunch - ok
18:26:05.0596 0236 [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc C:\Windows\System32\defragsvc.dll
18:26:05.0643 0236 defragsvc - ok
18:26:05.0674 0236 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll
18:26:05.0737 0236 DeviceAssociationService - ok
18:26:05.0784 0236 [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
18:26:05.0815 0236 DeviceInstall - ok
18:26:05.0846 0236 [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
18:26:05.0877 0236 Dfsc - ok
18:26:05.0909 0236 [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp C:\Windows\system32\dhcpcore.dll
18:26:05.0940 0236 Dhcp - ok
18:26:05.0956 0236 [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache C:\Windows\system32\drivers\discache.sys
18:26:06.0002 0236 discache - ok
18:26:06.0018 0236 [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk C:\Windows\system32\drivers\disk.sys
18:26:06.0065 0236 disk - ok
18:26:06.0081 0236 [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
18:26:06.0096 0236 dmvsc - ok
18:26:06.0159 0236 [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:26:06.0190 0236 Dnscache - ok
18:26:06.0221 0236 [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc C:\Windows\System32\dot3svc.dll
18:26:06.0268 0236 dot3svc - ok
18:26:06.0315 0236 [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS C:\Windows\system32\dps.dll
18:26:06.0362 0236 DPS - ok
18:26:06.0393 0236 [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:26:06.0424 0236 drmkaud - ok
18:26:06.0440 0236 [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
18:26:06.0487 0236 DsmSvc - ok
18:26:06.0549 0236 [ 6D1B8A9A2C0BD4851D8AF1AB43E67AD9 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:26:06.0659 0236 DXGKrnl - ok
18:26:06.0674 0236 [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost C:\Windows\System32\eapsvc.dll
18:26:06.0721 0236 Eaphost - ok
18:26:06.0815 0236 [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv C:\Windows\system32\drivers\evbda.sys
18:26:07.0049 0236 ebdrv - ok
18:26:07.0081 0236 [ F702AB6181513303AB0FC8D59E52708B ] EFS C:\Windows\System32\lsass.exe
18:26:07.0112 0236 EFS - ok
18:26:07.0127 0236 [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
18:26:07.0159 0236 EhStorClass - ok
18:26:07.0174 0236 [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
18:26:07.0190 0236 EhStorTcgDrv - ok
18:26:07.0206 0236 [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev C:\Windows\System32\drivers\errdev.sys
18:26:07.0237 0236 ErrDev - ok
18:26:07.0299 0236 [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem C:\Windows\system32\es.dll
18:26:07.0346 0236 EventSystem - ok
18:26:07.0362 0236 [ D83EB7ADE99D99A4CD6568AC1261D35E ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
18:26:07.0424 0236 ewusbnet - ok
18:26:07.0487 0236 [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
18:26:07.0534 0236 ew_hwusbdev - ok
18:26:07.0565 0236 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat C:\Windows\system32\drivers\exfat.sys
18:26:07.0612 0236 exfat - ok
18:26:07.0643 0236 [ 60996602A7111FD2D086E803F33E4282 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:26:07.0690 0236 fastfat - ok
18:26:07.0721 0236 [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax C:\Windows\system32\fxssvc.exe
18:26:07.0784 0236 Fax - ok
18:26:07.0784 0236 [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc C:\Windows\System32\drivers\fdc.sys
18:26:07.0831 0236 fdc - ok
18:26:07.0846 0236 [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost C:\Windows\system32\fdPHost.dll
18:26:07.0893 0236 fdPHost - ok
18:26:07.0909 0236 [ 872506AAB591E8908DF4461475AF92DF ] FDResPub C:\Windows\system32\fdrespub.dll
18:26:07.0971 0236 FDResPub - ok
18:26:08.0003 0236 [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc C:\Windows\system32\fhsvc.dll
18:26:08.0081 0236 fhsvc - ok
18:26:08.0112 0236 [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:26:08.0128 0236 FileInfo - ok
18:26:08.0159 0236 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:26:08.0206 0236 Filetrace - ok
18:26:08.0221 0236 [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
18:26:08.0268 0236 flpydisk - ok
18:26:08.0284 0236 [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:26:08.0331 0236 FltMgr - ok
18:26:08.0393 0236 [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache C:\Windows\system32\FntCache.dll
18:26:08.0456 0236 FontCache - ok
18:26:08.0534 0236 [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:26:08.0565 0236 FontCache3.0.0.0 - ok
18:26:08.0596 0236 [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:26:08.0628 0236 FsDepends - ok
18:26:08.0643 0236 [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:26:08.0674 0236 Fs_Rec - ok
18:26:08.0721 0236 [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:26:08.0784 0236 fvevol - ok
18:26:08.0799 0236 [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
18:26:08.0831 0236 FxPPM - ok
18:26:08.0846 0236 [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:26:08.0878 0236 gagp30kx - ok
18:26:08.0909 0236 [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
18:26:08.0940 0236 gencounter - ok
18:26:08.0971 0236 [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
18:26:09.0003 0236 GPIOClx0101 - ok
18:26:09.0049 0236 [ 5358678C6370F2ADC5291849F6503262 ] gpsvc C:\Windows\System32\gpsvc.dll
18:26:09.0143 0236 gpsvc - ok
18:26:09.0174 0236 [ C2504AA983B5D411F7D31402E8B57725 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:26:09.0206 0236 HdAudAddService - ok
18:26:09.0253 0236 [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
18:26:09.0284 0236 HDAudBus - ok
18:26:09.0299 0236 [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
18:26:09.0331 0236 HidBatt - ok
18:26:09.0378 0236 [ 085F150D002B7F0153D3C06DDF33A143 ] HidBth C:\Windows\System32\drivers\hidbth.sys
18:26:09.0440 0236 HidBth - ok
18:26:09.0471 0236 [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
18:26:09.0518 0236 hidi2c - ok
18:26:09.0518 0236 [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr C:\Windows\System32\drivers\hidir.sys
18:26:09.0581 0236 HidIr - ok
18:26:09.0612 0236 [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv C:\Windows\System32\hidserv.dll
18:26:09.0643 0236 hidserv - ok
18:26:09.0674 0236 [ 012C354B4AB48E9A7A657DF39E3A2073 ] HidUsb C:\Windows\System32\drivers\hidusb.sys
18:26:09.0721 0236 HidUsb - ok
18:26:09.0753 0236 [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:26:09.0799 0236 hkmsvc - ok
18:26:09.0831 0236 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:26:09.0862 0236 HomeGroupListener - ok
18:26:09.0893 0236 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:26:09.0940 0236 HomeGroupProvider - ok
18:26:09.0971 0236 [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:26:10.0003 0236 HpSAMD - ok
18:26:10.0050 0236 [ F4A91D985EB9D1D2717D538F3424603C ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:26:10.0143 0236 HTTP - ok
18:26:10.0175 0236 [ C2212C930D7A6CC21972B9882683D271 ] huawei_enumerator C:\Windows\System32\drivers\ew_jubusenum.sys
18:26:10.0237 0236 huawei_enumerator - ok
18:26:10.0284 0236 [ 6E05228393CD614B983568EC40C262C3 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:26:10.0331 0236 hwdatacard - ok
18:26:10.0346 0236 [ 2A98301068801700906C06649860FE94 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:26:10.0362 0236 hwpolicy - ok
18:26:10.0378 0236 [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
18:26:10.0409 0236 hyperkbd - ok
18:26:10.0456 0236 [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
18:26:10.0518 0236 HyperVideo - ok
18:26:10.0534 0236 [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
18:26:10.0612 0236 i8042prt - ok
18:26:10.0643 0236 [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:26:10.0690 0236 iaStorV - ok
18:26:10.0940 0236 [ 348214F96642FD4FEF630DE021BA3540 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:26:11.0143 0236 igfx - ok
18:26:11.0159 0236 [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:26:11.0190 0236 iirsp - ok
18:26:11.0284 0236 [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT C:\Windows\System32\ikeext.dll
18:26:11.0346 0236 IKEEXT - ok
18:26:11.0659 0236 [ 50D261E6921C29C516FDCB68A262829B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:26:11.0846 0236 IntcAzAudAddService - ok
18:26:11.0878 0236 [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide C:\Windows\system32\drivers\intelide.sys
18:26:11.0893 0236 intelide - ok
18:26:11.0925 0236 [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm C:\Windows\System32\drivers\intelppm.sys
18:26:11.0956 0236 intelppm - ok
18:26:11.0971 0236 [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:26:12.0003 0236 IpFilterDriver - ok
18:26:12.0050 0236 [ C217B8D2E58C57A319B16125C3D4B69C ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:26:12.0112 0236 iphlpsvc - ok
18:26:12.0128 0236 [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
18:26:12.0143 0236 IPMIDRV - ok
18:26:12.0159 0236 [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:26:12.0206 0236 IPNAT - ok
18:26:12.0222 0236 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:26:12.0253 0236 IRENUM - ok
18:26:12.0253 0236 [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:26:12.0284 0236 isapnp - ok
18:26:12.0315 0236 [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
18:26:12.0347 0236 iScsiPrt - ok
18:26:12.0362 0236 [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
18:26:12.0393 0236 kbdclass - ok
18:26:12.0409 0236 [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
18:26:12.0456 0236 kbdhid - ok
18:26:12.0472 0236 [ FB6C185092E18011EF49989425C2AA87 ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
18:26:12.0503 0236 kdnic - ok
18:26:12.0518 0236 [ F702AB6181513303AB0FC8D59E52708B ] KeyIso C:\Windows\system32\lsass.exe
18:26:12.0550 0236 KeyIso - ok
18:26:12.0565 0236 [ DFA480F6DED551464F3A5B959F437800 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:26:12.0597 0236 KSecDD - ok
18:26:12.0628 0236 [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:26:12.0659 0236 KSecPkg - ok
18:26:12.0690 0236 [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:26:12.0737 0236 ksthunk - ok
18:26:12.0768 0236 [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:26:12.0800 0236 KtmRm - ok
18:26:12.0847 0236 [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer C:\Windows\System32\srvsvc.dll
18:26:12.0893 0236 LanmanServer - ok
18:26:12.0925 0236 [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:26:12.0956 0236 LanmanWorkstation - ok
18:26:12.0972 0236 [ CEEFD29FC551F289810B0B9381B321DC ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:26:13.0018 0236 lltdio - ok
18:26:13.0050 0236 [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:26:13.0097 0236 lltdsvc - ok
18:26:13.0128 0236 [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:26:13.0159 0236 lmhosts - ok
18:26:13.0190 0236 [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:26:13.0222 0236 LSI_SAS - ok
18:26:13.0237 0236 [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:26:13.0268 0236 LSI_SAS2 - ok
18:26:13.0284 0236 [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:26:13.0315 0236 LSI_SCSI - ok
18:26:13.0331 0236 [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
18:26:13.0347 0236 LSI_SSS - ok
18:26:13.0378 0236 [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM C:\Windows\System32\lsm.dll
18:26:13.0440 0236 LSM - ok
18:26:13.0472 0236 [ 2BDC5D711FA61307CE6190D47C956368 ] luafv C:\Windows\system32\drivers\luafv.sys
18:26:13.0518 0236 luafv - ok
18:26:13.0581 0236 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:26:13.0597 0236 MBAMProtector - ok
