| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Suspicious.Cloud.7.EPWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.03.2012, 09:30
| #16 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Suspicious.Cloud.7.EPZitat:
 Rechtsklicks auf ein Objekt (Ordner oder Datei) => 7Zip => zu einem Archiv hinzufügen Einfacher gehts doch nun wirklich nicht mehr! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.03.2012, 15:33
| #17 |
 | Suspicious.Cloud.7.EP sorry habs jetz erst gecheckt
__________________ |
|
28.03.2012, 13:08
| #18 |
| | Suspicious.Cloud.7.EP was ist jetz sorry für die ungeduld
__________________ |
|
28.03.2012, 13:21
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Suspicious.Cloud.7.EP Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3EC65740-3E6D-471E-819D-7D542DBEFF77}
IE:64bit: - HKLM\..\SearchScopes\{1E95A45A-CAD0-4AD0-8C67-DB70290CBB76}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE:64bit: - HKLM\..\SearchScopes\{3EC65740-3E6D-471E-819D-7D542DBEFF77}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE:64bit: - HKLM\..\SearchScopes\{D1BC1C7A-F0C4-42AB-97EC-7B8C510B3A7D}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKLM\..\SearchScopes\{1E95A45A-CAD0-4AD0-8C67-DB70290CBB76}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{3EC65740-3E6D-471E-819D-7D542DBEFF77}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKLM\..\SearchScopes\{D1BC1C7A-F0C4-42AB-97EC-7B8C510B3A7D}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cndt
IE - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
IE - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\..\SearchScopes,DefaultScope = {3EC65740-3E6D-471E-819D-7D542DBEFF77}
IE - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\..\SearchScopes\{1E95A45A-CAD0-4AD0-8C67-DB70290CBB76}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\..\SearchScopes\{3EC65740-3E6D-471E-819D-7D542DBEFF77}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=DE&ver=6
IE - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\..\SearchScopes\{D1BC1C7A-F0C4-42AB-97EC-7B8C510B3A7D}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
FF - prefs.js..browser.search.selectedEngine: "Linkury Smartbar Search"
FF - prefs.js..browser.startup.homepage: "http://search.linkury.com"
FF - prefs.js..keyword.URL: "http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:7317400059&cof=FORID:11&sa=Search&siteurl=search.linkury.com&q="
[2012.03.24 12:42:57 | 000,000,000 | ---D | M] (Winload) -- C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2012.03.23 18:02:26 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\helperbar@helperbar.com
[2012.03.24 12:42:33 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\software@loadtubes.com
[2012.03.08 20:58:48 | 000,002,412 | ---- | M] () -- C:\Users\Gerrit\AppData\Roaming\Mozilla\Firefox\Profiles\zdzacfp4.default\searchplugins\Linkury Smartbar Search.xml
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT2319825
CHR - default_search_provider: suggest_url = http://search.conduit.com/
O2 - BHO: (The IE monitor (part of Time Boss application)) - {E421B744-12A1-4447-AB8A-DA2F96D9D9EE} - C:\PROGRA~2\TIMEBO~1\TIME_B~1.DLL (NiceKit Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Gerrit\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Gerrit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWA = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWB = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWC = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWD = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWE = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWF = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWG = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWH = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWI = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWJ = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWK = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWL = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWM = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWN = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWO = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWP = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWQ = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWR = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWS = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWT = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWU = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWV = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWW = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWX = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWY = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWZ = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 1
O7 - HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7010e8cf-aeba-11de-9da4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7010e8cf-aeba-11de-9da4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Launch.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Launch.exe
:Files
C:\Users\Gerrit\AppData\Local\Conduit
C:\Users\Gerrit\AppData\Roaming\loadtbs
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.03.2012, 13:36
| #20 |
| | Suspicious.Cloud.7.EP Ok kier ist das LOG : Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1E95A45A-CAD0-4AD0-8C67-DB70290CBB76}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E95A45A-CAD0-4AD0-8C67-DB70290CBB76}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3EC65740-3E6D-471E-819D-7D542DBEFF77}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EC65740-3E6D-471E-819D-7D542DBEFF77}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D1BC1C7A-F0C4-42AB-97EC-7B8C510B3A7D}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D1BC1C7A-F0C4-42AB-97EC-7B8C510B3A7D}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1E95A45A-CAD0-4AD0-8C67-DB70290CBB76}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E95A45A-CAD0-4AD0-8C67-DB70290CBB76}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3EC65740-3E6D-471E-819D-7D542DBEFF77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EC65740-3E6D-471E-819D-7D542DBEFF77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D1BC1C7A-F0C4-42AB-97EC-7B8C510B3A7D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D1BC1C7A-F0C4-42AB-97EC-7B8C510B3A7D}\ not found.
HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1E95A45A-CAD0-4AD0-8C67-DB70290CBB76}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E95A45A-CAD0-4AD0-8C67-DB70290CBB76}\ not found.
Registry key HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3EC65740-3E6D-471E-819D-7D542DBEFF77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EC65740-3E6D-471E-819D-7D542DBEFF77}\ not found.
Registry key HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D1BC1C7A-F0C4-42AB-97EC-7B8C510B3A7D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D1BC1C7A-F0C4-42AB-97EC-7B8C510B3A7D}\ not found.
Prefs.js: "Linkury Smartbar Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.linkury.com" removed from browser.startup.homepage
Prefs.js: "hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:7317400059&cof=FORID:11&sa=Search&siteurl=search.linkury.com&q=" removed from keyword.URL
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\Plugins folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\modules folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\META-INF folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\lib folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\defaults\preferences folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\defaults folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\skin folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\sl folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\lib folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\core folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\WEATHER folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\TWITTER\resources folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\TWITTER folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\TESTER_POPUP\js folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\TESTER_POPUP folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\TESTER_EMBEDDED\js folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\TESTER_EMBEDDED folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\TESTER_BCAPI\js folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\TESTER_BCAPI folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\SEARCH\js\resources folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\SEARCH folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa\404 folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\wa folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\ui\menu\js folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\ui\menu\img folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\ui\menu\css folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\ui\menu folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\ui\gf\img folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\ui\gf\css folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\ui\gf folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\ui\dlg\ftd folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\ui\dlg folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\ui folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\searchProtector\searchProtectorSettingsDialog\images folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\searchProtector\searchProtectorSettingsDialog folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\searchProtector\SearchProtectorBubbleDialog\images folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\searchProtector\SearchProtectorBubbleDialog folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\searchProtector\js folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\searchProtector folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\options\js\resources folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\options\js folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\options\images folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\options\css folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\options folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\myStuffDialogs folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\features\js\resources folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\features\js folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\features folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\api folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\ac\res folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\ac\img folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\ac\css folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\ac folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\aboutBox\js folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\aboutBox\images folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al\aboutBox folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb\al folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content\tb folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825\content folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome\CT2319825 folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\helperbar@helperbar.com\components folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\helperbar@helperbar.com\chrome\PublisherImages folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\helperbar@helperbar.com\chrome\images folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\helperbar@helperbar.com\chrome folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\helperbar@helperbar.com folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\software@loadtubes.com\chrome\skin folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\software@loadtubes.com\chrome\content folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\software@loadtubes.com\chrome folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\mozilla\Firefox\Profiles\zdzacfp4.default\extensions\software@loadtubes.com folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\Mozilla\Firefox\Profiles\zdzacfp4.default\searchplugins\Linkury Smartbar Search.xml moved successfully.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E421B744-12A1-4447-AB8A-DA2F96D9D9EE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E421B744-12A1-4447-AB8A-DA2F96D9D9EE}\ deleted successfully.
File move failed. C:\PROGRA~2\TIMEBO~1\TIME_B~1.DLL scheduled to be moved on reboot.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}\ deleted successfully.
C:\Users\Gerrit\AppData\Roaming\loadtbs\toolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\Gerrit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk.disabled moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideFastUserSwitching deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoNetHood deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFind deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoShellSearchButton deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LWA deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LWB deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LWC deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LWD deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LWE deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LWF deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LWG deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LWH deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LWI deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LWJ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LWK deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LWL deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LWM deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LWN deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LWO deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LWP deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LWQ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LWR deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LWS deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LWT deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LWU deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LWV deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LWW deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LWX deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LWY deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LWZ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableLockWorkstation deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableChangePassword deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableClock deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7010e8cf-aeba-11de-9da4-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7010e8cf-aeba-11de-9da4-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7010e8cf-aeba-11de-9da4-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7010e8cf-aeba-11de-9da4-806e6f6e6963}\ not found.
File E:\Launch.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\Launch.exe not found.
========== FILES ==========
C:\Users\Gerrit\AppData\Local\Conduit folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\loadtbs\chrome@loadtubes.com folder moved successfully.
C:\Users\Gerrit\AppData\Roaming\loadtbs folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Gerhard
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 804 bytes
User: Gerrit
->Temp folder emptied: 55444890 bytes
->Temporary Internet Files folder emptied: 84051786 bytes
->FireFox cache emptied: 6131367 bytes
->Google Chrome cache emptied: 373202773 bytes
->Flash cache emptied: 21205 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 253983 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 195539 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 495,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Gerhard
User: Gerrit
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.39.2 log created on 03282012_142938
Files\Folders moved on Reboot...
File move failed. C:\PROGRA~2\TIMEBO~1\TIME_B~1.DLL scheduled to be moved on reboot.
