| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: SMART HDD Trojaner eingefangen - Desktop schwarz, Dateien verschwundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.04.2012, 19:50
| #1 |
 |  SMART HDD Trojaner eingefangen - Desktop schwarz, Dateien verschwunden Hallo, ich bin beim googlen schon des öfteren über "Trojaner-Board" gestolpert, hätte aber nie gedacht, Euch selbst einmal belästigen zu müssen. Tja, jetzt ist´s wohl so weit. Wie im Titel schon erwähnt hat SMART HDD zugeschlagen. Schwarzer Desktop, Icons und Dateien sind verschwunden, mehrere "System message - Write Fault Error"-Meldungen und ein Scan-Fenster erscheinen. In einigen Threads habe ich gelesen, dass der erste Schritt scheinbar das Erstellen eines Logs mit Hilfe von TDSSKiller ist. Ich habe mir erlaubt, das TDSSKiller-Log gleich mit anzufügen und bedanke mich schon jetzt für Eure Hilfe! Abschlussmeldung vn TDSSKiller: Locked file Service: sptd Suspicious object, medium risk Report: 20:14:47.0688 6132 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47 20:14:48.0059 6132 ============================================================ 20:14:48.0059 6132 Current date / time: 2012/04/23 20:14:48.0059 20:14:48.0059 6132 SystemInfo: 20:14:48.0059 6132 20:14:48.0059 6132 OS Version: 6.0.6002 ServicePack: 2.0 20:14:48.0059 6132 Product type: Workstation 20:14:48.0060 6132 ComputerName: SO-PC 20:14:48.0060 6132 UserName: so 20:14:48.0060 6132 Windows directory: C:\Windows 20:14:48.0060 6132 System windows directory: C:\Windows 20:14:48.0060 6132 Processor architecture: Intel x86 20:14:48.0060 6132 Number of processors: 2 20:14:48.0060 6132 Page size: 0x1000 20:14:48.0060 6132 Boot type: Normal boot 20:14:48.0060 6132 ============================================================ 20:14:53.0376 6132 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 20:14:53.0385 6132 Drive \Device\Harddisk1\DR1 - Size: 0xF13FFE00 (3.77 Gb), SectorSize: 0x200, Cylinders: 0x1EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 20:14:53.0387 6132 \Device\Harddisk0\DR0: 20:14:53.0387 6132 MBR partitions: 20:14:53.0388 6132 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x47000, BlocksNum 0x1400000 20:14:53.0388 6132 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1447000, BlocksNum 0x1BD7E000 20:14:53.0388 6132 \Device\Harddisk1\DR1: 20:14:53.0389 6132 MBR partitions: 20:14:53.0389 6132 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3E, BlocksNum 0x789EAA 20:14:53.0824 6132 C: <-> \Device\Harddisk0\DR0\Partition1 20:14:53.0909 6132 D: <-> \Device\Harddisk0\DR0\Partition0 20:14:53.0910 6132 Initialize success 20:14:53.0910 6132 ============================================================ 20:15:33.0776 4888 ============================================================ 20:15:33.0776 4888 Scan started 20:15:33.0776 4888 Mode: Manual; 20:15:33.0777 4888 ============================================================ 20:15:54.0353 4888 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 20:15:54.0358 4888 ACPI - ok 20:15:56.0566 4888 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 20:15:56.0607 4888 adp94xx - ok 20:15:58.0973 4888 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 20:15:58.0985 4888 adpahci - ok 20:16:00.0836 4888 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 20:16:00.0839 4888 adpu160m - ok 20:16:02.0566 4888 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 20:16:02.0568 4888 adpu320 - ok 20:16:03.0975 4888 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 20:16:03.0977 4888 AeLookupSvc - ok 20:16:05.0714 4888 AESTFilters (ef1142512bec12f1c2c87735da1755be) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe 20:16:05.0716 4888 AESTFilters - ok 20:16:08.0185 4888 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 20:16:08.0190 4888 AFD - ok 20:16:10.0407 4888 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 20:16:10.0422 4888 agp440 - ok 20:16:12.0200 4888 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 20:16:12.0246 4888 aic78xx - ok 20:16:13.0670 4888 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 20:16:13.0672 4888 ALG - ok 20:16:15.0896 4888 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 20:16:15.0907 4888 aliide - ok 20:16:18.0729 4888 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 20:16:18.0744 4888 amdagp - ok 20:16:20.0942 4888 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 20:16:21.0063 4888 amdide - ok 20:16:23.0335 4888 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 20:16:23.0348 4888 AmdK7 - ok 20:16:25.0732 4888 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 20:16:25.0745 4888 AmdK8 - ok 20:16:26.0530 4888 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files\Avira\AntiVir Desktop\sched.exe 20:16:26.0549 4888 AntiVirSchedulerService - ok 20:16:27.0323 4888 AntiVirService (72d90e56563165984224493069c69ed4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 20:16:27.0328 4888 AntiVirService - ok 20:16:29.0717 4888 ApfiltrService (1de27858a431a5749e0f3df54ba935b9) C:\Windows\system32\DRIVERS\Apfiltr.sys 20:16:29.0735 4888 ApfiltrService - ok 20:16:31.0094 4888 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 20:16:31.0096 4888 Appinfo - ok 20:16:31.0696 4888 Apple Mobile Device (70d7be78061126dd0c3accdb7e129017) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 20:16:31.0700 4888 Apple Mobile Device - ok 20:16:33.0912 4888 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 20:16:33.0928 4888 arc - ok 20:16:35.0693 4888 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 20:16:35.0711 4888 arcsas - ok 20:16:37.0677 4888 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 20:16:37.0690 4888 AsyncMac - ok 20:16:39.0609 4888 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 20:16:39.0611 4888 atapi - ok 20:16:41.0657 4888 Ati External Event Utility (4604db6d5eca6362873cc3a76d2204ba) C:\Windows\system32\Ati2evxx.exe 20:16:41.0667 4888 Ati External Event Utility - ok 20:16:45.0160 4888 atikmdag (47dcf5d78c395159d72c65c25129fc44) C:\Windows\system32\DRIVERS\atikmdag.sys 20:16:46.0435 4888 atikmdag - ok 20:16:47.0833 4888 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 20:16:47.0842 4888 AudioEndpointBuilder - ok 20:16:47.0859 4888 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 20:16:47.0864 4888 Audiosrv - ok 20:16:50.0052 4888 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys 20:16:50.0065 4888 avgntflt - ok 20:16:52.0540 4888 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys 20:16:52.0569 4888 avipbb - ok 20:16:54.0343 4888 BCM42RLY (7bd70aeed0d975285a1b20bd012ebf4e) C:\Windows\system32\drivers\BCM42RLY.sys 20:16:54.0353 4888 BCM42RLY - ok 20:16:56.0856 4888 BCM43XX (fa6707a346cd122407f3b0bad1c47639) C:\Windows\system32\DRIVERS\bcmwl6.sys 20:16:56.0874 4888 BCM43XX - ok 20:16:58.0771 4888 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 20:16:58.0782 4888 Beep - ok 20:17:00.0901 4888 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll 20:17:00.0910 4888 BFE - ok 20:17:03.0022 4888 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll 20:17:03.0115 4888 BITS - ok 20:17:04.0755 4888 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 20:17:04.0768 4888 blbdrive - ok 20:17:05.0255 4888 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe 20:17:05.0260 4888 Bonjour Service - ok 20:17:07.0124 4888 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 20:17:07.0138 4888 bowser - ok 20:17:09.0168 4888 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 20:17:09.0175 4888 BrFiltLo - ok 20:17:10.0689 4888 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 20:17:10.0701 4888 BrFiltUp - ok 20:17:11.0788 4888 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll 20:17:11.0791 4888 Browser - ok 20:17:13.0092 4888 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 20:17:13.0161 4888 Brserid - ok 20:17:15.0082 4888 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 20:17:15.0099 4888 BrSerWdm - ok 20:17:17.0047 4888 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 20:17:17.0469 4888 BrUsbMdm - ok 20:17:18.0988 4888 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 20:17:19.0002 4888 BrUsbSer - ok 20:17:20.0999 4888 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 20:17:21.0048 4888 BTHMODEM - ok 20:17:22.0634 4888 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 20:17:22.0677 4888 cdfs - ok 20:17:24.0487 4888 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 20:17:24.0501 4888 cdrom - ok 20:17:25.0572 4888 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 20:17:25.0574 4888 CertPropSvc - ok 20:17:27.0496 4888 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys 20:17:27.0979 4888 circlass - ok 20:17:28.0901 4888 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 20:17:29.0232 4888 CLFS - ok 20:17:30.0025 4888 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:17:30.0047 4888 clr_optimization_v2.0.50727_32 - ok 20:17:31.0676 4888 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:17:31.0679 4888 clr_optimization_v4.0.30319_32 - ok 20:17:33.0127 4888 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 20:17:33.0139 4888 CmBatt - ok 20:17:35.0089 4888 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 20:17:35.0228 4888 cmdide - ok 20:17:37.0719 4888 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 20:17:37.0744 4888 Compbatt - ok 20:17:39.0149 4888 COMSysApp - ok 20:17:40.0941 4888 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 20:17:40.0987 4888 crcdisk - ok 20:17:42.0905 4888 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 20:17:42.0937 4888 Crusoe - ok 20:17:43.0985 4888 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll 20:17:43.0989 4888 CryptSvc - ok 20:17:45.0776 4888 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 20:17:45.0900 4888 DcomLaunch - ok 20:17:47.0572 4888 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 20:17:47.0624 4888 DfsC - ok 20:17:49.0692 4888 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe 20:17:49.0948 4888 DFSR - ok 20:17:51.0982 4888 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll 20:17:51.0988 4888 Dhcp - ok 20:17:54.0562 4888 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 20:17:54.0595 4888 disk - ok 20:17:56.0444 4888 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll 20:17:56.0448 4888 Dnscache - ok 20:17:56.0851 4888 DockLoginService (db29915209770d8b59654345ec2d943a) C:\Program Files\Dell\DellDock\DockLogin.exe 20:17:56.0869 4888 DockLoginService - ok 20:17:58.0372 4888 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll 20:17:58.0397 4888 dot3svc - ok 20:18:00.0338 4888 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll 20:18:00.0342 4888 DPS - ok 20:18:02.0319 4888 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 20:18:02.0341 4888 drmkaud - ok 20:18:05.0096 4888 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 20:18:05.0107 4888 DXGKrnl - ok 20:18:07.0348 4888 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys 20:18:07.0504 4888 e1express - ok 20:18:10.0459 4888 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 20:18:10.0540 4888 E1G60 - ok 20:18:11.0945 4888 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll 20:18:11.0949 4888 EapHost - ok 20:18:14.0001 4888 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 20:18:14.0099 4888 Ecache - ok 20:18:14.0968 4888 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe 20:18:14.0998 4888 ehRecvr - ok 20:18:15.0981 4888 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe 20:18:15.0984 4888 ehSched - ok 20:18:16.0635 4888 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll 20:18:16.0636 4888 ehstart - ok 20:18:18.0731 4888 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 20:18:18.0798 4888 elxstor - ok 20:18:20.0613 4888 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll 20:18:20.0788 4888 EMDMgmt - ok 20:18:23.0077 4888 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 20:18:23.0078 4888 ErrDev - ok 20:18:24.0715 4888 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll 20:18:24.0722 4888 EventSystem - ok 20:18:27.0154 4888 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 20:18:27.0157 4888 exfat - ok 20:18:29.0279 4888 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 