18:26:13.0675 0236 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:26:13.0878 0236 MBAMScheduler - ok
18:26:13.0925 0236 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:26:14.0175 0236 MBAMService - ok
18:26:14.0206 0236 [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas C:\Windows\system32\drivers\megasas.sys
18:26:14.0237 0236 megasas - ok
18:26:14.0284 0236 [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:26:14.0331 0236 MegaSR - ok
18:26:14.0347 0236 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\System32\drivers\HECIx64.sys
18:26:14.0362 0236 MEIx64 - ok
18:26:14.0409 0236 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS C:\Windows\system32\mmcss.dll
18:26:14.0425 0236 MMCSS - ok
18:26:14.0440 0236 [ 780098AD5DA8A4822E2563984C85EF7B ] Modem C:\Windows\system32\drivers\modem.sys
18:26:14.0472 0236 Modem - ok
18:26:14.0503 0236 [ EA8EAD3F5B762F889CC7F3966625B48B ] monitor C:\Windows\System32\drivers\monitor.sys
18:26:14.0597 0236 monitor - ok
18:26:14.0612 0236 [ 618446B98C79776654340CE27C73485E ] mouclass C:\Windows\System32\drivers\mouclass.sys
18:26:14.0628 0236 mouclass - ok
18:26:14.0659 0236 [ C0ADEBED913295803B579ED288936CBB ] mouhid C:\Windows\System32\drivers\mouhid.sys
18:26:14.0706 0236 mouhid - ok
18:26:14.0737 0236 [ 89D263DBF08119CE16273991C120D6DD ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:26:14.0769 0236 mountmgr - ok
18:26:14.0815 0236 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:26:14.0831 0236 MozillaMaintenance - ok
18:26:14.0878 0236 [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:26:14.0909 0236 mpsdrv - ok
18:26:14.0956 0236 [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:26:15.0019 0236 MpsSvc - ok
18:26:15.0034 0236 [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:26:15.0081 0236 MRxDAV - ok
18:26:15.0112 0236 [ 93179D48066918323628CB016D8C94DC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:26:15.0159 0236 mrxsmb - ok
18:26:15.0190 0236 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:26:15.0222 0236 mrxsmb10 - ok
18:26:15.0253 0236 [ 5C7DD2E5759FFCCD2C7341C1B90F2B26 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:26:15.0284 0236 mrxsmb20 - ok
18:26:15.0315 0236 [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
18:26:15.0347 0236 MsBridge - ok
18:26:15.0378 0236 [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC C:\Windows\System32\msdtc.exe
18:26:15.0409 0236 MSDTC - ok
18:26:15.0440 0236 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:26:15.0456 0236 Msfs - ok
18:26:15.0487 0236 [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
18:26:15.0519 0236 msgpiowin32 - ok
18:26:15.0534 0236 [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:26:15.0565 0236 mshidkmdf - ok
18:26:15.0597 0236 [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
18:26:15.0628 0236 mshidumdf - ok
18:26:15.0659 0236 [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:26:15.0675 0236 msisadrv - ok
18:26:15.0706 0236 [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:26:15.0737 0236 MSiSCSI - ok
18:26:15.0753 0236 msiserver - ok
18:26:15.0769 0236 [ 509809566E49F4411055864EA8D437CD ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:26:15.0800 0236 MSKSSRV - ok
18:26:15.0815 0236 [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
18:26:15.0847 0236 MsLldp - ok
18:26:15.0862 0236 [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:26:15.0894 0236 MSPCLOCK - ok
18:26:15.0909 0236 [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:26:15.0940 0236 MSPQM - ok
18:26:15.0956 0236 [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:26:16.0019 0236 MsRPC - ok
18:26:16.0050 0236 [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
18:26:16.0065 0236 mssmbios - ok
18:26:16.0097 0236 [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:26:16.0112 0236 MSTEE - ok
18:26:16.0144 0236 [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
18:26:16.0175 0236 MTConfig - ok
18:26:16.0190 0236 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup C:\Windows\system32\Drivers\mup.sys
18:26:16.0222 0236 Mup - ok
18:26:16.0237 0236 [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis C:\Windows\system32\drivers\mvumis.sys
18:26:16.0269 0236 mvumis - ok
18:26:16.0300 0236 [ 4B18840511D720BA118D3017E8165875 ] napagent C:\Windows\system32\qagentRT.dll
18:26:16.0347 0236 napagent - ok
18:26:16.0378 0236 [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:26:16.0425 0236 NativeWifiP - ok
18:26:16.0456 0236 [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc C:\Windows\System32\ncasvc.dll
18:26:16.0503 0236 NcaSvc - ok
18:26:16.0519 0236 [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
18:26:16.0550 0236 NcdAutoSetup - ok
18:26:16.0597 0236 [ 03CFE4108D1DE16D6C59455B5C73319C ] NDIS C:\Windows\system32\drivers\ndis.sys
18:26:16.0675 0236 NDIS - ok
18:26:16.0706 0236 [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:26:16.0737 0236 NdisCap - ok
18:26:16.0753 0236 [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
18:26:16.0816 0236 NdisImPlatform - ok
18:26:16.0847 0236 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:26:16.0894 0236 NdisTapi - ok
18:26:16.0909 0236 [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:26:16.0941 0236 Ndisuio - ok
18:26:16.0956 0236 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:26:17.0019 0236 NdisWan - ok
18:26:17.0019 0236 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY C:\Windows\system32\DRIVERS\ndiswan.sys
18:26:17.0066 0236 NDISWANLEGACY - ok
18:26:17.0097 0236 [ 3730942D7DB2F8BB5F84542B7FF6F650 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:26:17.0175 0236 NDProxy - ok
18:26:17.0191 0236 [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu C:\Windows\system32\drivers\Ndu.sys
18:26:17.0237 0236 Ndu - ok
18:26:17.0253 0236 [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:26:17.0284 0236 NetBIOS - ok
18:26:17.0316 0236 [ 7CEC25C682D319D484630B3952C31A11 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:26:17.0347 0236 NetBT - ok
18:26:17.0378 0236 [ F702AB6181513303AB0FC8D59E52708B ] Netlogon C:\Windows\system32\lsass.exe
18:26:17.0409 0236 Netlogon - ok
18:26:17.0425 0236 [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman C:\Windows\System32\netman.dll
18:26:17.0472 0236 Netman - ok
18:26:17.0519 0236 [ 79FA9393C67EBBF92A56923592CF7A7C ] netprofm C:\Windows\System32\netprofmsvc.dll
18:26:17.0597 0236 netprofm - ok
18:26:17.0628 0236 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:26:17.0659 0236 NetTcpPortSharing - ok
18:26:17.0878 0236 [ 57B9C04D673F236D41FAB03842C8640B ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
18:26:18.0191 0236 NETwNs64 - ok
18:26:18.0222 0236 [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:26:18.0237 0236 nfrd960 - ok
18:26:18.0269 0236 [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:26:18.0331 0236 NlaSvc - ok
18:26:18.0331 0236 [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:26:18.0378 0236 Npfs - ok
18:26:18.0394 0236 [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
18:26:18.0441 0236 npsvctrig - ok
18:26:18.0472 0236 [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi C:\Windows\system32\nsisvc.dll
18:26:18.0503 0236 nsi - ok
18:26:18.0519 0236 [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:26:18.0550 0236 nsiproxy - ok
18:26:18.0612 0236 [ 76929F4A69E425911A63B407E26C2589 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:26:18.0753 0236 Ntfs - ok
18:26:18.0769 0236 [ 4163ADE07DB51843AE31F65B94F5398D ] Null C:\Windows\system32\drivers\Null.sys
18:26:18.0800 0236 Null - ok
18:26:19.0066 0236 [ 0A2F27B5BCC45B64E152DD6AE0815198 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:26:19.0519 0236 nvlddmkm - ok
18:26:19.0550 0236 [ EB12E165FD233F2DDC47B11423186177 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
18:26:19.0566 0236 nvpciflt - ok
18:26:19.0581 0236 [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:26:19.0613 0236 nvraid - ok
18:26:19.0628 0236 [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:26:19.0659 0236 nvstor - ok
18:26:19.0691 0236 [ 574087EA9105F23FB522A4FDDD5292D9 ] nvsvc C:\Windows\system32\nvvsvc.exe
18:26:19.0769 0236 nvsvc - ok
18:26:19.0831 0236 [ ABA5A88740635D37A2B6CEB27DBC738A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:26:19.0925 0236 nvUpdatusService - ok
18:26:19.0941 0236 [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:26:19.0988 0236 nv_agp - ok
18:26:20.0019 0236 [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:26:20.0050 0236 p2pimsvc - ok
18:26:20.0066 0236 [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc C:\Windows\system32\p2psvc.dll
18:26:20.0113 0236 p2psvc - ok
18:26:20.0144 0236 [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport C:\Windows\System32\drivers\parport.sys
18:26:20.0175 0236 Parport - ok
18:26:20.0206 0236 [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:26:20.0238 0236 partmgr - ok
18:26:20.0269 0236 [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:26:20.0316 0236 PcaSvc - ok
18:26:20.0331 0236 [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci C:\Windows\system32\drivers\pci.sys
18:26:20.0363 0236 pci - ok
18:26:20.0394 0236 [ F9908D274D458220F91E89B54D78D837 ] pciide C:\Windows\system32\drivers\pciide.sys
18:26:20.0409 0236 pciide - ok
18:26:20.0488 0236 [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:26:20.0534 0236 pcmcia - ok
18:26:20.0566 0236 [ CEBBAD5391C2644560C55628A40BFD27 ] pcw C:\Windows\system32\drivers\pcw.sys
18:26:20.0581 0236 pcw - ok
18:26:20.0613 0236 [ 0698DEDEAD6A00AD0D468C687D830FBF ] pdc C:\Windows\system32\drivers\pdc.sys
18:26:20.0644 0236 pdc - ok
18:26:20.0691 0236 [ 61FE70659CD43E07F94DA4DC31DEC493 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:26:20.0784 0236 PEAUTH - ok
18:26:20.0863 0236 [ DF0D9BDCB600913F40FF125BF8CE1979 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:26:20.0956 0236 PeerDistSvc - ok
18:26:21.0066 0236 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:26:21.0081 0236 PerfHost - ok
18:26:21.0144 0236 [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla C:\Windows\system32\pla.dll
18:26:21.0253 0236 pla - ok
18:26:21.0285 0236 [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:26:21.0316 0236 PlugPlay - ok
18:26:21.0347 0236 [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:26:21.0378 0236 PNRPAutoReg - ok
18:26:21.0394 0236 [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:26:21.0441 0236 PNRPsvc - ok
18:26:21.0472 0236 [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:26:21.0535 0236 PolicyAgent - ok
18:26:21.0566 0236 [ F1E067F56373F11EA4B785CAE823740A ] Power C:\Windows\system32\umpo.dll
18:26:21.0597 0236 Power - ok
18:26:21.0628 0236 [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:26:21.0675 0236 PptpMiniport - ok
18:26:21.0785 0236 [ 9D59831262CAD44E709D695FC9D5E7AB ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
18:26:21.0910 0236 PrintNotify - ok
18:26:21.0941 0236 [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor C:\Windows\System32\drivers\processr.sys
18:26:21.0972 0236 Processor - ok
18:26:21.0988 0236 [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc C:\Windows\system32\profsvc.dll
18:26:22.0019 0236 ProfSvc - ok
18:26:22.0050 0236 [ EB8034147D4820CD31BFCB11A2A652DF ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:26:22.0081 0236 Psched - ok
18:26:22.0113 0236 [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE C:\Windows\system32\qwave.dll
18:26:22.0144 0236 QWAVE - ok
18:26:22.0175 0236 [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:26:22.0206 0236 QWAVEdrv - ok