C:\Users\Gerrit\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
|
|
28.03.2012, 13:41
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Suspicious.Cloud.7.EP Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> Suspicious.Cloud.7.EP |
|
28.03.2012, 13:49
| #22 |
| | Suspicious.Cloud.7.EP was soll ich machen wenn hp , light scribe , time boss , amd als virus erkannt werde n( medium risk ) sind alle verdächtig nicht mehr sind das alle fehlalarme ???? Code:
ATTFilter 14:46:29.0907 4652 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
14:46:30.0919 4652 ============================================================
14:46:30.0919 4652 Current date / time: 2012/03/28 14:46:30.0919
14:46:30.0919 4652 SystemInfo:
14:46:30.0920 4652
14:46:30.0920 4652 OS Version: 6.1.7601 ServicePack: 1.0
14:46:30.0920 4652 Product type: Workstation
14:46:30.0920 4652 ComputerName: GERRIT-PC
14:46:30.0920 4652 UserName: Gerrit
14:46:30.0920 4652 Windows directory: C:\Windows
14:46:30.0920 4652 System windows directory: C:\Windows
14:46:30.0920 4652 Running under WOW64
14:46:30.0920 4652 Processor architecture: Intel x64
14:46:30.0920 4652 Number of processors: 3
14:46:30.0920 4652 Page size: 0x1000
14:46:30.0920 4652 Boot type: Normal boot
14:46:30.0921 4652 ============================================================
14:46:32.0015 4652 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:46:32.0039 4652 \Device\Harddisk0\DR0:
14:46:32.0040 4652 MBR used
14:46:32.0040 4652 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:46:32.0040 4652 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x388F0000
14:46:32.0040 4652 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38922800, BlocksNum 0x1A63000
14:46:32.0063 4652 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3A386000, BlocksNum 0x74701000
14:46:32.0180 4652 Initialize success
14:46:32.0180 4652 ============================================================
14:47:47.0311 4416 ============================================================
14:47:47.0311 4416 Scan started
14:47:47.0311 4416 Mode: Manual; SigCheck; TDLFS;
14:47:47.0311 4416 ============================================================
14:47:47.0661 4416 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:47:47.0778 4416 1394ohci - ok
14:47:47.0815 4416 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:47:47.0832 4416 ACPI - ok
14:47:47.0855 4416 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:47:47.0901 4416 AcpiPmi - ok
14:47:47.0950 4416 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:47:47.0983 4416 adp94xx - ok
14:47:48.0020 4416 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:47:48.0053 4416 adpahci - ok
14:47:48.0084 4416 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:47:48.0115 4416 adpu320 - ok
14:47:48.0153 4416 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:47:48.0222 4416 AeLookupSvc - ok
14:47:48.0279 4416 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:47:48.0350 4416 AFD - ok
14:47:48.0372 4416 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:47:48.0386 4416 agp440 - ok
14:47:48.0403 4416 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:47:48.0439 4416 ALG - ok
14:47:48.0470 4416 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:47:48.0490 4416 aliide - ok
14:47:48.0556 4416 AMD External Events Utility (0d9598c1fd091f07757b45c6a6f6c535) C:\Windows\system32\atiesrxx.exe
14:47:48.0614 4416 AMD External Events Utility - ok
14:47:48.0645 4416 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:47:48.0659 4416 amdide - ok
14:47:48.0697 4416 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:47:48.0717 4416 AmdK8 - ok
14:47:48.0888 4416 amdkmdag (7052120d5ab25ab292e8c9da46bb2fe1) C:\Windows\system32\DRIVERS\atikmdag.sys
14:47:49.0054 4416 amdkmdag - ok
14:47:49.0095 4416 amdkmdap (2d9005ea0bfd25c740e53c8dd3c069e0) C:\Windows\system32\DRIVERS\atikmpag.sys
14:47:49.0123 4416 amdkmdap ( UnsignedFile.Multi.Generic ) - warning
14:47:49.0123 4416 amdkmdap - detected UnsignedFile.Multi.Generic (1)
14:47:49.0140 4416 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:47:49.0211 4416 AmdPPM - ok
14:47:49.0343 4416 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:47:49.0373 4416 amdsata - ok
14:47:49.0413 4416 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:47:49.0446 4416 amdsbs - ok
14:47:49.0474 4416 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:47:49.0498 4416 amdxata - ok
14:47:49.0575 4416 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:47:49.0661 4416 AppID - ok
14:47:49.0696 4416 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:47:49.0776 4416 AppIDSvc - ok
14:47:49.0828 4416 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:47:49.0880 4416 Appinfo - ok
14:47:49.0959 4416 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:47:49.0984 4416 Apple Mobile Device - ok
14:47:50.0031 4416 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:47:50.0064 4416 arc - ok
14:47:50.0100 4416 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:47:50.0127 4416 arcsas - ok
14:47:50.0206 4416 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:47:50.0231 4416 aspnet_state - ok
14:47:50.0271 4416 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:47:50.0338 4416 AsyncMac - ok
14:47:50.0367 4416 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:47:50.0376 4416 atapi - ok
14:47:50.0422 4416 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
14:47:50.0440 4416 AtiHdmiService - ok
14:47:50.0625 4416 atikmdag (7052120d5ab25ab292e8c9da46bb2fe1) C:\Windows\system32\DRIVERS\atikmdag.sys
14:47:50.0692 4416 atikmdag - ok
14:47:50.0757 4416 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:47:50.0843 4416 AudioEndpointBuilder - ok
14:47:50.0853 4416 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:47:50.0888 4416 AudioSrv - ok
14:47:50.0924 4416 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:47:50.0989 4416 AxInstSV - ok
14:47:51.0037 4416 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:47:51.0080 4416 b06bdrv - ok
14:47:51.0171 4416 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:47:51.0236 4416 b57nd60a - ok
14:47:51.0279 4416 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:47:51.0311 4416 BDESVC - ok
14:47:51.0335 4416 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:47:51.0391 4416 Beep - ok
14:47:51.0429 4416 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:47:51.0466 4416 BFE - ok
14:47:51.0657 4416 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120317.002\BHDrvx64.sys
14:47:51.0700 4416 BHDrvx64 - ok
14:47:51.0730 4416 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:47:51.0820 4416 BITS - ok
14:47:51.0881 4416 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:47:51.0925 4416 blbdrive - ok
14:47:51.0991 4416 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:47:52.0021 4416 Bonjour Service - ok
14:47:52.0072 4416 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:47:52.0086 4416 bowser - ok
14:47:52.0113 4416 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:47:52.0144 4416 BrFiltLo - ok
14:47:52.0188 4416 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:47:52.0202 4416 BrFiltUp - ok
14:47:52.0229 4416 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:47:52.0327 4416 Browser - ok
14:47:52.0349 4416 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:47:52.0375 4416 Brserid - ok
14:47:52.0395 4416 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:47:52.0419 4416 BrSerWdm - ok
14:47:52.0451 4416 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:47:52.0492 4416 BrUsbMdm - ok
14:47:52.0508 4416 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:47:52.0527 4416 BrUsbSer - ok
14:47:52.0548 4416 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:47:52.0587 4416 BTHMODEM - ok
14:47:52.0633 4416 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:47:52.0708 4416 bthserv - ok
14:47:52.0833 4416 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys
14:47:52.0859 4416 ccSet_N360 - ok
14:47:52.0895 4416 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:47:52.0963 4416 cdfs - ok
14:47:52.0999 4416 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:47:53.0036 4416 cdrom - ok
14:47:53.0072 4416 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:47:53.0132 4416 CertPropSvc - ok
14:47:53.0166 4416 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:47:53.0182 4416 circlass - ok
14:47:53.0214 4416 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:47:53.0249 4416 CLFS - ok
14:47:53.0295 4416 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:47:53.0321 4416 clr_optimization_v2.0.50727_32 - ok
14:47:53.0380 4416 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:47:53.0406 4416 clr_optimization_v2.0.50727_64 - ok
14:47:53.0465 4416 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:47:53.0488 4416 clr_optimization_v4.0.30319_32 - ok
14:47:53.0521 4416 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:47:53.0535 4416 clr_optimization_v4.0.30319_64 - ok
14:47:53.0574 4416 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:47:53.0592 4416 CmBatt - ok
14:47:53.0621 4416 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:47:53.0636 4416 cmdide - ok
14:47:53.0676 4416 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:47:53.0710 4416 CNG - ok
14:47:53.0737 4416 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:47:53.0753 4416 Compbatt - ok
14:47:53.0793 4416 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:47:53.0824 4416 CompositeBus - ok
14:47:53.0848 4416 COMSysApp - ok
14:47:53.0873 4416 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:47:53.0888 4416 crcdisk - ok
14:47:53.0918 4416 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:47:53.0976 4416 CryptSvc - ok
14:47:54.0015 4416 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
14:47:54.0039 4416 dc3d - ok
14:47:54.0084 4416 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:47:54.0152 4416 DcomLaunch - ok
14:47:54.0186 4416 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:47:54.0230 4416 defragsvc - ok
14:47:54.0258 4416 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:47:54.0327 4416 DfsC - ok
14:47:54.0376 4416 dg_ssudbus (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys
14:47:54.0385 4416 dg_ssudbus - ok
14:47:54.0417 4416 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:47:54.0460 4416 Dhcp - ok
14:47:54.0486 4416 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:47:54.0517 4416 discache - ok
14:47:54.0556 4416 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:47:54.0566 4416 Disk - ok
14:47:54.0602 4416 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:47:54.0663 4416 Dnscache - ok
14:47:54.0704 4416 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:47:54.0793 4416 dot3svc - ok
14:47:54.0822 4416 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:47:54.0874 4416 DPS - ok
14:47:54.0901 4416 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:47:54.0914 4416 drmkaud - ok
14:47:54.0942 4416 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:47:54.0962 4416 DXGKrnl - ok
14:47:54.0977 4416 EagleX64 - ok
14:47:55.0013 4416 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:47:55.0070 4416 EapHost - ok
14:47:55.0167 4416 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:47:55.0255 4416 ebdrv - ok
14:47:55.0355 4416 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
14:47:55.0382 4416 eeCtrl - ok
14:47:55.0428 4416 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:47:55.0481 4416 EFS - ok
14:47:55.0535 4416 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:47:55.0586 4416 ehRecvr - ok
14:47:55.0613 4416 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:47:55.0635 4416 ehSched - ok
14:47:55.0695 4416 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:47:55.0739 4416 elxstor - ok
14:47:55.0801 4416 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:47:55.0825 4416 EraserUtilRebootDrv - ok
14:47:55.0860 4416 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:47:55.0911 4416 ErrDev - ok
14:47:55.0958 4416 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:47:56.0012 4416 EventSystem - ok
14:47:56.0035 4416 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:47:56.0069 4416 exfat - ok
14:47:56.0088 4416 ezSharedSvc - ok
14:47:56.0115 4416 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:47:56.0147 4416 fastfat - ok
14:47:56.0195 4416 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:47:56.0245 4416 Fax - ok
14:47:56.0271 4416 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:47:56.0300 4416 fdc - ok
14:47:56.0332 4416 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:47:56.0376 4416 fdPHost - ok