20:18:29.0282 4888 fastfat - ok 20:18:31.0318 4888 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 20:18:31.0320 4888 fdc - ok 20:18:32.0947 4888 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll 20:18:32.0963 4888 fdPHost - ok 20:18:34.0687 4888 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 20:18:34.0690 4888 FDResPub - ok 20:18:36.0556 4888 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 20:18:36.0558 4888 FileInfo - ok 20:18:38.0189 4888 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 20:18:38.0191 4888 Filetrace - ok 20:18:40.0451 4888 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 20:18:40.0453 4888 flpydisk - ok 20:18:42.0855 4888 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 20:18:42.0859 4888 FltMgr - ok 20:18:45.0061 4888 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll 20:18:45.0401 4888 FontCache - ok 20:18:46.0171 4888 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 20:18:46.0189 4888 FontCache3.0.0.0 - ok 20:18:48.0164 4888 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys 20:18:48.0172 4888 Fs_Rec - ok 20:18:50.0129 4888 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 20:18:50.0131 4888 gagp30kx - ok 20:18:52.0103 4888 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 20:18:52.0105 4888 GEARAspiWDM - ok 20:18:53.0123 4888 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 20:18:53.0135 4888 GoogleDesktopManager-051210-111108 - ok 20:18:53.0314 4888 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe 20:18:53.0345 4888 GoToAssist - ok 20:18:55.0033 4888 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll 20:18:55.0105 4888 gpsvc - ok 20:18:55.0469 4888 gusvc (649f407a844dde2b97bc086af97d663b) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 20:18:55.0491 4888 gusvc - ok 20:18:58.0078 4888 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys 20:18:58.0082 4888 HdAudAddService - ok 20:19:00.0546 4888 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 20:19:00.0624 4888 HDAudBus - ok 20:19:02.0372 4888 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 20:19:02.0373 4888 HidBth - ok 20:19:03.0615 4888 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys 20:19:03.0616 4888 HidIr - ok 20:19:04.0909 4888 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll 20:19:04.0913 4888 hidserv - ok 20:19:06.0565 4888 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 20:19:06.0566 4888 HidUsb - ok 20:19:07.0652 4888 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll 20:19:07.0657 4888 hkmsvc - ok 20:19:09.0777 4888 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 20:19:09.0779 4888 HpCISSs - ok 20:19:11.0705 4888 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 20:19:11.0802 4888 HTTP - ok 20:19:13.0913 4888 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 20:19:13.0914 4888 i2omp - ok 20:19:15.0401 4888 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 20:19:15.0403 4888 i8042prt - ok 20:19:17.0000 4888 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 20:19:17.0005 4888 iaStorV - ok 20:19:18.0632 4888 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 20:19:19.0039 4888 idsvc - ok 20:19:20.0694 4888 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 20:19:20.0696 4888 iirsp - ok 20:19:21.0466 4888 IJPLMSVC (a06efd4965f8a3f97a8c9a291d032678) C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE 20:19:21.0468 4888 IJPLMSVC - ok 20:19:23.0339 4888 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll 20:19:23.0457 4888 IKEEXT - ok 20:19:25.0447 4888 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 20:19:25.0449 4888 intelide - ok 20:19:27.0173 4888 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 20:19:27.0174 4888 intelppm - ok 20:19:28.0826 4888 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll 20:19:28.0846 4888 IPBusEnum - ok 20:19:30.0860 4888 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:19:30.0862 4888 IpFilterDriver - ok 20:19:32.0168 4888 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll 20:19:32.0175 4888 iphlpsvc - ok 20:19:33.0800 4888 IpInIp - ok 20:19:36.0152 4888 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 20:19:36.0154 4888 IPMIDRV - ok 20:19:37.0930 4888 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 20:19:37.0933 4888 IPNAT - ok 20:19:38.0620 4888 iPod Service (32cdedd15e2d1a557cd54552ae78ff86) C:\Program Files\iPod\bin\iPodService.exe 20:19:38.0633 4888 iPod Service - ok 20:19:40.0516 4888 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 20:19:40.0518 4888 IRENUM - ok 20:19:42.0445 4888 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 20:19:42.0447 4888 isapnp - ok 20:19:44.0025 4888 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 20:19:44.0029 4888 iScsiPrt - ok 20:19:46.0487 4888 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 20:19:46.0488 4888 iteatapi - ok 20:19:48.0374 4888 itecir (8bcd857c7932ad005d5f9c89329da2e1) C:\Windows\system32\DRIVERS\itecir.sys 20:19:48.0375 4888 itecir - ok 20:19:49.0612 4888 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 20:19:49.0613 4888 iteraid - ok 20:19:51.0156 4888 k57nd60x (a67e8cfcad7d4f8b35643d6c79ba64c3) C:\Windows\system32\DRIVERS\k57nd60x.sys 20:19:51.0160 4888 k57nd60x - ok 20:19:52.0466 4888 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 20:19:52.0468 4888 kbdclass - ok 20:19:53.0549 4888 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 20:19:53.0550 4888 kbdhid - ok 20:19:54.0648 4888 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 20:19:54.0653 4888 KeyIso - ok 20:19:56.0837 4888 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys 20:19:56.0964 4888 KSecDD - ok 20:19:58.0369 4888 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll 20:19:58.0379 4888 KtmRm - ok 20:19:59.0308 4888 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll 20:19:59.0315 4888 LanmanServer - ok 20:20:00.0287 4888 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll 20:20:00.0297 4888 LanmanWorkstation - ok 20:20:01.0539 4888 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 20:20:01.0541 4888 lltdio - ok 20:20:02.0454 4888 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll 20:20:02.0482 4888 lltdsvc - ok 20:20:03.0680 4888 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll 20:20:03.0684 4888 lmhosts - ok 20:20:04.0971 4888 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 20:20:04.0973 4888 LSI_FC - ok 20:20:06.0329 4888 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 20:20:06.0331 4888 LSI_SAS - ok 20:20:07.0606 4888 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 20:20:07.0608 4888 LSI_SCSI - ok 20:20:09.0494 4888 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 20:20:09.0497 4888 luafv - ok 20:20:10.0379 4888 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll 20:20:10.0398 4888 Mcx2Svc - ok 20:20:11.0714 4888 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 20:20:11.0715 4888 megasas - ok 20:20:13.0422 4888 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 20:20:13.0464 4888 MegaSR - ok 20:20:14.0110 4888 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 20:20:14.0128 4888 Microsoft Office Groove Audit Service - ok 20:20:14.0955 4888 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 20:20:14.0960 4888 MMCSS - ok 20:20:16.0301 4888 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 20:20:16.0302 4888 Modem - ok 20:20:17.0513 4888 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 20:20:17.0515 4888 monitor - ok 20:20:19.0157 4888 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 20:20:19.0157 4888 mouclass - ok 20:20:20.0514 4888 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 20:20:20.0514 4888 mouhid - ok 20:20:21.0575 4888 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 20:20:21.0575 4888 MountMgr - ok 20:20:23.0213 4888 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 20:20:23.0213 4888 mpio - ok 20:20:24.0445 4888 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 20:20:24.0445 4888 mpsdrv - ok 20:20:25.0459 4888 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll 20:20:25.0506 4888 MpsSvc - ok 20:20:26.0707 4888 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 20:20:26.0707 4888 Mraid35x - ok 20:20:28.0080 4888 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 20:20:28.0095 4888 MRxDAV - ok 20:20:29.0437 4888 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 20:20:29.0437 4888 mrxsmb - ok 20:20:30.0467 4888 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:20:30.0467 4888 mrxsmb10 - ok 20:20:31.0980 4888 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:20:31.0980 4888 mrxsmb20 - ok 20:20:34.0133 4888 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys 20:20:34.0133 4888 msahci - ok 20:20:35.0427 4888 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 20:20:35.0427 4888 msdsm - ok 20:20:36.0332 4888 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe 20:20:36.0348 4888 MSDTC - ok 20:20:37.0440 4888 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 20:20:37.0440 4888 Msfs - ok 20:20:38.0610 4888 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 20:20:38.0610 4888 msisadrv - ok 20:20:39.0546 4888 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll 20:20:39.0561 4888 MSiSCSI - ok 20:20:40.0435 4888 msiserver - ok 20:20:41.0652 4888 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 20:20:41.0652 4888 MSKSSRV - ok 20:20:42.0884 4888 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 20:20:42.0884 4888 MSPCLOCK - ok 20:20:44.0444 4888 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 20:20:44.0444 4888 MSPQM - ok 20:20:45.0692 4888 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 20:20:45.0692 4888 MsRPC - ok 20:20:46.0706 4888 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 20:20:46.0706 4888 mssmbios - ok 20:20:47.0970 4888 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 20:20:47.0970 4888 MSTEE - ok 20:20:49.0249 4888 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 20:20:49.0249 4888 Mup - ok 20:20:50.0029 4888 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll 20:20:50.0045 4888 napagent - ok 20:20:51.0308 4888 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 20:20:51.0308 4888 NativeWifiP - ok 20:20:52.0447 4888 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 20:20:52.0509 4888 NDIS - ok 20:20:53.0508 4888 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 20:20:53.0508 4888 NdisTapi - ok 20:20:54.0787 4888 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 20:20:54.0803 4888 Ndisuio - ok 20:20:56.0425 4888 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 20:20:56.0425 4888 NdisWan - ok 20:20:57.0486 4888 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 20:20:57.0486 4888 NDProxy - ok 20:20:58.0079 4888 Nero BackItUp Scheduler 4.0 (b90e093e7a7250906f1054418b5339c0) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe 20:20:58.0157 4888 Nero BackItUp Scheduler 4.0 - ok 20:20:59.0311 4888 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 20:20:59.0327 4888 NetBIOS - ok 20:21:00.0590 4888 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 20:21:00.0590 4888 netbt - ok 20:21:01.0573 4888 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 20:21:01.0573 4888 Netlogon - ok 20:21:02.0712 4888 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll 20:21:02.0727 4888 Netman - ok 20:21:03.0851 4888 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll 20:21:03.0866 4888 netprofm - ok 20:21:04.0599 4888 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:21:04.0631 4888 NetTcpPortSharing - ok 20:21:05.0863 4888 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 20:21:05.0863 4888 nfrd960 - ok 20:21:07.0189 4888 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll 20:21:07.0205 4888 NlaSvc - ok 20:21:08.0562 4888 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 20:21:08.0562 4888 Npfs - ok 20:21:09.0669 4888 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll 20:21:09.0685 4888 nsi - ok 20:21:11.0417 4888 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 20:21:11.0417 4888 nsiproxy - ok 20:21:13.0335 4888 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 20:21:13.0554 4888 Ntfs - ok 20:21:15.0020 