18:26:22.0222 0236 [ 873C60F8178100557740A832FCE10B5F ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:26:22.0269 0236 RasAcd - ok
18:26:22.0300 0236 [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:26:22.0331 0236 RasAgileVpn - ok
18:26:22.0363 0236 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto C:\Windows\System32\rasauto.dll
18:26:22.0410 0236 RasAuto - ok
18:26:22.0441 0236 [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:26:22.0488 0236 Rasl2tp - ok
18:26:22.0503 0236 [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan C:\Windows\System32\rasmans.dll
18:26:22.0566 0236 RasMan - ok
18:26:22.0581 0236 [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:26:22.0613 0236 RasPppoe - ok
18:26:22.0644 0236 [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:26:22.0675 0236 RasSstp - ok
18:26:22.0722 0236 [ CA03D642ACE58E1BA54E4B383F91CD69 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:26:22.0800 0236 rdbss - ok
18:26:22.0831 0236 [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
18:26:22.0863 0236 rdpbus - ok
18:26:22.0894 0236 [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:26:22.0910 0236 RDPDR - ok
18:26:22.0956 0236 [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:26:22.0988 0236 RdpVideoMiniport - ok
18:26:23.0003 0236 [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:26:23.0035 0236 RDPWD - ok
18:26:23.0066 0236 [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:26:23.0097 0236 rdyboost - ok
18:26:23.0128 0236 [ 89525CC2DBAD44F7199B9CC188B3F9C5 ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
18:26:23.0144 0236 RealNetworks Downloader Resolver Service - ok
18:26:23.0175 0236 [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:26:23.0222 0236 RemoteAccess - ok
18:26:23.0253 0236 [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:26:23.0316 0236 RemoteRegistry - ok
18:26:23.0347 0236 [ CCBFCABDFE2BC22F0645CEAADDB36004 ] RFCOMM C:\Windows\System32\drivers\rfcomm.sys
18:26:23.0394 0236 RFCOMM - ok
18:26:23.0441 0236 [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:26:23.0472 0236 RpcEptMapper - ok
18:26:23.0503 0236 [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator C:\Windows\system32\locator.exe
18:26:23.0535 0236 RpcLocator - ok
18:26:23.0566 0236 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs C:\Windows\system32\rpcss.dll
18:26:23.0628 0236 RpcSs - ok
18:26:23.0644 0236 [ E04E770DD198B9399640717145E79EBF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:26:23.0675 0236 rspndr - ok
18:26:23.0722 0236 [ 15923AA360F7675D3D43C9669316A0BA ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x64.sys
18:26:23.0769 0236 RTL8168 - ok
18:26:23.0800 0236 [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap C:\Windows\System32\drivers\vms3cap.sys
18:26:23.0832 0236 s3cap - ok
18:26:23.0863 0236 [ F702AB6181513303AB0FC8D59E52708B ] SamSs C:\Windows\system32\lsass.exe
18:26:23.0878 0236 SamSs - ok
18:26:23.0910 0236 [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:26:23.0941 0236 sbp2port - ok
18:26:23.0957 0236 [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:26:24.0003 0236 SCardSvr - ok
18:26:24.0035 0236 [ 5D7733A12756B267FCA021672B26BC9E ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:26:24.0066 0236 scfilter - ok
18:26:24.0113 0236 [ ED40ED9A65F3E79A8C43DD50C5FDADBF ] Schedule C:\Windows\system32\schedsvc.dll
18:26:24.0238 0236 Schedule - ok
18:26:24.0269 0236 [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:26:24.0300 0236 SCPolicySvc - ok
18:26:24.0332 0236 [ 047315E75392CEA447ACC86257824C16 ] sdbus C:\Windows\System32\drivers\sdbus.sys
18:26:24.0378 0236 sdbus - ok
18:26:24.0410 0236 [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:26:24.0457 0236 SDRSVC - ok
18:26:24.0472 0236 [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor C:\Windows\System32\drivers\sdstor.sys
18:26:24.0503 0236 sdstor - ok
18:26:24.0519 0236 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:26:24.0550 0236 secdrv - ok
18:26:24.0566 0236 [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon C:\Windows\system32\seclogon.dll
18:26:24.0613 0236 seclogon - ok
18:26:24.0628 0236 [ 9C51620998F0763039DFA6BF68E475ED ] SENS C:\Windows\System32\sens.dll
18:26:24.0691 0236 SENS - ok
18:26:24.0707 0236 [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:26:24.0738 0236 SensrSvc - ok
18:26:24.0769 0236 [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx C:\Windows\system32\drivers\SerCx.sys
18:26:24.0800 0236 SerCx - ok
18:26:24.0800 0236 [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum C:\Windows\System32\drivers\serenum.sys
18:26:24.0832 0236 Serenum - ok
18:26:24.0847 0236 [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial C:\Windows\System32\drivers\serial.sys
18:26:24.0878 0236 Serial - ok
18:26:24.0894 0236 [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse C:\Windows\System32\drivers\sermouse.sys
18:26:24.0941 0236 sermouse - ok
18:26:24.0988 0236 [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv C:\Windows\system32\sessenv.dll
18:26:25.0035 0236 SessionEnv - ok
18:26:25.0035 0236 [ 7EE65419B29302C795714FF8073969A1 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
18:26:25.0082 0236 sfloppy - ok
18:26:25.0113 0236 [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:26:25.0160 0236 SharedAccess - ok
18:26:25.0191 0236 [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:26:25.0253 0236 ShellHWDetection - ok
18:26:25.0269 0236 [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:26:25.0316 0236 SiSRaid2 - ok
18:26:25.0316 0236 [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:26:25.0363 0236 SiSRaid4 - ok
18:26:25.0394 0236 [ 3467821FD04A66C9786DF0C8C0219A73 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:26:25.0425 0236 SkypeUpdate - ok
18:26:25.0457 0236 [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:26:25.0535 0236 SNMPTRAP - ok
18:26:25.0566 0236 [ FD3AF5575B99871BADB94E7699DBCE08 ] spaceport C:\Windows\system32\drivers\spaceport.sys
18:26:25.0613 0236 spaceport - ok
18:26:25.0613 0236 [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
18:26:25.0660 0236 SpbCx - ok
18:26:25.0691 0236 [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler C:\Windows\System32\spoolsv.exe
18:26:25.0738 0236 Spooler - ok
18:26:25.0863 0236 [ EC84D961501054F87A6878EC5D53388F ] sppsvc C:\Windows\system32\sppsvc.exe
18:26:26.0050 0236 sppsvc - ok
18:26:26.0097 0236 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:26:26.0129 0236 srv - ok
18:26:26.0175 0236 [ 56218A571ECF8D55E0CDFF8DF2546CF1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:26:26.0238 0236 srv2 - ok
18:26:26.0254 0236 [ 14FC338B80CFF7E04215133B568D15C4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:26:26.0316 0236 srvnet - ok
18:26:26.0347 0236 [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:26:26.0394 0236 SSDPSRV - ok
18:26:26.0410 0236 [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:26:26.0457 0236 SstpSvc - ok
18:26:26.0488 0236 Steam Client Service - ok
18:26:26.0519 0236 [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:26:26.0550 0236 stexstor - ok
18:26:26.0597 0236 [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc C:\Windows\System32\wiaservc.dll
18:26:26.0644 0236 stisvc - ok
18:26:26.0675 0236 [ B240874B2CA0CD02E8CD11E140B14C57 ] storahci C:\Windows\system32\drivers\storahci.sys
18:26:26.0707 0236 storahci - ok
18:26:26.0722 0236 [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
18:26:26.0754 0236 storflt - ok
18:26:26.0769 0236 [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc C:\Windows\system32\storsvc.dll
18:26:26.0800 0236 StorSvc - ok
18:26:26.0816 0236 [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:26:26.0847 0236 storvsc - ok
18:26:26.0863 0236 [ 1A36AC469140F87CDE62D7F8524E270C ] storvsp C:\Windows\System32\drivers\storvsp.sys
18:26:26.0894 0236 storvsp - ok
18:26:26.0910 0236 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc C:\Windows\system32\svsvc.dll
18:26:26.0972 0236 svsvc - ok
18:26:26.0988 0236 [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum C:\Windows\System32\drivers\swenum.sys
18:26:27.0019 0236 swenum - ok
18:26:27.0050 0236 [ 502F9488540051F3E6C39889ECFA76BB ] swprv C:\Windows\System32\swprv.dll
18:26:27.0113 0236 swprv - ok
18:26:27.0175 0236 [ A06CB9269D29EE3D0F3F5630ABB660B8 ] SysMain C:\Windows\system32\sysmain.dll
18:26:27.0254 0236 SysMain - ok
18:26:27.0285 0236 [ 6FB88606C4A71E1BFAF97D63A676C673 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
18:26:27.0332 0236 SystemEventsBroker - ok
18:26:27.0347 0236 [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll
18:26:27.0379 0236 TabletInputService - ok
18:26:27.0410 0236 [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv C:\Windows\System32\tapisrv.dll
18:26:27.0457 0236 TapiSrv - ok
18:26:27.0535 0236 [ D750CE2A52F1B95E654CF2904C88EF1F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:26:27.0691 0236 Tcpip - ok
18:26:27.0738 0236 [ D750CE2A52F1B95E654CF2904C88EF1F ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:26:27.0910 0236 TCPIP6 - ok
18:26:27.0941 0236 [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:26:27.0972 0236 tcpipreg - ok
18:26:28.0004 0236 [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:26:28.0035 0236 tdx - ok
18:26:28.0051 0236 [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt C:\Windows\System32\drivers\terminpt.sys
18:26:28.0082 0236 terminpt - ok
18:26:28.0129 0236 [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService C:\Windows\System32\termsrv.dll
18:26:28.0176 0236 TermService - ok
18:26:28.0222 0236 [ 46B389E1A1C8E66D877402FC0821A371 ] TGCM_ImportWiFiSvc C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
18:26:28.0504 0236 TGCM_ImportWiFiSvc - ok
18:26:28.0535 0236 [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes C:\Windows\system32\themeservice.dll
18:26:28.0597 0236 Themes - ok
18:26:28.0629 0236 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER C:\Windows\system32\mmcss.dll
18:26:28.0660 0236 THREADORDER - ok
18:26:28.0691 0236 [ 4515B9E4140F04FB3907692DF89FCA87 ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
18:26:28.0722 0236 TimeBroker - ok
18:26:28.0754 0236 [ 6F0BFF80EE2A5BC841286A51F893CBAD ] TPM C:\Windows\system32\drivers\tpm.sys
18:26:28.0785 0236 TPM - ok
18:26:28.0801 0236 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks C:\Windows\System32\trkwks.dll
18:26:28.0847 0236 TrkWks - ok
18:26:28.0894 0236 [ 8ABBB5CE0C62E0A6D28F32F44B7F865C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:26:28.0926 0236 TrustedInstaller - ok
18:26:28.0957 0236 [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:26:28.0972 0236 TsUsbFlt - ok
18:26:28.0988 0236 [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
18:26:29.0019 0236 TsUsbGD - ok
18:26:29.0035 0236 [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:26:29.0082 0236 tunnel - ok
18:26:29.0097 0236 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:26:29.0113 0236 uagp35 - ok
18:26:29.0144 0236 [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
18:26:29.0160 0236 UASPStor - ok
18:26:29.0207 0236 [ 7C33D8B8A5EA2321B84A1B6653CBD0DB ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
18:26:29.0238 0236 UCX01000 - ok
18:26:29.0269 0236 [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:26:29.0316 0236 udfs - ok
18:26:29.0363 0236 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:26:29.0394 0236 UI0Detect - ok
18:26:29.0410 0236 [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:26:29.0441 0236 uliagpkx - ok
18:26:29.0457 0236 [ 02CEB3FE6152668A7BA420B93B664860 ] umbus C:\Windows\System32\drivers\umbus.sys
18:26:29.0488 0236 umbus - ok