14:47:56.0406 4416 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:47:56.0437 4416 FDResPub - ok
14:47:56.0457 4416 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:47:56.0466 4416 FileInfo - ok
14:47:56.0474 4416 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:47:56.0504 4416 Filetrace - ok
14:47:56.0535 4416 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:47:56.0546 4416 flpydisk - ok
14:47:56.0568 4416 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:47:56.0581 4416 FltMgr - ok
14:47:56.0623 4416 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:47:56.0654 4416 FontCache - ok
14:47:56.0730 4416 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:47:56.0752 4416 FontCache3.0.0.0 - ok
14:47:56.0783 4416 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:47:56.0811 4416 FsDepends - ok
14:47:56.0830 4416 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:47:56.0840 4416 Fs_Rec - ok
14:47:56.0866 4416 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:47:56.0884 4416 fvevol - ok
14:47:56.0907 4416 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:47:56.0918 4416 gagp30kx - ok
14:47:56.0971 4416 GameConsoleService (c44d560e441f091ea3b72f778ec60de2) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
14:47:56.0999 4416 GameConsoleService - ok
14:47:57.0038 4416 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:47:57.0049 4416 GEARAspiWDM - ok
14:47:57.0104 4416 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:47:57.0165 4416 gpsvc - ok
14:47:57.0199 4416 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:47:57.0243 4416 hcw85cir - ok
14:47:57.0300 4416 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:47:57.0350 4416 HdAudAddService - ok
14:47:57.0407 4416 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:47:57.0464 4416 HDAudBus - ok
14:47:57.0494 4416 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:47:57.0554 4416 HidBatt - ok
14:47:57.0590 4416 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:47:57.0614 4416 HidBth - ok
14:47:57.0634 4416 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:47:57.0657 4416 HidIr - ok
14:47:57.0675 4416 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:47:57.0714 4416 hidserv - ok
14:47:57.0767 4416 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
14:47:57.0800 4416 HidUsb - ok
14:47:57.0830 4416 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:47:57.0887 4416 hkmsvc - ok
14:47:57.0917 4416 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:47:57.0941 4416 HomeGroupListener - ok
14:47:57.0976 4416 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:47:58.0000 4416 HomeGroupProvider - ok
14:47:58.0071 4416 HP Health Check Service (0141816a095a3f5a83ffa5b4a47b8023) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
14:47:58.0085 4416 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
14:47:58.0085 4416 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
14:47:58.0128 4416 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
14:47:58.0158 4416 hpqwmiex - ok
14:47:58.0201 4416 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:47:58.0228 4416 HpSAMD - ok
14:47:58.0296 4416 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:47:58.0368 4416 HTTP - ok
14:47:58.0393 4416 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:47:58.0401 4416 hwpolicy - ok
14:47:58.0435 4416 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:47:58.0467 4416 i8042prt - ok
14:47:58.0493 4416 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:47:58.0512 4416 iaStorV - ok
14:47:58.0618 4416 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:47:58.0657 4416 idsvc - ok
14:47:58.0817 4416 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120324.004\IDSvia64.sys
14:47:58.0837 4416 IDSVia64 - ok
14:47:58.0882 4416 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:47:58.0911 4416 iirsp - ok
14:47:58.0972 4416 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:47:59.0048 4416 IKEEXT - ok
14:47:59.0149 4416 IntcAzAudAddService (392d5c87f282e8e36df5154418a7bb20) C:\Windows\system32\drivers\RTKVHD64.sys
14:47:59.0201 4416 IntcAzAudAddService - ok
14:47:59.0237 4416 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:47:59.0247 4416 intelide - ok
14:47:59.0292 4416 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:47:59.0333 4416 intelppm - ok
14:47:59.0365 4416 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:47:59.0411 4416 IPBusEnum - ok
14:47:59.0439 4416 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:47:59.0476 4416 IpFilterDriver - ok
14:47:59.0511 4416 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:47:59.0558 4416 iphlpsvc - ok
14:47:59.0587 4416 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:47:59.0600 4416 IPMIDRV - ok
14:47:59.0651 4416 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:47:59.0739 4416 IPNAT - ok
14:47:59.0817 4416 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
14:47:59.0876 4416 iPod Service - ok
14:47:59.0912 4416 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:47:59.0965 4416 IRENUM - ok
14:48:00.0007 4416 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:48:00.0034 4416 isapnp - ok
14:48:00.0073 4416 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:48:00.0099 4416 iScsiPrt - ok
14:48:00.0122 4416 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:48:00.0137 4416 kbdclass - ok
14:48:00.0159 4416 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:48:00.0178 4416 kbdhid - ok
14:48:00.0216 4416 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:48:00.0233 4416 KeyIso - ok
14:48:00.0253 4416 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:48:00.0270 4416 KSecDD - ok
14:48:00.0285 4416 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:48:00.0302 4416 KSecPkg - ok
14:48:00.0338 4416 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:48:00.0391 4416 ksthunk - ok
14:48:00.0429 4416 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:48:00.0479 4416 KtmRm - ok
14:48:00.0518 4416 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:48:00.0565 4416 LanmanServer - ok
14:48:00.0597 4416 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:48:00.0633 4416 LanmanWorkstation - ok
14:48:00.0693 4416 LightScribeService (108333981c841eb0ff198aa5dfcf3d3b) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:48:00.0706 4416 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
14:48:00.0706 4416 LightScribeService - detected UnsignedFile.Multi.Generic (1)
14:48:00.0740 4416 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:48:00.0792 4416 lltdio - ok
14:48:00.0828 4416 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:48:00.0873 4416 lltdsvc - ok
14:48:00.0881 4416 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:48:00.0911 4416 lmhosts - ok
14:48:00.0974 4416 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:48:01.0005 4416 LSI_FC - ok
14:48:01.0040 4416 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:48:01.0068 4416 LSI_SAS - ok
14:48:01.0112 4416 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:48:01.0138 4416 LSI_SAS2 - ok
14:48:01.0168 4416 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:48:01.0183 4416 LSI_SCSI - ok
14:48:01.0216 4416 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:48:01.0267 4416 luafv - ok
14:48:01.0313 4416 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
14:48:01.0331 4416 MBAMProtector - ok
14:48:01.0419 4416 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:48:01.0450 4416 MBAMService - ok
14:48:01.0487 4416 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:48:01.0521 4416 Mcx2Svc - ok
14:48:01.0542 4416 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:48:01.0554 4416 megasas - ok
14:48:01.0586 4416 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:48:01.0602 4416 MegaSR - ok
14:48:01.0616 4416 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:48:01.0663 4416 MMCSS - ok
14:48:01.0695 4416 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:48:01.0738 4416 Modem - ok
14:48:01.0775 4416 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:48:01.0825 4416 monitor - ok
14:48:01.0858 4416 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
14:48:01.0869 4416 mouclass - ok
14:48:01.0903 4416 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:48:01.0917 4416 mouhid - ok
14:48:01.0953 4416 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:48:01.0965 4416 mountmgr - ok
14:48:01.0996 4416 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:48:02.0009 4416 mpio - ok
14:48:02.0047 4416 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:48:02.0086 4416 mpsdrv - ok
14:48:02.0136 4416 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:48:02.0204 4416 MpsSvc - ok
14:48:02.0231 4416 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:48:02.0263 4416 MRxDAV - ok
14:48:02.0294 4416 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:48:02.0323 4416 mrxsmb - ok
14:48:02.0354 4416 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:48:02.0381 4416 mrxsmb10 - ok
14:48:02.0402 4416 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:48:02.0414 4416 mrxsmb20 - ok
14:48:02.0440 4416 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:48:02.0449 4416 msahci - ok
14:48:02.0469 4416 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:48:02.0480 4416 msdsm - ok
14:48:02.0528 4416 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:48:02.0573 4416 MSDTC - ok
14:48:02.0612 4416 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:48:02.0651 4416 Msfs - ok
14:48:02.0668 4416 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:48:02.0709 4416 mshidkmdf - ok
14:48:02.0741 4416 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:48:02.0750 4416 msisadrv - ok
14:48:02.0788 4416 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:48:02.0852 4416 MSiSCSI - ok
14:48:02.0859 4416 msiserver - ok
14:48:02.0909 4416 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:48:02.0988 4416 MSKSSRV - ok
14:48:03.0022 4416 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:48:03.0066 4416 MSPCLOCK - ok
14:48:03.0075 4416 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:48:03.0117 4416 MSPQM - ok
14:48:03.0155 4416 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:48:03.0170 4416 MsRPC - ok
14:48:03.0188 4416 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:48:03.0197 4416 mssmbios - ok
14:48:03.0305 4416 MSSQL$SQLEXPRESS - ok
14:48:03.0361 4416 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
14:48:03.0387 4416 MSSQLServerADHelper100 - ok
14:48:03.0421 4416 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:48:03.0456 4416 MSTEE - ok
14:48:03.0477 4416 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:48:03.0489 4416 MTConfig - ok
14:48:03.0518 4416 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:48:03.0527 4416 Mup - ok
14:48:03.0600 4416 N360 (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
14:48:03.0627 4416 N360 - ok
14:48:03.0667 4416 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:48:03.0711 4416 napagent - ok
14:48:03.0776 4416 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:48:03.0838 4416 NativeWifiP - ok
14:48:03.0965 4416 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120327.037\ENG64.SYS
14:48:03.0987 4416 NAVENG - ok
14:48:04.0049 4416 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120327.037\EX64.SYS
14:48:04.0091 4416 NAVEX15 - ok
14:48:04.0154 4416 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:48:04.0205 4416 NDIS - ok
14:48:04.0234 4416 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:48:04.0318 4416 NdisCap - ok
14:48:04.0345 4416 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:48:04.0399 4416 NdisTapi - ok
14:48:04.0444 4416 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:48:04.0502 4416 Ndisuio - ok
14:48:04.0538 4416 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:48:04.0587 4416 NdisWan - ok
14:48:04.0611 4416 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:48:04.0654 4416 NDProxy - ok
14:48:04.0695 4416 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:48:04.0763 4416 NetBIOS - ok
14:48:04.0801 4416 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:48:04.0877 4416 NetBT - ok
14:48:04.0912 4416 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:48:04.0938 4416 Netlogon - ok
14:48:04.0989 4416 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:48:05.0051 4416 Netman - ok
14:48:05.0118 4416 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:48:05.0146 4416 NetMsmqActivator - ok
14:48:05.0156 4416 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:48:05.0166 4416 NetPipeActivator - ok