4888 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 20:21:15.0020 4888 ntrigdigi - ok 20:21:16.0580 4888 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 20:21:16.0580 4888 Null - ok 20:21:17.0735 4888 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 20:21:17.0735 4888 nvraid - ok 20:21:19.0435 4888 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 20:21:19.0435 4888 nvstor - ok 20:21:21.0869 4888 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 20:21:21.0869 4888 nv_agp - ok 20:21:23.0631 4888 NwlnkFlt - ok 20:21:25.0098 4888 NwlnkFwd - ok 20:21:26.0424 4888 OA001Ufd (a015dd2ba6009c8bdd00a6c431302d06) C:\Windows\system32\DRIVERS\OA001Ufd.sys 20:21:26.0424 4888 OA001Ufd - ok 20:21:27.0812 4888 OA001Vid (2c9410571660dfd607c863c66ca56d60) C:\Windows\system32\DRIVERS\OA001Vid.sys 20:21:27.0812 4888 OA001Vid - ok 20:21:28.0296 4888 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 20:21:28.0545 4888 odserv - ok 20:21:29.0762 4888 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 20:21:29.0762 4888 ohci1394 - ok 20:21:30.0059 4888 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:21:30.0121 4888 ose - ok 20:21:31.0899 4888 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 20:21:32.0149 4888 p2pimsvc - ok 20:21:32.0321 4888 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 20:21:32.0336 4888 p2psvc - ok 20:21:34.0177 4888 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 20:21:34.0177 4888 Parport - ok 20:21:35.0815 4888 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 20:21:35.0815 4888 partmgr - ok 20:21:37.0207 4888 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 20:21:37.0209 4888 Parvdm - ok 20:21:39.0163 4888 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll 20:21:39.0169 4888 PcaSvc - ok 20:21:40.0690 4888 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 20:21:40.0694 4888 pci - ok 20:21:42.0599 4888 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 20:21:42.0600 4888 pciide - ok 20:21:44.0589 4888 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 20:21:44.0592 4888 pcmcia - ok 20:21:46.0760 4888 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 20:21:46.0849 4888 PEAUTH - ok 20:21:48.0040 4888 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll 20:21:48.0279 4888 pla - ok 20:21:49.0374 4888 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll 20:21:49.0385 4888 PlugPlay - ok 20:21:50.0737 4888 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 20:21:50.0751 4888 PNRPAutoReg - ok 20:21:50.0880 4888 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 20:21:50.0897 4888 PNRPsvc - ok 20:21:52.0079 4888 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll 20:21:52.0092 4888 PolicyAgent - ok 20:21:54.0203 4888 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 20:21:54.0206 4888 PptpMiniport - ok 20:21:55.0681 4888 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 20:21:55.0683 4888 Processor - ok 20:21:56.0918 4888 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll 20:21:56.0926 4888 ProfSvc - ok 20:21:57.0964 4888 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 20:21:57.0968 4888 ProtectedStorage - ok 20:21:59.0588 4888 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 20:21:59.0591 4888 PSched - ok 20:22:01.0514 4888 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys 20:22:01.0516 4888 PxHelp20 - ok 20:22:03.0216 4888 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 20:22:03.0401 4888 ql2300 - ok 20:22:06.0244 4888 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 20:22:06.0246 4888 ql40xx - ok 20:22:07.0444 4888 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll 20:22:07.0529 4888 QWAVE - ok 20:22:09.0682 4888 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 20:22:09.0706 4888 QWAVEdrv - ok 20:22:12.0381 4888 R300 (47dcf5d78c395159d72c65c25129fc44) C:\Windows\system32\DRIVERS\atikmdag.sys 20:22:12.0439 4888 R300 - ok 20:22:13.0964 4888 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 20:22:13.0966 4888 RasAcd - ok 20:22:15.0084 4888 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll 20:22:15.0106 4888 RasAuto - ok 20:22:17.0332 4888 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 20:22:17.0335 4888 Rasl2tp - ok 20:22:18.0993 4888 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll 20:22:19.0004 4888 RasMan - ok 20:22:20.0838 4888 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 20:22:20.0840 4888 RasPppoe - ok 20:22:22.0410 4888 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 20:22:22.0413 4888 RasSstp - ok 20:22:24.0140 4888 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 20:22:24.0157 4888 rdbss - ok 20:22:26.0335 4888 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 20:22:26.0337 4888 RDPCDD - ok 20:22:29.0819 4888 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 20:22:29.0825 4888 rdpdr - ok 20:22:32.0948 4888 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 20:22:32.0949 4888 RDPENCDD - ok 20:22:35.0617 4888 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys 20:22:35.0622 4888 RDPWD - ok 20:22:37.0490 4888 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll 20:22:37.0686 4888 RemoteAccess - ok 20:22:39.0445 4888 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll 20:22:39.0728 4888 RemoteRegistry - ok 20:22:44.0195 4888 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys 20:22:44.0197 4888 rimmptsk - ok 20:22:49.0479 4888 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys 20:22:49.0481 4888 rimsptsk - ok 20:22:54.0195 4888 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys 20:22:54.0197 4888 rismxdp - ok 20:22:56.0174 4888 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe 20:22:56.0191 4888 RpcLocator - ok 20:22:57.0823 4888 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 20:22:57.0837 4888 RpcSs - ok 20:22:59.0743 4888 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 20:22:59.0745 4888 rspndr - ok 20:23:00.0892 4888 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 20:23:00.0897 4888 SamSs - ok 20:23:03.0513 4888 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 20:23:03.0513 4888 sbp2port - ok 20:23:06.0337 4888 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll 20:23:06.0352 4888 SCardSvr - ok 20:23:08.0521 4888 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll 20:23:08.0552 4888 Schedule - ok 20:23:10.0159 4888 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 20:23:10.0159 4888 SCPolicySvc - ok 20:23:12.0046 4888 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 20:23:12.0062 4888 sdbus - ok 20:23:13.0559 4888 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll 20:23:13.0669 4888 SDRSVC - ok 20:23:15.0057 4888 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 20:23:15.0057 4888 secdrv - ok 20:23:16.0633 4888 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll 20:23:16.0648 4888 seclogon - ok 20:23:18.0629 4888 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll 20:23:18.0629 4888 SENS - ok 20:23:20.0111 4888 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 20:23:20.0111 4888 Serenum - ok 20:23:21.0235 4888 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 20:23:21.0235 4888 Serial - ok 20:23:23.0231 4888 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 20:23:23.0231 4888 sermouse - ok 20:23:24.0604 4888 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll 20:23:24.0620 4888 SessionEnv - ok 20:23:27.0334 4888 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys 20:23:27.0334 4888 sffdisk - ok 20:23:28.0582 4888 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 20:23:28.0582 4888 sffp_mmc - ok 20:23:30.0392 4888 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys 20:23:30.0392 4888 sffp_sd - ok 20:23:31.0983 4888 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 20:23:31.0983 4888 sfloppy - ok 20:23:33.0028 4888 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll 20:23:33.0122 4888 SharedAccess - ok 20:23:33.0949 4888 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll 20:23:33.0949 4888 ShellHWDetection - ok 20:23:35.0290 4888 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 20:23:35.0290 4888 sisagp - ok 20:23:37.0677 4888 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 20:23:37.0677 4888 SiSRaid2 - ok 20:23:39.0299 4888 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 20:23:39.0299 4888 SiSRaid4 - ok 20:23:41.0546 4888 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe 20:23:41.0702 4888 slsvc - ok 20:23:43.0075 4888 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll 20:23:43.0090 4888 SLUINotify - ok 20:23:44.0572 4888 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 20:23:44.0588 4888 Smb - ok 20:23:45.0539 4888 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe 20:23:45.0555 4888 SNMPTRAP - ok 20:23:47.0318 4888 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 20:23:47.0318 4888 spldr - ok 20:23:48.0269 4888 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe 20:23:48.0269 4888 Spooler - ok 20:23:50.0422 4888 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys 20:23:50.0422 4888 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b 20:23:50.0422 4888 sptd ( LockedFile.Multi.Generic ) - warning 20:23:50.0422 4888 sptd - detected LockedFile.Multi.Generic (1) 20:23:52.0435 4888 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 20:23:52.0559 4888 srv - ok 20:23:53.0901 4888 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 20:23:53.0917 4888 srv2 - ok 20:23:56.0132 4888 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 20:23:56.0132 4888 srvnet - ok 20:23:58.0175 4888 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll 20:23:58.0175 4888 SSDPSRV - ok 20:24:00.0391 4888 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 20:24:00.0391 4888 ssmdrv - ok 20:24:01.0420 4888 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll 20:24:01.0436 4888 SstpSvc - ok 20:24:03.0058 4888 STacSV (ffa85a9f3c3571ad29ac156bc6f116c5) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe 20:24:03.0058 4888 STacSV - ok 20:24:04.0899 4888 STHDA (5af1feec6945f4fa5efd00e0c6d8f9b9) C:\Windows\system32\DRIVERS\stwrt.sys 20:24:04.0899 4888 STHDA - ok 20:24:06.0319 4888 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll 20:24:06.0334 4888 stisvc - ok 20:24:06.0553 4888 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe 20:24:06.0584 4888 stllssvr - ok 20:24:08.0284 4888 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 20:24:08.0300 4888 swenum - ok 20:24:09.0267 4888 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll 20:24:09.0392 4888 swprv - ok 20:24:11.0217 4888 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 20:24:11.0217 4888 Symc8xx - ok 20:24:14.0540 4888 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 20:24:14.0555 4888 Sym_hi - ok 20:24:17.0582 4888 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 20:24:17.0582 4888 Sym_u3 - ok 20:24:19.0547 4888 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll 20:24:19.0563 4888 SysMain - ok 20:24:20.0655 4888 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll 20:24:20.0655 4888 TabletInputService - ok 20:24:21.0700 4888 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll 20:24:21.0716 4888 TapiSrv - ok 20:24:22.0574 4888 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll 20:24:22.0574 4888 TBS - ok 20:24:24.0337 4888 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys 20:24:24.0352 4888 Tcpip - ok 20:24:25.0834 4888 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys 20:24:25.0850 4888 Tcpip6 - ok 20:24:28.0377 4888 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 20:24:28.0393 4888 tcpipreg - ok 20:24:29.0734 4888 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 20:24:29.0734 4888 TDPIPE - ok 20:24:31.0279 4888 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 20:24:31.0279 4888 TDTCP - ok 20:24:32.0651 4888 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 20:24:32.0651 4888 tdx - ok 20:24:33.0073 4888 TeamViewer5 (213723e1a736910c644b457de6d095e2) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe 20:24:33.0073 4888 TeamViewer5 - ok 20:24:34.0289 4888 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 20:24:34.0289 4888 TermDD - ok 