18:26:29.0504 0236 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass C:\Windows\System32\drivers\umpass.sys
18:26:29.0551 0236 UmPass - ok
18:26:29.0566 0236 [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService C:\Windows\System32\umrdp.dll
18:26:29.0613 0236 UmRdpService - ok
18:26:29.0644 0236 [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost C:\Windows\System32\upnphost.dll
18:26:29.0691 0236 upnphost - ok
18:26:29.0722 0236 [ 3FBE0784E42E7BA93FCC5201D2BAFE23 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:26:29.0832 0236 usbaudio - ok
18:26:29.0847 0236 [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
18:26:29.0879 0236 usbccgp - ok
18:26:29.0894 0236 [ B395B62B62F28106218FA6FB17F4C797 ] usbcir C:\Windows\System32\drivers\usbcir.sys
18:26:29.0957 0236 usbcir - ok
18:26:29.0988 0236 [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci C:\Windows\System32\drivers\usbehci.sys
18:26:30.0035 0236 usbehci - ok
18:26:30.0051 0236 [ ADBF89B8E0BB372FEFE2E4B84E1E20AE ] usbhub C:\Windows\System32\drivers\usbhub.sys
18:26:30.0113 0236 usbhub - ok
18:26:30.0144 0236 [ EA040D4C6C94F315A85F3D0EAA884B37 ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
18:26:30.0191 0236 USBHUB3 - ok
18:26:30.0207 0236 [ 325F6179009B5A7F6118951A5BA422AB ] usbohci C:\Windows\System32\drivers\usbohci.sys
18:26:30.0254 0236 usbohci - ok
18:26:30.0269 0236 [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint C:\Windows\System32\drivers\usbprint.sys
18:26:30.0316 0236 usbprint - ok
18:26:30.0348 0236 [ A9858597B6DB695F78A37F6755A6FF98 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:26:30.0410 0236 usbscan - ok
18:26:30.0426 0236 [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
18:26:30.0457 0236 USBSTOR - ok
18:26:30.0488 0236 [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
18:26:30.0535 0236 usbuhci - ok
18:26:30.0551 0236 [ 09799E701B4327097E9F63D3FE221083 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
18:26:30.0582 0236 usbvideo - ok
18:26:30.0629 0236 [ 11C0CF143D246E2F0E9BDBF17A0CC70B ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
18:26:30.0691 0236 USBXHCI - ok
18:26:30.0723 0236 [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc C:\Windows\system32\lsass.exe
18:26:30.0754 0236 VaultSvc - ok
18:26:30.0769 0236 [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:26:30.0816 0236 vdrvroot - ok
18:26:30.0863 0236 [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds C:\Windows\System32\vds.exe
18:26:30.0926 0236 vds - ok
18:26:30.0941 0236 [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
18:26:30.0973 0236 VerifierExt - ok
18:26:31.0004 0236 [ 500BE6B2E49883720D0AE8BB859ED7A3 ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
18:26:31.0066 0236 vhdmp - ok
18:26:31.0098 0236 [ F5B4A14B00E89250C50982AC762DDD1D ] viaide C:\Windows\system32\drivers\viaide.sys
18:26:31.0113 0236 viaide - ok
18:26:31.0144 0236 [ 0E43886F01C85B47BA0A3157274BCF59 ] Vid C:\Windows\System32\drivers\Vid.sys
18:26:31.0160 0236 Vid - ok
18:26:31.0191 0236 [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:26:31.0207 0236 vmbus - ok
18:26:31.0223 0236 [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
18:26:31.0254 0236 VMBusHID - ok
18:26:31.0254 0236 [ B4F432A51826FFC66F4DF72A83E8E4B1 ] vmbusr C:\Windows\System32\drivers\vmbusr.sys
18:26:31.0285 0236 vmbusr - ok
18:26:31.0316 0236 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat C:\Windows\System32\ICSvc.dll
18:26:31.0348 0236 vmicheartbeat - ok
18:26:31.0363 0236 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
18:26:31.0394 0236 vmickvpexchange - ok
18:26:31.0410 0236 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv C:\Windows\System32\ICSvc.dll
18:26:31.0441 0236 vmicrdv - ok
18:26:31.0457 0236 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown C:\Windows\System32\ICSvc.dll
18:26:31.0488 0236 vmicshutdown - ok
18:26:31.0504 0236 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync C:\Windows\System32\ICSvc.dll
18:26:31.0535 0236 vmictimesync - ok
18:26:31.0551 0236 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss C:\Windows\System32\ICSvc.dll
18:26:31.0582 0236 vmicvss - ok
18:26:31.0598 0236 [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:26:31.0629 0236 volmgr - ok
18:26:31.0644 0236 [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:26:31.0691 0236 volmgrx - ok
18:26:31.0723 0236 [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:26:31.0785 0236 volsnap - ok
18:26:31.0801 0236 [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci C:\Windows\System32\drivers\vpci.sys
18:26:31.0816 0236 vpci - ok
18:26:31.0832 0236 [ 0190AFFF28F600461C0164353CC7EE27 ] vpcivsp C:\Windows\System32\drivers\vpcivsp.sys
18:26:31.0863 0236 vpcivsp - ok
18:26:31.0879 0236 [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:26:31.0910 0236 vsmraid - ok
18:26:31.0957 0236 [ D0C69E44BC1E1D4AD290FD84104623D8 ] VSS C:\Windows\system32\vssvc.exe
18:26:32.0019 0236 VSS - ok
18:26:32.0051 0236 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
18:26:32.0082 0236 VSTXRAID - ok
18:26:32.0098 0236 [ 62460A45435A26A334907E3F2EA45611 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:26:32.0129 0236 vwifibus - ok
18:26:32.0144 0236 [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:26:32.0176 0236 vwififlt - ok
18:26:32.0223 0236 [ F690B6EEAA94576727B24376D7ED3601 ] W32Time C:\Windows\system32\w32time.dll
18:26:32.0269 0236 W32Time - ok
18:26:32.0285 0236 [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen C:\Windows\System32\drivers\wacompen.sys
18:26:32.0379 0236 WacomPen - ok
18:26:32.0410 0236 [ 61F6972FF9AC9A8D0B4D62076DC30051 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:26:32.0582 0236 Wanarp - ok
18:26:32.0598 0236 [ 61F6972FF9AC9A8D0B4D62076DC30051 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:26:32.0629 0236 Wanarpv6 - ok
18:26:32.0676 0236 [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine C:\Windows\system32\wbengine.exe
18:26:32.0770 0236 wbengine - ok
18:26:32.0801 0236 [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:26:32.0848 0236 WbioSrvc - ok
18:26:32.0863 0236 [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
18:26:32.0910 0236 Wcmsvc - ok
18:26:32.0941 0236 [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:26:33.0004 0236 wcncsvc - ok
18:26:33.0004 0236 [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:26:33.0035 0236 WcsPlugInService - ok
18:26:33.0066 0236 [ B3A4D918DAB90505B6BC7B70632913CB ] Wd C:\Windows\system32\drivers\wd.sys
18:26:33.0098 0236 Wd - ok
18:26:33.0129 0236 [ 6F4B5DDDC3B86091E94BC47347A78AF7 ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
18:26:33.0160 0236 WdBoot - ok
18:26:33.0191 0236 [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:26:33.0254 0236 Wdf01000 - ok
18:26:33.0285 0236 [ 99D404A9A0AFC4734E014EBEBAC13F8F ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
18:26:33.0332 0236 WdFilter - ok
18:26:33.0348 0236 [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:26:33.0410 0236 WdiServiceHost - ok
18:26:33.0426 0236 [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:26:33.0488 0236 WdiSystemHost - ok
18:26:33.0504 0236 [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient C:\Windows\System32\webclnt.dll
18:26:33.0551 0236 WebClient - ok
18:26:33.0582 0236 [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:26:33.0613 0236 Wecsvc - ok
18:26:33.0629 0236 [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:26:33.0707 0236 wercplsupport - ok
18:26:33.0738 0236 [ 5F70EBFC1F75B487DE79501E3CCBDB54 ] WerSvc C:\Windows\System32\WerSvc.dll
18:26:33.0785 0236 WerSvc - ok
18:26:33.0801 0236 [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
18:26:33.0848 0236 WFPLWFS - ok
18:26:33.0879 0236 [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc C:\Windows\System32\wiarpc.dll
18:26:33.0910 0236 WiaRpc - ok
18:26:33.0926 0236 [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:26:33.0957 0236 WIMMount - ok
18:26:33.0973 0236 WinDefend - ok
18:26:33.0988 0236 WinHttpAutoProxySvc - ok
18:26:34.0051 0236 [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:26:34.0082 0236 Winmgmt - ok
18:26:34.0160 0236 [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM C:\Windows\system32\WsmSvc.dll
18:26:34.0301 0236 WinRM - ok
18:26:34.0379 0236 [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc C:\Windows\System32\wlansvc.dll
18:26:34.0441 0236 WlanSvc - ok
18:26:34.0504 0236 [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc C:\Windows\system32\wlidsvc.dll
18:26:34.0598 0236 wlidsvc - ok
18:26:34.0613 0236 [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
18:26:34.0645 0236 WmiAcpi - ok
18:26:34.0676 0236 [ D113499052C5E541906B727779F0F959 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:26:34.0707 0236 wmiApSrv - ok
18:26:34.0738 0236 WMPNetworkSvc - ok
18:26:34.0754 0236 [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
18:26:34.0785 0236 wpcfltr - ok
18:26:34.0801 0236 [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:26:34.0832 0236 WPCSvc - ok
18:26:34.0863 0236 [ 3013658A4D327854BEEC4A08D9655194 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:26:34.0910 0236 WPDBusEnum - ok
18:26:34.0926 0236 [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
18:26:34.0942 0236 WpdUpFltr - ok
18:26:34.0973 0236 [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:26:35.0004 0236 ws2ifsl - ok
18:26:35.0035 0236 [ 012CFE7F0F95266F554EE3B91EE2128A ] wscsvc C:\Windows\system32\wscsvc.dll
18:26:35.0113 0236 wscsvc - ok
18:26:35.0113 0236 WSearch - ok
18:26:35.0207 0236 [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService C:\Windows\System32\WSService.dll
18:26:35.0379 0236 WSService - ok
18:26:35.0488 0236 [ BE302BABE45EC05995F8DC66E37BBB3D ] wuauserv C:\Windows\system32\wuaueng.dll
18:26:35.0613 0236 wuauserv - ok
18:26:35.0645 0236 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:26:35.0692 0236 WudfPf - ok
18:26:35.0707 0236 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
18:26:35.0754 0236 WUDFRd - ok
18:26:35.0785 0236 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:26:35.0817 0236 wudfsvc - ok
18:26:35.0832 0236 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys
18:26:35.0863 0236 WUDFWpdFs - ok
18:26:35.0910 0236 [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc C:\Windows\System32\wwansvc.dll
18:26:35.0957 0236 WwanSvc - ok
18:26:35.0988 0236 ================ Scan global ===============================
18:26:36.0004 0236 [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll
18:26:36.0051 0236 [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll
18:26:36.0082 0236 [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll
18:26:36.0113 0236 [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe
18:26:36.0129 0236 [Global] - ok
18:26:36.0129 0236 ================ Scan MBR ==================================
18:26:36.0145 0236 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:26:36.0395 0236 \Device\Harddisk0\DR0 - ok
18:26:36.0395 0236 ================ Scan VBR ==================================
18:26:36.0395 0236 [ 0108EA81E0D903EC5441255DF54E43AC ] \Device\Harddisk0\DR0\Partition1
18:26:36.0410 0236 \Device\Harddisk0\DR0\Partition1 - ok
18:26:36.0426 0236 [ 485F9F69EC10DF19F3441DAEDE30770B ] \Device\Harddisk0\DR0\Partition2
18:26:36.0442 0236 \Device\Harddisk0\DR0\Partition2 - ok
18:26:36.0442 0236 ============================================================
18:26:36.0442 0236 Scan finished
18:26:36.0442 0236 ============================================================
18:26:36.0457 3552 Detected object count: 0
18:26:36.0457 3552 Actual detected object count: 0