14:48:05.0189 4416 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:48:05.0241 4416 netprofm - ok
14:48:05.0264 4416 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:48:05.0272 4416 NetTcpActivator - ok
14:48:05.0276 4416 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:48:05.0284 4416 NetTcpPortSharing - ok
14:48:05.0333 4416 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:48:05.0343 4416 nfrd960 - ok
14:48:05.0392 4416 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:48:05.0474 4416 NlaSvc - ok
14:48:05.0504 4416 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:48:05.0534 4416 Npfs - ok
14:48:05.0560 4416 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:48:05.0604 4416 nsi - ok
14:48:05.0618 4416 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:48:05.0686 4416 nsiproxy - ok
14:48:05.0756 4416 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:48:05.0821 4416 Ntfs - ok
14:48:05.0853 4416 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:48:05.0899 4416 Null - ok
14:48:06.0106 4416 nvlddmkm (181b6e6f49f9f3ad05589b48e29ba167) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:48:06.0378 4416 nvlddmkm - ok
14:48:06.0409 4416 NVNET (9c3024e48db4c98e50af7d8b72d0ef89) C:\Windows\system32\DRIVERS\nvmf6264.sys
14:48:06.0420 4416 NVNET - ok
14:48:06.0458 4416 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:48:06.0470 4416 nvraid - ok
14:48:06.0540 4416 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:48:06.0593 4416 nvstor - ok
14:48:06.0633 4416 nvstor64 (6ba747b1a9297a6c0271700d12fdd495) C:\Windows\system32\DRIVERS\nvstor64.sys
14:48:06.0658 4416 nvstor64 - ok
14:48:06.0707 4416 nvsvc (b5b5da18380f625c34b88b93d09d7d40) C:\Windows\system32\nvvsvc.exe
14:48:06.0744 4416 nvsvc - ok
14:48:06.0797 4416 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:48:06.0828 4416 nv_agp - ok
14:48:06.0916 4416 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:48:06.0955 4416 odserv - ok
14:48:06.0991 4416 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:48:07.0018 4416 ohci1394 - ok
14:48:07.0042 4416 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:48:07.0054 4416 ose - ok
14:48:07.0088 4416 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:48:07.0116 4416 p2pimsvc - ok
14:48:07.0158 4416 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:48:07.0196 4416 p2psvc - ok
14:48:07.0224 4416 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:48:07.0239 4416 Parport - ok
14:48:07.0270 4416 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:48:07.0282 4416 partmgr - ok
14:48:07.0293 4416 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:48:07.0326 4416 PcaSvc - ok
14:48:07.0337 4416 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:48:07.0351 4416 pci - ok
14:48:07.0418 4416 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:48:07.0440 4416 pciide - ok
14:48:07.0485 4416 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:48:07.0505 4416 pcmcia - ok
14:48:07.0544 4416 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:48:07.0558 4416 pcw - ok
14:48:07.0586 4416 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:48:07.0659 4416 PEAUTH - ok
14:48:07.0707 4416 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:48:07.0754 4416 PerfHost - ok
14:48:07.0829 4416 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:48:07.0909 4416 pla - ok
14:48:07.0945 4416 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:48:07.0979 4416 PlugPlay - ok
14:48:07.0996 4416 PnkBstrA - ok
14:48:08.0031 4416 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:48:08.0074 4416 PNRPAutoReg - ok
14:48:08.0109 4416 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:48:08.0129 4416 PNRPsvc - ok
14:48:08.0182 4416 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
14:48:08.0196 4416 Point64 - ok
14:48:08.0242 4416 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:48:08.0317 4416 PolicyAgent - ok
14:48:08.0347 4416 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:48:08.0386 4416 Power - ok
14:48:08.0413 4416 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:48:08.0486 4416 PptpMiniport - ok
14:48:08.0517 4416 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:48:08.0553 4416 Processor - ok
14:48:08.0576 4416 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:48:08.0641 4416 ProfSvc - ok
14:48:08.0680 4416 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:48:08.0690 4416 ProtectedStorage - ok
14:48:08.0736 4416 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:48:08.0791 4416 Psched - ok
14:48:08.0846 4416 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:48:08.0897 4416 ql2300 - ok
14:48:08.0939 4416 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:48:08.0967 4416 ql40xx - ok
14:48:08.0998 4416 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:48:09.0019 4416 QWAVE - ok
14:48:09.0051 4416 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:48:09.0105 4416 QWAVEdrv - ok
14:48:09.0133 4416 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:48:09.0172 4416 RasAcd - ok
14:48:09.0206 4416 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:48:09.0261 4416 RasAgileVpn - ok
14:48:09.0272 4416 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:48:09.0317 4416 RasAuto - ok
14:48:09.0336 4416 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:48:09.0404 4416 Rasl2tp - ok
14:48:09.0428 4416 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:48:09.0462 4416 RasMan - ok
14:48:09.0500 4416 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:48:09.0567 4416 RasPppoe - ok
14:48:09.0604 4416 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:48:09.0662 4416 RasSstp - ok
14:48:09.0685 4416 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:48:09.0717 4416 rdbss - ok
14:48:09.0750 4416 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:48:09.0789 4416 rdpbus - ok
14:48:09.0820 4416 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:48:09.0869 4416 RDPCDD - ok
14:48:09.0902 4416 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:48:09.0975 4416 RDPENCDD - ok
14:48:09.0992 4416 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:48:10.0021 4416 RDPREFMP - ok
14:48:10.0053 4416 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:48:10.0074 4416 RDPWD - ok
14:48:10.0110 4416 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:48:10.0139 4416 rdyboost - ok
14:48:10.0194 4416 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:48:10.0250 4416 RemoteAccess - ok
14:48:10.0287 4416 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:48:10.0347 4416 RemoteRegistry - ok
14:48:10.0373 4416 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:48:10.0418 4416 RpcEptMapper - ok
14:48:10.0439 4416 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:48:10.0463 4416 RpcLocator - ok
14:48:10.0511 4416 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:48:10.0566 4416 RpcSs - ok
14:48:10.0625 4416 RsFx0105 (c9fe05a63c500abe3afa5786504c4d36) C:\Windows\system32\DRIVERS\RsFx0105.sys
14:48:10.0653 4416 RsFx0105 - ok
14:48:10.0696 4416 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:48:10.0743 4416 rspndr - ok
14:48:10.0788 4416 RTL8192su (a332db1dac07e95667a57aaeec236c37) C:\Windows\system32\DRIVERS\RTL8192su.sys
14:48:10.0804 4416 RTL8192su - ok
14:48:10.0841 4416 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:48:10.0851 4416 SamSs - ok
14:48:10.0890 4416 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:48:10.0902 4416 sbp2port - ok
14:48:10.0938 4416 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:48:10.0980 4416 SCardSvr - ok
14:48:11.0014 4416 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:48:11.0054 4416 scfilter - ok
14:48:11.0094 4416 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:48:11.0147 4416 Schedule - ok
14:48:11.0181 4416 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:48:11.0234 4416 SCPolicySvc - ok
14:48:11.0276 4416 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:48:11.0325 4416 SDRSVC - ok
14:48:11.0357 4416 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:48:11.0418 4416 secdrv - ok
14:48:11.0438 4416 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:48:11.0468 4416 seclogon - ok
14:48:11.0497 4416 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:48:11.0528 4416 SENS - ok
14:48:11.0538 4416 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:48:11.0555 4416 SensrSvc - ok
14:48:11.0608 4416 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:48:11.0641 4416 Serenum - ok
14:48:11.0676 4416 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:48:11.0697 4416 Serial - ok
14:48:11.0725 4416 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:48:11.0753 4416 sermouse - ok
14:48:11.0804 4416 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:48:11.0853 4416 SessionEnv - ok
14:48:11.0890 4416 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:48:11.0932 4416 sffdisk - ok
14:48:11.0943 4416 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:48:11.0962 4416 sffp_mmc - ok
14:48:11.0971 4416 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:48:12.0003 4416 sffp_sd - ok
14:48:12.0035 4416 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:48:12.0054 4416 sfloppy - ok
14:48:12.0099 4416 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:48:12.0153 4416 SharedAccess - ok
14:48:12.0181 4416 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:48:12.0215 4416 ShellHWDetection - ok
14:48:12.0238 4416 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:48:12.0248 4416 SiSRaid2 - ok
14:48:12.0276 4416 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:48:12.0286 4416 SiSRaid4 - ok
14:48:12.0354 4416 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
14:48:12.0381 4416 SkypeUpdate - ok
14:48:12.0426 4416 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:48:12.0498 4416 Smb - ok
14:48:12.0535 4416 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:48:12.0581 4416 SNMPTRAP - ok
14:48:12.0598 4416 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:48:12.0612 4416 spldr - ok
14:48:12.0655 4416 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:48:12.0716 4416 Spooler - ok
14:48:12.0819 4416 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:48:12.0938 4416 sppsvc - ok
14:48:12.0972 4416 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:48:13.0006 4416 sppuinotify - ok
14:48:13.0128 4416 SQLAgent$SQLEXPRESS (45e65fb17a4cd5facbd3ca16c8334c82) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
14:48:13.0167 4416 SQLAgent$SQLEXPRESS - ok
14:48:13.0231 4416 SQLBrowser (10d936dced9eacd1a1b3fcdda6d7a4eb) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:48:13.0259 4416 SQLBrowser - ok
14:48:13.0313 4416 SQLWriter (f92e5f93be572b512da3c016b675ede0) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:48:13.0338 4416 SQLWriter - ok
14:48:13.0432 4416 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\N360x64\0601020.00A\SRTSP64.SYS
14:48:13.0473 4416 SRTSP - ok
14:48:13.0485 4416 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\N360x64\0601020.00A\SRTSPX64.SYS
14:48:13.0497 4416 SRTSPX - ok
14:48:13.0576 4416 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:48:13.0634 4416 srv - ok
14:48:13.0684 4416 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:48:13.0729 4416 srv2 - ok
14:48:13.0766 4416 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:48:13.0813 4416 srvnet - ok
14:48:13.0877 4416 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:48:13.0960 4416 SSDPSRV - ok
14:48:14.0002 4416 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:48:14.0058 4416 SstpSvc - ok
14:48:14.0102 4416 ssudmdm (ad42ca614e086bcadbd53fffc404ac24) C:\Windows\system32\DRIVERS\ssudmdm.sys
14:48:14.0129 4416 ssudmdm - ok
14:48:14.0168 4416 ssudserd (f7747cf40af99af3b5807c8e9f337f58) C:\Windows\system32\DRIVERS\ssudserd.sys
14:48:14.0184 4416 ssudserd - ok
14:48:14.0228 4416 Steam Client Service - ok
14:48:14.0259 4416 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:48:14.0293 4416 stexstor - ok
14:48:14.0349 4416 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:48:14.0387 4416 stisvc - ok
14:48:14.0418 4416 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:48:14.0426 4416 swenum - ok
14:48:14.0467 4416 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:48:14.0508 4416 swprv - ok
14:48:14.0634 4416 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS
14:48:14.0668 4416 SymDS - ok
14:48:14.0714 4416 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS
14:48:14.0772 4416 SymEFA - ok
14:48:14.0816 4416 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
14:48:14.0842 4416 SymEvent - ok