20:24:35.0475 4888 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll 20:24:35.0771 4888 TermService - ok 20:24:36.0785 4888 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll 20:24:36.0785 4888 Themes - ok 20:24:38.0860 4888 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 20:24:38.0860 4888 THREADORDER - ok 20:24:40.0015 4888 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll 20:24:40.0030 4888 TrkWks - ok 20:24:41.0185 4888 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe 20:24:41.0200 4888 TrustedInstaller - ok 20:24:43.0805 4888 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 20:24:43.0805 4888 tssecsrv - ok 20:24:45.0787 4888 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 20:24:45.0787 4888 tunmp - ok 20:24:48.0127 4888 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 20:24:48.0127 4888 tunnel - ok 20:24:49.0827 4888 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 20:24:49.0843 4888 uagp35 - ok 20:24:52.0120 4888 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 20:24:52.0120 4888 udfs - ok 20:24:54.0398 4888 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe 20:24:54.0429 4888 UI0Detect - ok 20:24:57.0331 4888 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 20:24:57.0331 4888 uliagpkx - ok 20:25:00.0232 4888 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 20:25:00.0232 4888 uliahci - ok 20:25:02.0276 4888 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 20:25:02.0276 4888 UlSata - ok 20:25:03.0914 4888 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 20:25:03.0914 4888 ulsata2 - ok 20:25:06.0098 4888 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 20:25:06.0098 4888 umbus - ok 20:25:07.0517 4888 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll 20:25:07.0533 4888 upnphost - ok 20:25:09.0311 4888 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys 20:25:09.0311 4888 USBAAPL - ok 20:25:10.0981 4888 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 20:25:10.0981 4888 usbccgp - ok 20:25:12.0993 4888 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 20:25:12.0993 4888 usbcir - ok 20:25:14.0756 4888 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 20:25:14.0756 4888 usbehci - ok 20:25:16.0285 4888 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 20:25:16.0285 4888 usbhub - ok 20:25:18.0016 4888 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 20:25:18.0016 4888 usbohci - ok 20:25:19.0561 4888 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 20:25:19.0561 4888 usbprint - ok 20:25:21.0277 4888 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 20:25:21.0277 4888 usbscan - ok 20:25:23.0102 4888 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:25:23.0102 4888 USBSTOR - ok 20:25:26.0409 4888 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 20:25:26.0409 4888 usbuhci - ok 20:25:28.0312 4888 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll 20:25:28.0328 4888 UxSms - ok 20:25:30.0028 4888 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe 20:25:30.0137 4888 vds - ok 20:25:31.0526 4888 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 20:25:31.0526 4888 vga - ok 20:25:33.0601 4888 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 20:25:33.0601 4888 VgaSave - ok 20:25:35.0785 4888 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 20:25:35.0785 4888 viaagp - ok 20:25:38.0639 4888 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 20:25:38.0639 4888 ViaC7 - ok 20:25:41.0993 4888 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 20:25:41.0993 4888 viaide - ok 20:25:44.0115 4888 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 20:25:44.0115 4888 volmgr - ok 20:25:46.0127 4888 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 20:25:46.0143 4888 volmgrx - ok 20:25:49.0778 4888 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 20:25:49.0793 4888 volsnap - ok 20:25:51.0977 4888 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 20:25:51.0977 4888 vsmraid - ok 20:25:54.0255 4888 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe 20:25:54.0551 4888 VSS - ok 20:25:57.0718 4888 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS 20:25:57.0718 4888 VSTHWBS2 - ok 20:26:00.0183 4888 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 20:26:00.0230 4888 VST_DPV - ok 20:26:01.0634 4888 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll 20:26:01.0634 4888 W32Time - ok 20:26:03.0615 4888 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 20:26:03.0615 4888 WacomPen - ok 20:26:05.0939 4888 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 20:26:05.0955 4888 Wanarp - ok 20:26:05.0955 4888 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 20:26:05.0955 4888 Wanarpv6 - ok 20:26:07.0499 4888 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll 20:26:07.0531 4888 wcncsvc - ok 20:26:09.0278 4888 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll 20:26:09.0293 4888 WcsPlugInService - ok 20:26:12.0647 4888 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 20:26:12.0647 4888 Wd - ok 20:26:15.0284 4888 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 20:26:15.0315 4888 Wdf01000 - ok 20:26:16.0547 4888 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 20:26:16.0547 4888 WdiServiceHost - ok 20:26:16.0563 4888 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 20:26:16.0579 4888 WdiSystemHost - ok 20:26:18.0263 4888 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll 20:26:18.0279 4888 WebClient - ok 20:26:19.0745 4888 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll 20:26:19.0917 4888 Wecsvc - ok 20:26:21.0524 4888 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll 20:26:21.0539 4888 wercplsupport - ok 20:26:22.0413 4888 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll 20:26:22.0413 4888 WerSvc - ok 20:26:24.0004 4888 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 20:26:24.0269 4888 winachsf - ok 20:26:24.0940 4888 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll 20:26:24.0940 4888 WinDefend - ok 20:26:24.0956 4888 WinHttpAutoProxySvc - ok 20:26:26.0453 4888 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll 20:26:26.0453 4888 Winmgmt - ok 20:26:28.0060 4888 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll 20:26:28.0169 4888 WinRM - ok 20:26:29.0339 4888 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll 20:26:29.0371 4888 Wlansvc - ok 20:26:30.0494 4888 wltrysvc - ok 20:26:32.0225 4888 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 20:26:32.0225 4888 WmiAcpi - ok 20:26:33.0770 4888 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe 20:26:33.0910 4888 wmiApSrv - ok 20:26:34.0222 4888 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe 20:26:34.0347 4888 WMPNetworkSvc - ok 20:26:35.0704 4888 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll 20:26:35.0735 4888 WPCSvc - ok 20:26:36.0749 4888 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll 20:26:36.0749 4888 WPDBusEnum - ok 20:26:39.0074 4888 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 20:26:39.0074 4888 WpdUsb - ok 20:26:40.0337 4888 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 20:26:40.0540 4888 WPFFontCache_v0400 - ok 20:26:41.0695 4888 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 20:26:41.0695 4888 ws2ifsl - ok 20:26:43.0192 4888 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll 20:26:43.0192 4888 wscsvc - ok 20:26:44.0206 4888 WSearch - ok 20:26:45.0251 4888 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll 20:26:45.0688 4888 wuauserv - ok 20:26:47.0186 4888 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 20:26:47.0186 4888 WUDFRd - ok 20:26:48.0512 4888 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll 20:26:48.0512 4888 wudfsvc - ok 20:26:48.0637 4888 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 20:26:48.0746 4888 \Device\Harddisk0\DR0 - ok 20:26:48.0761 4888 MBR (0x1B8) (23b571400a29918f5392f6e85eeb756e) \Device\Harddisk1\DR1 20:26:48.0808 4888 \Device\Harddisk1\DR1 - ok 20:26:48.0871 4888 Boot (0x1200) (bbbf34c5ad359c34f1c00e67786fe866) \Device\Harddisk0\DR0\Partition0 20:26:48.0871 4888 \Device\Harddisk0\DR0\Partition0 - ok 20:26:48.0902 4888 Boot (0x1200) (1614eedd30cc8943ab8913ff6801829f) \Device\Harddisk0\DR0\Partition1 20:26:48.0917 4888 \Device\Harddisk0\DR0\Partition1 - ok 20:26:48.0933 4888 Boot (0x1200) (0f56d6eb7fa143c7bf8749b5ae82ac58) \Device\Harddisk1\DR1\Partition0 20:26:48.0933 4888 \Device\Harddisk1\DR1\Partition0 - ok 20:26:48.0933 4888 ============================================================ 20:26:48.0933 4888 Scan finished 20:26:48.0933 4888 ============================================================ 20:26:48.0980 5028 Detected object count: 1 20:26:48.0980 5028 Actual detected object count: 1 20:27:43.0049 5028 sptd ( LockedFile.Multi.Generic ) - skipped by user 20:27:43.0049 5028 sptd ( LockedFile.Multi.Generic ) - User select action: Skip |
|
23.04.2012, 20:08
| #2 |
| /// Malware-holic   | SMART HDD Trojaner eingefangen - Desktop schwarz, Dateien verschwunden hi,
__________________das tdss killer log ist ok. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
23.04.2012, 21:17
| #3 |
| | SMART HDD Trojaner eingefangen - Desktop schwarz, Dateien verschwunden Hallo markusg,
__________________vielen Dank für Deine schnelle Antwort! Hier die Ergebinisse: OTL.txt Code:
ATTFilter OTL logfile created on: 23.04.2012 21:33:57 - Run 1 OTL by OldTimer - Version 3.2.41.0 Folder = C:\Users\SO\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19222) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,45% Memory free 6,18 Gb Paging File | 5,12 Gb Available in Paging File | 82,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 222,75 Gb Total Space | 117,23 Gb Free Space | 52,63% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 4,90 Gb Free Space | 49,01% Space Free | Partition Type: NTFS Drive G: | 3,75 Gb Total Space | 3,07 Gb Free Space | 81,64% Space Free | Partition Type: FAT32 Computer Name: SO-PC | User Name: SO | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.04.23 21:24:32 | 000,594,944 | -H-- | M] (OldTimer Tools) -- C:\Users\SO\Desktop\OTL.exe PRC - [2012.04.21 16:17:43 | 000,221,184 | -H-- | M] () -- C:\ProgramData\9HjFSnO4FQh8s4.exe PRC - [2012.04.21 16:09:53 | 000,300,032 | -H-- | M] () -- C:\ProgramData\hjOouWQXnIVMkvP.exe PRC - [2011.06.29 12:51:40 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.06 17:46:12 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.30 19:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.07.06 17:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.10.22 11:50:20 | 000,561,952 | ---- | M] (Apple Inc.) -- C:\Programme\Apple Software Update\SoftwareUpdate.exe PRC - [2009.07.20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.03.08 13:34:00 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ielowutil.exe PRC - [2009.02.26 19:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2009.02.10 18:01:49 | 000,116,104 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe PRC - [2008.09.23 23:09:52 | 001,295,656 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DellDock.exe PRC - [2008.09.23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe PRC - [2008.07.17 14:00:36 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe PRC - [2008.07.17 14:00:18 | 000,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe PRC - [2008.07.17 14:00:18 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe PRC - [2008.07.17 14:00:16 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe PRC - [2008.07.17 12:23:04 | 000,442,433 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2008.07.17 12:23:02 | 000,221,239 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\stacsv.exe PRC - [2008.07.17 12:22:56 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\AEstSrv.exe PRC - [2008.07.09 15:31:46 | 001,616,976 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe PRC - [2006.11.02 11:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe ========== Modules (No Company Name) ========== MOD - [2012.04.23 20:45:15 | 015,880,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\6cf868c94053e7cd8119a2e48e60e11f\MenuSkinning.ni.dll MOD - [2012.04.23 20:22:56 