-----

Die Website hat folgende URL:

https://arbd.ebay.de/ws/eBayISAPI.dll?VAppPaige&&reqinput=867f876cce8c51a2ea5d7529440961aa0c9ed735bf282ee8d812272aa32897a5695e259d8ca34c0b775108d0600fe02485bd6c1f6bf1885610d3 81635468e608d6dd9aeebf5882f20213ce5e0e82517104826ce9a264085344511ab0f5d427a697a92b732e9cfd74de7c9f8d68a0216625ca8186b57d6ad07b751727d4f76daa8d34f73aa1 f1d361ddfc63c8c3b0d708d1313ccb559fd370fce781a0ddef890a&guest=1



Für den Fall, dass man sie nicht aufrufen kann, folgenden Text:

"Bestätigung Ihrer Identität
Hilfe– wird in einem neuen Fenster oder in einem neuen Reiter geöffnet Hilfe
Um auch weiterhin die Sicherheit des eBay-Marktplatzes gewährleisten zu können, begrenzen wir die Anzahl der Artikel, die über ein Mitgliedskonto gekauft oder verkauft werden können. Der Umfang dieser Einschränkungen kann sich von Zeit zu Zeit zu ändern, abhängig von Ihren bisherigen Aktivitäten und Ihren allgemeinen Leistungen.

Für Ihr Mitgliedskonto wurde jetzt das von uns gesetzte Limit bezüglich Bieten und Kaufen erreicht. Sie können jedoch durch eine zusätzliche Verifizierung Ihr Limit erhöhen. Vielen Dank für Ihr Verständnis.

Bitte füllen Sie die Felder aus und klicken Sie dann auf Weiter.


Kreditkartennummer
Visa/Master
SicherSo schützt eBay Ihre Bankkontodaten– wird in einem neuen Fenster oder in einem neuen Reiter geöffnet.
Gültig bisAblauf der Gültigkeit: Jahr
Prüfnummer
Visa-Karte
Wo finde ich die Prüfnummer?– wird in einem neuen Fenster oder in einem neuen Reiter geöffnet
Rechnungsdaten (Angaben zum Kartenhalter ändern)
Bitte prüfen Sie, ob der Name und die Adresse, die unten angegeben sind, mit den bei Ihrem Kreditkartenunternehmen hinterlegten Informationen übereinstimmen.
[Meine Anschrift]
Diese Karte wird nicht belastet."

Alt 09.07.2013, 19:23   #10
aharonov
/// TB-Ausbilder
 
Exploit:Java/CVE-2013 etc. - Standard

Exploit:Java/CVE-2013 etc.



Zitat:
Habe auf Anraten des Ebay-Supports alle temporären Internetdateien sowie den Cache gelöscht
Also hat dir Ebay bestätigt, dass diese Abfrage nicht von Ebay selbst stammt, um dein Konto zu verifizieren..?
__________________
cheers,
Leo

Alt 10.07.2013, 01:01   #11
Kaese
 
Exploit:Java/CVE-2013 etc. - Standard

Exploit:Java/CVE-2013 etc.



Korrekt. Die Aussage war in etwa: "Oooh nein, das macht Ebay nicht. Ebay verifiziert nicht via Kreditkartennummern. Ich gehe davon aus, dass Sie einen Virus haben."

Alt 10.07.2013, 03:00   #12
aharonov
/// TB-Ausbilder
 
Exploit:Java/CVE-2013 etc. - Standard

Exploit:Java/CVE-2013 etc.



Downloade dir bitte Farbar Recovery Scan Tool 64-Bit und speichere es auf den Desktop.
  • Starte die FRST64.exe.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.
__________________
cheers,
Leo

Alt 10.07.2013, 10:09   #13
Kaese
 
Exploit:Java/CVE-2013 etc. - Standard

Exploit:Java/CVE-2013 etc.



FRST.txt:
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2013 01
Ran by Timmi (administrator) on 10-07-2013 11:04:29
Running from C:\Users\Timmi\Desktop
Windows 8 Pro (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IgfxTray] - C:\Windows\system32\igfxtray.exe [172144 2012-12-14] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [399984 2012-12-14] (Intel Corporation)
HKLM\...\Run: [Persistence] - C:\Windows\system32\igfxpers.exe [441968 2012-12-14] (Intel Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,
HKCU\...\Run: [Steam] - "D:\Program Files (x86)\Steam\Steam.exe" -silent [x]
HKCU\...\Policies\system: [disableregistrytools] 0
MountPoints2: G - "G:\AutoRun.exe" 
MountPoints2: {97e173f9-ac3b-11e2-be6f-ac72897cf16d} - "G:\AutoRun.exe" 
MountPoints2: {97e17424-ac3b-11e2-be6f-ac72897cf16d} - "G:\AutoRun.exe" 
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] - "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [295512 2013-04-16] (RealNetworks, Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [250504 2013-02-10] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [205184 2013-02-10] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 132.187.0.13
Tcpip\..\Interfaces\{D04FDD5C-702D-4BC2-B168-5D0E37254FCA}: [NameServer]193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\Timmi\AppData\Roaming\Mozilla\Firefox\Profiles\271z4be7.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: client - C:\Users\Timmi\AppData\Roaming\Mozilla\Firefox\Profiles\271z4be7.default\Extensions\client@anonymox.net.xpi
FF Extension: No Name - C:\Users\Timmi\AppData\Roaming\Mozilla\Firefox\Profiles\271z4be7.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Timmi\AppData\Roaming\Mozilla\Firefox\Profiles\271z4be7.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