14:48:14.0883 4416 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS
14:48:14.0907 4416 SymIRON - ok
14:48:14.0936 4416 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\N360x64\0601020.00A\SYMNETS.SYS
14:48:14.0950 4416 SymNetS - ok
14:48:15.0036 4416 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:48:15.0130 4416 SysMain - ok
14:48:15.0170 4416 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:48:15.0188 4416 TabletInputService - ok
14:48:15.0227 4416 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:48:15.0276 4416 TapiSrv - ok
14:48:15.0302 4416 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:48:15.0334 4416 TBS - ok
14:48:15.0384 4416 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:48:15.0438 4416 Tcpip - ok
14:48:15.0475 4416 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:48:15.0508 4416 TCPIP6 - ok
14:48:15.0545 4416 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:48:15.0581 4416 tcpipreg - ok
14:48:15.0615 4416 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:48:15.0625 4416 TDPIPE - ok
14:48:15.0653 4416 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:48:15.0699 4416 TDTCP - ok
14:48:15.0732 4416 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:48:15.0780 4416 tdx - ok
14:48:15.0813 4416 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:48:15.0822 4416 TermDD - ok
14:48:15.0878 4416 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:48:15.0938 4416 TermService - ok
14:48:15.0966 4416 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:48:15.0987 4416 Themes - ok
14:48:16.0019 4416 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:48:16.0080 4416 THREADORDER - ok
14:48:16.0159 4416 TimeBossSrv (05aa9b3b41a61d3f328e920f4f734312) C:\Program Files (x86)\Time Boss\time_boss_s.exe
14:48:16.0198 4416 TimeBossSrv ( UnsignedFile.Multi.Generic ) - warning
14:48:16.0198 4416 TimeBossSrv - detected UnsignedFile.Multi.Generic (1)
14:48:16.0232 4416 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:48:16.0292 4416 TrkWks - ok
14:48:16.0334 4416 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:48:16.0379 4416 TrustedInstaller - ok
14:48:16.0429 4416 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:48:16.0483 4416 tssecsrv - ok
14:48:16.0519 4416 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:48:16.0554 4416 TsUsbFlt - ok
14:48:16.0759 4416 TuneUp.UtilitiesSvc (05b22a50210ab96dd2e86d70503185a7) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
14:48:16.0826 4416 TuneUp.UtilitiesSvc - ok
14:48:16.0859 4416 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
14:48:16.0879 4416 TuneUpUtilitiesDrv - ok
14:48:16.0920 4416 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:48:16.0977 4416 tunnel - ok
14:48:17.0008 4416 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:48:17.0036 4416 uagp35 - ok
14:48:17.0072 4416 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:48:17.0128 4416 udfs - ok
14:48:17.0164 4416 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:48:17.0177 4416 UI0Detect - ok
14:48:17.0220 4416 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:48:17.0247 4416 uliagpkx - ok
14:48:17.0301 4416 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:48:17.0344 4416 umbus - ok
14:48:17.0372 4416 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:48:17.0403 4416 UmPass - ok
14:48:17.0447 4416 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:48:17.0497 4416 upnphost - ok
14:48:17.0525 4416 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:48:17.0560 4416 usbccgp - ok
14:48:17.0597 4416 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:48:17.0637 4416 usbcir - ok
14:48:17.0656 4416 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:48:17.0688 4416 usbehci - ok
14:48:17.0713 4416 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:48:17.0739 4416 usbhub - ok
14:48:17.0762 4416 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
14:48:17.0798 4416 usbohci - ok
14:48:17.0832 4416 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:48:17.0886 4416 usbprint - ok
14:48:17.0924 4416 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:48:17.0963 4416 usbscan - ok
14:48:17.0988 4416 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
14:48:18.0003 4416 USBSTOR - ok
14:48:18.0026 4416 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:48:18.0051 4416 usbuhci - ok
14:48:18.0082 4416 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:48:18.0131 4416 UxSms - ok
14:48:18.0164 4416 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:48:18.0176 4416 VaultSvc - ok
14:48:18.0208 4416 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:48:18.0233 4416 vdrvroot - ok
14:48:18.0283 4416 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:48:18.0338 4416 vds - ok
14:48:18.0375 4416 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:48:18.0388 4416 vga - ok
14:48:18.0415 4416 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:48:18.0445 4416 VgaSave - ok
14:48:18.0484 4416 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:48:18.0513 4416 vhdmp - ok
14:48:18.0549 4416 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:48:18.0564 4416 viaide - ok
14:48:18.0579 4416 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:48:18.0595 4416 volmgr - ok
14:48:18.0623 4416 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:48:18.0646 4416 volmgrx - ok
14:48:18.0677 4416 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:48:18.0690 4416 volsnap - ok
14:48:18.0735 4416 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:48:18.0747 4416 vsmraid - ok
14:48:18.0789 4416 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:48:18.0868 4416 VSS - ok
14:48:18.0890 4416 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:48:18.0906 4416 vwifibus - ok
14:48:18.0942 4416 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:48:18.0956 4416 vwififlt - ok
14:48:18.0993 4416 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:48:19.0028 4416 W32Time - ok
14:48:19.0049 4416 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:48:19.0077 4416 WacomPen - ok
14:48:19.0109 4416 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:48:19.0151 4416 WANARP - ok
14:48:19.0154 4416 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:48:19.0184 4416 Wanarpv6 - ok
14:48:19.0264 4416 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:48:19.0333 4416 WatAdminSvc - ok
14:48:19.0407 4416 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:48:19.0476 4416 wbengine - ok
14:48:19.0513 4416 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:48:19.0531 4416 WbioSrvc - ok
14:48:19.0558 4416 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:48:19.0585 4416 wcncsvc - ok
14:48:19.0618 4416 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:48:19.0649 4416 WcsPlugInService - ok
14:48:19.0679 4416 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:48:19.0694 4416 Wd - ok
14:48:19.0730 4416 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:48:19.0749 4416 Wdf01000 - ok
14:48:19.0781 4416 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:48:19.0832 4416 WdiServiceHost - ok
14:48:19.0837 4416 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:48:19.0861 4416 WdiSystemHost - ok
14:48:19.0901 4416 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:48:19.0935 4416 WebClient - ok
14:48:19.0962 4416 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:48:19.0997 4416 Wecsvc - ok
14:48:20.0023 4416 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:48:20.0084 4416 wercplsupport - ok
14:48:20.0115 4416 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:48:20.0146 4416 WerSvc - ok
14:48:20.0174 4416 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:48:20.0204 4416 WfpLwf - ok
14:48:20.0213 4416 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:48:20.0222 4416 WIMMount - ok
14:48:20.0237 4416 WinDefend - ok
14:48:20.0246 4416 WinHttpAutoProxySvc - ok
14:48:20.0303 4416 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:48:20.0369 4416 Winmgmt - ok
14:48:20.0429 4416 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:48:20.0497 4416 WinRM - ok
14:48:20.0605 4416 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\drivers\WinUsb.sys
14:48:20.0646 4416 WinUsb - ok
14:48:20.0688 4416 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:48:20.0742 4416 Wlansvc - ok
14:48:20.0892 4416 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:48:20.0976 4416 wlidsvc - ok
14:48:21.0009 4416 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:48:21.0022 4416 WmiAcpi - ok
14:48:21.0068 4416 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:48:21.0107 4416 wmiApSrv - ok
14:48:21.0118 4416 WMPNetworkSvc - ok
14:48:21.0149 4416 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:48:21.0170 4416 WPCSvc - ok
14:48:21.0199 4416 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:48:21.0221 4416 WPDBusEnum - ok
14:48:21.0254 4416 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:48:21.0305 4416 ws2ifsl - ok
14:48:21.0344 4416 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
14:48:21.0366 4416 wscsvc - ok
14:48:21.0373 4416 WSearch - ok
14:48:21.0448 4416 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:48:21.0544 4416 wuauserv - ok
14:48:21.0576 4416 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:48:21.0614 4416 WudfPf - ok
14:48:21.0639 4416 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\drivers\WUDFRd.sys
14:48:21.0670 4416 WUDFRd - ok
14:48:21.0702 4416 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:48:21.0732 4416 wudfsvc - ok
14:48:21.0771 4416 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:48:21.0812 4416 WwanSvc - ok
14:48:21.0871 4416 X6va006 - ok
14:48:21.0943 4416 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
14:48:21.0980 4416 xusb21 - ok
14:48:22.0015 4416 MBR (0x1B8) (9c2b4e00ec0b1ab83bdc6411197073cc) \Device\Harddisk0\DR0
14:48:22.0265 4416 \Device\Harddisk0\DR0 - ok
14:48:22.0272 4416 Boot (0x1200) (5e3043cb82460b123b27c113cc931135) \Device\Harddisk0\DR0\Partition0
14:48:22.0275 4416 \Device\Harddisk0\DR0\Partition0 - ok
14:48:22.0297 4416 Boot (0x1200) (398fde723f668e9b19dc2c3e2d044450) \Device\Harddisk0\DR0\Partition1
14:48:22.0298 4416 \Device\Harddisk0\DR0\Partition1 - ok
14:48:22.0321 4416 Boot (0x1200) (087efe2228dcb036c648ee060d77dd8f) \Device\Harddisk0\DR0\Partition2
14:48:22.0324 4416 \Device\Harddisk0\DR0\Partition2 - ok
14:48:22.0335 4416 Boot (0x1200) (84d129b7b8bd3db3869e980b2dea320a) \Device\Harddisk0\DR0\Partition3
14:48:22.0338 4416 \Device\Harddisk0\DR0\Partition3 - ok
14:48:22.0339 4416 ============================================================
14:48:22.0339 4416 Scan finished
14:48:22.0339 4416 ============================================================
14:48:22.0352 3680 Detected object count: 4
14:48:22.0352 3680 Actual detected object count: 4
15:02:31.0910 3680 amdkmdap ( UnsignedFile.Multi.Generic ) - skipped by user
15:02:31.0910 3680 amdkmdap ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:02:31.0914 3680 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:02:31.0914 3680 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:02:31.0917 3680 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
15:02:31.0917 3680 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:02:31.0919 3680 TimeBossSrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:02:31.0919 3680 TimeBossSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
Geändert von aloabi (28.03.2012 um 13:56 Uhr) |
|
28.03.2012, 14:25
| #23 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Suspicious.Cloud.7.EP Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.03.2012, 14:31
| #24 |
| | Suspicious.Cloud.7.EP kleines problemchen habe alle antivir ausgeschaltet combofix sagt aber dass norton antyspyware aktiv ist was soll ich machen |
|
28.03.2012, 15:05
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Suspicious.Cloud.7.EP ignorieren wenn es deaktiv ist
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.03.2012, 16:17
| #26 |
| | Suspicious.Cloud.7.EP hey hab combofix gestartet ,habs durchlaufen lassen ,hat den computer neugestartet ,das programm wollte logfile erstellen ,dass dauerte für mich ewig ,habs abgebrochen , hat 2 dateien und einen ornder gelöscht habs neu gemacht : Combofix Logfile: Code:
ATTFilter ComboFix 12-03-28.01 - Gerrit 28.03.2012 16:45:32.2.3 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2989 [GMT 2:00]
ausgeführt von:: c:\users\Gerrit\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\users\Gerrit\APB_Reloaded_Installer.exe
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-28 bis 2012-03-28 ))))))))))))))))))))))))))))))
.
.