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\3823ef58580f05de9cb6e5c304150d8b\VistaBridgeLibrary.ni.dll MOD - [2012.04.23 20:22:52 | 002,500,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\8d716b4f31efe5b6775a370c981c5a4d\DellDock.ni.exe MOD - [2012.04.23 20:22:46 | 000,274,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\83005fa291c1da8099d361f5410ab792\MyDock.Util.ni.dll MOD - [2012.04.23 20:22:29 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\48302596a8c8f2ab396b3be518dbd800\System.Web.ni.dll MOD - [2012.04.21 16:17:43 | 000,221,184 | -H-- | M] () -- C:\ProgramData\9HjFSnO4FQh8s4.exe MOD - [2012.04.21 16:09:53 | 000,300,032 | -H-- | M] () -- C:\ProgramData\hjOouWQXnIVMkvP.exe MOD - [2012.04.12 13:57:26 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll MOD - [2012.04.12 13:57:01 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll MOD - [2012.02.26 19:36:29 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll MOD - [2012.02.26 19:36:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll MOD - [2012.02.26 19:35:27 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll MOD - [2012.02.19 17:20:53 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll MOD - [2012.02.19 17:13:44 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll MOD - [2011.10.26 13:37:42 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll MOD - [2011.10.19 03:42:54 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MOD - [2010.03.03 16:33:12 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2009.08.16 18:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.08.05 14:16:20 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll MOD - [2008.07.18 12:27:50 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll ========== Win32 Services (SafeList) ========== SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.06.29 12:51:40 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.06 17:46:12 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.07.06 17:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2009.07.20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2009.02.10 18:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2008.12.06 10:30:31 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2008.09.23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2008.07.17 12:23:02 | 000,221,239 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\stacsv.exe -- (STacSV) SRV - [2008.07.17 12:22:56 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\AEstSrv.exe -- (AESTFilters) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (axo8mxrr) DRV - [2011.06.29 12:51:41 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.29 12:51:41 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.12.19 19:46:55 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2008.09.22 10:27:02 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd) DRV - [2008.09.22 10:27:00 | 000,277,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid) DRV - [2008.08.05 14:16:06 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY) DRV - [2008.07.28 11:46:32 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir) DRV - [2008.07.18 12:27:48 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2008.07.18 12:27:48 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.07.17 14:00:14 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008.07.17 12:23:06 | 000,379,904 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2008.07.03 10:58:26 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2008.07.03 10:58:24 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2008.07.03 10:58:22 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2008.05.29 13:03:34 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM) DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2) DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6081206 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=1586&gct=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {11DBAAF3-182D-4F89-982F-42A73D2CC85F} IE - HKCU\..\SearchScopes\{11DBAAF3-182D-4F89-982F-42A73D2CC85F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7DDDE_de IE - HKCU\..\SearchScopes\{2B686E04-3574-4737-98B3-EB330BE5EEAF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=c1e4a3ce-fced-4016-9fac-8aa109e51895&apn_sauid=17B93412-E802-43B5-92EE-59D63C4AE41F IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7DDDE_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=NHrUiZdVJsMLbqrJVTVWhHQtpok?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.11.19 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.16749 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\SO\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( ) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\SO\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.05 15:21:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.05 15:21:36 | 000,000,000 | ---D | M] [2008.12.14 20:48:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\SO\AppData\Roaming\mozilla\Extensions [2012.02.18 13:43:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\SO\AppData\Roaming\mozilla\Firefox\Profiles\frwnbcki.default\extensions [2009.08.26 19:28:48 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\SO\AppData\Roaming\mozilla\Firefox\Profiles\frwnbcki.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.20 20:40:12 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\SO\AppData\Roaming\mozilla\Firefox\Profiles\frwnbcki.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.07.07 18:39:45 | 000,000,000 | -H-D | M] (kikin plugin) -- C:\Users\SO\AppData\Roaming\mozilla\Firefox\Profiles\frwnbcki.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2010.08.20 20:35:55 | 000,000,000 | -H-D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\SO\AppData\Roaming\mozilla\Firefox\Profiles\frwnbcki.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.07.09 21:02:46 | 000,002,399 | -H-- | M] () -- C:\Users\SO\AppData\Roaming\Mozilla\Firefox\Profiles\frwnbcki.default\searchplugins\askcom.xml [2010.11.11 14:54:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.02.25 18:59:21 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.03.08 21:17:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2010.10.27 07:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.27 07:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.10.27 07:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.27 07:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.27 07:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin) O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [hjOouWQXnIVMkvP.exe] C:\ProgramData\hjOouWQXnIVMkvP.exe () O4 - HKCU..\Run: [NvCplDaemonTool] rundll32.exe File not found O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\SO\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\SO\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.179.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CB09DF9-6073-40E7-A2E4-A5403385111A}: DhcpNameServer = 192.168.168.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC83C4C9-AF10-4638-A805-E0EAAB6A662E}: DhcpNameServer = 192.168.179.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O24 - Desktop WallPaper: C:\Users\SO\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\SO\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.10.12 17:15:42 | 000,000,143 | ---- | M] () - G:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{73e8e681-7b12-11e1-a559-00217089e605}\Shell - "" = AutoRun O33 - MountPoints2\{73e8e681-7b12-11e1-a559-00217089e605}\Shell\AutoRun\command - "" = G:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083 O33 - MountPoints2\{fd3afbe0-6049-11df-bdfc-00217089e605}\Shell\AutoRun\command - "" = G:\avira.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^SO^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) MsConfig - StartUpReg: dellsupportcenter - hkey= - key= - File not found MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) MsConfig - StartUpReg: ICQ - hkey= - key= - File not found MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: SightSpeed - hkey= - key= - C:\Program Files\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.04.23 21:31:47 | 000,594,944 | -H-- | C] (OldTimer Tools) -- C:\Users\SO\Desktop\OTL.exe [2012.04.23 20:05:35 | 002,072,624 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Users\SO\Desktop\tdsskiller.exe [1 C:\Users\SO\Documents\*.tmp files -> C:\Users\SO\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.23 21:30:17 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4635F81F-6727-475D-BE7C-8C2081FFB669}.job [2012.04.23 21:24:32 | 000,594,944 | -H-- | M] (OldTimer Tools) -- C:\Users\SO\Desktop\OTL.exe [2012.04.23 21:23:38 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.23 21:23:38 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.23 21:23:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.23 21:23:02 | 3213,778,944 | -HS- | M] () -- C:\hiberfil.sys [2012.04.23 19:55:04 | 002,072,624 | -H-- | M] (Kaspersky Lab ZAO) -- C:\Users\SO\Desktop\tdsskiller.exe [2012.04.23 19:38:41 | 000,007,512 | -H-- | M] () -- C:\Users\SO\AppData\Local\d3d9caps.dat [2012.04.23 19:26:14 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.04.23 19:26:14 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.04.23 19:26:14 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.04.23 19:26:14 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.04.21 16:24:54 | 000,000,184 | -H-- | M] () -- C:\ProgramData\-9HjFSnO4FQh8s4r [2012.04.21 16:24:54 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-9HjFSnO4FQh8s4 [2012.04.21 16:24:41 | 000,000,256 | -H-- | M] () -- C:\ProgramData\9HjFSnO4FQh8s4 [2012.04.21 16:17:46 | 000,000,601 | -H-- | M] () -- C:\Users\SO\Desktop\SMART_HDD.lnk [2012.04.21 16:17:43 | 000,221,184 | -H-- | M] () -- C:\ProgramData\9HjFSnO4FQh8s4.exe [2012.04.21 16:09:53 | 000,300,032 | -H-- | M] () -- C:\ProgramData\hjOouWQXnIVMkvP.exe [2012.04.01 16:42:45 | 000,006,144 | -H-- | M] () -- C:\Users\SO\Documents\photothumb.db [2012.04.01 15:13:14 | 000,002,627 | -H-- | M] () -- C:\Users\SO\Desktop\Microsoft Office Word 2007.lnk [2012.03.31 23:32:40 | 000,035,328 | -H-- | M] () -- C:\Users\SO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.31 11:28:32 | 000,004,858 | -H-- | M] () -- C:\Users\SO\AppData\Roaming\wklnhst.dat [2012.03.25 15:02:57 | 000,020,992 | -H-- | M] () -- C:\Users\SO\Documents\rechnungMÄRZ12.wps [1 C:\Users\SO\Documents\*.tmp files -> C:\Users\SO\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.23 19:58:07 | 3213,778,944 | -HS- | C] () -- C:\hiberfil.sys [2012.04.21 16:17:46 | 000,000,601 | -H-- | C] () -- C:\Users\SO\Desktop\SMART_HDD.lnk [2012.04.21 16:17:46 | 000,000,184 | -H-- | C] () -- C:\ProgramData\-9HjFSnO4FQh8s4r [2012.04.21 16:17:46 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-9HjFSnO4FQh8s4 [2012.04.21 16:17:43 | 000,221,184 | -H-- | C] () -- C:\ProgramData\9HjFSnO4FQh8s4.exe [2012.04.21 16:17:43 | 000,000,256 | -H-- | C] () -- C:\ProgramData\9HjFSnO4FQh8s4 [2012.04.21 16:12:03 | 000,300,032 | -H-- | C] () -- C:\ProgramData\hjOouWQXnIVMkvP.exe [2012.04.01 16:42:43 | 000,006,144 | -H-- | C] () -- C:\Users\SO\Documents\photothumb.db [2012.03.25 15:02:57 | 000,020,992 | -H-- | C] () -- C:\Users\SO\Documents\rechnungMÄRZ12.wps ========== LOP Check ========== [2008.12.19 20:03:45 | 000,000,000 | -H-D | M] -- C:\Users\SO\AppData\Roaming\Atari [2011.03.20 14:44:35 | 000,000,000 | -H-D | M] -- C:\Users\SO\AppData\Roaming\Canon [2008.12.19 19:52:11 | 000,000,000 | -H-D | M] -- C:\Users\SO\AppData\Roaming\DAEMON Tools [2008.12.19 19:52:35 | 000,000,000 | -H-D | M] -- C:\Users\SO\AppData\Roaming\DAEMON Tools Lite [2008.12.19 19:52:11 | 000,000,000 | -H-D | M] -- C:\Users\SO\AppData\Roaming\DAEMON Tools Pro [2011.09.05 13:15:30 | 000,000,000 | -H-D | M] -- C:\Users\SO\AppData\Roaming\DVDVideoSoft [2011.06.04 18:22:16 | 000,000,000 | -H-D | M] -- C:\Users\SO\AppData\Roaming\DVDVideoSoftIEHelpers [2010.02.03 20:39:53 | 000,000,000 | -H-D | M] -- C:\Users\SO\AppData\Roaming\Facebook [2010.09.20 13:28:32 | 000,000,000 | -H-D | M] -- C:\Users\SO\AppData\Roaming\gtk-2.0 [2010.10.24 15:26:23 | 000,000,000 | -H-D | M] -- C:\Users\SO\AppData\Roaming\kikin [2010.03.08 21:27:43 | 000,000,000 | -H-D | M] -- C:\Users\SO\AppData\Roaming\OpenOffice.org [2008.12.30 22:05:20 | 000,000,000 | -H-D | M] -- C:\Users\SO\AppData\Roaming\Opera [2010.12.22 16:15:02 | 000,000,000 | -H-D | M] -- C:\Users\SO\AppData\Roaming\PCDr [2010.08.02 22:09:30 | 000,000,000 | -H-D | M] -- C:\Users\SO\AppData\Roaming\TeamViewer [2008.12.13 15:22:51 | 000,000,000 | -H-D | M] -- C:\Users\SO\AppData\Roaming\Template [2012.04.23 20:58:07 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.04.23 21:30:17 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4635F81F-6727-475D-BE7C-8C2081FFB669}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.04.11 20:03:56 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.06.12 13:01:53 | 000,000,000 | ---D | M] -- C:\23e8e6219d2848498769ffad [2011.04.03 18:29:07 | 000,000,000 | -HSD | M] -- C:\Boot [2010.12.22 16:23:17 | 000,000,000 | -H-D | M] -- C:\DELL [2008.12.06 18:26:21 | 000,000,000 | -H-D | M] -- C:\doctemp [2008.12.10 16:32:52 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2008.09.22 10:26:58 | 000,000,000 | -H-D | M] -- C:\Drivers [2010.04.17 20:20:23 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.12.08 18:56:17 | 000,000,000 | -H-D | M] -- C:\output [2008.01.21 04:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.07.22 18:55:17 | 000,000,000 | R--D | M] -- C:\Program Files [2012.04.21 16:17:46 | 000,000,000 | -H-D | M] -- C:\ProgramData [2008.12.10 16:32:52 | 000,000,000 | -HSD | M] -- C:\Programme [2012.04.23 21:40:46 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.04.11 20:02:38 | 000,000,000 | R--D | M] -- C:\Users [2012.04.23 19:31:15 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2008.12.06 18:28:08 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2008.12.06 18:28:08 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.12.06 18:28:08 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2008.12.19 19:46:55 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > [2008.08.05 14:16:20 | 000,055,808 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\bcmwlrmt.dll < %USERPROFILE%\*.* > [2010.09.20 13:28:32 | 000,005,224 | -H-- | M] () -- C:\Users\SO\.recently-used.xbel [2012.04.23 22:05:05 | 003,145,728 | -HS- | M] () -- C:\Users\SO\ntuser.dat [2012.04.23 22:05:05 | 000,262,144 | -H-- | M] () -- C:\Users\SO\ntuser.dat.LOG1 [2008.12.10 16:36:50 | 000,000,000 | -H-- | M] () -- C:\Users\SO\ntuser.dat.LOG2 [2010.03.30 02:13:15 | 000,065,536 | -HS- | M] () -- C:\Users\SO\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.03.30 02:13:15 | 000,524,288 | -HS- | M] () -- C:\Users\SO\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2008.12.10 18:50:05 | 000,524,288 | -HS- | M] () -- C:\Users\SO\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2012.04.23 20:58:01 | 000,065,536 | -HS- | M] () -- C:\Users\SO\ntuser.dat{ca386378-3c05-11df-a491-00217089e605}.TM.blf [2012.04.23 20:58:01 | 000,524,288 | -HS- | M] () -- C:\Users\SO\ntuser.dat{ca386378-3c05-11df-a491-00217089e605}.TMContainer00000000000000000001.regtrans-ms [2010.03.30 23:02:51 | 000,524,288 | -HS- | M] () -- C:\Users\SO\ntuser.dat{ca386378-3c05-11df-a491-00217089e605}.TMContainer00000000000000000002.regtrans-ms [2008.12.10 16:36:51 | 000,000,020 | -HS- | M] () -- C:\Users\SO\ntuser.ini [2011.04.11 19:57:16 | 000,000,680 | RHS- | M] () -- C:\Users\SO\ntuser.pol < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.04.2012 21:33:57 - Run 1
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Users\SO\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,45% Memory free
6,18 Gb Paging File | 5,12 Gb Available in Paging File | 82,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,75 Gb Total Space | 117,23 Gb Free Space | 52,63% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,90 Gb Free Space | 49,01% Space Free | Partition Type: NTFS
Drive G: | 3,75 Gb Total Space | 3,07 Gb Free Space | 81,64% Space Free | Partition Type: FAT32
Computer Name: SO-PC | User Name: SO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Program Files\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Pixum Fotobuch] -- "C:\Program Files\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{070D4414-43D4-4399-92D6-F339FEE1D76A}" = lport=137 | protocol=17 | dir=in | app=system |
"{12AD1323-70E0-4583-9B14-EC2C0CF8C8BF}" = rport=139 | protocol=6 | dir=out | app=system |
"{37648954-196F-41FE-9132-95F4254CF69B}" = lport=445 | protocol=6 | dir=in | app=system |
"{7D580F2E-CB75-43ED-9581-75CA32A753AE}" = lport=139 | protocol=6 | dir=in | app=system |
"{8FC1BD59-C366-4F84-9367-F7AE448219D1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{97103206-954C-4E3E-8E47-0EB406112DC8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A6142A6C-157F-4A7E-BA54-DBA813FC196F}" = rport=138 | protocol=17 | dir=out | app=system |
"{B70808F3-C05D-4702-B711-BA8C41DE191E}" = lport=138 | protocol=17 | dir=in | app=system |
"{C93B3677-70D2-4AA2-B352-E9F2740DABCF}" = rport=445 | protocol=6 | dir=out | app=system |
"{DF3AABD7-8325-42CB-82F9-4AB435404EB4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{EA0B59A5-0826-4586-BD4F-5B9181D4187E}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15518920-F932-4C71-90F2-EC775433DEBE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1A220AB7-C265-47DE-9F82-29B2EE307E2A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{30B2FB77-3AA6-4FDA-BF2E-1AD92F95C164}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4E9AB01B-D458-4204-AB2B-232B86CF2394}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4F62B17A-13F2-4210-B499-D12FD0DCECB7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{57B09AFD-0FF8-4676-A072-1D90A2FF8A00}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{696C9D42-FD97-4162-AA3D-782F0F64DA53}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7210AA61-996C-4807-A620-879C571F8BAE}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{7B84BBF7-560C-4D3C-B92C-772E22242088}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8196054A-ED35-44B1-AE2C-B97A749BBBCA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8EFF16DD-E885-40BE-A42A-22126F6FBAE6}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{990A6712-43DC-45E7-9F18-C2E9D0F02C24}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AFE444DC-CFD9-4CEF-B8E5-8E720974BE8E}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{B54EE664-CC8E-4AF9-B5CD-6B0BA4EC0260}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B5E71287-FAC4-47EC-9F2E-9BC0B63C8267}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{DA513C5F-DB5E-4F4F-9AFB-F8ADDA6B5E0F}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{DB0B506F-68A9-4B14-968D-137459C741E0}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{DC1EBE1E-A19C-46A2-90CA-0AE21D03F3EB}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{DF21F4C4-827D-4052-A233-F8C633760B7A}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{F9C9F6C7-0109-43D0-BB18-560BBBD28813}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{FCF06DE8-2380-4886-9F27-A2112C47ADFA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FF69242A-D652-471E-803F-CE7F625444F7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{4AC1767C-D939-4B36-ABE8-9551219F4C88}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{53A91237-AA47-4B11-BF61-25A10DDE7E8F}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{B156D885-E300-48E2-8371-18574690731B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{F8246CFF-5693-4288-9F7F-80479F938281}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0709B06B-82BC-6073-0E43-DE107DF1389C}" = Catalyst Control Center Localization Spanish
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers
"{11D03BF4-A66F-325E-7762-4F64586C673F}" = Catalyst Control Center Graphics Full New
"{15EB6A85-A28D-2ED8-C344-DEBC592F2E12}" = Catalyst Control Center Localization German
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{28C3CD30-2DF4-FEFA-3F4E-D6C1C3257FCE}" = ccc-core-static
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32C2CBBB-4540-E526-206D-B7BC7932D82F}" = CCC Help Danish
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{425819E1-D68E-8CE1-85D5-CDBA64E82DDE}" = CCC Help Japanese
"{4392E2AF-1643-29DA-E873-C94D547467D7}" = Catalyst Control Center Localization Swedish
"{44FDDB51-0E97-DD4A-9FB2-8D394DBEE47F}" = CCC Help Dutch
"{48C86A94-A6C0-D2D0-1649-ECB00D2DF4DE}" = Catalyst Control Center Localization Norwegian
"{48CC1AD8-2013-82B3-284F-E0253195664F}" = Catalyst Control Center Localization French
"{496C34BF-9DE5-9628-48CC-052DD6A8453E}" = Catalyst Control Center Core Implementation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A4D109A-D9C4-E460-4F9A-0252F581D600}" = CCC Help Swedish
"{4CA09BF7-1CFC-44B8-80EA-7B4D15D12DC5}" = Catalyst Control Center - Branding
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57847CB0-95DA-D785-B170-1F00FC79B860}" = Catalyst Control Center Localization Chinese Traditional
"{5A72A2C4-9D4A-0718-DA28-95B73C2270DA}" = Catalyst Control Center Localization Danish
"{615ee1ee-b5c6-48a2-aabb-4fa42575acc5}" = Nero 9 Essentials
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{682FED0E-738E-0048-F448-B3EE427978CC}" = Catalyst Control Center Localization Japanese
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B00208E-2844-7480-5F50-6515A5907F0B}" = CCC Help Norwegian
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E12A66-1AEC-3816-E75A-330998F2D40C}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{79FBDD2E-DD2B-141A-DCF0-B8C125B5A008}" = Catalyst Control Center Graphics Previews Vista
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C63DFEB-6176-C3F1-AA83-F997E32B44EA}" = Catalyst Control Center Localization Portuguese
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{84557D91-D8C7-D7A4-1393-3AB3A16106C7}" = CCC Help Chinese Traditional
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9266D931-C05C-86F5-B74A-B1A382249916}" = Catalyst Control Center Localization Italian
"{94333A1C-DC4A-E70F-FA92-16AB6F2443D6}" = Catalyst Control Center Graphics Full Existing
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{974BBAF1-048D-4230-2254-62FEA00B18E9}" = Skins
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{998D91BE-65FE-8B9D-5C6E-1D52401EAAA1}" = CCC Help English
"{9AB377EE-454D-374C-C309-D2DFA9AB535B}" = CCC Help Italian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A4874CD2-6942-E7A7-3690-277B9CB56DF5}" = Catalyst Control Center Graphics Light
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B578DD15-CB17-CBB8-611E-D1AE7D5568AC}" = Catalyst Control Center Graphics Previews Common
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC5C42B3-CE50-8D5E-A495-6C48C0FF6336}" = CCC Help Portuguese
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BEFFB92B-8238-E6B7-E9D4-494BA407E593}" = Catalyst Control Center Localization Korean
"{BFC19AEE-8C4D-65BF-3BAE-729D1252E86C}" = Catalyst Control Center InstallProxy
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C177F7FD-C061-003B-47F6-41483424517B}" = Catalyst Control Center Localization Chinese Standard
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3171626-2269-7CF9-82AC-7BFC534A0E6A}" = ccc-utility
"{D86C72D4-57DB-D59E-1FE3-9ED8819B28C4}" = Catalyst Control Center Localization Russian
"{DAD207CE-44D2-0C73-198B-8DD3B4F27426}" = CCC Help Spanish
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E1ED3247-902C-9B94-31AB-81572A6D77AA}" = Catalyst Control Center Localization Dutch
"{E374F278-E64E-D574-332F-AE9241580749}" = CCC Help Chinese Standard
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E60E58A1-6093-3DFC-C382-3702EFB40F0E}" = CCC Help French
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E87A027B-8051-4323-1B8D-34CB90A9EEBE}" = CCC Help German
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EAD1C99F-6325-E477-C94C-58B2DB656959}" = Catalyst Control Center Localization Finnish
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F688B66F-AC95-809B-0056-154AF871D5EF}" = CCC Help Finnish
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC41BB0E-F005-F0B8-9040-18E935D752E7}" = CCC Help Russian
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Dienstprogramm für Dell Wireless WLAN Karte