==================== Services (Whitelisted) =================

R2 MBAMScheduler; D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624 2010-09-29] (Telefónica I+D)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 ewusbnet; C:\Windows\system32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U3 axloipoc; \??\C:\Users\Timmi\AppData\Local\Temp\axloipoc.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-10 11:04 - 2013-07-10 11:04 - 00000000 ____D C:\FRST
2013-07-10 11:03 - 2013-07-10 11:03 - 01776221 ____A (Farbar) C:\Users\Timmi\Desktop\FRST64.exe
2013-07-10 09:41 - 2013-07-10 09:41 - 00000797 ____A C:\Windows\setupact.log
2013-07-10 09:41 - 2013-07-10 09:41 - 00000000 ____A C:\Windows\setuperr.log
2013-07-09 18:06 - 2013-07-09 18:06 - 00016934 ____A C:\Users\Timmi\Desktop\Log.log
2013-07-09 17:56 - 2013-07-09 17:56 - 00377856 ____A C:\Users\Timmi\Downloads\gmer_2.1.19163.exe
2013-07-09 17:44 - 2013-07-09 17:44 - 00057370 ____A C:\Users\Timmi\Desktop\Extras.Txt
2013-07-09 17:43 - 2013-07-09 17:43 - 00082690 ____A C:\Users\Timmi\Desktop\OTL.Txt
2013-07-09 17:37 - 2013-07-10 10:22 - 00369899 ____A C:\Windows\WindowsUpdate.log
2013-07-09 17:32 - 2013-07-09 17:32 - 00602112 ____A (OldTimer Tools) C:\Users\Timmi\Desktop\OTL.exe
2013-07-09 17:32 - 2013-07-09 17:32 - 00000472 ____A C:\Users\Timmi\Desktop\defogger_disable.log
2013-07-09 17:32 - 2013-07-09 17:32 - 00000000 ____A C:\Users\Timmi\defogger_reenable
2013-07-09 17:31 - 2013-07-09 17:31 - 00050477 ____A C:\Users\Timmi\Desktop\Defogger.exe
2013-07-09 17:21 - 2013-07-09 17:22 - 02092792 ____A C:\Users\Timmi\Downloads\avira_free_antivirus.exe
2013-07-09 17:03 - 2013-07-09 17:04 - 00000000 ____D C:\Users\Timmi\AppData\Roaming\GetRightToGo
2013-07-09 17:02 - 2013-07-09 17:02 - 00000000 ____D C:\Qoobox
2013-07-09 17:01 - 2013-07-09 17:01 - 00000000 ____D C:\Windows\erdnt
2013-07-09 16:41 - 2013-07-09 16:41 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Timmi\Desktop\tdsskiller.exe
2013-07-09 16:14 - 2013-07-09 16:17 - 01093032 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-07-09 16:14 - 2013-07-09 16:17 - 00972712 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-07-09 16:12 - 2013-07-09 16:12 - 00000000 ____D C:\Windows\System32\appmgmt
2013-07-09 15:50 - 2013-07-09 15:50 - 00000820 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-09 15:50 - 2013-07-09 15:50 - 00000000 ____D C:\Users\Timmi\AppData\Roaming\Malwarebytes
2013-07-09 15:49 - 2013-07-09 15:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-09 15:49 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-09 15:48 - 2013-07-09 15:49 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Timmi\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-06 11:40 - 2013-07-06 11:41 - 00058880 __ASH C:\Users\Timmi\Downloads\Thumbs.db
2013-07-01 22:11 - 2013-07-02 00:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-29 02:04 - 2013-06-29 02:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-22 15:43 - 2013-06-22 15:52 - 76902472 ____A (The GIMP Team                                               ) C:\Users\Timmi\Downloads\gimp-2.8.4-setup.exe
2013-06-21 08:18 - 2013-06-21 08:18 - 00307904 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-20 12:27 - 2013-05-16 00:35 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\tssdisai.dll
2013-06-15 10:37 - 2013-05-24 01:01 - 01300992 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-06-15 10:37 - 2013-05-24 00:27 - 01022464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-06-15 09:40 - 2013-05-31 01:24 - 01257472 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-06-15 09:40 - 2013-05-31 01:08 - 00974848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-06-14 23:20 - 2013-05-15 04:25 - 00888320 ____A (Microsoft Corporation) C:\Windows\System32\autochk.exe
2013-06-14 23:20 - 2013-05-15 04:25 - 00542208 ____A (Microsoft Corporation) C:\Windows\System32\untfs.dll
2013-06-14 23:20 - 2013-05-15 04:24 - 00793088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
2013-06-14 23:20 - 2013-05-15 04:24 - 00482816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2013-06-14 21:52 - 2013-05-04 08:59 - 13644288 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2013-06-14 21:51 - 2013-05-04 09:58 - 00120736 ____A (Microsoft Corporation) C:\Windows\System32\AuthHost.exe
2013-06-14 21:51 - 2013-05-04 09:34 - 00446720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS
2013-06-14 21:51 - 2013-05-04 09:34 - 00284416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2013-06-14 21:51 - 2013-05-04 09:34 - 00213248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\UCX01000.SYS
2013-06-14 21:51 - 2013-05-04 09:30 - 00058312 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2013-06-14 21:51 - 2013-05-04 08:59 - 03241472 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2013-06-14 21:51 - 2013-05-04 08:59 - 01619968 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2013-06-14 21:51 - 2013-05-04 08:59 - 01483776 ____A (Microsoft Corporation) C:\Windows\System32\VSSVC.exe
2013-06-14 21:51 - 2013-05-04 08:59 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\Magnify.exe
2013-06-14 21:51 - 2013-05-04 08:59 - 00760320 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2013-06-14 21:51 - 2013-05-04 08:59 - 00251904 ____A (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll
2013-06-14 21:51 - 2013-05-04 08:59 - 00141824 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2013-06-14 21:51 - 2013-05-04 08:59 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2013-06-14 21:51 - 2013-05-04 08:59 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2013-06-14 21:51 - 2013-05-04 08:58 - 10116096 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-06-14 21:51 - 2013-05-04 08:58 - 01332736 ____A (Microsoft Corporation) C:\Windows\System32\sysmain.dll
2013-06-14 21:51 - 2013-05-04 08:58 - 00470528 ____A (Microsoft Corporation) C:\Windows\System32\netprofmsvc.dll
2013-06-14 21:51 - 2013-05-04 08:58 - 00330240 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll
2013-06-14 21:51 - 2013-05-04 08:58 - 00328192 ____A (Microsoft Corporation) C:\Windows\System32\ubpm.dll
2013-06-14 21:51 - 2013-05-04 08:58 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\storewuauth.dll
2013-06-14 21:51 - 2013-05-04 08:58 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\netplwiz.dll
2013-06-14 21:51 - 2013-05-04 08:58 - 00151552 ____A (Microsoft Corporation) C:\Windows\System32\netprofm.dll
2013-06-14 21:51 - 2013-05-04 08:58 - 00093696 ____A (Microsoft Corporation) C:\Windows\System32\psmsrv.dll
2013-06-14 21:51 - 2013-05-04 08:57 - 02305024 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-06-14 21:51 - 2013-05-04 08:57 - 01131520 ____A (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
2013-06-14 21:51 - 2013-05-04 08:57 - 00820736 ____A (Microsoft Corporation) C:\Windows\System32\gpprefcl.dll
2013-06-14 21:51 - 2013-05-04 08:57 - 00708096 ____A (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.dll
2013-06-14 21:51 - 2013-05-04 08:57 - 00560640 ____A (Microsoft Corporation) C:\Windows\System32\mfmp4srcsnk.dll
2013-06-14 21:51 - 2013-05-04 08:57 - 00501760 ____A (Microsoft Corporation) C:\Windows\System32\DevicePairing.dll
2013-06-14 21:51 - 2013-05-04 08:57 - 00389120 ____A (Microsoft Corporation) C:\Windows\System32\BCP47Langs.dll
2013-06-14 21:51 - 2013-05-04 08:57 - 00179712 ____A (Microsoft Corporation) C:\Windows\System32\bisrv.dll
2013-06-14 21:51 - 2013-05-04 08:57 - 00122368 ____A (Microsoft Corporation) C:\Windows\System32\biwinrt.dll
2013-06-14 21:51 - 2013-05-04 08:57 - 00017408 ____A (Microsoft Corporation) C:\Windows\System32\muifontsetup.dll
2013-06-14 21:51 - 2013-05-04 08:56 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl
2013-06-14 21:51 - 2013-05-04 06:58 - 00758784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe
2013-06-14 21:51 - 2013-05-04 06:58 - 00621056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-06-14 21:51 - 2013-05-04 06:58 - 00125952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-06-14 21:51 - 2013-05-04 06:58 - 00083968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-06-14 21:51 - 2013-05-04 06:58 - 00034304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-06-14 21:51 - 2013-05-04 06:57 - 10788864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-06-14 21:51 - 2013-05-04 06:57 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-06-14 21:51 - 2013-05-04 06:57 - 00303616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2013-06-14 21:51 - 2013-05-04 06:57 - 00247296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-06-14 21:51 - 2013-05-04 06:57 - 00151040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll
2013-06-14 21:51 - 2013-05-04 06:57 - 00115712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll
2013-06-14 21:51 - 2013-05-04 06:57 - 00018432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\npmproxy.dll
2013-06-14 21:51 - 2013-05-04 06:57 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\muifontsetup.dll
2013-06-14 21:51 - 2013-05-04 06:56 - 02035712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-06-14 21:51 - 2013-05-04 06:56 - 00582144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2013-06-14 21:51 - 2013-05-04 06:56 - 00449536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2013-06-14 21:51 - 2013-05-04 06:56 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2013-06-14 21:51 - 2013-05-04 06:56 - 00309760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\BCP47Langs.dll
2013-06-14 21:51 - 2013-05-04 06:56 - 00092160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\biwinrt.dll
2013-06-14 21:51 - 2013-05-04 06:55 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2013-06-14 21:51 - 2013-05-04 06:51 - 00014848 ____A (Microsoft) C:\Windows\System32\rars.rs
2013-06-14 21:51 - 2013-05-04 06:48 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-06-14 21:51 - 2013-05-04 06:48 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2013-06-14 21:51 - 2013-05-04 06:47 - 00427520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
2013-06-14 21:51 - 2013-05-04 06:10 - 00014848 ____A (Microsoft) C:\Windows\SysWOW64\rars.rs
2013-06-14 21:51 - 2013-05-03 00:04 - 00386646 ____A C:\Windows\System32\ApnDatabase.xml
2013-06-13 00:04 - 2013-05-04 09:45 - 02233600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 22:20 - 2013-04-24 01:13 - 01013248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 22:20 - 2013-04-24 01:12 - 01569792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 22:20 - 2013-04-24 01:12 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 22:20 - 2013-04-24 00:56 - 01255936 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 22:20 - 2013-04-24 00:55 - 01889280 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 22:20 - 2013-04-24 00:55 - 00141312 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 22:20 - 2013-04-24 00:55 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 20:44 - 2013-04-27 07:20 - 00733184 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 19:53 - 2013-04-03 01:37 - 00025088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 19:53 - 2013-04-03 01:12 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 17:21 - 2013-05-16 00:36 - 14320640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 17:21 - 2013-05-16 00:35 - 19230720 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 17:20 - 2013-05-16 00:37 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-06-12 17:20 - 2013-05-16 00:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2013-06-12 17:20 - 2013-05-14 15:14 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 17:20 - 2013-05-14 11:23 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 17:20 - 2013-04-29 00:30 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 17:20 - 2013-04-29 00:30 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 17:20 - 2013-04-29 00:30 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 17:20 - 2013-04-29 00:30 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 17:20 - 2013-04-29 00:30 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 17:20 - 2013-04-29 00:30 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 17:20 - 2013-04-29 00:30 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 17:20 - 2013-04-29 00:28 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 17:20 - 2013-04-29 00:28 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 17:20 - 2013-04-29 00:28 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 17:20 - 2013-04-29 00:28 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2013-06-12 17:20 - 2013-04-29 00:28 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 17:20 - 2013-04-29 00:28 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 17:20 - 2013-04-29 00:27 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 17:20 - 2013-04-29 00:27 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 17:20 - 2013-04-29 00:27 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-11 16:11 - 2013-06-11 16:20 - 00000000 ____D C:\Users\Timmi\AppData\Roaming\Broken Sword 2.5
2013-06-11 16:10 - 2013-06-11 16:10 - 00000776 ____A C:\Users\Public\Desktop\Broken Sword 2.5.lnk
2013-06-11 15:41 - 2013-06-11 15:48 - 179708218 ____A C:\Users\Timmi\Downloads\BS25_patch000_multilingual.zip
2013-06-11 15:40 - 2013-06-11 16:06 - 731357988 ____A C:\Users\Timmi\Downloads\bs25setup.zip