2012-03-28 14:56 . 2012-03-28 14:56 -------- d-----w- c:\users\Gerhard\AppData\Local\temp
2012-03-28 14:56 . 2012-03-28 14:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-28 12:29 . 2012-03-28 12:29 -------- d-----w- C:\_OTL
2012-03-28 12:01 . 2012-03-28 12:02 -------- d-----r- c:\program files (x86)\Skype
2012-03-28 12:01 . 2012-03-28 12:01 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-26 16:14 . 2012-03-26 16:14 -------- d-----w- c:\windows\de
2012-03-26 16:11 . 2012-03-26 16:11 -------- d-----w- c:\program files\Windows Live
2012-03-25 16:09 . 2012-03-25 16:09 -------- d-----w- c:\program files (x86)\ESET
2012-03-24 13:37 . 2012-03-24 13:37 -------- d-----w- c:\users\Gerrit\AppData\Roaming\Malwarebytes
2012-03-24 13:36 . 2012-03-24 13:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-24 13:36 . 2012-03-24 13:36 -------- d-----w- c:\programdata\Malwarebytes
2012-03-24 13:36 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 13:07 . 2012-03-24 13:07 -------- d-----w- c:\program files (x86)\7-Zip
2012-03-24 10:43 . 2012-03-24 10:43 -------- d-----w- c:\users\Gerrit\AppData\Local\CRE
2012-03-24 10:05 . 2012-03-24 10:09 -------- d-----w- C:\AMD
2012-03-24 08:24 . 2012-03-24 08:24 -------- d-----w- c:\programdata\ATI
2012-03-23 20:27 . 2012-03-23 20:27 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-03-23 20:26 . 2012-03-23 20:26 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-03-23 20:25 . 2012-03-23 20:27 -------- d-----w- c:\program files\ATI Technologies
2012-03-23 20:13 . 2012-03-23 20:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-03-23 20:12 . 2012-03-23 20:12 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-03-23 20:12 . 2012-03-23 20:12 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-03-23 20:12 . 2012-03-23 20:12 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-03-23 20:12 . 2012-03-23 20:12 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-03-23 20:11 . 2012-03-23 20:12 58880 ----a-w- c:\windows\system32\coinst.dll
2012-03-23 20:10 . 2012-03-23 20:10 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-03-23 20:10 . 2012-03-23 20:10 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-03-23 20:10 . 2012-03-23 20:10 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-03-23 20:10 . 2012-03-23 20:10 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-03-23 20:09 . 2012-03-23 20:10 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-03-23 20:09 . 2012-03-23 20:09 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-03-23 20:09 . 2012-03-23 20:09 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-03-23 20:09 . 2012-03-23 20:09 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-03-23 20:09 . 2012-03-23 20:09 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-03-23 19:48 . 2012-03-23 19:48 -------- d-----w- c:\users\Gerrit\AppData\Local\2K Games
2012-03-23 15:53 . 2012-02-09 10:59 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2012-03-23 15:53 . 2012-02-09 10:59 25920 ----a-w- c:\windows\system32\authuitu.dll
2012-03-23 15:53 . 2012-02-09 10:59 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-03-23 15:52 . 2012-03-23 15:52 -------- d-----w- c:\users\Gerrit\AppData\Roaming\TuneUp Software
2012-03-23 15:51 . 2012-03-23 15:53 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012
2012-03-23 15:50 . 2012-03-23 15:53 -------- d-----w- c:\programdata\TuneUp Software
2012-03-23 15:50 . 2012-03-23 15:50 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-03-21 12:27 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-21 12:27 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-20 17:26 . 2012-03-20 17:26 -------- d-----w- c:\windows\symbols
2012-03-20 17:20 . 2012-03-20 17:20 -------- d-----w- c:\programdata\VS
2012-03-20 17:07 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-20 17:07 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-20 17:07 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-20 17:01 . 2012-03-20 17:01 -------- d-----w- c:\windows\system32\SPReview
2012-03-20 17:00 . 2012-03-20 17:00 -------- d-----w- c:\windows\system32\EventProviders
2012-03-20 16:59 . 2011-09-22 20:07 105832 ----a-w- c:\windows\system32\SQSRVRES.DLL
2012-03-20 16:59 . 2011-09-22 20:06 109416 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-03-20 16:59 . 2011-09-22 16:18 73064 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-03-20 16:58 . 2012-03-20 16:58 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2012-03-14 12:34 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 12:34 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 12:34 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 12:34 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 12:34 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 12:34 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 12:34 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 12:34 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 14:46 . 2012-03-13 14:46 -------- d-----w- C:\found.001
2012-03-12 17:39 . 2012-03-12 18:23 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
2012-03-11 15:07 . 2012-03-11 15:16 -------- d-----w- c:\program files (x86)\Time Boss
2012-03-10 09:08 . 2012-03-10 09:08 -------- d-----w- c:\windows\SysWow64\Wat
2012-03-10 09:08 . 2012-03-10 09:08 -------- d-----w- c:\windows\system32\Wat
2012-03-09 19:01 . 2012-03-23 19:46 -------- d-----w- c:\users\Gerrit\AppData\Roaming\HP Support Assistant
2012-03-09 16:07 . 2009-07-21 00:42 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-03-09 16:07 . 2009-07-21 00:42 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-03-09 16:06 . 2012-03-09 16:06 -------- d-----w- c:\windows\system32\RsFx
2012-03-09 16:05 . 2012-03-09 16:05 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-03-09 16:04 . 2012-03-09 16:04 -------- d-----w- c:\windows\SysWow64\1033
2012-03-09 16:04 . 2012-03-09 16:04 -------- d-----w- c:\windows\SysWow64\1031
2012-03-09 16:04 . 2012-03-09 16:04 -------- d-----w- c:\windows\system32\1033
2012-03-09 16:04 . 2012-03-09 16:04 -------- d-----w- c:\windows\system32\1031
2012-03-09 16:04 . 2012-03-09 16:04 -------- d-----w- c:\program files\Microsoft.NET
2012-03-09 16:01 . 2012-03-20 16:56 -------- d-----w- c:\program files\Microsoft SQL Server
2012-03-09 15:59 . 2012-03-20 16:56 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-03-09 15:59 . 2012-03-09 15:59 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-03-09 15:59 . 2012-03-09 15:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-03-09 15:59 . 2012-03-26 16:13 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-03-09 15:59 . 2012-03-09 15:59 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-03-09 15:59 . 2012-03-21 15:16 207008 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1031\ResourceCache.dll
2012-03-09 15:57 . 2012-03-09 16:09 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2012-03-09 15:57 . 2012-03-09 15:57 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-03-09 15:57 . 2012-03-09 15:57 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-03-09 15:57 . 2012-03-09 15:57 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2012-03-09 13:18 . 2010-11-20 13:27 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-03-09 13:17 . 2010-11-20 13:27 235520 ----a-w- c:\windows\system32\onex.dll
2012-03-09 13:16 . 2010-11-20 13:27 182784 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-03-09 13:15 . 2010-11-20 13:12 7168 ----a-w- c:\windows\system32\drivers\de-DE\msdsm.sys.mui
2012-03-09 13:15 . 2010-11-20 13:07 2560 ----a-w- c:\windows\system32\drivers\de-DE\disk.sys.mui
2012-03-09 13:15 . 2010-11-20 13:00 4608 ----a-w- c:\windows\system32\drivers\de-DE\vdrvroot.sys.mui
2012-03-09 13:15 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2012-03-09 13:15 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2012-03-09 13:15 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
2012-03-09 13:13 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-03-09 13:13 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2012-03-09 13:13 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-03-09 13:08 . 2012-03-09 13:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-09 13:08 . 2012-03-23 16:14 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-09 13:03 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-03-09 13:03 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-03-09 13:02 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-03-08 16:37 . 2012-03-08 16:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-07 16:53 . 2012-03-07 16:59 -------- d-----w- c:\users\Gerrit\AppData\Local\NPE
2012-03-07 16:28 . 2012-03-07 16:32 -------- d-----w- c:\users\Gerrit\AppData\Local\gctmp
2012-03-07 16:28 . 2012-03-07 16:28 -------- d-----w- c:\users\Gerrit\AppData\Local\Xenocode
2012-03-06 17:50 . 2012-03-06 17:50 -------- d-----w- c:\program files (x86)\Codemasters
2012-03-05 17:01 . 2012-03-09 13:20 -------- d-----w- c:\users\Gerrit\AppData\Local\Smartbar
2012-03-05 15:15 . 2012-03-05 17:01 -------- d-----w- c:\users\Gerrit\AppData\Local\Linkury
2012-03-05 15:14 . 2012-03-05 19:56 -------- d-----w- c:\users\Gerrit\AppData\Roaming\OpenCandy
2012-03-05 14:19 . 2012-03-05 14:19 -------- d-----w- c:\users\Gerrit\AppData\Local\GamersFirst LIVE!
2012-03-05 14:19 . 2012-03-26 15:03 -------- d-----w- c:\program files (x86)\GamersFirst
2012-03-04 20:13 . 2012-03-04 20:13 -------- d-----w- c:\programdata\EA Core
2012-03-04 17:35 . 2012-03-04 17:35 -------- d-----w- c:\users\Gerrit\AppData\Local\Windows Live Writer
2012-03-04 17:35 . 2012-03-04 17:35 -------- d-----w- c:\users\Gerrit\AppData\Roaming\Windows Live Writer
2012-03-04 15:57 . 2012-03-28 14:00 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-04 15:56 . 2012-03-12 17:44 -------- d-----w- c:\users\Gerrit\AppData\Local\PunkBuster
2012-03-04 15:51 . 2012-03-28 14:00 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-04 15:51 . 2012-03-28 13:58 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-04 15:51 . 2012-03-12 19:42 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-04 11:57 . 2012-03-04 11:57 -------- d-----w- C:\found.000
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-20 17:43 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-03-20 17:43 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-03-03 10:35 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-03 08:20 . 2009-10-01 23:44 588472 ----a-w- c:\windows\SysWow64\ezsvc7x.dll
2012-02-15 03:18 . 2012-02-15 03:18 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-02-08 12:34 . 2012-03-16 19:26 7680 ----a-w- c:\windows\help\OEM\Scripts\NetworkCheckAlert.exe
2012-01-31 17:15 . 2012-01-31 17:15 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-01-31 17:15 . 2012-01-31 17:15 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-01-31 17:15 . 2012-01-31 17:15 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-01-31 17:15 . 2012-01-31 17:15 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-01-31 17:15 . 2012-01-31 17:15 325552 ----a-w- c:\windows\MASetupCaller.dll
2012-01-31 17:15 . 2012-01-31 17:15 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-01-31 17:15 . 2012-01-31 17:15 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-01-31 17:15 . 2012-01-31 17:15 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-01-31 17:15 . 2012-01-31 17:15 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-01-31 17:15 . 2012-01-31 17:15 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-01-31 17:15 . 2012-01-31 17:15 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-01-31 17:15 . 2012-01-31 17:15 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-01-31 17:15 . 2012-01-31 17:15 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-01-31 17:15 . 2012-01-31 17:15 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-01-31 17:15 . 2012-01-31 17:15 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-01-31 17:15 . 2012-01-31 17:15 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-01-31 17:15 . 2012-01-31 17:15 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-01-31 17:15 . 2012-01-31 17:15 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-01-31 17:15 . 2012-01-31 17:15 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-01-31 17:15 . 2012-01-31 17:15 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-01-31 17:15 . 2012-01-31 17:15 40960 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-01-31 17:15 . 2012-01-31 17:15 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-01-31 17:15 . 2012-01-31 17:15 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-01-31 17:15 . 2012-01-31 17:15 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-01-31 17:15 . 2012-01-31 17:15 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-01-31 17:15 . 2012-01-31 17:15 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-01-31 17:15 . 2012-01-31 17:15 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-01-31 17:15 . 2012-01-31 17:15 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-01-09 09:28 . 2012-03-16 19:26 55168 ----a-w- c:\windows\help\OEM\Scripts\HPSAUpdaterObj.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-10 98304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk.disabled [2012-3-5 1170]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LWA"= 0 (0x0)
"LWB"= 0 (0x0)
"LWC"= 0 (0x0)
"LWD"= 0 (0x0)
"LWE"= 0 (0x0)
"LWF"= 0 (0x0)
"LWG"= 0 (0x0)
"LWH"= 0 (0x0)
"LWI"= 0 (0x0)
"LWJ"= 0 (0x0)
"LWK"= 0 (0x0)
"LWL"= 0 (0x0)
"LWM"= 0 (0x0)
"LWN"= 0 (0x0)
"LWO"= 0 (0x0)
"LWP"= 0 (0x0)
"LWQ"= 0 (0x0)
"LWR"= 0 (0x0)
"LWS"= 0 (0x0)
"LWT"= 0 (0x0)
"LWU"= 0 (0x0)
"LWV"= 0 (0x0)
"LWW"= 0 (0x0)
"LWX"= 0 (0x0)
"LWY"= 0 (0x0)
"LWZ"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Easybits Recovery"=c:\program files (x86)\EasyBits For Kids\ezRecover.exe
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"HP Remote Solution"=%ProgramFiles(x86)%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
"hpsysdrv"=c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"KiesTrayAgent"=c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va006;X6va006;c:\users\Gerrit\AppData\Local\Temp\00683DF.tmp [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120324.004\IDSvia64.sys [2012-03-06 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0601020.00A\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe [2012-01-17 138232]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-02-09 2143552]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-13 138360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-02-09 11856]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3044037015-4269376589-4159146494-1000Core.job
- c:\users\Gerrit\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-03 09:09]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3044037015-4269376589-4159146494-1000UA.job
- c:\users\Gerrit\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-03 09:09]
.