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MP270 series Benutzerregistrierung" = Canon MP270 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Creative OA001" = Integrated Webcam Driver (1.03.01.0825)
"Dell Video Chat" = Dell Video Chat (remove only)
"Dell Webcam Central" = Dell Webcam Central
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DPP" = Canon Utilities Digital Photo Professional 3.4
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS USB WIA Driver" = EOS USB WIA Driver
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Stylus C90_91_D92 Benutzerhandbuch" = EPSON Stylus C90_91_D92 Handbuch
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.4
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6
"Free YouTube Download_is1" = Free YouTube Download version 3.0.0.602
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.8.815
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"kikin Plugin (NO23 Edition)" = kikin Plugin (NO23 Edition) 1.11
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MyCamera" = Canon Utilities MyCamera
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoScape" = PhotoScape
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Pixum Fotobuch" = Pixum Fotobuch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"TeamViewer 5" = TeamViewer 5
"TravelWorks Screensaver_is1" = TravelWorks Screensaver
"Uninstall_is1" = Uninstall 1.0.0.1
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WinRAR archiver" = WinRAR
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 26.07.2011 14:58:55 | Computer Name = SO-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5714004
Error - 26.07.2011 14:58:56 | Computer Name = SO-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 26.07.2011 14:58:56 | Computer Name = SO-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5715237
Error - 26.07.2011 14:58:56 | Computer Name = SO-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5715237
Error - 26.07.2011 14:58:57 | Computer Name = SO-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 26.07.2011 14:58:57 | Computer Name = SO-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5716688
Error - 26.07.2011 14:58:57 | Computer Name = SO-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5716688
Error - 27.07.2011 13:41:56 | Computer Name = SO-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 27.07.2011 13:41:56 | Computer Name = SO-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15444832
Error - 27.07.2011 13:41:56 | Computer Name = SO-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15444832
[ Broadcom Wireless LAN Events ]
Error - 24.06.2011 12:22:01 | Computer Name = SO-PC | Source = WLAN-Tray | ID = 0
Description = 18:22:01, Fri, Jun 24, 11 Error - User "" does not have administrative
privileges on this system
Error - 24.06.2011 12:22:01 | Computer Name = SO-PC | Source = WLAN-Tray | ID = 0
Description = 18:22:01, Fri, Jun 24, 11 Error - User "" does not have administrative
privileges on this system
Error - 25.06.2011 09:43:02 | Computer Name = SO-PC | Source = WLAN-Tray | ID = 0
Description = 15:43:02, Sat, Jun 25, 11 Error - User "" does not have administrative
privileges on this system
Error - 25.06.2011 09:43:02 | Computer Name = SO-PC | Source = WLAN-Tray | ID = 0
Description = 15:43:02, Sat, Jun 25, 11 Error - User "" does not have administrative
privileges on this system
Error - 26.06.2011 05:03:15 | Computer Name = SO-PC | Source = WLAN-Tray | ID = 0
Description = 11:03:15, Sun, Jun 26, 11 Error - User "" does not have administrative
privileges on this system
Error - 26.06.2011 05:03:15 | Computer Name = SO-PC | Source = WLAN-Tray | ID = 0
Description = 11:03:15, Sun, Jun 26, 11 Error - User "" does not have administrative
privileges on this system
Error - 22.08.2011 09:19:03 | Computer Name = SO-PC | Source = WLAN-Tray | ID = 0
Description = 15:19:02, Mon, Aug 22, 11 Error - Unable to gain access to user store
Error - 16.11.2011 05:51:28 | Computer Name = SO-PC | Source = WLAN-Tray | ID = 0
Description = 10:51:28, Wed, Nov 16, 11 Error - Unable to decrypt string
Error - 29.02.2012 10:55:12 | Computer Name = SO-PC | Source = WLAN-Tray | ID = 0
Description = 15:55:12, Wed, Feb 29, 12 Error - User "" does not have administrative
privileges on this system
Error - 29.02.2012 10:55:12 | Computer Name = SO-PC | Source = WLAN-Tray | ID = 0
Description = 15:55:12, Wed, Feb 29, 12 Error - User "" does not have administrative
privileges on this system
[ System Events ]
Error - 23.04.2012 13:32:53 | Computer Name = SO-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 23.04.2012 13:33:07 | Computer Name = SO-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 23.04.2012 13:33:10 | Computer Name = SO-PC | Source = DCOM | ID = 10005
Description =
Error - 23.04.2012 13:33:13 | Computer Name = SO-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 23.04.2012 14:04:58 | Computer Name = SO-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 23.04.2012 14:05:09 | Computer Name = SO-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.20 für die Netzwerkkarte mit der Netzwerkadresse
00234DA9B643 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 23.04.2012 15:24:42 | Computer Name = SO-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 23.04.2012 16:02:15 | Computer Name = SO-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 23.04.2012 16:02:24 | Computer Name = SO-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Ricoh Memory Stick Controller" (PCI\VEN_1180&DEV_0592&SUBSYS_029F1028&REV_12\4&31fc8c23&0&0AF0)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 23.04.2012 16:02:24 | Computer Name = SO-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Ricoh xD-Picture Card Controller" (PCI\VEN_1180&DEV_0852&SUBSYS_029F1028&REV_12\4&31fc8c23&0&0BF0)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
< End of report >
|
|
24.04.2012, 14:39
| #4 |
| /// Malware-holic | SMART HDD Trojaner eingefangen - Desktop schwarz, Dateien verschwunden hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\Run: [hjOouWQXnIVMkvP.exe] C:\ProgramData\hjOouWQXnIVMkvP.exe ()
[2012.04.21 16:24:54 | 000,000,184 | -H-- | M] () -- C:\ProgramData\-9HjFSnO4FQh8s4r
[2012.04.21 16:24:54 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-9HjFSnO4FQh8s4
[2012.04.21 16:17:46 | 000,000,601 | -H-- | M] () -- C:\Users\SO\Desktop\SMART_HDD.lnk
:Files
C:\ProgramData\9HjFSnO4FQh8s4.exe
C:\ProgramData\hjOouWQXnIVMkvP.exe
c:\Users\SO\AppData\LocalLow\Sun\Java\Deployment\cache
:Commands
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden lade unhide: Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
24.04.2012, 17:09
| #5 |
| | SMART HDD Trojaner eingefangen - Desktop schwarz, Dateien verschwunden Hi, bis auf eine Kleinigkeit hat alles super funktioniert. - OTL vom Desktop aus gestartet. - dein Script in die Textbox kopiert und mit "FIX" gestartet. - nach dem geforderten Reboot waren die Fehlermeldungen verschwunden, aber ich konnte die Datei, die ich hochladen soll, leider nirgends entdecken. - Danach unhide gestartet und die Files scheinen auch alle wieder da zu sein. Der Upload von "MovedFiles.zip" hat tadellos geklappt. Ein herzliches Danke zwischendurch! |
|
24.04.2012, 17:15
| #6 | |
| /// Malware-holic | SMART HDD Trojaner eingefangen - Desktop schwarz, Dateien verschwunden hi, danke. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> SMART HDD Trojaner eingefangen - Desktop schwarz, Dateien verschwunden |
|
24.04.2012, 18:23
| #7 |
| | SMART HDD Trojaner eingefangen - Desktop schwarz, Dateien verschwunden Hi, hat ein wenig gedauert. Musste mal kurz weg. Hier das Log von ComboFix.exe: Code:
ATTFilter ComboFix 12-04-24.02 - SO 24.04.2012 18:33:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1315 [GMT 2:00]
ausgeführt von:: c:\users\SO\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\9HjFSnO4FQh8s4
c:\programdata\9HjFSnO4FQh8s4.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\users\SO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
c:\users\SO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD\SMART HDD.lnk
c:\users\SO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD\Uninstall SMART HDD.lnk
c:\users\SO\Documents\~WRL0003.tmp
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-24 bis 2012-04-24 ))))))))))))))))))))))))))))))
.
.
2012-04-24 16:44 . 2012-04-24 16:44 -------- d-----w- c:\users\Ute\AppData\Local\temp
2012-04-24 16:44 . 2012-04-24 16:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-24 16:44 . 2012-04-24 16:46 -------- d-----w- c:\users\SO\AppData\Local\temp
2012-04-24 16:26 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{11361217-EA12-40B2-9C89-2BA24409BDD3}\mpengine.dll
2012-04-12 12:10 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 12:10 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 12:10 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 12:10 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 12:07 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 12:07 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 11:27 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2009-11-06 10:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-14 15:45 . 2012-03-17 10:48 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-17 10:48 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-17 10:48 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-17 10:48 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-17 10:48 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-02 15:16 . 2012-03-17 10:48 2044416 ----a-w- c:\windows\system32\win32k.sys
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-04-11 18:06 . 2008-12-10 16:57 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2011-04-11 23:14 931696 ----a-w- c:\program files\kikin\ie_kikin.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-17 196608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-08-05 3563520]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-07-17 442433]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-04-11 30192]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-9 1616976]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-06 08:30 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^SO^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\SO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-10 09:02 216520 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2011-04-11 18:06 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 01:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2008-07-04 13:16 132392 ----a-w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed]
2008-08-15 21:03 4812664 ----a-w- c:\program files\Dell Video Chat\DellVideoChat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 08:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe [2008-07-17 73728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-24 c:\windows\Tasks\User_Feed_Synchronization-{4635F81F-6727-475D-BE7C-8C2081FFB669}.job
- c:\windows\system32\msfeedssync.exe [2012-04-12 08:09]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com/?l=dis&o=1586&gct=hp
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\SO\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\SO\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
TCP: DhcpNameServer = 192.168.179.1
FF - ProfilePath - c:\users\SO\AppData\Roaming\Mozilla\Firefox\Profiles\frwnbcki.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: kikin plugin: {AA994882-F391-4d2e-806F-8908DA4814ED} - %profile%\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-NvCplDaemonTool - (no file)
HKLM-Run-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
MSConfigStartUp-ICQ - c:\program files\ICQ6.5\ICQ.exe
AddRemove-Adobe Photoshop 6.0 - c:\windows\ISUN0407.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-04-24 18:45
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2424580095-1389352074-1401127913-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
Zeit der Fertigstellung: 2012-04-24 18:52:14
ComboFix-quarantined-files.txt 2012-04-24 16:52
.
Vor Suchlauf: 12 Verzeichnis(se), 125.039.497.216 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 125.025.087.488 Bytes frei
.