==================== One Month Modified Files and Folders =======

2013-07-10 11:04 - 2013-07-10 11:04 - 00000000 ____D C:\FRST
2013-07-10 11:03 - 2013-07-10 11:03 - 01776221 ____A (Farbar) C:\Users\Timmi\Desktop\FRST64.exe
2013-07-10 11:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\sru
2013-07-10 10:22 - 2013-07-09 17:37 - 00369899 ____A C:\Windows\WindowsUpdate.log
2013-07-10 09:45 - 2012-07-26 12:27 - 00753134 ____A C:\Windows\System32\perfh007.dat
2013-07-10 09:45 - 2012-07-26 12:27 - 00155826 ____A C:\Windows\System32\perfc007.dat
2013-07-10 09:45 - 2012-07-26 09:28 - 01745416 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-10 09:41 - 2013-07-10 09:41 - 00000797 ____A C:\Windows\setupact.log
2013-07-10 09:41 - 2013-07-10 09:41 - 00000000 ____A C:\Windows\setuperr.log
2013-07-09 18:06 - 2013-07-09 18:06 - 00016934 ____A C:\Users\Timmi\Desktop\Log.log
2013-07-09 17:56 - 2013-07-09 17:56 - 00377856 ____A C:\Users\Timmi\Downloads\gmer_2.1.19163.exe
2013-07-09 17:44 - 2013-07-09 17:44 - 00057370 ____A C:\Users\Timmi\Desktop\Extras.Txt
2013-07-09 17:43 - 2013-07-09 17:43 - 00082690 ____A C:\Users\Timmi\Desktop\OTL.Txt
2013-07-09 17:32 - 2013-07-09 17:32 - 00602112 ____A (OldTimer Tools) C:\Users\Timmi\Desktop\OTL.exe
2013-07-09 17:32 - 2013-07-09 17:32 - 00000472 ____A C:\Users\Timmi\Desktop\defogger_disable.log
2013-07-09 17:32 - 2013-07-09 17:32 - 00000000 ____A C:\Users\Timmi\defogger_reenable
2013-07-09 17:32 - 2013-03-24 14:59 - 00000000 ____D C:\users\Timmi
2013-07-09 17:31 - 2013-07-09 17:31 - 00050477 ____A C:\Users\Timmi\Desktop\Defogger.exe
2013-07-09 17:22 - 2013-07-09 17:21 - 02092792 ____A C:\Users\Timmi\Downloads\avira_free_antivirus.exe
2013-07-09 17:04 - 2013-07-09 17:03 - 00000000 ____D C:\Users\Timmi\AppData\Roaming\GetRightToGo
2013-07-09 17:02 - 2013-07-09 17:02 - 00000000 ____D C:\Qoobox
2013-07-09 17:01 - 2013-07-09 17:01 - 00000000 ____D C:\Windows\erdnt
2013-07-09 16:44 - 2012-07-26 09:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-09 16:43 - 2012-07-26 07:26 - 00262144 __ASH C:\Windows\System32\config\BBI
2013-07-09 16:41 - 2013-07-09 16:41 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Timmi\Desktop\tdsskiller.exe
2013-07-09 16:17 - 2013-07-09 16:14 - 01093032 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-07-09 16:17 - 2013-07-09 16:14 - 00972712 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-07-09 16:12 - 2013-07-09 16:12 - 00000000 ____D C:\Windows\System32\appmgmt
2013-07-09 15:50 - 2013-07-09 15:50 - 00000820 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-09 15:50 - 2013-07-09 15:50 - 00000000 ____D C:\Users\Timmi\AppData\Roaming\Malwarebytes
2013-07-09 15:49 - 2013-07-09 15:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-09 15:49 - 2013-07-09 15:48 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Timmi\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-06 12:02 - 2013-03-24 16:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-06 11:41 - 2013-07-06 11:40 - 00058880 __ASH C:\Users\Timmi\Downloads\Thumbs.db
2013-07-03 14:58 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-07-02 00:31 - 2013-07-01 22:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-29 23:00 - 2013-04-09 09:33 - 00000000 ____D C:\Users\Timmi\AppData\Local\Adobe
2013-06-29 02:05 - 2013-06-29 02:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-22 15:52 - 2013-06-22 15:43 - 76902472 ____A (The GIMP Team                                               ) C:\Users\Timmi\Downloads\gimp-2.8.4-setup.exe
2013-06-21 08:18 - 2013-06-21 08:18 - 00307904 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-21 08:17 - 2012-07-26 07:37 - 00000000 ____D C:\Windows\servicing
2013-06-18 16:30 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2013-06-18 16:30 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-06-18 16:30 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-06-18 16:30 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-06-18 16:30 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-06-18 16:30 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\System32\Dism
2013-06-12 20:45 - 2013-03-24 16:21 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 16:20 - 2013-06-11 16:11 - 00000000 ____D C:\Users\Timmi\AppData\Roaming\Broken Sword 2.5
2013-06-11 16:10 - 2013-06-11 16:10 - 00000776 ____A C:\Users\Public\Desktop\Broken Sword 2.5.lnk
2013-06-11 16:06 - 2013-06-11 15:40 - 731357988 ____A C:\Users\Timmi\Downloads\bs25setup.zip
2013-06-11 15:48 - 2013-06-11 15:41 - 179708218 ____A C:\Users\Timmi\Downloads\BS25_patch000_multilingual.zip
2013-06-10 17:17 - 2013-04-09 16:33 - 00000000 ____D C:\Users\Timmi\AppData\Local\Thunderbird

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-09 17:12

==================== End Of Log ============================
         
--- --- ---
Addition.txt:FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2013 01
Ran by Timmi at 2013-07-10 11:05:31
Running from C:\Users\Timmi\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
7-Zip 9.20 (x32)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.0.112)
Broken Sword 2.5 (x32)
Canon MG5100 series MP Drivers
Citavi (x32 Version: 3.4.0.2)
eaner (Version: 4.01)
FIFA 13 Demo (x32 Version: 1.0.0.0)
Football Manager 2013 Demo (x32)
GeoGebra 4.2 (x32 Version: 4.2.36.0)
HitmanPro 3.7 (Version: 3.7.6.201)
HUAWEI DataCard Driver 4.20.12.00 (x32 Version: 4.20.12.00)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2932)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mobile Connection Manager (x32)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 17.0.7)
Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7)
NVIDIA Grafiktreiber 314.07 (Version: 314.07)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA Optimus 1.12.12 (Version: 1.12.12)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Systemsteuerung 314.07 (Version: 314.07)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Origin (x32 Version: 9.1.15.109)
Pro Evolution Soccer 2013 DEMO (x32 Version: 1.00.0000)
RealDownloader (x32 Version: 1.3.1)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0)
RealPlayer (x32 Version: 16.0.0)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6714)
RealUpgrade 1.1 (x32 Version: 1.1.0)
SecureW2 EAP Suite 1.1.3 for Windows (x32)
Skype™ 6.3 (x32 Version: 6.3.105)
Steam (x32 Version: 1.0.0.0)
swMSM (x32 Version: 12.0.0.1)

==================== Restore Points  =========================

20-06-2013 20:23:19 Windows Update
02-07-2013 20:37:28 Geplanter Prüfpunkt
09-07-2013 14:12:04 Removed Java 7 Update 21

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {35C4FFD4-ED7D-43BE-BACB-F20F3BCB7BFB} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe [2012-08-15] (Microsoft Corporation)
Task: {37199C2C-5221-417E-8867-609898CF1364} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [2013-04-16] (RealNetworks, Inc.)
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {37F7B186-946C-43ED-B204-CA3D41B03B08} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {432494C3-1704-4B7B-AFCB-C2E3B7700880} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-01-29] (Microsoft Corporation)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2012-07-26] (Microsoft Corporation)
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {77B5AA2F-792B-4C4A-BC9F-C07F2D37979D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {883B4F98-D43C-4CF8-B17E-A3637DE55E26} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {8F582F53-ACF1-4AD3-9758-E8CAA5BC7937} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe No File
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {A8CF5AA7-9A33-43D0-8D14-C0D2DA4AEF64} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-01-29] (Microsoft Corporation)
Task: {AA1D887B-DF42-4A0E-87EE-314C7FD50E08} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {B6EA3BCE-90EF-4A89-89E0-AFDB096CEE86} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3501097877-3991688102-2366337154-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {BFF8F922-6624-4978-B129-2EC0F8A5E0C9} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\Windows\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C391A8D1-7229-4E06-A074-47DE6094FE89} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-01-29] (Microsoft Corporation)
Task: {C3C22889-18E2-4138-92F7-A5CCCFDD60D7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-01-29] (Microsoft Corporation)
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6988EA7-0914-432D-9A88-B584EBA43B00} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3501097877-3991688102-2366337154-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {C870F875-3C51-4F63-9DCF-8502EA29D15A} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3501097877-3991688102-2366337154-1001
Task: {C8E67BD3-438D-4069-8242-636485546ED8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {F8974600-0CDF-4E66-BC13-DFE992C9BCF4} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11] (Adobe Systems Incorporated)
Task: {FFE3FD50-646E-4A64-913B-23C4187E6025} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/09/2013 05:12:35 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/09/2013 00:26:18 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/09/2013 00:25:33 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/09/2013 00:17:57 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: pes2013-unlock.exe, Version: 1.0.0.0, Zeitstempel: 0x4ffa93be
Name des fehlerhaften Moduls: pes2013-unlock.exe, Version: 1.0.0.0, Zeitstempel: 0x4ffa93be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x004a98a6
ID des fehlerhaften Prozesses: 0x2c
Startzeit der fehlerhaften Anwendung: 0xpes2013-unlock.exe0
Pfad der fehlerhaften Anwendung: pes2013-unlock.exe1
Pfad des fehlerhaften Moduls: pes2013-unlock.exe2
Berichtskennung: pes2013-unlock.exe3
Vollständiger Name des fehlerhaften Pakets: pes2013-unlock.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: pes2013-unlock.exe5

Error: (07/08/2013 11:51:42 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/08/2013 11:39:27 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/08/2013 10:00:35 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: pes2013-unlock.exe, Version: 1.0.0.0, Zeitstempel: 0x4ffa93be
Name des fehlerhaften Moduls: pes2013-unlock.exe, Version: 1.0.0.0, Zeitstempel: 0x4ffa93be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x004a98a6
ID des fehlerhaften Prozesses: 0xea8
Startzeit der fehlerhaften Anwendung: 0xpes2013-unlock.exe0
Pfad der fehlerhaften Anwendung: pes2013-unlock.exe1
Pfad des fehlerhaften Moduls: pes2013-unlock.exe2
Berichtskennung: pes2013-unlock.exe3
Vollständiger Name des fehlerhaften Pakets: pes2013-unlock.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: pes2013-unlock.exe5

Error: (07/08/2013 02:40:53 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/08/2013 01:55:52 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: pes2013-unlock.exe, Version: 1.0.0.0, Zeitstempel: 0x4ffa93be
Name des fehlerhaften Moduls: pes2013-unlock.exe, Version: 1.0.0.0, Zeitstempel: 0x4ffa93be
Ausnahmecode: 0xc0000005
Fehleroffset: 0x004a98a6
ID des fehlerhaften Prozesses: 0xfd0
Startzeit der fehlerhaften Anwendung: 0xpes2013-unlock.exe0
Pfad der fehlerhaften Anwendung: pes2013-unlock.exe1
Pfad des fehlerhaften Moduls: pes2013-unlock.exe2
Berichtskennung: pes2013-unlock.exe3
Vollständiger Name des fehlerhaften Pakets: pes2013-unlock.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: pes2013-unlock.exe5

Error: (07/06/2013 11:41:47 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: Timmis)
Description: Die App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.


System errors:
=============
Error: (07/09/2013 04:46:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/09/2013 04:46:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/09/2013 04:41:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/09/2013 04:41:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/09/2013 04:38:51 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎09.‎07.‎2013 um 16:21:39 unerwartet heruntergefahren.

Error: (07/09/2013 00:40:06 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/09/2013 00:40:06 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/07/2013 04:19:39 PM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.55
registriert werden. Der Computer mit IP-Adresse 192.168.178.29 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (07/06/2013 00:04:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (07/06/2013 00:04:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (07/09/2013 05:12:35 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe

Error: (07/09/2013 00:26:18 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe

Error: (07/09/2013 00:25:33 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe

Error: (07/09/2013 00:17:57 AM) (Source: Application Error)(User: )
Description: pes2013-unlock.exe1.0.0.04ffa93bepes2013-unlock.exe1.0.0.04ffa93bec0000005004a98a62c01ce7c25e509e239D:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013 DEMO\pes2013-unlock.exeD:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013 DEMO\pes2013-unlock.exe3de33777-e81c-11e2-be7d-ac72897cf16d

Error: (07/08/2013 11:51:42 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe

Error: (07/08/2013 11:39:27 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe

Error: (07/08/2013 10:00:35 PM) (Source: Application Error)(User: )
Description: pes2013-unlock.exe1.0.0.04ffa93bepes2013-unlock.exe1.0.0.04ffa93bec0000005004a98a6ea801ce7c074e173631D:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013 DEMO\pes2013-unlock.exeD:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013 DEMO\pes2013-unlock.exe0ce5ff6c-e809-11e2-be7d-ac72897cf16d

Error: (07/08/2013 02:40:53 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe

Error: (07/08/2013 01:55:52 PM) (Source: Application Error)(User: )
Description: pes2013-unlock.exe1.0.0.04ffa93bepes2013-unlock.exe1.0.0.04ffa93bec0000005004a98a6fd001ce7bcf876645c7D:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013 DEMO\pes2013-unlock.exeD:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2013 DEMO\pes2013-unlock.exe5605930d-e7c5-11e2-be7d-ac72897cf16d

Error: (07/06/2013 11:41:47 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: Timmis)
Description: microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos


==================== Memory info =========================== 

Percentage of memory in use: 20%
Total physical RAM: 8104.62 MB
Available physical RAM: 6469.44 MB
Total Pagefile: 9320.62 MB
Available Pagefile: 7742.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (Volume) (Fixed) (Total:126.95 GB) (Free:83.37 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:804.56 GB) (Free:719.04 GB) NTFS (Disk=0 Partition=2)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 1C1C96E3)
Partition 1: (Active) - (Size=127 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=805 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---

Alt 11.07.2013, 13:03   #14
aharonov
/// TB-Ausbilder
 
Exploit:Java/CVE-2013 etc. - Standard

Exploit:Java/CVE-2013 etc.