2012-03-03 c:\windows\Tasks\HPCeeScheduleForGerrit.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-10-01 12:38]
.
2012-03-02 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-29 16333856]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page =
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant =
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Gerrit\AppData\Roaming\Mozilla\Firefox\Profiles\zdzacfp4.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-loadtbs-2.1 - c:\users\Gerrit\AppData\Roaming\loadtbs\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.1.2.10\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\Gerrit\AppData\Local\Temp\00683DF.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E421B744-12A1-4447-AB8A-DA2F96D9D9EE}]
@Denied: (A 2) (S-1-5-21-3044037015-4269376589-4159146494-1000)
@Denied: (A 2) (Administrators)
@Denied: (A 2) (RestrictedCode)
"Flags"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TimeBossSrv]
@Denied: (A 2) (Administrators)
@Denied: (A 2) (Administrators)
@Denied: (A 2) (Administrators)
@Denied: (A 2) (Administrators)
@Denied: (A 2) (Administrators)
@Denied: (A 2) (Users)
@Denied: (A 2) (Administrators)
@Denied: (A 2) (Administrators)
"Type"=dword:00000010
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=expand:"c:\\Program Files (x86)\\Time Boss\\time_boss_s.exe"
"DisplayName"="Time boss srv"
"WOW64"=dword:00000001
"ObjectName"="LocalSystem"
"Description"="The main part of Time Boss application"
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,14,00,00,
00,01,00,00,00,0a,00,00,00
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Time Boss\time_boss_s.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-28 17:11:23 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-28 15:11
.
Vor Suchlauf: 16 Verzeichnis(se), 270.657.163.264 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 270.266.310.656 Bytes frei
.
- - End Of File - - DA211FCAA0D1025B1DC42149566151B8
--- --- --- Hoffe, das das kein fehler war !!! |
|
28.03.2012, 20:06
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Suspicious.Cloud.7.EP Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LWA"=-
"LWB"=-
"LWC"=-
"LWD"=-
"LWE"=-
"LWF"=-
"LWG"=-
"LWH"=-
"LWI"=-
"LWJ"=-
"LWK"=-
"LWL"=-
"LWM"=-
"LWN"=-
"LWO"=-
"LWP"=-
"LWQ"=-
"LWR"=-
"LWS"=-
"LWT"=-
"LWU"=-
"LWV"=-
"LWW"=-
"LWX"=-
"LWY"=-
"LWZ"=-
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.03.2012, 15:46
| #28 |
| | Suspicious.Cloud.7.EP hey ist das normal , wenn combo fix nochmals nach infizierten dateien sucht ??? |
|
29.03.2012, 15:46
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Suspicious.Cloud.7.EP Ja lass es bitte in Ruhe laufen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.03.2012, 18:44
| #30 |
| | Suspicious.Cloud.7.EP Ok , hier das Log: Combofix Logfile: Code:
ATTFilter ComboFix 12-03-28.01 - Gerrit 29.03.2012 19:23:11.4.3 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2516 [GMT 2:00]
ausgeführt von:: c:\users\Gerrit\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Gerrit\Desktop\CFScript.txt.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-28 bis 2012-03-29 ))))))))))))))))))))))))))))))
.
.
2012-03-29 17:31 . 2012-03-29 17:31 -------- d-----w- c:\users\Gerhard\AppData\Local\temp
2012-03-29 17:31 . 2012-03-29 17:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-28 12:29 . 2012-03-28 12:29 -------- d-----w- C:\_OTL
2012-03-28 12:01 . 2012-03-28 12:02 -------- d-----r- c:\program files (x86)\Skype
2012-03-28 12:01 . 2012-03-28 12:01 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-26 16:14 . 2012-03-26 16:14 -------- d-----w- c:\windows\de
2012-03-26 16:11 . 2012-03-26 16:11 -------- d-----w- c:\program files\Windows Live
2012-03-25 16:09 . 2012-03-25 16:09 -------- d-----w- c:\program files (x86)\ESET
2012-03-24 13:37 . 2012-03-24 13:37 -------- d-----w- c:\users\Gerrit\AppData\Roaming\Malwarebytes
2012-03-24 13:36 . 2012-03-24 13:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-24 13:36 . 2012-03-24 13:36 -------- d-----w- c:\programdata\Malwarebytes
2012-03-24 13:36 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 13:07 . 2012-03-24 13:07 -------- d-----w- c:\program files (x86)\7-Zip
2012-03-24 10:43 . 2012-03-24 10:43 -------- d-----w- c:\users\Gerrit\AppData\Local\CRE
2012-03-24 10:05 . 2012-03-24 10:09 -------- d-----w- C:\AMD
2012-03-24 08:24 . 2012-03-24 08:24 -------- d-----w- c:\programdata\ATI
2012-03-23 20:27 . 2012-03-23 20:27 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-03-23 20:26 . 2012-03-23 20:26 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-03-23 20:25 . 2012-03-23 20:27 -------- d-----w- c:\program files\ATI Technologies
2012-03-23 20:13 . 2012-03-23 20:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-03-23 20:12 . 2012-03-23 20:12 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-03-23 20:12 . 2012-03-23 20:12 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-03-23 20:12 . 2012-03-23 20:12 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-03-23 20:12 . 2012-03-23 20:12 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-03-23 20:11 . 2012-03-23 20:12 58880 ----a-w- c:\windows\system32\coinst.dll
2012-03-23 20:10 . 2012-03-23 20:10 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-03-23 20:10 . 2012-03-23 20:10 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-03-23 20:10 . 2012-03-23 20:10 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-03-23 20:10 . 2012-03-23 20:10 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-03-23 20:09 . 2012-03-23 20:10 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-03-23 20:09 . 2012-03-23 20:09 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-03-23 20:09 . 2012-03-23 20:09 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-03-23 20:09 . 2012-03-23 20:09 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-03-23 20:09 . 2012-03-23 20:09 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-03-23 19:48 . 2012-03-23 19:48 -------- d-----w- c:\users\Gerrit\AppData\Local\2K Games
2012-03-23 15:53 . 2012-02-09 10:59 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2012-03-23 15:53 . 2012-02-09 10:59 25920 ----a-w- c:\windows\system32\authuitu.dll
2012-03-23 15:53 . 2012-02-09 10:59 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-03-23 15:52 . 2012-03-23 15:52 -------- d-----w- c:\users\Gerrit\AppData\Roaming\TuneUp Software
2012-03-23 15:51 . 2012-03-23 15:53 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012
2012-03-23 15:50 . 2012-03-23 15:53 -------- d-----w- c:\programdata\TuneUp Software
2012-03-23 15:50 . 2012-03-23 15:50 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-03-21 12:27 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-21 12:27 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-20 17:26 . 2012-03-20 17:26 -------- d-----w- c:\windows\symbols
2012-03-20 17:20 . 2012-03-20 17:20 -------- d-----w- c:\programdata\VS
2012-03-20 17:07 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-20 17:07 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-20 17:07 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-20 17:01 . 2012-03-20 17:01 -------- d-----w- c:\windows\system32\SPReview
2012-03-20 17:00 . 2012-03-20 17:00 -------- d-----w- c:\windows\system32\EventProviders
2012-03-20 16:59 . 2011-09-22 20:07 105832 ----a-w- c:\windows\system32\SQSRVRES.DLL
2012-03-20 16:59 . 2011-09-22 20:06 109416 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-03-20 16:59 . 2011-09-22 16:18 73064 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2012-03-20 16:58 . 2012-03-20 16:58 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2012-03-14 12:34 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 12:34 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 12:34 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 12:34 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 12:34 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 12:34 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 12:34 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 12:34 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 14:46 . 2012-03-13 14:46 -------- d-----w- C:\found.001
2012-03-12 17:39 . 2012-03-12 18:23 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
2012-03-11 15:07 . 2012-03-11 15:16 -------- d-----w- c:\program files (x86)\Time Boss
2012-03-10 09:08 . 2012-03-10 09:08 -------- d-----w- c:\windows\SysWow64\Wat
2012-03-10 09:08 . 2012-03-10 09:08 -------- d-----w- c:\windows\system32\Wat
2012-03-09 19:01 . 2012-03-23 19:46 -------- d-----w- c:\users\Gerrit\AppData\Roaming\HP Support Assistant
2012-03-09 16:07 . 2009-07-21 00:42 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-03-09 16:07 . 2009-07-21 00:42 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-03-09 16:06 . 2012-03-09 16:06 -------- d-----w- c:\windows\system32\RsFx
2012-03-09 16:05 . 2012-03-09 16:05 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-03-09 16:04 . 2012-03-09 16:04 -------- d-----w- c:\windows\SysWow64\1033
2012-03-09 16:04 . 2012-03-09 16:04 -------- d-----w- c:\windows\SysWow64\1031
2012-03-09 16:04 . 2012-03-09 16:04 -------- d-----w- c:\windows\system32\1033
2012-03-09 16:04 . 2012-03-09 16:04 -------- d-----w- c:\windows\system32\1031
2012-03-09 16:04 . 2012-03-09 16:04 -------- d-----w- c:\program files\Microsoft.NET
2012-03-09 16:01 . 2012-03-20 16:56 -------- d-----w- c:\program files\Microsoft SQL Server
2012-03-09 15:59 . 2012-03-20 16:56 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-03-09 15:59 . 2012-03-09 15:59 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-03-09 15:59 . 2012-03-09 15:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-03-09 15:59 . 2012-03-26 16:13 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-03-09 15:59 . 2012-03-09 15:59 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-03-09 15:59 . 2012-03-21 15:16 207008 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1031\ResourceCache.dll
2012-03-09 15:57 . 2012-03-09 16:09 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2012-03-09 15:57 . 2012-03-09 15:57 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-03-09 15:57 . 2012-03-09 15:57 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-03-09 15:57 . 2012-03-09 15:57 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2012-03-09 13:18 . 2010-11-20 13:27 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-03-09 13:17 . 2010-11-20 13:27 235520 ----a-w- c:\windows\system32\onex.dll
2012-03-09 13:16 . 2010-11-20 13:27 182784 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-03-09 13:15 . 2010-11-20 13:12 7168 ----a-w- c:\windows\system32\drivers\de-DE\msdsm.sys.mui
2012-03-09 13:15 . 2010-11-20 13:07 2560 ----a-w- c:\windows\system32\drivers\de-DE\disk.sys.mui
2012-03-09 13:15 . 2010-11-20 13:00 4608 ----a-w- c:\windows\system32\drivers\de-DE\vdrvroot.sys.mui
2012-03-09 13:15 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2012-03-09 13:15 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2012-03-09 13:15 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
2012-03-09 13:13 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-03-09 13:13 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2012-03-09 13:13 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-03-09 13:08 . 2012-03-09 13:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-09 13:08 . 2012-03-23 16:14 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-09 13:03 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-03-09 13:03 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-03-09 13:02 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-03-08 16:37 . 2012-03-08 16:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-07 16:53 . 2012-03-07 16:59 -------- d-----w- c:\users\Gerrit\AppData\Local\NPE
2012-03-07 16:28 . 2012-03-07 16:32 -------- d-----w- c:\users\Gerrit\AppData\Local\gctmp
2012-03-07 16:28 . 2012-03-07 16:28 -------- d-----w- c:\users\Gerrit\AppData\Local\Xenocode
2012-03-06 17:50 . 2012-03-06 17:50 -------- d-----w- c:\program files (x86)\Codemasters
2012-03-05 17:01 . 2012-03-09 13:20 -------- d-----w- c:\users\Gerrit\AppData\Local\Smartbar
2012-03-05 15:15 . 2012-03-05 17:01 -------- d-----w- c:\users\Gerrit\AppData\Local\Linkury
2012-03-05 15:14 . 2012-03-05 19:56 -------- d-----w- c:\users\Gerrit\AppData\Roaming\OpenCandy
2012-03-05 14:19 . 2012-03-05 14:19 -------- d-----w- c:\users\Gerrit\AppData\Local\GamersFirst LIVE!