- - End Of File - - 388CB1098872E3753BE99CB811F5309C
|
|
24.04.2012, 18:56
| #8 |
| /// Malware-holic | SMART HDD Trojaner eingefangen - Desktop schwarz, Dateien verschwunden malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
25.04.2012, 06:19
| #9 |
| | SMART HDD Trojaner eingefangen - Desktop schwarz, Dateien verschwunden Guten Morgen! Den ersten Scan habe ich leider versehentlich abgebrochen, deshalb habe ich die Logs von beiden Durchläufen reinkopiert. Beim ersten Durchlauf wurde ein infiziertes File gefunden, beim zweiten Durchlauf taucht es nicht mehr auf. Scan 1: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.24.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19222 SO :: SO-PC [Administrator] Schutz: Aktiviert 24.04.2012 20:06:41 mbam-log-2012-04-24 (22-02-38).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 105056 Laufzeit: 1 Stunde(n), 54 Minute(n), 52 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Qoobox\Quarantine\C\ProgramData\9HjFSnO4FQh8s4.exe.vir (Trojan.FakeAlert) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.24.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19222 SO :: SO-PC [Administrator] Schutz: Aktiviert 24.04.2012 22:10:59 mbam-log-2012-04-24 (22-10-59).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 355236 Laufzeit: 3 Stunde(n), 11 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
25.04.2012, 10:55
| #10 |
| /// Malware-holic | SMART HDD Trojaner eingefangen - Desktop schwarz, Dateien verschwunden noch probleme festzustellen? falls nein: lade den CCleaner standard: CCleaner Download - CCleaner 3.17.1689 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
25.04.2012, 16:51
| #11 |
| | SMART HDD Trojaner eingefangen - Desktop schwarz, Dateien verschwunden Hi, nein, es sind keine Probleme festzustellen. Scheint alles wieder normal zu laufen. Hier die mit CCleaner erstellte Liste (schaut etwas wild aus - sorry!): Code:
ATTFilter Adobe Flash Player 10 Plugin Adobe Systems Incorporated 17.07.2011 10.3.181.26 notwendig Adobe Flash Player ActiveX Adobe Systems Incorporated 05.12.2008 9.0.124.0 notwendig Adobe Reader 9 - Deutsch Adobe Systems Incorporated 05.12.2008 167,6MB 9.0.0 notwendig Advanced Audio FX Engine 05.12.2008 notwendig Apple Application Support Apple Inc. 06.02.2011 52,7MB 01.04.2000 notwendig Apple Mobile Device Support Apple Inc. 06.09.2010 20,1MB 3.2.0.47 notwendig Apple Software Update Apple Inc. 13.06.2010 2,26MB 2.1.2.120 notwendig ATI Catalyst Control Center 05.12.2008 24,00KB 200.807.032.235 notwendig Audacity 1.2.6 17.04.2009 8,43MB notwendig Avira AntiVir Personal - Free Antivirus Avira GmbH 17.02.2012 107,0MB 10.2.0.707 notwendig Bonjour Apple Inc. 06.02.2011 0,76MB 2.0.4.0 notwendig Browser Address Error Redirector Dell 05.12.2008 1.00.0000 unbekannt Camera RAW Plug-In for EPSON Creativity Suite 07.03.2010 10,5MB 2.1.0.0 notwendig Canon Easy-WebPrint EX 05.09.2010 6,81MB notwendig CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Inc. 30.12.2009 46,2MB 1.5.0.3 notwendig Canon Inkjet Printer/Scanner/Fax Extended Survey Program 05.09.2010 1,31MB notwendig Canon Internet Library for ZoomBrowser EX Canon Inc. 30.12.2009 46,2MB 1.6.1.6 notwendig Canon MP Navigator EX 3.0 05.09.2010 72,3MB notwendig Canon MP270 series Benutzerregistrierung 05.09.2010 1,09MB notwendig Canon MP270 series MP Drivers 05.09.2010 654MB notwendig Canon RAW Image Task for ZoomBrowser EX Canon Inc. 30.12.2009 19,1MB 3.3.0.5 notwendig Canon Utilities CameraWindow Canon Inc. 30.12.2009 2,27MB 7.1.0.2 notwendig Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Inc. 30.12.2009 18,4MB 6.4.2.16 notwendig Canon Utilities Digital Photo Professional 3.4 Canon Inc. 30.12.2009 60,2MB 3.4.0.0 notwendig Canon Utilities Easy-PhotoPrint EX 05.09.2010 222MB notwendig Canon Utilities EOS Utility Canon Inc. 30.12.2009 42,1MB 2.4.0.1 notwendig Canon Utilities My Printer 05.09.2010 4,70MB notwendig Canon Utilities MyCamera Canon Inc. 30.12.2009 15,5MB 6.4.0.5 notwendig Canon Utilities Original Data Security Tools Canon Inc. 30.12.2009 6,89MB 1.4.0.1 notwendig Canon Utilities PhotoStitch Canon Inc. 30.12.2009 6,15MB 3.1.21.45 notwendig Canon Utilities Picture Style Editor Canon Inc. 30.12.2009 61,7MB 1.3.0.0 notwendig Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Inc. 30.12.2009 16,3MB 1.7.1.9 notwendig Canon Utilities Solution Menu 05.09.2010 3,05MB notwendig Canon Utilities WFT-E1/E2/E3 Utility Canon Inc. 30.12.2009 2,27MB 3.2.1.1 notwendig Canon Utilities ZoomBrowser EX Canon Inc. 30.12.2009 46,2MB 6.1.1.21 notwendig Canon ZoomBrowser EX Memory Card Utility Canon Inc. 30.12.2009 19,7MB 1.1.0.8 notwendig CCleaner Piriform 24.04.2012 4,46MB Mrz 17 notwendig Cisco EAP-FAST Module Cisco Systems, Inc. 05.12.2008 1,04MB 02.01.2003 notwendig Cisco LEAP Module Cisco Systems, Inc. 05.12.2008 1,04MB 1.0.12 notwendig Cisco PEAP Module Cisco Systems, Inc. 05.12.2008 0,85MB 1.0.13 notwendig Compatibility Pack fr 2007 Office System Microsoft Corporation 02.03.2012 56,2MB 12.0.6612.1000 notwendig Dell Dock Dell 05.12.2008 1.0.0 notwendig Dell Getting Started Guide Dell Inc. 05.12.2008 1.00.0000 notwendig Dell Touchpad Alps Electric 05.12.2008 11,7MB 7.2.101.209 notwendig Dell Video Chat (remove only) SightSpeed Inc. 05.12.2008 22,1MB 6.0 (6551) notwendig Dell Webcam Central 05.12.2008 31,1MB notwendig Dienstprogramm fr Dell Wireless WLAN Karte Dell Inc. 05.12.2008 89,9MB 4.170.77.13 notwendig DieÿSims?ÿ3 Electronic Arts 06.11.2009 5.633MB 1.0.631 notwendig DivX Codec DivX, Inc. 08.10.2009 1,31MB 06.08.2005 notwendig DivX Player DivX, Inc. 08.10.2009 8,43MB 07.02.2000 notwendig DivX Plus DirectShow Filters DivX, Inc. 08.10.2009 1,58MB notwendig DivX Web Player DivX,Inc. 08.10.2009 2,83MB 01.05.2000 notwendig EDocs 05.12.2008 0,80MB unbekannt EOS USB WIA Driver Canon Inc. 30.12.2009 1,28MB 6.0.1.5 notwendig EPSON Stylus C90_91_D92 Handbuch 07.03.2010 4,35MB notwendig EPSON-Drucker-Software SEIKO EPSON Corporation 07.03.2010 notwendig Facebook Plug-In Facebook, Inc. 02.02.2010 6,26MB notwendig Free Audio CD Burner version 1.4 DVDVideoSoft Limited. 19.08.2010 3,11MB notwendig Free DVD Video Burner version 2.4 DVDVideoSoft Limited. 02.11.2010 5,27MB notwendig Free Video to DVD Converter version 1.6 DVDVideoSoft Limited. 02.11.2010 3,28MB notwendig Free YouTube Download version 3.0.0.602 DVDVideoSoft Limited. 03.06.2011 4,15MB notwendig Free YouTube to MP3 Converter version 3.10.8.815 DVDVideoSoft Ltd. 04.09.2011 3,39MB notwendig Google Desktop Google 12.04.2011 31,3MB 5.9.1005.12335 notwendig Google Toolbar for Internet Explorer Google Inc. 05.12.2008 21,3MB unn”tig GoToAssist 8.0.0.514 05.12.2008 3,45MB notwendig Integrated Webcam Driver (1.03.01.0825) 06.12.2008 notwendig iTunes Apple Inc. 01.11.2010 138,7MB 10.0.1.22 notwendig Java(TM) 6 Update 18 Sun Microsystems, Inc. 07.03.2010 97,1MB 6.0.180 notwendig kikin Plugin (NO23 Edition) 1.11 kikin 02.08.2009 0,60MB 01. Nov unbekannt Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 23.04.2012 11,7MB 1.61.0.1400 notwendig MediaDirect Dell 05.12.2008 59,0MB 4.0 notwendig Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 20.10.2009 37,0MB notwendig Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 11.07.2009 27,8MB notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 24.06.2010 120,3MB 4.0.30319 notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 24.06.2010 24,5MB 4.0.30319 notwendig Microsoft Office Enterprise 2007 Microsoft Corporation 02.03.2012 839MB 12.0.6612.1000 notwendig Microsoft Office File Validation Add-In Microsoft Corporation 28.09.2011 7,92MB 14.0.5130.5003 unbekannt Microsoft Office Language Pack 2007 - German/Deutsch Microsoft Corporation 02.03.2012 839MB 12.0.6612.1000 notwendig Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 02.03.2012 89,0MB 12.0.6612.1000 notwendig Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 28.07.2009 0,25MB 8.0.50727.4053 notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 21.06.2011 0,29MB 8.0.61001 notwendig Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 06.06.2011 0,58MB 9.0.30729.5570 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 21.01.2011 0,23MB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 16.12.2010 0,58MB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 21.06.2011 0,58MB 9.0.30729.6161 notwendig Microsoft Works Microsoft Corporation 11.04.2012 9.7.0621 unbekannt Microsoft WSE 3.0 Runtime Microsoft Corp. 06.11.2009 0,92MB 3.0.5305.0 notwendig Mozilla Firefox (3.6.13) Mozilla 04.07.2011 32,9MB 3.6.13 (de) notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 25.08.2009 1,28MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24.11.2009 1,34MB 4.20.9876.0 unbekannt Nero 9 Essentials Nero AG 23.08.2009 10,7MB notwendig PhotoScape 27.12.2008 24,2MB notwendig Pixum Fotobuch 21.01.2011 141,7MB notwendig QuickSet Dell Inc. 05.12.2008 09.02.2006 unbekannt QuickTime Apple Inc. 01.11.2010 73,7MB 7.68.75.0 notwendig Roxio Creator DE Roxio 05.12.2008 18,1MB 10. Jan notwendig Safari Apple Inc. 06.02.2011 41,3MB 5.33.19.4 notwendig Skype Toolbars Skype Technologies S.A. 24.02.2010 5,13MB 1.0.4036 notwendig Skype? 4.2 Skype Technologies S.A. 30.03.2010 31,8MB 4.2.155 notwendig TeamViewer 5 TeamViewer GmbH 01.08.2010 20,3MB 5.0.8703 notwendig TravelWorks Screensaver 25.11.2009 unbekannt Uninstall 1.0.0.1 02.11.2010 30,8MB unbekannt Unity Web Player Unity Technologies ApS 11.10.2011 0,20MB unbekannt WinRAR 24.10.2009 3,82MB notwendig |
|
25.04.2012, 20:14
| #12 |
| /// Malware-holic | SMART HDD Trojaner eingefangen - Desktop schwarz, Dateien verschwunden deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Browser Address Google Toolbar Java Download der kostenlosen Java-Software downloade java jre, instalieren. deinstaliere: kikin Mozilla Firefox Webbrowser Firefox auf Deutsch | Schneller, sicherer und anpassbar upgrade instalieren deinstaliere: Skype Toolbars TravelWorks Unity öffne otl cleanup pc startet neu. öffne CCleaner analysieren CCleaner starten, pc neustarten testen wie der pc läuft
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
25.04.2012, 22:38
| #13 |
| | SMART HDD Trojaner eingefangen - Desktop schwarz, Dateien verschwunden Hi, bis auf Acro Reader (dieses "X..."-Ding zu installieren bringe ich nicht übers Herz - habe stattdessen auf 9.51 aktualisiert) habe ich alles nach Deiner Anleitung aktualisiert/deinstalliert. OTL und CCleaner sind ebenfalls problemlos gelaufen und der Rechner macht nicht die geringsten Probleme. Dank Deiner Hilfe scheint das gute Stück wieder am Leben zu sein. Vorerst schon mal vielen, vielen Dank! |
|
26.04.2012, 12:06
| #14 |
| /// Malware-holic | SMART HDD Trojaner eingefangen - Desktop schwarz, Dateien verschwunden warum nicht, der acrobad reader 9 ist ein auslauf model. version 10 bringt weitere sicherheits features. es ist schon nötig software in ihren neuesten versionen zu nutzen, sonst sind neu infektionen warscheinlicher.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.04.2012, 16:43
| #15 |
| | SMART HDD Trojaner eingefangen - Desktop schwarz, Dateien verschwunden Hi, o.k., ich werde mir den Acro Reader 10 nochmal anschauen. Hatte den vor einem Jahr oder so schon einmal auf einem anderen Rechner installiert und da ist er mir ständig abgeschmiert. Ich habe den Rechner jetzt nochmal ein paar Stunden laufen lassen, mehrmals neu gestartet und alles Mögliche ausprobiert. Scheint wirklich alles hervorragend zu funktionieren. Nochmals vielen, vielen Dank für die schnelle und professionelle Hilfe! |
|
| Themen zu SMART HDD Trojaner eingefangen - Desktop schwarz, Dateien verschwunden |
| avira, canon, dateien, dateien verschwunden, defender, desktop, detected, error, files, gen, google, harddisk, icons, intel, lockedfile.multi.generic, media player, object, office, rootkit, server, system, system32, tool, trojaner, trojaner-board, verschwunden, version, windows media player, write fault error |
Linear-Darstellung