Versuch noch einmal Combofix durchlaufen zu lassen.
Die alte combofix.exe löschen und neu herunterladen:


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
cheers,
Leo

Alt 11.07.2013, 16:40   #15
Kaese
 
Exploit:Java/CVE-2013 etc. - Standard

Exploit:Java/CVE-2013 etc.



Es tut mir leid, ich habe aus Versehen die Maus zweimal minimal bewegt. Ich hoffe, das macht nichts weiter aus.

Code:
ATTFilter
ComboFix 13-07-09.01 - Timmi 11.07.2013  17:25:59.1.4 - x64
Microsoft Windows 8 Pro  6.2.9200.0.1252.49.1031.18.8105.6189 [GMT 2:00]
ausgeführt von:: c:\users\Timmi\Downloads\ComboFix.exe
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SecureW2
c:\program files (x86)\SecureW2\Uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\users\Timmi\AppData\Local\TempDIR
c:\users\Timmi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-11 bis 2013-07-11  ))))))))))))))))))))))))))))))
.
.
2013-07-11 09:51 . 2013-06-12 03:08	9552976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D459148-15F5-4BEF-BC6F-D025A9BA74B2}\mpengine.dll
2013-07-11 09:49 . 2013-05-04 06:59	2842112	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-11 09:49 . 2013-05-04 04:57	2620928	----a-w-	c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 09:04 . 2013-07-10 09:04	--------	d-----w-	C:\FRST
2013-07-09 15:03 . 2013-07-09 15:04	--------	d-----w-	c:\users\Timmi\AppData\Roaming\GetRightToGo
2013-07-09 14:14 . 2013-07-09 14:17	972712	----a-w-	c:\windows\system32\deployJava1.dll
2013-07-09 14:14 . 2013-07-09 14:17	1093032	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-07-09 14:12 . 2013-07-09 14:12	--------	d-----w-	c:\windows\system32\appmgmt
2013-07-09 13:50 . 2013-07-09 13:50	--------	d-----w-	c:\users\Timmi\AppData\Roaming\Malwarebytes
2013-07-09 13:49 . 2013-07-09 13:49	--------	d-----w-	c:\programdata\Malwarebytes
2013-07-09 13:49 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-07-09 13:49 . 2013-07-09 13:49	--------	d-----w-	c:\users\Timmi\AppData\Local\Programs
2013-07-01 20:11 . 2013-07-01 22:31	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-06-20 10:27 . 2013-05-15 22:35	144384	----a-w-	c:\windows\system32\tssdisai.dll
2013-06-15 08:37 . 2013-05-23 23:01	1300992	----a-w-	c:\windows\system32\gdi32.dll
2013-06-15 08:37 . 2013-05-23 22:27	1022464	----a-w-	c:\windows\SysWow64\gdi32.dll
2013-06-15 07:40 . 2013-05-30 23:24	1257472	----a-w-	c:\windows\system32\kernel32.dll
2013-06-14 21:20 . 2013-05-15 02:25	888320	----a-w-	c:\windows\system32\autochk.exe
2013-06-14 21:20 . 2013-05-15 02:25	542208	----a-w-	c:\windows\system32\untfs.dll
2013-06-14 21:20 . 2013-05-15 02:24	793088	----a-w-	c:\windows\SysWow64\autochk.exe
2013-06-14 21:20 . 2013-05-15 02:24	482816	----a-w-	c:\windows\SysWow64\untfs.dll
2013-06-14 19:52 . 2013-05-04 06:59	13644288	----a-w-	c:\windows\system32\Windows.UI.Xaml.dll
2013-06-13 16:29 . 2013-05-10 02:42	17271808	----a-w-	c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-06-13 16:29 . 2013-05-10 02:21	16642560	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-06-12 22:04 . 2013-05-04 07:45	2233600	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-12 20:20 . 2013-04-23 22:55	1889280	----a-w-	c:\windows\system32\crypt32.dll
2013-06-12 20:20 . 2013-04-23 23:12	1569792	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-06-12 20:20 . 2013-04-23 22:56	1255936	----a-w-	c:\windows\system32\certutil.exe
2013-06-12 20:20 . 2013-04-23 23:13	1013248	----a-w-	c:\windows\SysWow64\certutil.exe
2013-06-12 20:20 . 2013-04-23 23:12	109056	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-06-12 20:20 . 2013-04-23 22:55	68096	----a-w-	c:\windows\system32\cryptsvc.dll
2013-06-12 20:20 . 2013-04-23 22:55	141312	----a-w-	c:\windows\system32\cryptnet.dll
2013-06-12 18:44 . 2013-04-27 05:20	733184	----a-w-	c:\windows\system32\win32spl.dll
2013-06-12 17:53 . 2013-04-02 23:37	25088	----a-w-	c:\windows\SysWow64\cryptdlg.dll
2013-06-12 17:53 . 2013-04-02 23:12	30720	----a-w-	c:\windows\system32\cryptdlg.dll
2013-06-12 15:21 . 2013-05-15 22:35	19230720	----a-w-	c:\windows\system32\mshtml.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 18:45 . 2013-03-24 14:21	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-06-04 22:09 . 2012-07-26 08:14	78200	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-04 22:09 . 2012-07-26 08:14	693112	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-22 10:21 . 2012-07-26 08:13	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:29 . 2013-03-24 14:16	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-24 07:53 . 2013-03-24 13:04	17536	----a-w-	c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-04-16 11:32 . 2013-04-16 11:32	499712	----a-w-	c:\windows\SysWow64\msvcp71.dll
2013-04-16 11:32 . 2013-04-16 11:32	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
2013-04-16 02:34 . 2013-05-17 14:23	1455368	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 05:56 . 2013-05-17 19:15	444416	----a-w-	c:\windows\apppatch\AcSpecfc.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files (x86)\Steam\Steam.exe" [2013-03-29 1631144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-04-16 295512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S2 MBAMScheduler;MBAMScheduler;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe;c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\System32\drivers\ew_jubusenum.sys;c:\windows\SYSNATIVE\drivers\ew_jubusenum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8168;Realtek 8168 NT-Treiber;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2012-12-18 19:08	215264	----a-w-	c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 132.187.0.13
TCP: Interfaces\{D04FDD5C-702D-4BC2-B168-5D0E37254FCA}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\Timmi\AppData\Roaming\Mozilla\Firefox\Profiles\271z4be7.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-50608584.sys
AddRemove-SecureW2 EAP Suite - c:\program files (x86)\SecureW2\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2013-07-11  17:36:53
ComboFix-quarantined-files.txt  2013-07-11 15:36
.
Vor Suchlauf: 7 Verzeichnis(se), 89.143.418.880 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 88.597.196.800 Bytes frei
.
- - End Of File - - 7ED5903132BE33F113551D3D178A17B2
A36C5E4F47E84449FF07ED3517B43A31
         

Antwort

Themen zu Exploit:Java/CVE-2013 etc.
7-zip, adobe reader xi, authentifizierung, autorun, bho, canon, defender, ebay, entfernen, error, firefox, flash player, format, homepage, iexplore.exe, install.exe, java-version, karte, kaspersky, kreditkarte, logfile, mozilla, nvpciflt.sys, problem, realtek, registry, rundll, scan, security, software, starten, svchost.exe, windows



Ähnliche Themen: Exploit:Java/CVE-2013 etc.


  1. Gemeiner Trojaner HEUR:Exploit.Java.CVE-2013-2423.gen
    Plagegeister aller Art und deren Bekämpfung - 14.07.2015 (15)
  2. Windows 7: Exploit:Java/CVE-2013-0431 Wie kann ich den entfernen?
    Log-Analyse und Auswertung - 11.04.2014 (7)
  3. Windows 7: Kaspersky Internet Security 2013 findet Trojaner HEUR:Exploit.Java.CVE-2013-1493.gen
    Log-Analyse und Auswertung - 20.11.2013 (57)
  4. Trojaner Java.Exploit.CVE-2013-0422.C
    Log-Analyse und Auswertung - 10.09.2013 (4)
  5. Win XP HEUR:Exploit.Java.CVE-2013/2423.gen
    Log-Analyse und Auswertung - 07.09.2013 (1)
  6. HEUR:Exploit.Java.CVE-2013-0413.gen
    Log-Analyse und Auswertung - 02.09.2013 (19)
  7. HEUR:EXPLOIT.Java.CVE-2013-1493a - 3 Mal Maleware von Kaspersky gefunden
    Log-Analyse und Auswertung - 23.08.2013 (23)
  8. Trojaner: HEUR:Exploit.Java.CVE-2013-0431.gen
    Plagegeister aller Art und deren Bekämpfung - 15.08.2013 (84)
  9. ESET Meldet: Java/Exploit.CVE-2013-0422.EI Trojaner
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (1)
  10. HEUR:Exploit.Java.CVE-2013-2423.gen
    Log-Analyse und Auswertung - 27.07.2013 (19)
  11. Exploit:Java/CVE-2013-0431 und co. Funde von MCE
    Log-Analyse und Auswertung - 21.06.2013 (22)
  12. Deinstallieren von : HEUR: Exploit.Java.CVE-2013-2423.gen
    Log-Analyse und Auswertung - 19.06.2013 (7)
  13. Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun?
    Log-Analyse und Auswertung - 09.06.2013 (19)
  14. variant of Java/Exploit.CVE-2013-2423.Q trojan - Landespolizeidirection-Virus
    Log-Analyse und Auswertung - 12.05.2013 (15)
  15. Kaspersky meldet "Gefunden: HEUR:Exploit.Java.CVE-2013-0422.gen"
    Log-Analyse und Auswertung - 14.04.2013 (12)
  16. Exploit.Java.CVE-2013-0422d von Kaspersky gefunden und gelöscht/desinfiziert. Was nun?
    Log-Analyse und Auswertung - 04.03.2013 (14)
  17. HEUR:Exploit.Java.CVE-2012-4681.gen" sowie mehrfach Exploit.Java.CVE-2012-0507.ou mit kaspersky gefunden in C:Dokumente und Einstellungen ge
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (11)

Zum Thema Exploit:Java/CVE-2013 etc. - Hallo allerseits! Ich habe mich vor einigen Tagen bei Ebay angemeldet und beim ersten Versuch eines Bietens gemerkt, dass ich auf eine Website geleitet werde, die meine Kreditkartennummer zur Authentifizierung - Exploit:Java/CVE-2013 etc....
Archiv
Du betrachtest: Exploit:Java/CVE-2013 etc. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.