2012-03-05 14:19 . 2012-03-26 15:03 -------- d-----w- c:\program files (x86)\GamersFirst
2012-03-04 20:13 . 2012-03-04 20:13 -------- d-----w- c:\programdata\EA Core
2012-03-04 17:35 . 2012-03-04 17:35 -------- d-----w- c:\users\Gerrit\AppData\Local\Windows Live Writer
2012-03-04 17:35 . 2012-03-04 17:35 -------- d-----w- c:\users\Gerrit\AppData\Roaming\Windows Live Writer
2012-03-04 15:57 . 2012-03-29 14:52 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-04 15:56 . 2012-03-12 17:44 -------- d-----w- c:\users\Gerrit\AppData\Local\PunkBuster
2012-03-04 15:51 . 2012-03-29 14:52 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-04 15:51 . 2012-03-29 14:49 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-04 15:51 . 2012-03-12 19:42 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-04 11:57 . 2012-03-04 11:57 -------- d-----w- C:\found.000
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-20 17:43 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-03-20 17:43 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-03-03 10:35 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-03 08:20 . 2009-10-01 23:44 588472 ----a-w- c:\windows\SysWow64\ezsvc7x.dll
2012-02-15 03:18 . 2012-02-15 03:18 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-02-08 12:34 . 2012-03-16 19:26 7680 ----a-w- c:\windows\help\OEM\Scripts\NetworkCheckAlert.exe
2012-01-31 17:15 . 2012-01-31 17:15 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-01-31 17:15 . 2012-01-31 17:15 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-01-31 17:15 . 2012-01-31 17:15 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-01-31 17:15 . 2012-01-31 17:15 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-01-31 17:15 . 2012-01-31 17:15 325552 ----a-w- c:\windows\MASetupCaller.dll
2012-01-31 17:15 . 2012-01-31 17:15 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-01-31 17:15 . 2012-01-31 17:15 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-01-31 17:15 . 2012-01-31 17:15 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-01-31 17:15 . 2012-01-31 17:15 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-01-31 17:15 . 2012-01-31 17:15 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-01-31 17:15 . 2012-01-31 17:15 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-01-31 17:15 . 2012-01-31 17:15 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-01-31 17:15 . 2012-01-31 17:15 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-01-31 17:15 . 2012-01-31 17:15 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-01-31 17:15 . 2012-01-31 17:15 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-01-31 17:15 . 2012-01-31 17:15 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-01-31 17:15 . 2012-01-31 17:15 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-01-31 17:15 . 2012-01-31 17:15 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-01-31 17:15 . 2012-01-31 17:15 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-01-31 17:15 . 2012-01-31 17:15 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-01-31 17:15 . 2012-01-31 17:15 40960 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-01-31 17:15 . 2012-01-31 17:15 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-01-31 17:15 . 2012-01-31 17:15 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-01-31 17:15 . 2012-01-31 17:15 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-01-31 17:15 . 2012-01-31 17:15 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-01-31 17:15 . 2012-01-31 17:15 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-01-31 17:15 . 2012-01-31 17:15 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-01-31 17:15 . 2012-01-31 17:15 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-01-09 09:28 . 2012-03-16 19:26 55168 ----a-w- c:\windows\help\OEM\Scripts\HPSAUpdaterObj.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-28_14.58.19 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-03-26 15:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-29 17:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-26 15:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-29 17:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-26 15:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-29 17:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-01 23:20 . 2012-03-29 14:45 38400 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-29 17:34 45024 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-21 13:20 . 2012-03-29 17:34 11120 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3044037015-4269376589-4159146494-1000_UserData.bin
- 2010-01-21 13:12 . 2012-03-23 15:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-21 13:12 . 2012-03-29 15:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-29 17:19 . 2012-03-29 15:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-29 15:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-23 15:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-03-29 15:29 16768 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-01-21 18:56 . 2012-03-28 20:38 6842 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-03-28 14:57 . 2012-03-28 14:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-29 17:32 . 2012-03-29 17:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-29 17:32 . 2012-03-29 17:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-28 14:57 . 2012-03-28 14:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-24 18:12 . 2012-03-29 17:19 162144 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-03-28 14:48 718288 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-29 14:48 718288 c:\windows\system32\perfh009.dat
- 2009-10-02 09:09 . 2012-03-28 14:48 762970 c:\windows\system32\perfh007.dat
+ 2009-10-02 09:09 . 2012-03-29 14:48 762970 c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-03-29 14:48 146310 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-28 14:48 146310 c:\windows\system32\perfc009.dat
- 2009-10-02 09:09 . 2012-03-28 14:48 173356 c:\windows\system32\perfc007.dat
+ 2009-10-02 09:09 . 2012-03-29 14:48 173356 c:\windows\system32\perfc007.dat
+ 2009-07-14 05:01 . 2012-03-29 17:31 315304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-28 14:56 315304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-03-03 09:39 . 2012-03-28 14:30 2567089 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3044037015-4269376589-4159146494-1000-8192.dat
+ 2012-03-03 09:39 . 2012-03-29 14:43 2567089 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3044037015-4269376589-4159146494-1000-8192.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-10 98304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk.disabled [2012-3-5 1170]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 1 (0x1)
"DisableTaskMgr"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LWA"= 0 (0x0)
"LWB"= 0 (0x0)
"LWC"= 0 (0x0)
"LWD"= 0 (0x0)
"LWE"= 0 (0x0)
"LWF"= 0 (0x0)
"LWG"= 0 (0x0)
"LWH"= 0 (0x0)
"LWI"= 0 (0x0)
"LWJ"= 0 (0x0)
"LWK"= 0 (0x0)
"LWL"= 0 (0x0)
"LWM"= 0 (0x0)
"LWN"= 0 (0x0)
"LWO"= 0 (0x0)
"LWP"= 0 (0x0)
"LWQ"= 0 (0x0)
"LWR"= 0 (0x0)
"LWS"= 0 (0x0)
"LWT"= 0 (0x0)
"LWU"= 0 (0x0)
"LWV"= 0 (0x0)
"LWW"= 0 (0x0)
"LWX"= 0 (0x0)
"LWY"= 0 (0x0)
"LWZ"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Easybits Recovery"=c:\program files (x86)\EasyBits For Kids\ezRecover.exe
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"HP Remote Solution"=%ProgramFiles(x86)%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
"hpsysdrv"=c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"KiesTrayAgent"=c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va006;X6va006;c:\users\Gerrit\AppData\Local\Temp\00683DF.tmp [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120328.002\IDSvia64.sys [2012-03-06 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0601020.00A\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe [2012-01-17 138232]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-02-09 2143552]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-13 138360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-02-09 11856]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3044037015-4269376589-4159146494-1000Core.job
- c:\users\Gerrit\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-03 09:09]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3044037015-4269376589-4159146494-1000UA.job
- c:\users\Gerrit\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-03 09:09]
.
2012-03-03 c:\windows\Tasks\HPCeeScheduleForGerrit.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-10-01 12:38]
.
2012-03-02 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-29 16333856]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page =
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant =
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Gerrit\AppData\Roaming\Mozilla\Firefox\Profiles\zdzacfp4.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.1.2.10\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\Gerrit\AppData\Local\Temp\00683DF.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3044037015-4269376589-4159146494-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E421B744-12A1-4447-AB8A-DA2F96D9D9EE}]
@Denied: (A 2) (S-1-5-21-3044037015-4269376589-4159146494-1000)
@Denied: (A 2) (Administrators)
@Denied: (A 2) (RestrictedCode)
"Flags"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TimeBossSrv]
@DACL=(02 0013)
@Denied: (A 2) (Administrators)
@Denied: (A 2) (Administrators)
@Denied: (A 2) (Administrators)
@Denied: (A 2) (Administrators)
@Denied: (A 2) (Administrators)
@Denied: (A 2) (Administrators)
@Denied: (A 2) (Administrators)
@Denied: (A 2) (Administrators)
@Denied: (A 2) (Administrators)
@Denied: (A 2) (Users)
@Denied: (A 2) (Administrators)
@Denied: (A 2) (Administrators)
"Type"=dword:00000010
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=expand:"c:\\Program Files (x86)\\Time Boss\\time_boss_s.exe"
"DisplayName"="Time boss srv"
"WOW64"=dword:00000001
"ObjectName"="LocalSystem"
"Description"="The main part of Time Boss application"
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,14,00,00,
00,01,00,00,00,0a,00,00,00
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Time Boss\time_boss_s.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-29 19:39:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-29 17:39
ComboFix2.txt 2012-03-28 15:11
.
Vor Suchlauf: 15 Verzeichnis(se), 269.522.194.432 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 269.155.024.896 Bytes frei
.
- - End Of File - - C3945968FFC59F10B4B290AB65B137A2
--- --- --- |
|
| Themen zu Suspicious.Cloud.7.EP |
| allgemein, babylon toolbar, compu, computer, dateisystem, device driver, gefährlich, googel, heuristiks/extra, heuristiks/shuriken, nicht mehr, nochmals, norton, office 2007, origin, scans, schlimm, schnell, smartbar, sofort, software, spybot, stelle, super, suspicous.cloud.7.ep, troja, trojaner, trojaner-board, usb 2.0, visual studio, windows 7 home, windows 7 home premium, wissen, woche, wochen |
Linear-Darstellung
